diff -Nru curl-7.55.1/acinclude.m4 curl-7.57.0/acinclude.m4 --- curl-7.55.1/acinclude.m4 2017-08-12 14:37:48.000000000 +0000 +++ curl-7.57.0/acinclude.m4 2017-11-09 22:40:36.000000000 +0000 @@ -2084,20 +2084,6 @@ ]) -dnl CURL_CONFIGURE_LONG -dnl ------------------------------------------------- -dnl Find out the size of long as reported by sizeof() and define -dnl CURL_SIZEOF_LONG. - -AC_DEFUN([CURL_CONFIGURE_LONG], [ - if test -z "$ac_cv_sizeof_long" || - test "$ac_cv_sizeof_long" -eq "0"; then - AC_MSG_ERROR([cannot find out size of long.]) - fi - CURL_DEFINE_UNQUOTED([CURL_SIZEOF_LONG], [$ac_cv_sizeof_long]) -]) - - dnl CURL_CONFIGURE_CURL_SOCKLEN_T dnl ------------------------------------------------- dnl The need for the curl_socklen_t definition arises mainly to properly @@ -2718,291 +2704,6 @@ fi ]) - -dnl DO_CURL_OFF_T_CHECK (TYPE, SIZE) -dnl ------------------------------------------------- -dnl Internal macro for CURL_CONFIGURE_CURL_OFF_T - -AC_DEFUN([DO_CURL_OFF_T_CHECK], [ - AC_REQUIRE([CURL_INCLUDES_INTTYPES])dnl - if test "$curl_typeof_curl_off_t" = "unknown" && test ! -z "$1"; then - tmp_includes="" - tmp_source="" - tmp_fmt="" - case XC_SH_TR_SH([$1]) in - int64_t) - tmp_includes="$curl_includes_inttypes" - tmp_source="char f@<:@@:>@ = PRId64;" - tmp_fmt="PRId64" - ;; - int32_t) - tmp_includes="$curl_includes_inttypes" - tmp_source="char f@<:@@:>@ = PRId32;" - tmp_fmt="PRId32" - ;; - int16_t) - tmp_includes="$curl_includes_inttypes" - tmp_source="char f@<:@@:>@ = PRId16;" - tmp_fmt="PRId16" - ;; - esac - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - $tmp_includes - typedef $1 curl_off_t; - typedef char dummy_arr[sizeof(curl_off_t) == $2 ? 1 : -1]; - ]],[[ - $tmp_source - curl_off_t dummy; - ]]) - ],[ - if test -z "$tmp_fmt"; then - curl_typeof_curl_off_t="$1" - curl_sizeof_curl_off_t="$2" - else - CURL_CHECK_DEF([$tmp_fmt], [$curl_includes_inttypes], [silent]) - AS_VAR_PUSHDEF([tmp_HaveFmtDef], [curl_cv_have_def_$tmp_fmt])dnl - AS_VAR_PUSHDEF([tmp_FmtDef], [curl_cv_def_$tmp_fmt])dnl - if test AS_VAR_GET(tmp_HaveFmtDef) = "yes"; then - curl_format_curl_off_t=AS_VAR_GET(tmp_FmtDef) - curl_typeof_curl_off_t="$1" - curl_sizeof_curl_off_t="$2" - fi - AS_VAR_POPDEF([tmp_FmtDef])dnl - AS_VAR_POPDEF([tmp_HaveFmtDef])dnl - fi - ]) - fi -]) - - -dnl DO_CURL_OFF_T_SUFFIX_CHECK (TYPE) -dnl ------------------------------------------------- -dnl Internal macro for CURL_CONFIGURE_CURL_OFF_T - -AC_DEFUN([DO_CURL_OFF_T_SUFFIX_CHECK], [ - AC_REQUIRE([CURL_INCLUDES_INTTYPES])dnl - AC_MSG_CHECKING([constant suffix string for curl_off_t]) - # - curl_suffix_curl_off_t="unknown" - curl_suffix_curl_off_tu="unknown" - # - case XC_SH_TR_SH([$1]) in - long_long | __longlong | __longlong_t) - tst_suffixes="LL::" - ;; - long) - tst_suffixes="L::" - ;; - int) - tst_suffixes="::" - ;; - __int64 | int64_t) - tst_suffixes="LL:i64::" - ;; - __int32 | int32_t) - tst_suffixes="L:i32::" - ;; - __int16 | int16_t) - tst_suffixes="L:i16::" - ;; - *) - AC_MSG_ERROR([unexpected data type $1]) - ;; - esac - # - old_IFS=$IFS; IFS=':' - for tmp_ssuf in $tst_suffixes ; do - IFS=$old_IFS - if test "x$curl_suffix_curl_off_t" = "xunknown"; then - case $tmp_ssuf in - i64 | i32 | i16) - tmp_usuf="u$tmp_ssuf" - ;; - LL | L) - tmp_usuf="U$tmp_ssuf" - ;; - *) - tmp_usuf="" - ;; - esac - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - $curl_includes_inttypes - typedef $1 new_t; - ]],[[ - new_t s1; - new_t s2; - s1 = -10$tmp_ssuf ; - s2 = 20$tmp_ssuf ; - if(s1 > s2) - return 1; - ]]) - ],[ - curl_suffix_curl_off_t="$tmp_ssuf" - curl_suffix_curl_off_tu="$tmp_usuf" - ]) - fi - done - IFS=$old_IFS - # - if test "x$curl_suffix_curl_off_t" = "xunknown"; then - AC_MSG_ERROR([cannot find constant suffix string for curl_off_t.]) - else - AC_MSG_RESULT([$curl_suffix_curl_off_t]) - AC_MSG_CHECKING([constant suffix string for unsigned curl_off_t]) - AC_MSG_RESULT([$curl_suffix_curl_off_tu]) - fi - # -]) - - -dnl CURL_CONFIGURE_CURL_OFF_T -dnl ------------------------------------------------- -dnl Find out suitable curl_off_t data type definition and associated -dnl items - -AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [ - AC_REQUIRE([CURL_INCLUDES_INTTYPES])dnl - # - AC_BEFORE([$0],[AC_SYS_LARGEFILE])dnl - AC_BEFORE([$0],[CURL_CONFIGURE_REENTRANT])dnl - AC_BEFORE([$0],[CURL_CHECK_AIX_ALL_SOURCE])dnl - # - if test -z "$SED"; then - AC_MSG_ERROR([SED not set. Cannot continue without SED being set.]) - fi - # - AC_CHECK_SIZEOF(long) - AC_CHECK_SIZEOF(void*) - # - if test -z "$ac_cv_sizeof_long" || - test "$ac_cv_sizeof_long" -eq "0"; then - AC_MSG_ERROR([cannot find out size of long.]) - fi - if test -z "$ac_cv_sizeof_voidp" || - test "$ac_cv_sizeof_voidp" -eq "0"; then - AC_MSG_ERROR([cannot find out size of void*.]) - fi - # - x_LP64_long="" - x_LP32_long="" - # - if test "$ac_cv_sizeof_long" -eq "8" && - test "$ac_cv_sizeof_voidp" -ge "8"; then - x_LP64_long="long" - elif test "$ac_cv_sizeof_long" -eq "4" && - test "$ac_cv_sizeof_voidp" -ge "4"; then - x_LP32_long="long" - fi - # - dnl DO_CURL_OFF_T_CHECK results are stored in next 3 vars - # - curl_typeof_curl_off_t="unknown" - curl_sizeof_curl_off_t="unknown" - curl_format_curl_off_t="unknown" - curl_format_curl_off_tu="unknown" - # - if test "$curl_typeof_curl_off_t" = "unknown"; then - AC_MSG_CHECKING([for 64-bit curl_off_t data type]) - for t8 in \ - "$x_LP64_long" \ - 'int64_t' \ - '__int64' \ - 'long long' \ - '__longlong' \ - '__longlong_t' ; do - DO_CURL_OFF_T_CHECK([$t8], [8]) - done - AC_MSG_RESULT([$curl_typeof_curl_off_t]) - fi - if test "$curl_typeof_curl_off_t" = "unknown"; then - AC_MSG_CHECKING([for 32-bit curl_off_t data type]) - for t4 in \ - "$x_LP32_long" \ - 'int32_t' \ - '__int32' \ - 'int' ; do - DO_CURL_OFF_T_CHECK([$t4], [4]) - done - AC_MSG_RESULT([$curl_typeof_curl_off_t]) - fi - if test "$curl_typeof_curl_off_t" = "unknown"; then - AC_MSG_ERROR([cannot find data type for curl_off_t.]) - fi - # - AC_MSG_CHECKING([size of curl_off_t]) - AC_MSG_RESULT([$curl_sizeof_curl_off_t]) - # - AC_MSG_CHECKING([formatting string directive for curl_off_t]) - if test "$curl_format_curl_off_t" != "unknown"; then - x_pull_headers="yes" - curl_format_curl_off_t=`echo "$curl_format_curl_off_t" | "$SED" 's/[["]]//g'` - curl_format_curl_off_tu=`echo "$curl_format_curl_off_t" | "$SED" 's/i$/u/'` - curl_format_curl_off_tu=`echo "$curl_format_curl_off_tu" | "$SED" 's/d$/u/'` - curl_format_curl_off_tu=`echo "$curl_format_curl_off_tu" | "$SED" 's/D$/U/'` - else - x_pull_headers="no" - case XC_SH_TR_SH([$curl_typeof_curl_off_t]) in - long_long | __longlong | __longlong_t) - curl_format_curl_off_t="lld" - curl_format_curl_off_tu="llu" - ;; - long) - curl_format_curl_off_t="ld" - curl_format_curl_off_tu="lu" - ;; - int) - curl_format_curl_off_t="d" - curl_format_curl_off_tu="u" - ;; - __int64) - curl_format_curl_off_t="I64d" - curl_format_curl_off_tu="I64u" - ;; - __int32) - curl_format_curl_off_t="I32d" - curl_format_curl_off_tu="I32u" - ;; - __int16) - curl_format_curl_off_t="I16d" - curl_format_curl_off_tu="I16u" - ;; - *) - AC_MSG_ERROR([cannot find print format string for curl_off_t.]) - ;; - esac - fi - AC_MSG_RESULT(["$curl_format_curl_off_t"]) - # - AC_MSG_CHECKING([formatting string directive for unsigned curl_off_t]) - AC_MSG_RESULT(["$curl_format_curl_off_tu"]) - # - DO_CURL_OFF_T_SUFFIX_CHECK([$curl_typeof_curl_off_t]) - # - if test "$x_pull_headers" = "yes"; then - if test "x$ac_cv_header_sys_types_h" = "xyes"; then - CURL_DEFINE_UNQUOTED([CURL_PULL_SYS_TYPES_H]) - fi - if test "x$ac_cv_header_stdint_h" = "xyes"; then - CURL_DEFINE_UNQUOTED([CURL_PULL_STDINT_H]) - fi - if test "x$ac_cv_header_inttypes_h" = "xyes"; then - CURL_DEFINE_UNQUOTED([CURL_PULL_INTTYPES_H]) - fi - fi - # - CURL_DEFINE_UNQUOTED([CURL_TYPEOF_CURL_OFF_T], [$curl_typeof_curl_off_t]) - CURL_DEFINE_UNQUOTED([CURL_FORMAT_CURL_OFF_T], ["$curl_format_curl_off_t"]) - CURL_DEFINE_UNQUOTED([CURL_FORMAT_CURL_OFF_TU], ["$curl_format_curl_off_tu"]) - CURL_DEFINE_UNQUOTED([CURL_FORMAT_OFF_T], ["%$curl_format_curl_off_t"]) - CURL_DEFINE_UNQUOTED([CURL_SIZEOF_CURL_OFF_T], [$curl_sizeof_curl_off_t]) - CURL_DEFINE_UNQUOTED([CURL_SUFFIX_CURL_OFF_T], [$curl_suffix_curl_off_t]) - CURL_DEFINE_UNQUOTED([CURL_SUFFIX_CURL_OFF_TU], [$curl_suffix_curl_off_tu]) - # -]) - - dnl CURL_CHECK_WIN32_LARGEFILE dnl ------------------------------------------------- dnl Check if curl's WIN32 large file will be used @@ -3243,3 +2944,29 @@ fi ]) + + +dnl CURL_SUPPORTS_BUILTIN_AVAILABLE +dnl +dnl Check to see if the compiler supports __builtin_available. This built-in +dnl compiler function first appeared in Apple LLVM 9.0.0. It's so new that, at +dnl the time this macro was written, the function was not yet documented. Its +dnl purpose is to return true if the code is running under a certain OS version +dnl or later. + +AC_DEFUN([CURL_SUPPORTS_BUILTIN_AVAILABLE], [ + AC_MSG_CHECKING([to see if the compiler supports __builtin_available()]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#include + ]],[[ + if (__builtin_available(macOS 10.8, iOS 5.0, *)) {} + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(HAVE_BUILTIN_AVAILABLE, 1, + [Define to 1 if you have the __builtin_available function.]) + ],[ + AC_MSG_RESULT([no]) + ]) +]) diff -Nru curl-7.55.1/CHANGES curl-7.57.0/CHANGES --- curl-7.55.1/CHANGES 2017-08-14 06:05:15.000000000 +0000 +++ curl-7.57.0/CHANGES 2017-11-29 09:29:29.000000000 +0000 @@ -6,6382 +6,6840 @@ Changelog -Version 7.55.1 (13 Aug 2017) - -Daniel Stenberg (13 Aug 2017) -- RELEASE-NOTES/THANKS: curl 7.55.1 release time +Version 7.57.0 (29 Nov 2017) -- gitignore: ignore .xz now instead of .lzma +Daniel Stenberg (29 Nov 2017) +- RELEASE-NOTES: curl 7.57.0 -- [Sergei Nikulov brought this change] +- THANKS: added contributors from 7.57.0 release - cmake: Threads detection update. ref: #1702 +- openssl: fix boringssl build again - Closes #1719 - -- ipv6_scope: support unique local addresses + commit d3ab7c5a21e broke the boringssl build since it doesn't have + RSA_flags(), so we disable that code block for boringssl builds. - Fixes #1764 - Closes #1773 - Reported-by: James Slaughter + Reported-by: W. Mark Kubacki + Fixes #2117 -- [Alex Potapenko brought this change] +- curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if provided - curl/system.h: GCC doesn't define __ppc__ on PowerPC, uses __powerpc__ - - Closes #1774 +- libcurl-share.3: the connection cache is shareable now -- test1448: verify redirect to IDN using URL +- global_init: ignore CURL_GLOBAL_SSL's absense - Closes #1772 + This bit is no longer used. It is not clear what it meant for users to + "init the TLS" in a world with different TLS backends and since the + introduction of multissl, libcurl didn't properly work if inited without + this bit set. + + Not a single user responded to the call for users of it: + https://curl.haxx.se/mail/lib-2017-11/0072.html + + Reported-by: Evgeny Grin + Assisted-by: Jay Satiro + + Fixes #2089 + Fixes #2083 + Closes #2107 -- [Salah-Eddin Shaban brought this change] +- ntlm: avoid integer overflow for malloc size + + Reported-by: Alex Nichols + Assisted-by: Kamil Dudka and Max Dymond + + CVE-2017-8816 + + Bug: https://curl.haxx.se/docs/adv_2017-11e7.html - redirect: skip URL encoding for host names +- wildcardmatch: fix heap buffer overflow in setcharset - This fixes redirects to IDN URLs + The code would previous read beyond the end of the pattern string if the + match pattern ends with an open bracket when the default pattern + matching function is used. - Fixes #1441 - Closes #1762 - Reported by: David Lord + Detected by OSS-Fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 + + CVE-2017-8817 + + Bug: https://curl.haxx.se/docs/adv_2017-ae72.html -- test2032: mark as flaky (again) +- [Jay Satiro brought this change] -- travis: test cmake build on tarball too + url: fix alignment of ssl_backend_data struct - Could've prevented #1755 - -- [Simon Warta brought this change] + - Align the array of ssl_backend_data on a max 32 byte boundary. + + 8 is likely to be ok but I went with 32 for posterity should one of + the ssl_backend_data structs change to contain a larger sized variable + in the future. + + Prior to this change (since dev 70f1db3, release 7.56) the connectdata + structure was undersized by 4 bytes in 32-bit builds with ssl enabled + because long long * was mistakenly used for alignment instead of + long long, with the intention being an 8 byte boundary. Also long long + may not be an available type. + + The undersized connectdata could lead to oob read/write past the end in + what was expected to be the last 4 bytes of the connection's secondary + socket https proxy ssl_backend_data struct (the secondary socket in a + connection is used by ftp, others?). + + Closes https://github.com/curl/curl/issues/2093 + + CVE-2017-8818 + + Bug: https://curl.haxx.se/docs/adv_2017-af0a.html - cmake: allow user to override CMAKE_DEBUG_POSTFIX +- ssh: remove check for a NULL pointer (!) - Closes #1763 + With this check present, scan-build warns that we might dereference this + point in other places where it isn't first checked for NULL. Thus, if it + *can* be NULL we have a problem on a few places. However, this pointer + should not be possible to be NULL here so I remove the check and thus + also three different scan-build warnings. + + Closes #2111 -- connect-to.d: better language +- [Matthew Kerwin brought this change] -- connect-to.d: clarified + test: add test for bad UNC/SMB path in file: URL -- bagder/Curl_tvdiff_us: fix the math +- [Matthew Kerwin brought this change] + + test: add tests to ensure basic file: URLs + +- [Matthew Kerwin brought this change] + + URL: update "file:" URL handling - Regression since adef394ac5 (released in 7.55.0) + * LOTS of comment updates + * explicit error for SMB shares (e.g. "file:////share/path/file") + * more strict handling of authority (i.e. "//localhost/") + * now accepts dodgy old "C:|" drive letters + * more precise handling of drive letters in and out of Windows + (especially recognising both "file:c:/" and "file:/c:/") - Reported-by: Han Qiao - Fixes #1769 - Closes #1771 + Closes #2110 -- curl/system.h: add Oracle Solaris Studio +- metalink: fix memory-leak and NULL pointer dereference - Fixes #1752 + Reported by scan-build + + Closes #2109 - [Alessandro Ghedini brought this change] - docs: fix typo funtion -> function + connect: add support for new TCP Fast Open API on Linux - Closes #1770 - -Alessandro Ghedini (12 Aug 2017) -- docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description - -- docs: fix typo stuct -> struct + The new API added in Linux 4.11 only requires setting a socket option + before connecting, without the whole sento() machinery. + + Notably, this makes it possible to use TFO with SSL connections on Linux + as well, without the need to mess around with OpenSSL (or whatever other + SSL library) internals. + + Closes #2056 -Dan Fandrich (12 Aug 2017) -- test1447: require a curl with http support +- make: fix "make distclean" + + Fixes #2097 + Closes #2108 -Daniel Stenberg (11 Aug 2017) -- [Thomas Petazzoni brought this change] +- RELEASE-NOTES: synced with 31f18d272 - curl/system.h: support more architectures - - The long list of architectures in include/curl/system.h is annoying to - maintain, and needs to be extended for each and every architecture to - support. - - Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler - (we are in the GNUC condition anyway), which tells us if long is 4 - bytes or 8 bytes. +Jay Satiro (23 Nov 2017) +- connect: improve the bind error message - This fixes the build of libcurl 7.55.0 on architectures such as - OpenRISC or ARC. + eg consider a non-existent interface eth8, curl --interface eth8 - Closes #1766 + Before: curl: (45) Could not resolve host: eth8 + After: curl: (45) Couldn't bind to 'eth8' - Signed-off-by: Thomas Petazzoni + Bug: https://github.com/curl/curl/issues/2104 + Reported-by: Alfonso Martone -- test2033: this went flaky again +Daniel Stenberg (23 Nov 2017) +- examples/rtsp: clear RANGE again after use - Suspicion: when we enabled the threaded resolver by default. + Fixes #2106 + Reported-by: youngchopin on github -- test1447: verifies the parse proxy fix in 6e0e152ce5c +- [Michael Kaufmann brought this change] -- [Even Rouault brought this change] + test1264: verify URL with space in host name being rejected - parse_proxy(): fix memory leak in case of invalid proxy server name +- url: reject ASCII control characters and space in host names - Fixes the below leak: + Host names like "127.0.0.1 moo" would otherwise be accepted by some + getaddrinfo() implementations. - $ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1 - curl: (5) Couldn't resolve proxy name - ==5048== - ==5048== HEAP SUMMARY: - ==5048== in use at exit: 532 bytes in 12 blocks - ==5048== total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated - ==5048== - ==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12 - ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - ==5048== by 0x4E6CB79: parse_login_details (url.c:5614) - ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) - ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) - ==5048== by 0x4E6EA18: create_conn (url.c:6498) - ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) - ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) - ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) - ==5048== by 0x4E7C515: easy_transfer (easy.c:708) - ==5048== by 0x4E7C74A: easy_perform (easy.c:794) - ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) - ==5048== by 0x414025: operate_do (tool_operate.c:1563) - ==5048== - ==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12 - ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - ==5048== by 0x4E6CBB6: parse_login_details (url.c:5621) - ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) - ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) - ==5048== by 0x4E6EA18: create_conn (url.c:6498) - ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) - ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) - ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) - ==5048== by 0x4E7C515: easy_transfer (easy.c:708) - ==5048== by 0x4E7C74A: easy_perform (easy.c:794) - ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) - ==5048== by 0x414025: operate_do (tool_operate.c:1563) + Updated test 1034 and 1035 accordingly. - Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984 - Credit to OSS Fuzz for discovery + Fixes #2073 + Closes #2092 + +- Curl_open: fix OOM return error correctly - Closes #1761 + Closes #2098 -- RELEASE-NOTES: synced with 37f2195a9 +- http2: fix "Value stored to 'end' is never read" scan-build error -- curlver: bump to 7.55.1 +- http2: fix "Value stored to 'hdbuf' is never read" scan-build error -- openssl: fix "error: this statement may fall through" - - A gcc7 warning. +- openssl: fix "Value stored to 'rc' is never read" scan-build error -- [David Benjamin brought this change] +- mime: fix "Value stored to 'sz' is never read" scan-build error - openssl: remove CONST_ASN1_BIT_STRING. +- Curl_llist_remove: fix potential NULL pointer deref - Just making the pointer as const works for the pre-1.1.0 path too. - - Closes #1759 + Fixes a scan-build warning. -- maketgz: remove old *.dist files before making the tarball +- ntlm: remove unnecessary NULL-check to please scan-build + +- BUGS: spellchecked + +Jay Satiro (18 Nov 2017) +- [fmmedeiros brought this change] + + examples/curlx: Fix code style - To avoid "old crap" unintentionally getting shipped. + - Add braces around multi-line if statement. - Bug: https://curl.haxx.se/mail/lib-2017-08/0050.html - Reported-by: Christian Weisgerber + Closes https://github.com/curl/curl/pull/2096 -Jay Satiro (10 Aug 2017) -- mkhelp.pl: allow executing this script directly +Daniel Stenberg (17 Nov 2017) +- resolve: allow IP address within [] brackets - - Enable execute permission (chmod +x) + ... so that IPv6 addresses can be passed like they can for connect-to + and how they're used in URLs. - - Change interpreter to /usr/bin/env perl + Added test 1324 to verify + Reported-by: Alex Malinovich - Ref: https://github.com/curl/curl/issues/1743 + Fixes #2087 + Closes #2091 -Daniel Stenberg (10 Aug 2017) -- configure: use the threaded resolver backend by default if possible - - Closes #1647 +- [Pavol Markovic brought this change] -- cmake: move cmake_uninstall.cmake to CMake/ + macOS: Fix missing connectx function with Xcode version older than 9.0 - Closes #1756 + The previous fix https://github.com/curl/curl/pull/1788 worked just for + Xcode 9. This commit extends the fix to older Xcode versions effectively + by not using connectx function. + + Fixes https://github.com/curl/curl/issues/1330 + Fixes https://github.com/curl/curl/issues/2080 + Closes https://github.com/curl/curl/pull/1336 + Closes #2082 -- metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead +- [Dirk Feytons brought this change] -- dist: fix the cmake build by shipping cmake_uninstall.cmake.in too + openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY - Fixes #1755 + Fixes #2079 + Closes #2081 -- travis: verify "make install" +- TODO: ignore private IP addresses in PASV response - Help-by: Jay Satiro - Closes #1753 + Closes #1455 -Marcel Raad (10 Aug 2017) -- build: check out *.sln files with Windows line endings - - Visual Studio doesn't like LF line endings in solution files and always - converts them to CRLF when doing changes to the solution. Notably, this - affects the solutions in the release archive. - - Closes https://github.com/curl/curl/pull/1746 +- RELEASE-NOTES: synced with ae7369b6d -- gitignore: ignore top-level .vs folder +Michael Kaufmann (14 Nov 2017) +- URL: return error on malformed URLs with junk after IPv6 bracket - This folder is generated when using the CMake build system from within - Visual Studio. + Follow-up to aadb7c7. Verified by new test 1263. - Closes https://github.com/curl/curl/pull/1746 + Closes #2072 -Jay Satiro (10 Aug 2017) -- digest_sspi: Don't reuse context if the user/passwd has changed +Daniel Stenberg (14 Nov 2017) +- INTERNALS: we may use libidn2 now, not libidn + +Patrick Monnerat (13 Nov 2017) +- zlib/brotli: only include header files in modules needing them - Bug: https://github.com/curl/curl/issues/1685 - Reported-by: paulharris@users.noreply.github.com + There is a conflict on symbol 'free_func' between openssl/crypto.h and + zlib.h on AIX. This is an attempt to resolve it. - Assisted-by: Isaac Boukris + Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html + Reported-By: Michael Felt + +Daniel Stenberg (13 Nov 2017) +- SMB: fix uninitialized local variable - Closes https://github.com/curl/curl/pull/1742 + Reported-by: Brian Carpenter -Daniel Stenberg (9 Aug 2017) -- [Adam Sampson brought this change] +- [Orgad Shaneh brought this change] - dist: Add dictserver.py/negtelnetserver.py to EXTRA_DIST + connect.c: remove executable bit on file - These weren't included in the 7.55.0 release, but are required in order - to run the full test suite. - - Closes #1744 + Closes #2071 -- [Adam Sampson brought this change] +- [hsiao yi brought this change] - curl: do bounds check using a double comparison + README.md: fixed layout - The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't - complete: if the parsed number in num is larger than will fit in a long, - the conversion is undefined behaviour (causing test1427 to fail for me - on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting - rid of the cast means the comparison will be done using doubles. + Closes #2069 + +- setopt: split out curl_easy_setopt() to its own file - It might make more sense for the max argument to also be a double... + ... to make url.c smaller. - Fixes #1750 - Closes #1749 + Closes #1944 -- make install: add 8 missing man pages to the installation +Jay Satiro (10 Nov 2017) +- [John Starks brought this change] -- build: fix 'make install' with configure, install docs/libcurl/* too + cmake: Add missing setmode check - Broken since d24838d4da9faa + Ensure HAVE_SETMODE is set to 1 on OSes that have setmode. Without this, + curl will corrupt binary files when writing them to stdout on Windows. - Reported-by: Bernard Spil + Closes https://github.com/curl/curl/pull/2067 -Version 7.55.0 (9 Aug 2017) +Daniel Stenberg (10 Nov 2017) +- curl_share_setopt: va_end was not called if conncache errors + + CID 984459, detected by Coverity -Daniel Stenberg (9 Aug 2017) -- RELEASE-NOTES: curl 7.55.0 +Sergei Nikulov (10 Nov 2017) +- [John Starks brought this change] -- THANKS: 20 new contributors in 7.55.0 + cmake: Correctly include curl.rc in Windows builds (#2064) + + Update CMakeLists.txt to add curl.rc to the correct list. -- [Viktor Szakats brought this change] +Daniel Stenberg (9 Nov 2017) +- RELEASE-NOTES: synced with 32828cc4f - docs/comments: Update to secure URL versions - - Closes #1741 +- [Luca Boccassi brought this change] -- configure: fix recv/send/select detection on Android + --interface: add support for Linux VRF - ... since they now provide several functions as - __attribute__((overloadable)), the argument detection logic need - updates. + The --interface command (CURLOPT_INTERFACE option) already uses + SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP + address first, which fails in case the user passes a VRF. - Patched-by: destman at github + Try to use the socket option immediately and parse it as a fallback + instead. Update the documentation to mention this feature, and that it + requires the binary to be ran by root or with CAP_NET_RAW capabilities + for this to work. - Fixes #1738 - Closes #1739 + Closes #2024 -Marcel Raad (8 Aug 2017) -- ax_code_coverage.m4: update to latest version - - This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d - from August 01, 2017. Notably, this removes the lconv version whitelist. +- curl_share_setopt.3: document CURL_LOCK_DATA_CONNECT - Closes https://github.com/curl/curl/pull/1716 + Closes #2043 -Daniel Stenberg (7 Aug 2017) -- test1427: verify command line parser integer overflow detection +- examples: add shared-connection-cache -- curl: detect and bail out early on parameter integer overflows +- test1554: verify connection cache sharing + +- share: add support for sharing the connection cache + +- imap: deal with commands case insensitively - Make the number parser aware of the maximum limit curl accepts for a - value and return an error immediately if larger, instead of running an - integer overflow later. + As documented in RFC 3501 section 9: + https://tools.ietf.org/html/rfc3501#section-9 - Fixes #1730 - Closes #1736 + Closes #2061 -- glob: do not continue parsing after a strtoul() overflow range +- connect: store IPv6 connection status after valid connection - Added test 1289 to verify. + ... previously it would store it already in the happy eyeballs stage + which could lead to the IPv6 bit being set for an IPv4 connection, + leading to curl not wanting to do EPSV=>PASV for FTP transfers. - CVE-2017-1000101 + Closes #2053 + +- curl_multi_fdset.3: emphasize curl_multi_timeout - Bug: https://curl.haxx.se/docs/adv_20170809A.html - Reported-by: Brian Carpenter + ... even when there's no socket to wait for, the timeout can still be + very short. -- tftp: reject file name lengths that don't fit +Jay Satiro (9 Nov 2017) +- content_encoding: fix inflate_stream for no bytes available - ... and thereby avoid telling send() to send off more bytes than the - size of the buffer! + - Don't call zlib's inflate() when avail_in stream bytes is 0. - CVE-2017-1000100 + This is a follow up to the parent commit 19e66e5. Prior to that change + libcurl's inflate_stream could call zlib's inflate even when no bytes + were available, causing inflate to return Z_BUF_ERROR, and then + inflate_stream would treat that as a hard error and return + CURLE_BAD_CONTENT_ENCODING. - Bug: https://curl.haxx.se/docs/adv_20170809B.html - Reported-by: Even Rouault + According to the zlib FAQ, Z_BUF_ERROR is not fatal. - Credit to OSS-Fuzz for the discovery + This bug would happen randomly since packet sizes are arbitrary. A test + of 10,000 transfers had 55 fail (ie 0.55%). + + Ref: https://zlib.net/zlib_faq.html#faq05 + + Closes https://github.com/curl/curl/pull/2060 -- [Even Rouault brought this change] +Patrick Monnerat (7 Nov 2017) +- content_encoding: do not write 0 length data - file: output the correct buffer to the user +Daniel Stenberg (6 Nov 2017) +- fnmatch: remove dead code - Regression brought by 7c312f84ea930d8 (April 2017) + There was a duplicate check for backslashes in the setcharset() + function. - CVE-2017-1000099 + Coverity CID 1420611 + +- url: remove unncessary NULL-check - Bug: https://curl.haxx.se/docs/adv_20170809C.html + Since 'conn' won't be NULL in there and we also access the pointer in + there without the check. - Credit to OSS-Fuzz for the discovery + Coverity CID 1420610 -- easy_events: make event data static +Viktor Szakats (6 Nov 2017) +- src/Makefile.m32: fix typo in brotli lib customization - First: this function is only used in debug-builds and not in - release/real builds. It is used to drive tests using the event-based - API. + Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31 + +- Makefile.m32: allow to customize brotli libs - A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the - CURLMOPT_TIMERFUNCTION calback can in fact be called even after this - funtion returns, namely when curl_multi_remove_handle() is called. + It adds the ability to link against static brotli libs. - Reported-by: Brian Carpenter + Also fix brotli include path. -- getparameter: avoid returning uninitialized 'usedarg' - - Fixes #1728 +Patrick Monnerat (5 Nov 2017) +- travis: add a job with brotli enabled -Marcel Raad (5 Aug 2017) -- [Isaac Boukris brought this change] +- [Viktor Szakats brought this change] - gssapi: fix memory leak of output token in multi round context + Makefile.m32: add brotli support + +- HTTP: implement Brotli content encoding - When multiple rounds are needed to establish a security context - (usually ntlm), we overwrite old token with a new one without free. - Found by proposed gss tests using stub a gss implementation (by - valgrind error), though I have confirmed the leak with a real - gssapi implementation as well. + This uses the brotli external library (https://github.com/google/brotli). + Brotli becomes a feature: additional curl_version_info() bit and + structure fields are provided for it and CURLVERSION_NOW bumped. - Closes https://github.com/curl/curl/pull/1733 + Tests 314 and 315 check Brotli content unencoding with correct and + erroneous data. + + Some tests are updated to accomodate with the now configuration dependent + parameters of the Accept-Encoding header. -- darwinssl: fix compiler warning +- HTTP: support multiple Content-Encodings - clang complains: - vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive - [-Werror,-Wextra-tokens] + This is implemented as an output streaming stack of unencoders, the last + calling the client write procedure. - This breaks the darwinssl build on Travis. Fix it by making this token - a comment. + New test 230 checks this feature. - Closes https://github.com/curl/curl/pull/1734 + Bug: https://github.com/curl/curl/pull/2002 + Reported-By: Daniel Bankhead -- CMake: fix CURL_WERROR for MSVC +Jay Satiro (4 Nov 2017) +- url: remove arg value check from CURLOPT_SSH_AUTH_TYPES - When using CURL_WERROR in MSVC builds, the debug flags were overridden - by the release flags and /WX got added twice in debug mode. + Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value + check on this option is incorrect; we have to accept any value. - Closes https://github.com/curl/curl/pull/1715 - -Daniel Stenberg (4 Aug 2017) -- RELEASE-NOTES: synced with 561e9217c - -- test1010: verify that #1718 is fixed + Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES + erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT. - ... by doing two transfers in nocwd mode and check that there's no - superfluous CWD command. + Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120 -- FTP: skip unnecessary CWD when in nocwd mode +Daniel Stenberg (4 Nov 2017) +- ntlm: avoid malloc(0) for zero length passwords - ... when reusing a connection. If it didn't do any CWD previously. + It triggers an assert() when built with memdebug since malloc(0) may + return NULL *or* a valid pointer. - Fixes #1718 + Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054 + + Assisted-by: Max Dymond + Closes #2054 -Marcel Raad (4 Aug 2017) -- travis: explicitly specify dist +- RELEASE-NOTES: synced with ee8016b3d + +- curl: speed up handling of many URLs - This makes the builds more reproducible as travis is currently rolling - out trusty as default dist [1]. Specifically, this avoids coverage - check failures when trusty is used as seen in [2] until we figure out - what's wrong. + By properly keeping track of the last entry in the list of URLs/uploads + to handle, curl now avoids many meaningless traverses of the list which + speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K + URLs). - [1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming - [2] https://github.com/curl/curl/pull/1692 + Added test 1291, to verify that it doesn't take ages - but we don't have + any detection of "too slow" command in the test suite. - Closes https://github.com/curl/curl/pull/1725 + Reported-by: arainchik on github + Fixes #1959 + Closes #2052 -Daniel Stenberg (4 Aug 2017) -- travis: BUILD_TYPE => T +- curl: pass through [] in URLs instead of calling globbing error - (to make the full line appear nicer on travis web UI) + Assisted-by: Per Lundberg + Fixes #2044 + Closes #2046 + Closes #2048 -- travis: add osx build with darwinssl +- CURLOPT_INFILESIZE: accept -1 - Closes #1706 + Regression since f121575 + + Reported-by: Petr Voytsik + Fixes #2047 -- darwin: silence compiler warnings +Jay Satiro (2 Nov 2017) +- url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 - With a clang pragma and three type fixes + Prior to this change since f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT + erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT. + +Dan Fandrich (1 Nov 2017) +- http2: Fixed OOM handling in upgrade request - Fixes #1722 + This caused the torture tests on test 1800 to fail. -- BUILD.WINDOWS: mention buildconf.bat for builds off git +- tests: Fixed torture tests on tests 556 and 650 + + Test cleanup after OOM wasn't being consistently performed. -- darwinssl: fix curlssl_sha256sum() compiler warnings on first argument +Daniel Stenberg (1 Nov 2017) +- CURLOPT_MAXREDIRS: allow -1 as a value + + ... which is valid according to documentation. Regression since + f121575c0b5f. + + Verified now in test 501. + + Reported-by: cbartl on github + Fixes #2038 + Closes #2039 -- test130: verify comments in .netrc +- include: remove conncache.h inclusion from where its not needed -- [Gisle Vanem brought this change] +Jay Satiro (1 Nov 2017) +- url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 + + .. also add same arg value check to CURLOPT_POSTFIELDSIZE_LARGE. + + Prior to this change since f121575 (7.56.1+) CURLOPT_POSTFIELDSIZE + erroneously rejected -1 value with CURLE_BAD_FUNCTION_ARGUMENT. + + Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html + Reported-by: Andrew Lambert - netrc: skip lines starting with '#' +Daniel Stenberg (31 Oct 2017) +- cookie: avoid NULL dereference - Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html + ... when expiring old cookies. + + Reported-by: Pavel Gushchin + Fixes #2032 + Closes #2035 -Marcel Raad (3 Aug 2017) -- CMake: set MSVC warning level to 4 +Marcel Raad (30 Oct 2017) +- memdebug: use send/recv signature for curl_dosend/curl_dorecv - The MSVC warning level defaults to 3 in CMake. Change it to 4, which is - consistent with the Visual Studio and NMake builds. Disable level 4 - warning C4127 for the library and additionally C4306 for the test - servers to get a clean CURL_WERROR build as that warning is raised in - some macros in older Visual Studio versions. + This avoids build errors and warnings caused by implicit casts. - Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794 - Closes https://github.com/curl/curl/pull/1711 + Closes https://github.com/curl/curl/pull/2031 -Daniel Stenberg (2 Aug 2017) -- CURLOPT_NETRC.3: fix typo in 7e48aa386156f9c2 +Daniel Stenberg (30 Oct 2017) +- [Juro Bystricky brought this change] + + mkhelp.pl: support reproducible build - Reported-by: Viktor Szakats + Do not generate line with the current date, such as: + + * Generation time: Tue Oct-24 18:01:41 2017 + + This will improve reproducibility. The generated string is only + part of a comment, so there should be no adverse consequences. + + Signed-off-by: Juro Bystricky + + closes #2026 -- CURLOPT_NETRC.3: mention the file name on windows +Dan Fandrich (30 Oct 2017) +- runtests.pl: Fixed typo in message + +Daniel Stenberg (30 Oct 2017) +- curlx: the timeval functions are no longer provided as curlx_* - ... and CURLOPT_NETRC_FILE(3). + Pointed-out-by: Dmitri Tikhonov + Bug: #2034 -- travis: build osx with libressl too +- select: update comments + + s/curlx_tvnow/Curl_now -- travis: build osx with openssl too +- INTERNALS: remove curlx_tv* functions no longer provided -- tests/server/util: fix curltime mistake from 4dee50b9c80f9 +- [Dmitri Tikhonov brought this change] -Marcel Raad (1 Aug 2017) -- curl_threads: fix MSVC compiler warning + timeval: use mach time on MacOS - Use LongToHandle to convert from long to HANDLE in the Win32 - implementation. - This should fix the following warning when compiling with - MSVC 11 (2012) in 64-bit mode: - lib\curl_threads.c(113): warning C4306: - 'type cast' : conversion from 'long' to 'HANDLE' of greater size + If clock_gettime() is not supported, use mach_absolute_time() on MacOS. - Closes https://github.com/curl/curl/pull/1717 + closes #2033 -Daniel Stenberg (1 Aug 2017) -- BUGS: improved phrasing about security bugs - - Reported-by: Max Dymond +monnerat (29 Oct 2017) +- [Patrick Monnerat brought this change] -- BUGS: clarify how to report security related bugs + cli tool: improve ";type=" handling in -F option arguments -- [Brad Spencer brought this change] +- [Patrick Monnerat brought this change] - multi: fix request timer management + cli tool: in -F option arg, comma is a delimiter for files only - There are some bugs in how timers are managed for a single easy handle - that causes the wrong "next timeout" value to be reported to the - application when a new minimum needs to be recomputed and that new - minimum should be an existing timer that isn't currently set for the - easy handle. When the application drives a set of easy handles via the - `curl_multi_socket_action()` API (for example), it gets told to wait the - wrong amount of time before the next call, which causes requests to - linger for a long time (or, it is my guess, possibly forever). + Also upgrade test 1133 to cover this case and clarify man page about + form data quoting. - Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html + Bug: https://github.com/curl/curl/issues/2022 + Reported-By: omau on github -Jay Satiro (1 Aug 2017) -- curl_setup: Define CURL_NO_OLDIES for building libcurl +Daniel Stenberg (29 Oct 2017) +- timeleft: made two more users of Curl_timeleft use timediff_t + +Jakub Zakrzewski (28 Oct 2017) +- cmake: Export libcurl and curl targets to use by other cmake projects - .. to catch accidental use of deprecated error codes. + The config files define curl and libcurl targets as imported targets + CURL::curl and CURL::libcurl. For backward compatibility with CMake- + provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are + also set. - Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237 + Closes #1879 -Daniel Stenberg (1 Aug 2017) -- [Jeremy Tan brought this change] +Daniel Stenberg (28 Oct 2017) +- RELEASE-NOTES: synced with f20cbac97 - configure: fix the check for IdnToUnicode - - Fixes #1669 - Closes #1713 +- [Florin brought this change] -- http: fix response code parser to avoid integer overflow + auth: Added test cases for RFC7616 - test 1429 and 1433 were updated to work with the stricter HTTP status line - parser. + Updated docs to include support for RFC7616 - Closes #1714 - Reported-by: Brian Carpenter + Signed-off-by: Florin + + Closes #1934 -Jay Satiro (31 Jul 2017) -- [Dwarakanath Yadavalli brought this change] +- [Florin brought this change] - libcurl: Stop using error codes defined under CURL_NO_OLDIES + auth: add support for RFC7616 - HTTP Digest access authentication - Fixes https://github.com/curl/curl/issues/1688 - Closes https://github.com/curl/curl/pull/1712 + Signed-off-by: Florin -- include.d: clarify --include is only for response headers +- [Daniel Bankhead brought this change] + + TODO: support multiple Content-Encodings - Follow-up to 171f8de and de6de94. + Closes #2002 + +- ROADMAP: cleanup - Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851 - Reported-by: Daniel Stenberg + Removed done stuff. Removed entries no longer considered for the near + term. -Daniel Stenberg (30 Jul 2017) -- [jasjuang brought this change] +- [Magicansk brought this change] - cmake: support make uninstall + ROADMAP.md: spelling fixes - Closes #1674 + Closes #2028 -- RELEASE-NOTES: synced with 001701c47 - -Marcel Raad (29 Jul 2017) -- AppVeyor: now really use CURL_WERROR +- Curl_timeleft: change return type to timediff_t - It was misspelled as CURL_ERROR in commit - 2d86e8d1286e0fbe3d811e2e87fa0b5e53722db4. + returning 'time_t' is problematic when that type is unsigned and we + return values less than zero to signal "already expired", used in + several places in the code. - Closes https://github.com/curl/curl/pull/1686 + Closes #2021 -Jay Satiro (29 Jul 2017) -- tool_help: clarify --include is only for response headers +- appveyor: add a win32 build + +- setopt: fix CURLOPT_SSH_AUTH_TYPES option read - Follow-up to 171f8de. + Regression since f121575c0b5f - Ref: https://github.com/curl/curl/issues/1704 + Reported-by: Rob Cotrone -- splay: fix signed/unsigned mismatch warning +Marcel Raad (27 Oct 2017) +- resolvers: only include anything if needed - Follow-up to 4dee50b. + This avoids warnings about unused stuff. - Ref: https://github.com/curl/curl/pull/1693 + Closes https://github.com/curl/curl/pull/2023 -Daniel Stenberg (28 Jul 2017) -- include.d: clarify that it concerns the response headers +Daniel Stenberg (27 Oct 2017) +- HELP-US: rename the subtitle too since the label is changed - Reported-by: olesteban at github - Fixes #1704 + "PR-welcome" was the former name. -- [Johannes Schindelin brought this change] +- curl_setup.h: oops, shorten the too long line - curl_rtmp: fix a compiler warning +- [Martin Storsjo brought this change] + + curl_setup: Improve detection of CURL_WINDOWS_APP - The headers of librtmp declare the socket as `int`, and on Windows, that - disagrees with curl_socket_t. + If WINAPI_FAMILY is defined, it should be safe to try to include + winapifamily.h to check what the define evaluates to. - Bug: #1652 + This should fix detection of CURL_WINDOWS_APP if building with + _WIN32_WINNT set to 0x0600. - Signed-off-by: Johannes Schindelin + Closes #2025 -- test1323: verify curlx_tvdiff +Jay Satiro (26 Oct 2017) +- transfer: Fix chunked-encoding upload bug + + - When uploading via chunked-encoding don't compare file size to bytes + sent to determine whether the upload has finished. + + Chunked-encoding adds its own overhead which why the bytes sent is not + equal to the file size. Prior to this change if a file was uploaded in + chunked-encoding and its size was known it was possible that the upload + could end prematurely without sending the final few chunks. That would + result in a server hang waiting for the remaining data, likely followed + by a disconnect. + + The scope of this bug is limited to some arbitrary file sizes which have + not been determined. One size that triggers the bug is 475020. + + Bug: https://github.com/curl/curl/issues/2001 + Reported-by: moohoorama@users.noreply.github.com + + Closes https://github.com/curl/curl/pull/2010 -- timeval: struct curltime is a struct timeval replacement +Daniel Stenberg (26 Oct 2017) +- timeval: make timediff_t also work on 32bit windows - ... to make all libcurl internals able to use the same data types for - the struct members. The timeval struct differs subtly on several - platforms so it makes it cumbersome to use everywhere. + ... by using curl_off_t for the typedef if time_t is larger than 4 + bytes. - Ref: #1652 - Closes #1693 + Reported-by: Gisle Vanem + Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co + mmitcomment-25205058 + Closes #2019 -- darwinssl: fix variable type mistake (regression) +- curl_fnmatch: return error on illegal wildcard pattern - ... which made --tlsv1.2 not work because it would blank the max tls - version variable. + ... instead of doing an infinite loop! - Reported-by: Nick Miyake - Bug: #1703 + Added test 1162 to verify. + + Reported-by: Max Dymond + Fixes #2015 + Closes #2017 -- multi: mention integer overflow risk if using > 500 million sockets +- [Max Dymond brought this change] + + wildcards: don't use with non-supported protocols - Reported-by: ovidiu-benea@users.noreply.github.com + Fixes timeouts in the fuzzing tests for non-FTP protocols. - Closes #1675 - Closes #1683 + Closes #2016 -- checksrc: escape open brace in regex +- [Max Dymond brought this change] + + multi: allow table handle sizes to be overridden - ... to silence warning. + Allow users to specify their own hash define for + CURL_CONNECTION_HASH_SIZE so that both values can be overridden. + + Closes #1982 -Kamil Dudka (20 Jul 2017) -- nss: fix a possible use-after-free in SelectClientCert() +- time: rename Curl_tvnow to Curl_now - ... causing a SIGSEGV in showit() in case the handle used to initiate - the connection has already been freed. + ... since the 'tv' stood for timeval and this function does not return a + timeval struct anymore. - This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803. + Also, cleaned up the Curl_timediff*() functions to avoid typecasts and + clean up the descriptive comments. - Reported-by: Rob Sanders - Bug: https://bugzilla.redhat.com/1436158 + Closes #2011 -- nss: unify the coding style of nss_send() and nss_recv() - - No changes in behavior intended by this commit. +- ftplistparser: follow-up cleanup to remove PL_ERROR() -Marcel Raad (18 Jul 2017) -- tests/server/resolve.c: fix deprecation warning +- [Max Dymond brought this change] + + ftplistparser: free off temporary memory always - MSVC warns that gethostbyname is deprecated. Always use getaddrinfo - instead to fix this when IPv6 is enabled, also for IPv4 resolves. This - is also consistent with what libcurl does. + When using the FTP list parser, ensure that the memory that's + allocated is always freed. - Closes https://github.com/curl/curl/pull/1682 + Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682 + Closes #2013 -Jay Satiro (17 Jul 2017) -- darwinssl: fix pinnedpubkey build error +- timediff: return timediff_t from the time diff functions - - s/SessionHandle/Curl_easy/ + ... to cater for systems with unsigned time_t variables. - Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670 - Reported-by: Gisle Vanem - -Marcel Raad (16 Jul 2017) -- rtspd: fix GCC warning after MSVC warning fix + - Renamed the functions to curlx_timediff and Curl_timediff_us. - Older GCC warns: - /tests/server/rtspd.c:1194:10: warning: missing braces around - initializer [-Wmissing-braces] + - Added overflow protection for both of them in either direction for + both 32 bit and 64 bit time_ts - Fix this by using memset instead of an initializer. - -- libtest: fix MSVC warning C4706 + - Reprefixed the curlx_time functions to use Curl_* - With warning level 4, MSVC warns about assignments within conditional - expressions. Change the while loop to a do-while loop to fix this. This - change is also consistent with CODE_STYLE.md. + Reported-by: Peter Piekarski + Fixes #2004 + Closes #2005 -- sockfilt: suppress conversion warning with explicit cast - - MSVC warns when implicitly casting -1 to unsigned long. +- [Paul Howarth brought this change] -- rtspd: fix MSVC level 4 warning + libtest: Add required test libraries for lib1552 and lib1553 - warning C4701: potentially uninitialized local variable 'req' used - -- winbuild: re-enable warning C4127 for curl tool + They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too. - Disabled in cda19a345f6970e22fe8b7a808aeb8f086a21eac. It only needs to - be disabled for libcurl. - -- winbuild: build with warning level 4 + This fixes build failures on Fedora 13. - This is consistent with 7bc64561a2e63ca93e4b0b31d350773ba80955c2, which - changed the warning level from 3 to 4 for the Visual Studio project - files. But disable the level 4 warning C4127 "conditional expression is - constant", as that one is issued by older versions of the Windows SDK - as well as curl itself under some circumstances. + Closes #2006 + +- [Alessandro Ghedini brought this change] + + libcurl-tutorial.3: fix typo - Closes https://github.com/curl/curl/pull/1667 + closes #2008 + +Alessandro Ghedini (23 Oct 2017) +- curl_mime_filedata.3: fix typos + +Daniel Stenberg (23 Oct 2017) +- RELEASE-NOTES: clean slate towards 7.57.0 -Jay Satiro (12 Jul 2017) - [Max Dymond brought this change] - travis: install libidn2 + travis: exit if any steps fail - Install libidn2 to increase test coverage (IDN tests) + We don't expect any steps to fail in travis. Exit the script if they do. - Closes https://github.com/curl/curl/pull/1673 + Closes #1966 -Marcel Raad (12 Jul 2017) -- travis: enable warnings also in release mode - - ... to get warnings also on Linux/GCC and OSX/clang. +Version 7.56.1 (23 Oct 2017) + +Daniel Stenberg (23 Oct 2017) +- RELEASE-NOTES: 7.56.1 + +- THANKS: update at 7.56.1 release time + +- [Jon DeVree brought this change] + + mk-ca-bundle: Remove URL for aurora - Closes https://github.com/curl/curl/pull/1666 + Aurora is no longer used by Mozilla + https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/ -Daniel Stenberg (12 Jul 2017) -- [Max Dymond brought this change] +- [Jon DeVree brought this change] - travis: install libssh2 + mk-ca-bundle: Fix URL for NSS - Install libssh2 to increase test coverage (SFTP, SCP) + The 'tip' is the most recent branch committed to, this should be + 'default' like the URLs for the browser are. + + Closes #1998 -Marcel Raad (12 Jul 2017) -- system.h: include winsock2.h before windows.h +- imap: if a FETCH response has no size, don't call write callback - ... to avoid compiler warnings if the user doesn't want - WIN32_LEAN_AND_MEAN. + CVE-2017-1000257 + + Reported-by: Brian Carpenter and 0xd34db347 + Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586 -- build: remove WIN32_LEAN_AND_MEAN from individual build systems +- ftp: reject illegal IP/port in PASV 227 response - It's defined for all build systems in curl_setup.h since commit - beb08481d01a07a8b10938b1078a5e298b1c2912. This caused macro - redefinition warnings in the configure builds. + ... by using range checks. Among other things, this avoids an undefined + behavior for a left shift that could happen on negative or very large + values. - Closes https://github.com/curl/curl/pull/1677 + Closes #1997 + + Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694 -Jay Satiro (11 Jul 2017) -- ISSUE_TEMPLATE: Add a comment not to file security issues on github +Patrick Monnerat (20 Oct 2017) +- test653: check reuse of easy handle after mime data change + + See issue #1999 -Marcel Raad (11 Jul 2017) -- curl_setup: always define WIN32_LEAN_AND_MEAN on Windows +- mime: do not reuse previously computed multipart size - Make sure to always define WIN32_LEAN_AND_MEAN before including any - Windows headers to avoid pulling in unnecessary headers. This avoids - unnecessary macro clashes and compiler warnings. + The contents might have changed: size must be recomputed. - Ref: https://github.com/curl/curl/issues/1562 - Closes https://github.com/curl/curl/pull/1672 + Reported-by: moteus on github + Fixes #1999 -Jay Satiro (11 Jul 2017) -- strerror: Preserve Windows error code in some functions - - This is a follow-up to af02162 which removed (SET_)ERRNO macros. That - commit was an earlier draft that I committed by mistake, which was then - remedied by a5834e5 and e909de6, and now this commit. With this commit - there is now no difference between the current code and the changes that - were approved in the final draft. +- test308: disable if MultiSSL feature enabled - Thanks-to: Max Dymond, Marcel Raad, Daniel Stenberg, Gisle Vanem - Ref: https://github.com/curl/curl/pull/1589 + Even if OpenSSL is enabled, it might not be the default backend when + multi-ssl is enabled, causing the test to fail. -Marcel Raad (10 Jul 2017) -- [Max Dymond brought this change] +- runtests: support MultiSSL client feature - tests: Fix up issues with errno in test files +- vtls: change struct Curl_ssl `close' field name to `close_one'. - Closes https://github.com/curl/curl/pull/1671 + On OS/400, `close' is an ASCII system macro that corrupts the code if + not used in a context not targetting the close() system API. -Daniel Stenberg (10 Jul 2017) -- errno: fix non-windows builds after af0216251b94e7 +- os400: add missing symbols in config file. + + Also adjust makefile to renamed files and warn about installation dirs mix-up. -- [Ryan Winograd brought this change] +- test652: curl_mime_data + base64 encoder with large contents - make: fix docs build on OpenBSD +- mime: limit bas64-encoded lines length to 76 characters + +Daniel Stenberg (16 Oct 2017) +- RELEASE-NOTES: synced with f121575c0 + +- setopt: range check most long options - Ref: #1591 + ... filter early instead of risking "funny values" having to be dealt + with elsewhere. -Marcel Raad (10 Jul 2017) -- ldap: fix MinGW compiler warning +- setopt: avoid integer overflows when setting millsecond values - ldap_bind_s is marked as deprecated in w32api's winldap.h shipping with - the latest original MinGW, resulting in compiler warnings since commit - f0fe66f13c93d3d0af45d9fb1231c9164e0f9dc8. Fix this for the non-SSPI - case by using ldap_simple_bind_s again instead of ldap_bind_s with - LDAP_AUTH_SIMPLE. + ... that are multiplied by 1000 when stored. - Closes https://github.com/curl/curl/pull/1664 + For 32 bit long systems, the max value accepted (2147483 seconds) is > + 596 hours which is unlikely to ever be set by a legitimate application - + and previously it didn't work either, it just caused undefined behavior. + + Also updated the man pages for these timeout options to mention the + return code. + + Closes #1938 -- curl-compilers.m4: disable warning spam with Cygwin's clang +Viktor Szakats (15 Oct 2017) +- makefile.m32: allow to override gcc, ar and ranlib - When building with Cygwin or MinGW, libtool uses a wrapper executable - instead of a wrapper script [1], which is written in C and throws - missing-variable-declarations warnings. Don't enable these warnings on - Cygwin and MinGW in order to avoid warnings for every executable built, - which spams the test suite output when using Cygwin's clang. + Allow to ovverride certain build tools, making it possible to + use LLVM/Clang to build curl. The default behavior is unchanged. + To build with clang (as offered by MSYS2), these settings can + be used: - [1] https://www.gnu.org/software/libtool/manual/html_node/Wrapper-executables.html + CURL_CC=clang + CURL_AR=llvm-ar + CURL_RANLIB=llvm-ranlib - Closes https://github.com/curl/curl/pull/1665 + Closes https://github.com/curl/curl/pull/1993 -Jay Satiro (10 Jul 2017) -- curl_setup_once: Remove ERRNO/SET_ERRNO macros +- ldap: silence clang warning - Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError - for Win32 and regular errno otherwise. + Use memset() to initialize a structure to avoid LLVM/Clang warning: + ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers] - I reviewed the code and found no justifiable reason for conflating errno - on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno, - and any Win32 multithreaded CRT supports thread-local errno. + Closes https://github.com/curl/curl/pull/1992 + +Daniel Stenberg (14 Oct 2017) +- runtests: use valgrind for torture as well - Fixes https://github.com/curl/curl/issues/895 - Closes https://github.com/curl/curl/pull/1589 + NOTE: it makes them terribly slow. I recommend only using valgrind for + specific torture tests or using lots of patience. -- tool_getparam: fix potentially uninitialized err +- memdebug: trace send, recv and socket + + ... to allow them to be included in torture tests too. + + closes #1980 -Marcel Raad (9 Jul 2017) -- smb: rename variable to fix shadowing warning +- configure: remove the C++ compiler check - GCC 4.6.3 on travis complains: - smb.c: In function ‘get_posix_time’: - smb.c:725:13: error: declaration of ‘time’ shadows a global declaration - [-Werror=shadow] + ... we used it only for the fuzzer, which we now have in a separate git + repo. - Fix this by renaming the variable. + Closes #1990 -- tool_cb_wrt: fix variable shadowing warning +Patrick Monnerat (13 Oct 2017) +- mime: do not call failf() if easy handle is NULL. + +Daniel Stenberg (13 Oct 2017) +- test651: curl_formadd with huge COPYCONTENTS + +- mime: fix the content reader to handle >16K data properly - GCC 4.4 complains: - tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global - declaration - /usr/include/unistd.h:782: error: shadowed declaration is here + Reported-by: Jeroen Ooms + Closes #1988 + +Patrick Monnerat (12 Oct 2017) +- mime: keep "text/plain" content type if user-specified. - Fix this by renaming the variable. + Include test cases in 554, 587, 650. - Closes https://github.com/curl/curl/pull/1661 + Fixes https://github.com/curl/curl/issues/1986 -Daniel Stenberg (8 Jul 2017) -- RELEASE-NOTES: synced with be2c999b8 +- cli tool: use file2memory() to buffer stdin in -F option. + + Closes PR https://github.com/curl/curl/pull/1985 -- travis: install stunnel +- cli tool: reimplement stdin buffering in -F option. + + If stdin is not a regular file, its content is memory-buffered to enable + a possible data "rewind". + In all cases, stdin data size is determined before real use to avoid + having an unknown part's size. + + --libcurl generated code is left as an unbuffered stdin fread/fseek callback + part with unknown data size. + + Buffering is not supported in deprecated curl_formadd() API. -- valgrind.supp: supress OpenSSL false positive seen on travis +Daniel Stenberg (12 Oct 2017) +- winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2 -- travis: detect and use valgrind for normal builds +- HELP-US: the label "PR-welcome" is now renamed to "help wanted" - Closes #1653 + following the new github "standard" -- travis: add SMB, DICT, TELNET torture to coverage test +- RELEASE-NOTES: synced with 5505df7d2 -- [Paul Harris brought this change] +Jay Satiro (11 Oct 2017) +- [Artak Galoyan brought this change] - cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC + url: Update current connection SSL verify params in setopt - Removes BUILD_RELEASE_DEBUG_DIRS since it wasn't used anywhere. + Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active + connection updates the current connection's (i.e.'connectdata' + structure) appropriate ssl_config (and ssl_proxy_config) structures + variables, making these options effective for ongoing connection. - Closes #1649 - -- CURLOPT_POSTFIELDS.3: explain the 100-continue magic better + This functionality was available before and was broken by the + following change: + "proxy: Support HTTPS proxy and SOCKS+HTTP(s)" + CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151. + + Bug: https://github.com/curl/curl/issues/1941 + + Closes https://github.com/curl/curl/pull/1951 -- [Max Dymond brought this change] +Daniel Stenberg (11 Oct 2017) +- [David Benjamin brought this change] - test1452: add telnet negotiation + openssl: don't use old BORINGSSL_YYYYMM macros - Add a basic telnet server for negotiating some telnet options before - echoing back any data that's sent to it. + Those were temporary things we'd add and remove for our own convenience + long ago. The last few stayed around for too long as an oversight but + have since been removed. These days we have a running + BORINGSSL_API_VERSION counter which is bumped when we find it + convenient, but 2015-11-19 was quite some time ago, so just check + OPENSSL_IS_BORINGSSL. - Closes #1645 + Closes #1979 -- travis: do more tests in the coverage run - - I added a selection of torture and event tests that run "fast enough" +- test950; verify SMTP with custom request -- curl_easy_escape.3: mention the (lack of) encoding +- ftpserver: support case insensitive commands + +- smtp_done: free data before returning (on send failure) - Fixes #1612 - Reported-by: Jeroen Ooms + ... as otherwise it could leak that memory. + + Detected by OSS-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600 + + Assisted-by: Max Dymond + Closes #1977 -- [Gisle Vanem brought this change] +- FTP: URL decode path for dir listing in nocwd mode + + Reported-by: Zenju on github + + Test 244 added to verify + Fixes #1974 + Closes #1976 - memdebug: don't setbuf() if the file open failed +- test298: verify --ftp-method nowcwd with URL encoded path - Bug: https://github.com/curl/curl/issues/828#issuecomment-313475151 + Ref: #1974 -- appveyor: enable CURL_WERROR on all builds +- CURLOPT_XFERINFODATA.3: fix duplicate see also -- cmake: add CURL_WERROR for enabling "warning as errors" +- CURLOPT_NOPROGRESS.3: also refer to xferinfofunction -- [Hannes Magnusson brought this change] +- FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION - cmake: remove spurious "-l" from linker flags +- openssl: enable PKCS12 support for !BoringSSL - Fixes #1552 - -- test506: skip if threaded-resolver - -- runtests: support "threaded-resolver" as a feature + Enable PKCS12 for all non-boringssl builds without relying on configure + or cmake checks. - ... to let tests require it or skip if present + Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html + Reported-by: Christian Schmitz + Closes #1948 -- asyn-thread.c: fix unused variable warnings on macOS +- [Kristiyan Tsaklev brought this change] -- http: s/TINY_INITIAL_POST_SIZE/EXPECT_100_THRESHOLD + curl: don't pass semicolons when parsing Content-Disposition - Make the name reflect its use better, and add a short comment describing - what it's for. + Test 1422 updated to verify. + + Closes #1964 -- cmake: if inet_pton is used, bump _WIN32_WINNT +Patrick Monnerat (9 Oct 2017) +- mime: properly unbind mime structure in curl_mime_free(). - ... and make sure inet_pton is always checked for when *not* using Windows, - which is a regression from 4fc6ebe18. + This allows freeing a mime structure bound to the easy handle before + curl_easy_cleanup(). - Idea-by: Sergei Nikulov + Fixes #1970. -- select.h: avoid macro redefinition harder +Daniel Stenberg (9 Oct 2017) +- RTSP: avoid integer overflow on funny RTSP response - ... by checking the POLLIN define, as the header file checks don't work - on Windows. - -- inet_pton: fix include on windows to get prototype + ... like a very large non-existing RTSP version number. - inet_pton() exists on Windows and gets used by our cmake builds. Make - sure the correct header file is included to avoid compiler warnings. + Added test 577 to verify. - Closes #1639 + Detected by OSS-fuzz. + Closes #1969 -- TODO: 1.10 auto-detect proxy - - Closes #1572 +Patrick Monnerat (8 Oct 2017) +- ftpserver: properly reset $ftptargetdir. -- TODO: HTTP proxy CONNECT is non-blocking now +- test643: verify curl_mime_subparts() rejects cyclic additions. -- cmake: fix send/recv argument scanner for windows +- mime: refuse to add subparts to one of their own descendants. - ... by simply trying the Windows argument types first. + Reported-by: Alexey Melnichuk + Fixes #1962 + +- mime: avoid resetting a part's encoder when part's contents change. + +- mime: improve unbinding top multipart from easy handle. - Fixes #1640 + Also avoid dangling pointers in referencing parts. -- RELEASE-NOTES: synced with 596cfb6c0 +Daniel Stenberg (8 Oct 2017) +- RELEASE-NOTES: synced with a4c1c75da30af1 -- [Gisle Vanem brought this change] +- curlver.h: next expected release is 7.57.0 - smb: add support for CURLOPT_FILETIME +Patrick Monnerat (8 Oct 2017) +- mime: be tolerant about setting twice the same header list in a part. + +- docs: clarify form/mime usage of non-regular data files. + +Daniel Stenberg (8 Oct 2017) +- Revert "multi_done: wait for name resolve to finish if still ongoing" - Bug: https://curl.haxx.se/mail/lib-2017-07/0005.html + This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe. - Closes #1643 - -- travis: install nghttp2 on linux builds + Caused memory leaks in the fuzzer, needs to be done differently. - Closes #1642 + Disable test 1553 for now too, as it causes memory leaks without this + commit! -- [Gisle Vanem brought this change] +- remove_handle: call multi_done() first, then clear dns cache pointer + + Closes #1960 - smb: fix build for djgpp/MSDOS +- multi_done: wait for name resolve to finish if still ongoing - bug: https://curl.haxx.se/mail/lib-2017-07/0005.html + ... as we must clean up memory. -- configure: try ldap/lber in reversed order first +- pingpong: return error when trying to send without connection - When scanning for which LDAP libraries to use, try the -lldap -llber - combination before the reversed order since it has a greater chance of - working when linking with libcurl statically. + When imap_done() got called before a connection is setup, it would try + to "finish up" and dereffed a NULL pointer. - Fixes #1619 - Closes #1634 - Reported-by: David E. Narváez + Test case 1553 managed to reproduce. I had to actually use a host name + to try to resolve to slow it down, as using the normal local server IP + will make libcurl get a connection in the first curl_multi_perform() + loop and then the bug doesn't trigger. + + Fixes #1953 + Assisted-by: Max Dymond -- configure: remove checks for 5 functions never used +Dan Fandrich (6 Oct 2017) +- tests: added flaky keyword to tests 587 and 644 - fork, getprotobyname, inet_addr, perror, uname + These are around 5% flaky in my Linux x86 autobuilds. + +Marcel Raad (6 Oct 2017) +- vtls: fix warnings with --disable-crypto-auth - closes #1638 + When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters + are not used. -- dist: add SMB python deps into the tarball +Daniel Stenberg (6 Oct 2017) +- multi_cleanup: call DONE on handles that never got that + + ... fixes a memory leak with at least IMAP when remove_handle is never + called and the transfer is abruptly just abandoned early. + + Test 1552 added to verify + + Detected by OSS-fuzz + Assisted-by: Max Dymond + Closes #1954 -- [Max Dymond brought this change] +- [Benbuck Nason brought this change] - test1451: add SMB support to the testbed + strtoofft: Remove extraneous null check - Add test 1451 which does some very basic SMB testing using the impacket - SMB server. + Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str' + argument. - Closes #1630 + Closes #1952 -- [Max Dymond brought this change] +- openssl: fix build without HAVE_OPAQUE_EVP_PKEY + + Reported-by: Javier Sixto + Fixes #1955 + Closes #1956 - test: add impacket for SMB testing +Viktor Szakats (6 Oct 2017) +- lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS - Import impacket 0.9.15 for use in SMB testing. This was generated by - doing "pip2.7 install -t . impacket" + The source code is now prepared to handle the case when both + Win32 Crypto and OpenSSL/NSS crypto backends are enabled + at the same time, making it now possible to enable `USE_WIN32_CRYPTO` + whenever the targeted Windows version supports it. Since this + matches the minimum Windows version supported by curl + (Windows 2000), enable it unconditionally for the Win32 platform. - Unnecessary files for current testing were deleted. - -- travis.yml: use --enable-werror on debug builds + This in turn enables SMB (and SMBS) protocol support whenever + Win32 Crypto is available, regardless of what other crypto backends + are enabled. - ... to better detect and fault on compiler warnings/errors + Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052 - Closes #1637 + Closes https://github.com/curl/curl/pull/1943 -- tool_sleep: typecast to avoid macos compiler warning +Daniel Stenberg (5 Oct 2017) +- build: fix --disable-crypto-auth - tool_sleep.c:54:24: error: implicit conversion loses integer precision: - 'long' to '__darwin_suseconds_t' (aka 'int') - [-Werror,-Wshorten-64-to-32] + Reported-by: Wyatt O'Day + Fixes #1945 + Closes #1947 -- [Martin Kepplinger brought this change] +Jay Satiro (5 Oct 2017) +- [Nick Zitzmann brought this change] - timeval.c: Use long long constant type for timeval assignment + darwinssl: add support for TLSv1.3 - On a 64 bit host, sparse says: + Closes https://github.com/curl/curl/pull/1794 + +Daniel Stenberg (4 Oct 2017) +- [Felix Kaiser brought this change] + + docs: fix typo in curl_mime_data_cb man page - timeval.c:148:15: warning: constant 0x7fffffffffffffff is so big it is long - timeval.c:149:12: warning: constant 0x7fffffffffffffff is so big it is long + Closes #1946 + +Viktor Szakats (4 Oct 2017) +- lib/Makefile.m32: allow customizing dll suffixes - so let's use long long constant types in order to prevent undesired overflow - failures. + - New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated + libcurl dll name. Useful to add `-x64` to 64-bit builds so that + it can live in the same directory as the 32-bit one. By default + this is empty. - Bug: https://curl.haxx.se/mail/lib-2017-07/0003.html + - New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the + generated import library (implib) for libcurl .dll. It defaults + to `dll`, and it's useful to modify that to `.dll` to have the + standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`. - Closes #1636 + Closes https://github.com/curl/curl/pull/1942 + +Daniel Stenberg (4 Oct 2017) +- [Max Dymond brought this change] + + fuzzer: move to using external curl-fuzzer - Signed-off-by: Martin Kepplinger + Use the external curl-fuzzer repository for fuzzing. + + Closes #1923 -- url: make the original string get used on subsequent transfers +- failf: skip the sprintf() if there are no consumers - ... since CURLOPT_URL should follow the same rules as other options: - they remain set until changed or cleared. + Closes #1936 + +- ftp: UBsan fixup 'pointer index expression overflowed' - Added test 1551 to verify. + Closes #1939 + +- RELEASE-PROCEDURE: update the release schedule + +Version 7.56.0 (4 Oct 2017) + +Daniel Stenberg (4 Oct 2017) +- RELEASE-NOTES: curl 7.56.0 + +- THANKS: added new 7.56.0 contributors + +Jay Satiro (4 Oct 2017) +- build-openssl.bat: Warn OpenSSL 1.1.0 not yet supported - Fixes #1631 - Closes #1632 - Reported-by: Pavel Rochnyak + Ref: https://github.com/curl/curl/issues/1002 -- [Johannes Schindelin brought this change] +Michael Kaufmann (3 Oct 2017) +- idn: fix source code comment - gtls: fix build when sizeof(long) < sizeof(void *) +- vtls: compare and clone ssl configs properly - - Change gnutls pointer/int macros to pointer/curl_socket_t. - Prior to this change they used long type as well. + Compare these settings in Curl_ssl_config_matches(): + - verifystatus (CURLOPT_SSL_VERIFYSTATUS) + - random_file (CURLOPT_RANDOM_FILE) + - egdsocket (CURLOPT_EGDSOCKET) - The size of the `long` data type can be shorter than that of pointer - types. This is the case most notably on Windows. + Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(), + and copy the setting "sessionid" unconditionally. - If C99 were acceptable, we could simply use `intptr_t` here. But we - want to retain C89 compatibility. + This means that reusing connections that are secured with a client + certificate is now possible, and the statement "TLS session resumption + is disabled when a client certificate is used" in the old advisory at + https://curl.haxx.se/docs/adv_20170419.html is obsolete. - Simply use the trick of performing pointer arithmetic with the NULL - pointer: to convert an integer `i` to a pointer, simply take the - address of the `i`th element of a hypothetical character array - starting at address NULL. To convert back, simply cast the pointer - difference. + Reviewed-by: Daniel Stenberg - Thanks to Jay Satiro for the initial modification to use curl_socket_t - instead of int/long. + Closes #1917 + +- proxy: read the "no_proxy" variable only if necessary - Closes #1617 + Reviewed-by: Daniel Stenberg - Signed-off-by: Johannes Schindelin + Closes #1919 -- [Ryan Winograd brought this change] +Patrick Monnerat (3 Oct 2017) +- libcurl-tutorial: add casts in example to avoid compilation warnings. - unit1399: fix integer overflow +Daniel Stenberg (3 Oct 2017) +- examples: bring back curl_formadd-using examples - Bug: #1616 - Closes #1633 + ... now with a -formadd suffix. While the new mime API is introduced in + 7.56.0 we must acknowledge that lots of users can't upgrade their curl + versions immediately. -- [Per Malmberg brought this change] +- test1153: verify quoted double-qoutes in PWD response - cmake: Added compatibility options for older Windows versions - - CURL_STATIC_CRT and ENABLE_INET_PTON +- FTP: zero terminate the entry path even on bad input - Closes #1621 - -- unit1399: add logging to time comparison + ... a single double quote could leave the entry path buffer without a zero + terminating byte. CVE-2017-1000254 - ... to enable tracking down why autobuilds fail on this + Test 1152 added to verify. - Bug: #1616 + Reported-by: Max Dymond + Bug: https://curl.haxx.se/docs/adv_20171004.html -- make: build the docs subdir only from within src +Jay Satiro (2 Oct 2017) +- [Sergei Nikulov brought this change] + + cmake: disable tests and man generation if perl/nroff not found - ... and don't build at all in include + Fixes https://github.com/curl/curl/issues/1500 + Reported-by: Jay Satiro - Prompted-by-work-by: Simon Warta - Ref: #1590 - Closes #1591 + Fixes https://github.com/curl/curl/pull/1662 + Assisted-by: Tom Seddon + Assisted-by: dpull@users.noreply.github.com + Assisted-by: elelel@users.noreply.github.com + + Closes https://github.com/curl/curl/pull/1924 -- [Max Dymond brought this change] +Patrick Monnerat (2 Oct 2017) +- libcurl-tutorial: fix two typos. - test1450: fix up DICT server in torture mode - - As per https://github.com/curl/curl/pull/1615, the DICT server is a - little spammy in torture mode due to the sockets being torn down - unexpectedly. Fix this by adding some error handling to the handling - function. +- TODO: remove deprecated form API items. + +- libcurl-tutorial: describe MIME API and deprecate form API. - Closes #1629 + Include a guide to form/mime API conversion. -- [Max Dymond brought this change] +Daniel Stenberg (30 Sep 2017) +- cookie: fix memory leak if path was set twice in header + + ... this will let the second occurance override the first. + + Added test 1161 to verify. + + Reported-by: Max Dymond + Fixes #1932 + Closes #1933 - test1450: add simple testing for DICT +Dan Fandrich (30 Sep 2017) +- test650: Use variable replacement to set the host address and port - Add a new server which provides a DICT interface. This is intended to - begin coverage testing for lib/dict.c + Otherwise, the test fails when the -b test option is used to set a + different test port range. + +- Set and use more necessary options when some protocols are disabled - Closes #1615 + When curl and libcurl are built with some protocols disabled, they stop + setting and receiving some options that don't make sense with those + protocols. In particular, when HTTP is disabled many options aren't set + that are used only by HTTP. However, some options that appear to be + HTTP-only are actually used by other protocols as well (some despite + having HTTP in the name) and should be set, but weren't. This change now + causes some of these options to be set and used for more (or for all) + protocols. In particular, this fixes tests 646 through 649 in an + HTTP-disabled build, which use the MIME API in the mail protocols. -- [Dan Fandrich brought this change] +Daniel Stenberg (29 Sep 2017) +- test1160: verifies cookie leak for large cookies + + The fix done in 20ea22ff735 - test1521: fix out-of-tree builds, broken with 467da3af +- cookie: fix memory leak on oversized rejection - The test.h file is no longer in the same directory as the source file, - so that directory needs to be added to the include path. + Regression brought by 2bc230de63b - Fixes #1627 - Closes #1628 + Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513 + Assisted-by: Max Dymond + + Closes #1930 -- [Max Dymond brought this change] +- [Anders Bakken brought this change] - http2: handle PING frames + connect: fix race condition with happy eyeballs timeout - Add a connection check function to HTTP2 based off RTSP. This causes - PINGs to be handled the next time the connection is reused. + The timer should be started after conn->connecttime is set. Otherwise + the timer could expire without this condition being true: - Closes #1521 - -- [Max Dymond brought this change] + /* should we try another protocol family? */ + if(i == 0 && conn->tempaddr[1] == NULL && + curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) { + + Ref: #1928 - handler: refactor connection checking +Michael Kaufmann (28 Sep 2017) +- docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS - Add a new type of callback to Curl_handler which performs checks on - the connection. Alter RTSP so that it uses this callback to do its - own check on connection health. + Closes #1922 -- [dmitrykos brought this change] +- docs: clarify the use of environment variables for proxy + + Closes #1921 - openssl: improve fallback seed of PRNG with a time based hash +- http: add custom empty headers to repeated requests - Fixes #1620 + Closes #1920 -- [Ryan Winograd brought this change] +- reuse_conn: don't copy flags that are known to be equal + + A connection can only be reused if the flags "conn_to_host" and + "conn_to_port" match. Therefore it is not necessary to copy these flags + in reuse_conn(). + + Closes #1918 - progress: prevent resetting t_starttransfer +Daniel Stenberg (27 Sep 2017) +- curl.h: include on cygwin too - Prevent `Curl_pgrsTime` from modifying `t_starttransfer` when invoked - with `TIMER_STARTTRANSFER` more than once during a single request. + When building with -std=c++14 on cygwin, this header won't be + automatically included as it otherwise is. - When a redirect occurs, this is considered a new request and - `t_starttransfer` can be updated to reflect the `t_starttransfer` time - of the redirect request. + The include decision should ideally be reversed and be + avoided where that header file doesn't exist. - Closes #1616 + Reported-by: Ian Fette + Fixes #1925 + +- RELEASE-NOTES: synced with d8ab5dc50 + +Michael Kaufmann (24 Sep 2017) +- tests: adjust .gitignore for new tests + +Jay Satiro (23 Sep 2017) +- ntlm: move NTLM_NEEDS_NSS_INIT define into core NTLM header - Bug: https://github.com/curl/curl/pull/1602#issuecomment-310267370 + .. and include the core NTLM header in all NTLM-related source files. + + Follow up to 6f86022. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT + but did not include vtls.h where it was defined. + + Closes https://github.com/curl/curl/pull/1911 -- curl_strequal.3: fix typo in SYNOPSIS +Daniel Stenberg (23 Sep 2017) +- file_range: avoid integer overflow when figuring out byte range - Reported-by: Jesse Chisholm + When trying to bump the value with one and the value is already at max, + it causes an integer overflow. - Fixes #1623 + Closes #1908 + Detected by oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465 + + Assisted-by: Max Dymond -- RELEASE-NOTES: synced with ce2c3ebda +Michael Kaufmann (23 Sep 2017) +- tests: fix a compiler warning in test 643 -Kamil Dudka (28 Jun 2017) -- curl --socks5-{basic,gssapi}: control socks5 auth +Jay Satiro (23 Sep 2017) +- symbols-in-versions: fix CURLSSLSET_NO_BACKENDS entry - Closes https://github.com/curl/curl/pull/1454 - -- CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy auth + - Use spaces instead of tabs as the delimiter. - If libcurl was built with GSS-API support, it unconditionally advertised - GSS-API authentication while connecting to a SOCKS5 proxy. This caused - problems in environments with improperly configured Kerberos: a stock - libcurl failed to connect, despite libcurl built without GSS-API - connected fine using username and password. + Follow up to 7c52b12 which added the entry. The entry had used tabs but + the symbol-scan parser doesn't recognize tabs and would fail the symbol. + +Viktor Szakats (22 Sep 2017) +- metalink: fix NSS issue in MultiSSL builds - This commit introduces the CURLOPT_SOCKS5_AUTH option to control the - allowed methods for SOCKS5 authentication at run time. + In MultiSSL mode (i.e. when more than one SSL backend is compiled + in), we cannot use the compile time flag `USE_NSS` as indicator that + the NSS backend is in use. As far as Metalink is concerned, the SSL + backend is only used for MD5, SHA-1 and SHA-256 calculations, + therefore one of the available SSL backends is selected at compile + time, in a strict order of preference. - Note that a new option was preferred over reusing CURLOPT_PROXYAUTH - for compatibility reasons because the set of authentication methods - allowed by default was different for HTTP and SOCKS5 proxies. + Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used + to determine whether the SSL backend used for Metalink is the NSS + backend, and use that to guard the code that wants to de-initialize + the NSS-specific data structure. - Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html - Closes https://github.com/curl/curl/pull/1454 + Ref: https://github.com/curl/curl/pull/1848 -- socks: deduplicate the code for auth request +- ntlm: use strict order for SSL backend #if branches + + With the recently introduced MultiSSL support multiple SSL backends + can be compiled into cURL That means that now the order of the SSL + + One option would be to use the same SSL backend as was configured + via `curl_global_sslset()`, however, NTLMv2 support would appear + to be available only with some SSL backends. For example, when + eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced + support for NTLMv1 using Windows' Crypt API, it specifically did + *not* introduce NTLMv2 support using Crypt API at the same time. + + So let's select one specific SSL backend for NTLM support when + compiled with multiple SSL backends, using a priority order such + that we support NTLMv2 even if only one compiled-in SSL backend can + be used for that. + + Ref: https://github.com/curl/curl/pull/1848 -- socks: use proxy_user instead of proxy_name +Daniel Stenberg (22 Sep 2017) +- symbols-in-versions: add CURLSSLSET_NO_BACKENDS - ... to make it obvious what the data is used for + ...fixup from b8e0fe19ec -Daniel Stenberg (27 Jun 2017) -- libtest/make: generate lib1521.c +- imap: quote atoms properly when escaping characters - ... instead of having the generated code checked in. This saves space in - the tarball but primarily automatically adapts to newly added options. + Updates test 800 to verify - Closes #1614 + Fixes #1902 + Closes #1903 -Jay Satiro (26 Jun 2017) -- tool_getparam: fix memory leak on test 1147 OOM (torture tests) +- tests: make the imap server not verify user+password - Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872 - Reported-by: Dan Fandrich - -Dan Fandrich (25 Jun 2017) -- test1537: fixed memory leak on OOM + ... as the test cases themselves do that and it makes it easier to add + crazy test cases. + + Test 800 updated to use user name + password that need quoting. + + Test 856 updated to trigger an auth fail differently. + + Ref: #1902 -Marcel Raad (25 Jun 2017) -- test1521: fix compiler warnings +- vtls: provide curl_global_sslset() even in non-SSL builds - The integer literal 3123123123 doesn't fit into a 32-bit signed - integer, so GCC with 32-bit long warns in C90 mode: - this decimal constant is unsigned only in ISO C90 [enabled by default] - Fix this by using ULONG_MAX, which should fit in any curl_off_t and has - the correct suffix to not issue any warnings. - Also adds the missing CURLOPT_REQUEST_TARGET from commit - 9b167fd090f596eac828817d48c247eeae53407f. + ... it just returns error: - Closes https://github.com/curl/curl/pull/1611 + Bug: https://github.com/curl/curl/commit/1328f69d53f2f2e937696ea954c480412b018451#commitcomment-24470367 + Reported-by: Marcel Raad + + Closes #1906 -Daniel Stenberg (24 Jun 2017) -- curl/system.h: add check for XTENSA for 32bit gcc +Patrick Monnerat (22 Sep 2017) +- form/mime: field names are not allowed to contain zero-valued bytes. - Reported-by: Neil Kolban - Fixes: 1598 + Also suppress length argument of curl_mime_name() (names are always + zero-terminated). -- [Henrik S. Gaßmann brought this change] +Daniel Stenberg (21 Sep 2017) +- [Dirk Feytons brought this change] - winbuild: fix boringssl build - - Compile with `WIN32_LEAN_AND_MEAN` which prevents `windows.h` from - including too much clutter including `wincrypt.h` which in turn contains - some preprocessor macros that clash with boringssl symbols. + openssl: only verify RSA private key if supported - Detect boringssl by checking the existance of `is_boringssl.h` and set - the corresponding `HAVE_BORINGSSL` for compilation which is used in - `ldap.c` to undefine the evil macros. + In some cases the RSA key does not support verifying it because it's + located on a smart card, an engine wants to hide it, ... + Check the flags on the key before trying to verify it. + OpenSSL does the same thing internally; see ssl/ssl_rsa.c - Closes #1610 + Closes #1904 -- progress: progress.timespent needs to be us +Marcel Raad (21 Sep 2017) +- examples/post-callback: use long for CURLOPT_POSTFIELDSIZE - follow-up to 64ed44a815e4e to fix test 500 failures + Otherwise, typecheck-gcc.h warns on MinGW-w64. -Marcel Raad (24 Jun 2017) -- curl-compilers.m4: fix unknown-warning-option on Apple clang - - Since 5598b0bd63f690c151074494ce47ef872f004ab4, clang -v is used to - detect the clang version. The version number was expected to come after - the word "version". For Apple clang, this doesn't work as it has its - own versioning scheme. - The version number is now first searched after the string - "based on LLVM". This works for Apple clang before version 7, and also - for e.g. Ubuntu's clang up to version 3.7. If it's not found and the - version string contains "Apple LLVM version", clang version 3.7 is - assumed, which is the version that comes with Xcode 7. Otherwise, the - version number is still expected after the word "version", which works - for very old Apple clang versions. +Patrick Monnerat (20 Sep 2017) +- mime: rephrase the multipart output state machine (#1898) ... - Ref: https://trac.macports.org/wiki/XcodeVersionInfo - Fixes https://github.com/curl/curl/issues/1606 - Closes https://github.com/curl/curl/pull/1607 + ... in hope coverity will like it much. -Daniel Stenberg (24 Jun 2017) -- progress: fix "time spent", broke in adef394ac +- mime: fix an explicit null dereference (#1899) -- CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case +Daniel Stenberg (20 Sep 2017) +- curl: check fseek() return code and bail on error - ... supported since 7.54.1 + Detected by coverity. CID 1418137. -- maketgz: switch to -6e for xz +- smtp: fix memory leak in OOM - To reduce the memory requirement for decompress, and still do almost as - good compression as with -9e. + Regression since ce0881edee - Pointed-out-by: Dan Fandrich + Coverity CID 1418139 and CID 1418136 found it, but it was also seen in + torture testing. -- libtest/Makefile: remove unused lib1541 variables +- RELEASE-NOTES: synced with 5fe85587c -- CONTRIBUTE.md: mention the out-of-tree build test too +- [Pavel P brought this change] -- maketgz: switch to xz instead of lzma + cookies: use lock when using CURLINFO_COOKIELIST - The compressed output size seems to be a tad bit smaller, but generally - xz seems more preferred these days and is used directly by for example - gentoo instead of bz2. + Closes #1896 + +- [Max Dymond brought this change] + + ossfuzz: changes before merging the generated corpora - "Users of LZMA Utils should move to XZ Utils" => - https://tukaani.org/lzma/ + Before merging in the oss-fuzz corpora from Google, there are some changes + to the fuzzer. + - Add a read corpus script, to display corpus files nicely. + - Change the behaviour of the fuzzer so that TLV parse failures all now + go down the same execution paths, which should reduce the size of the + corpora. + - Make unknown TLVs a failure to parse, which should decrease the size + of the corpora as well. - Closes #1604 + Closes #1881 -- --request-target: instead of --strip-path-slash +- mime:escape_string minor clarification change - ... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH. + ... as it also removes a warning with old gcc versions. - This option instead provides the full "alternative" target to use in the - request, instead of extracting the path from the URL. + Bug: https://curl.haxx.se/mail/lib-2017-09/0049.html + Reported-by: Ben Greear + +- [Max Dymond brought this change] + + ossfuzz: don't write out to stdout - Test 1298 and 1299 updated accordingly. + Don't make the fuzzer write out to stdout - instead write some of the + contents to a memory block so we exercise the data output code but + quietly. - Idea-by: Evert Pot - Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373 + Closes #1885 + +- cookies: reject oversized cookies - Closes #1593 + ... instead of truncating them. + + There's no fixed limit for acceptable cookie names in RFC 6265, but the + entire cookie is said to be less than 4096 bytes (section 6.1). This is + also what browsers seem to implement. + + We now allow max 5000 bytes cookie header. Max 4095 bytes length per + cookie name and value. Name + value together may not exceed 4096 bytes. + + Added test 1151 to verify + + Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html + Reported-by: Kevin Smith + + Closes #1894 -Marcel Raad (21 Jun 2017) -- lib1521: fix missing-variable-declarations clang warnings +- travis: on mac, don't install openssl or libidn - Declare TU-local variables static. + - openssl is already installed and causes warnings when trying to + install again + + - libidn isn't used these days, and homebrew doesn't seem to have a + libidn2 package to replace with easily + + Closes #1895 -- travis: enable typecheck-gcc warnings +- curl: make str2udouble not return values on error - - switch debug and release configurations so that we get an optimized - build with GCC 4.3+ as required by typecheck-gcc - - enable warnings-as-errors for release builds - (which have warnings disabled) + ... previously it would store a return value even when it returned + error, which could make the value get used anyway! - Closes https://github.com/curl/curl/pull/1595 + Reported-by: Brian Carpenter + Closes #1893 -- typecheck-gcc: add support for CURLINFO_OFF_T +Jay Satiro (18 Sep 2017) +- socks: fix incorrect port number in SOCKS4 error message - typecheck-gcc expected curl_socket_t instead of curl_off_t arguments - for CURLINFO_OFF_T. Detected by test1521, unfortunately only when run - locally. + Prior to this change it appears the SOCKS5 port parsing was erroneously + used for the SOCKS4 error message, and as a result an incorrect port + would be shown in the error message. - Closes https://github.com/curl/curl/pull/1592 + Bug: https://github.com/curl/curl/issues/1892 + Reported-by: Jackarain@users.noreply.github.com -Daniel Stenberg (21 Jun 2017) -- [Simon Warta brought this change] +- [Marc Aldorasi brought this change] - ci: whitelist branches to avoid testing feature branches twice + schannel: Support partial send for when data is too large + + Schannel can only encrypt a certain amount of data at once. Instead of + failing when too much data is to be sent at once, send as much data as + we can and let the caller send the remaining data by calling send again. + + Bug: https://curl.haxx.se/mail/lib-2014-07/0033.html + + Closes https://github.com/curl/curl/pull/1890 -- [Gisle Vanem brought this change] +- [David Benjamin brought this change] - lib: fix the djgpp build + openssl: add missing includes - Bug: https://github.com/curl/curl/commit/73a2fcea0b4adea6ba342cd7ed1149782c214ae3#commitcomment-22655993 + lib/vtls/openssl.c uses OpenSSL APIs from BUF_MEM and BIO APIs. Include + their headers directly rather than relying on other OpenSSL headers + including things. + + Closes https://github.com/curl/curl/pull/1891 -Marcel Raad (20 Jun 2017) -- if2ip: fix compiler warning in ISO C90 mode +Daniel Stenberg (15 Sep 2017) +- conversions: fix several compiler warnings + +- server/getpart: provide dummy function to build conversion enabled + +- non-ascii: use iconv() with 'char **' argument - remote_scope_id is only used when both HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID - and ENABLE_IPV6 are defined instead of only one of them. + Bug: https://curl.haxx.se/mail/lib-2017-09/0031.html -Daniel Stenberg (20 Jun 2017) -- travis: do the distcheck test build out-of-tree as well +- escape.c: error: pointer targets differ in signedness -- http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH +- docs: clarify the CURLOPT_INTERLEAVE* options behavior + +- [Max Dymond brought this change] + + rtsp: Segfault in rtsp.c when using WRITEDATA - ... to enable sending "OPTIONS *" which wasn't possible previously. + If the INTERLEAVEFUNCTION is defined, then use that plus the + INTERLEAVEDATA information when writing RTP. Otherwise, use + WRITEFUNCTION and WRITEDATA. - This option currently only works for HTTP. + Fixes #1880 + Closes #1884 + +Marcel Raad (15 Sep 2017) +- [Isaac Boukris brought this change] + + tests: enable gssapi in travis-ci linux build - Added test cases 1298 + 1299 to verify + Closes https://github.com/curl/curl/pull/1687 + +- [Isaac Boukris brought this change] + + tests: add initial gssapi test using stub implementation - Fixes #1280 - Closes #1462 + The stub implementation is pre-loaded using LD_PRELOAD + and emulates common gssapi uses (only builds if curl is + initially built with gssapi support). + + The initial tests are currently disabled for debug builds + as LD_PRELOAD is not used then. + + Ref: https://github.com/curl/curl/pull/1687 -- test1521: test getinfo's OFF_T types too +Daniel Stenberg (15 Sep 2017) +- test1150: verify same host fetch using different ports over proxy - Closes #1588 + Closes #1889 -- lib1521: add curl_easy_getinfo calls to the test set +- URL: on connection re-use, still pick the new remote port - Also added return value checks to make sure no unexpected return codes - are used. + ... as when a proxy connection is being re-used, it can still get a + different remote port. + + Fixes #1887 + Reported-by: Oli Kingshott -- [Simon Warta brought this change] +- RELEASE-NOTES: synced with 87501e57f - automake: use $(MKHELP) variable instead if constant mkhelp.pl +- code style: remove wrong uses of multiple spaces - this improves symmetry with the rule above + Closes #1878 -- [Simon Warta brought this change] +- checksrc: detect and warn for multiple spaces - mkhelp.pl: fix script name in usage text +- code style: use space after semicolon -- RELEASE-NOTES: synced with 3b80d3ca4 +- checksrc: verify space after semicolons -- getinfo: return sizes as curl_off_t +- code style: use spaces around pluses + +- checksrc: detect and warn for lack of spaces next to plus signs + +- code style: use spaces around equals signs + +- checksrc: verify spaces around equals signs - This change introduces new alternatives for the existing six - curl_easy_getinfo() options that return sizes or speeds as doubles. The - new versions are named like the old ones but with an appended '_T': + ... as the code style mandates. + +- Curl_checkheaders: make it available for IMAP and SMTP too - CURLINFO_CONTENT_LENGTH_DOWNLOAD_T - CURLINFO_CONTENT_LENGTH_UPLOAD_T - CURLINFO_SIZE_DOWNLOAD_T - CURLINFO_SIZE_UPLOAD_T - CURLINFO_SPEED_DOWNLOAD_T - CURLINFO_SPEED_UPLOAD_T + ... not only HTTP uses this now. - Closes #1511 + Closes #1875 -- PIPELINING_SERVER_BL: cleanup the internal list use +- travis: add build without HTTP/SMTP/IMAP + +Jay Satiro (10 Sep 2017) +- mbedtls: enable CA path processing - The list was freed incorrectly since the llist refactor of - cbae73e1dd959. Added test 1550 to verify that it works and avoid future - regressions. + CA path processing was implemented when mbedtls.c was added to libcurl + in fe7590f, but it was never enabled. - Reported-by: Pascal Terjan + Bug: https://github.com/curl/curl/issues/1877 + Reported-by: SBKarr@users.noreply.github.com + +Daniel Stenberg (8 Sep 2017) +- rtsp: do not call fwrite() with NULL pointer FILE * - Fixes #1584 - Closes #1585 + If the default write callback is used and no destination has been set, a + NULL pointer would be passed to fwrite()'s 4th argument. + + OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327 + (not publicly open yet) + + Detected by OSS-fuzz + Closes #1874 -- http2: fix OOM crash +- configure: use -Wno-varargs on clang 3.9[.X] debug builds - torture mode with test 1021 found it + ... to avoid a clang bug -- CURLOPT_PREQUOTE.3: spellfix man page reference +- [Max Dymond brought this change] -Marcel Raad (18 Jun 2017) -- http_proxy: fix build with http and proxy + ossfuzz: add some more handled CURL options - After deff7de0eb0e22d2d142b96b9cc84cd8db5d2a48, the build without - CURL_DISABLE_PROXY and CURL_DISABLE_HTTP was failing because of missing - includes. + Add support for HEADER, COOKIE, RANGE, CUSTOMREQUEST, MAIL_RECIPIENT, + MAIL_FROM and uploading data. -- http_proxy: fix compiler warning +- configure: check for C++ compiler after C, to make it non-fatal - With CURL_DISABLE_PROXY or CURL_DISABLE_HTTP, GCC complained about a - missing prototype for Curl_connect_free. + The tests for object file/executable file extensions are presumably only + done for the first of these macros in the configure file. + + Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515 + Reported-by: Marcel Raad + Closes #1873 -Daniel Stenberg (18 Jun 2017) -- TODO: update the TOC too +Patrick Monnerat (7 Sep 2017) +- form API: add new test 650. + + Now that the form API is deprecated and not used anymore in curl tool, + a lot of its features left untested. Test 650 attempts to check all these + features not tested elsewhere. -- TODO: implement support for CURLOPT_PREQUOTE with SFTP +Jay Satiro (7 Sep 2017) +- configure: fix curl_off_t check's include order - ... also updated the CURLOPT_PREQUOTE.3 man page to mention the correct - protocol support. + - Prepend srcdir include path instead of append. - Closes #1514 + Prior to this change it was possible that during the check for the size + of curl_off_t the include path of a user's already installed curl could + come before the include path of the to-be-built curl, resulting in the + system.h of the former being incorrectly included for that check. + + Closes https://github.com/curl/curl/pull/1870 -- tool_wrte_cb: remove check for config == NULL +Daniel Stenberg (7 Sep 2017) +- [Jakub Zakrzewski brought this change] + + KNOWN_BUGS: Remove CMake symbol hiding issue - ... as it really cannot have reached this far with config being NULL, - thus this is unnecesary and misleading. + It has already been fixed in 6140dfc + +- http-proxy: when not doing CONNECT, that phase is done immediately - Bug: https://news.ycombinator.com/item?id=14577585 and - https://daniel.haxx.se/blog/2017/06/17/curl-doesnt-spew-binary-anymore/comment-page-1/#comment-18356 + `conn->connect_state` is NULL when doing a regular non-CONNECT request + over the proxy and should therefor be considered complete at once. - Forwarded-to-us-by: Jakub Wilk + Fixes #1853 + Closes #1862 + Reported-by: Lawrence Wagerfield -- curl: prevent binary output spewed to terminal +- [Johannes Schindelin brought this change] + + OpenSSL: fix yet another mistake while encapsulating SSL backend data - ... unless "--output -" is used. Binary detection is done by simply - checking for a binary zero in early data. + Another mistake in my manual fixups of the largely mechanical + search-and-replace ("connssl->" -> "BACKEND->"), just like the previous + commit concerning HTTPS proxies (and hence not caught during my + earlier testing). - Added test 1425 1426 to verify. + Fixes #1855 + Closes #1871 - Closes #1512 + Signed-off-by: Johannes Schindelin -Marcel Raad (16 Jun 2017) -- Makefile.m32: enable -W for MinGW32 build +- [Johannes Schindelin brought this change] + + OpenSSL: fix erroneous SSL backend encapsulation - The configure-based build also has this in addition to -Wall. + In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private + data, 2017-06-21), this developer prepared for a separation of the + private data of the SSL backends from the general connection data. - Closes https://github.com/curl/curl/pull/1578 - -- curl-compilers.m4: enable comma clang warning + This conversion was partially automated (search-and-replace) and + partially manual (e.g. proxy_ssl's backend data). - It usually warns when using commas instead of semicolons or other - operators by accident. + Sadly, there was a crucial error in the manual part, where the wrong + handle was used: rather than connecting ssl[sockindex]' BIO to the + proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason + was an incorrect location to paste "BACKEND->"... d'oh. - Closes https://github.com/curl/curl/pull/1578 + Reported by Jay Satiro in https://github.com/curl/curl/issues/1855. + + Signed-off-by: Johannes Schindelin -- curl-compilers.m4: enable missing-variable-declarations clang warning +- [Jay Satiro brought this change] + + vtls: fix memory corruption - It usually warns when forgetting to declare TU-local variables static. + Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data, + 2017-07-28), the code handling HTTPS proxies was broken because the + pointer to the SSL backend data was not swapped between + conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but + instead set to NULL (causing segmentation faults). - Closes https://github.com/curl/curl/pull/1578 + [jes: provided the commit message, tested and verified the patch] + + Signed-off-by: Johannes Schindelin -- curl-compilers.m4: enable double-promotion warning +- vtls: switch to CURL_SHA256_DIGEST_LENGTH define - Enable -Wdouble-promotion for both GCC and clang. It warns on implicit - promotion from float to double. + ... instead of the prefix-less version since WolfSSL 3.12 now uses an + enum with that name that causes build failures for us. - Closes https://github.com/curl/curl/pull/1578 + Fixes #1865 + Closes #1867 + Reported-by: Gisle Vanem -- curl-compilers.m4: enable vla warning for clang +- travis: add c-ares enabled builds linux + osx - Previously, that warning was only implicitly active in C90 mode. - Enable it unconditionally as already done for GCC. - - Closes https://github.com/curl/curl/pull/1578 + Closes #1868 -Daniel Stenberg (16 Jun 2017) -- http-proxy: fix chunked-encoded CONNECT responses +- HISTORY: added some recent items + +Jay Satiro (6 Sep 2017) +- SSL: fix unused parameter warnings + +Patrick Monnerat (6 Sep 2017) +- mime: drop internal FILE * support. - Regression since 5113ad0424. + - The part kind MIMEKIND_FILE and associated code are suppressed. + - Seek data origin offset not used anymore: suppressed. + - MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions + renamed accordingly. + - Curl_getformdata() processes stdin via a callback. + +Daniel Stenberg (6 Sep 2017) +- configure: remove --enable-soname-bump and SONAME_BUMP - ... and remove 'flaky' from test 1061 again + Back in 2008, (and commit 3f3d6ebe665f3) we changed the logic in how we + determine the native type for `curl_off_t`. To really make sure we + didn't break ABI without bumping SONAME, we introduced logic that + attempted to detect that it would use a different size and thus not be + compatible. We also provided a manual switch that allowed users to tell + configure to bump SONAME by force. - Closes #1579 - -- http-proxy: deal with EAGAIN + Today, we know of no one who ever got a SONAME bump auto-detected and we + don't know of anyone who's using the manual bump feature. The auto- + detection is also no longer working since we introduced defining + curl_off_t in system.h (7.55.0). - ... the previous code would reset the header length wrongly (since - 5113ad0424). This makes test 1060 reliable again. + Finally, this bumping logic is not present in the cmake build. - Also: make sws send even smaller chunks of data to increase the - likeliness of this happening. - -- libtest/libntlmconnect: fix compiler warnings from f94fcdb + Closes #1861 -- [Jay Satiro brought this change] +Jay Satiro (6 Sep 2017) +- [Gisle Vanem brought this change] - HTTPS-Proxy: don't offer h2 for https proxy connections + vtls: select ssl backend case-insensitive (follow-up) - Bug: https://github.com/curl/curl/issues/1254 + - Do a case-insensitive comparison of CURL_SSL_BACKEND env as well. - Closes #1546 - -- tests: stabilize test 2032 and 2033 + - Change Curl_strcasecompare calls to strcasecompare + (maps to the former but shorter). - Both these tests run the same underlying test code: libntlmconnect.c - - this test code made some assumptions about socket ordering when it used - curl_easy_fdset() and when we changed timing or got accidental changes - in libcurl the tests would fail. + Follow-up to c290b8f. - The tests verify that the different transfers keep using the same - connections, which I now instead made sure by adding the number of bytes - each transfer gets and then verifies that they always get the same - amount as when these tests worked. + Bug: https://github.com/curl/curl/commit/c290b8f#commitcomment-24094313 - Closes #1576 + Co-authored-by: Jay Satiro -- test1148: verify the -# progressbar +- openssl: Integrate Peter Wu's SSLKEYLOGFILE implementation - Closes #1569 - -- test1061: mark as flaky + This is an adaptation of 2 of Peter Wu's SSLKEYLOGFILE implementations. - Fails intermittently on travis builds since a few days. Likely due to - 5113ad0424. - -Jay Satiro (16 Jun 2017) -- url: refactor the check for Windows drive letter in path + The first one, written for old OpenSSL versions: + https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c - - Move the logic to detect a Windows drive letter prefix - (eg c: in c:foo) into a function-like macro. + The second one, written for BoringSSL and new OpenSSL versions: + https://github.com/curl/curl/pull/1346 - Closes https://github.com/curl/curl/pull/1571 - -- mk-ca-bundle.pl: Check curl's exit code after certdata download + Note the first one is GPL licensed but the author gave permission to + waive that license for libcurl. - - No longer allow partial downloads of certdata. + As of right now this feature is disabled by default, and does not have + a configure option to enable it. To enable this feature define + ENABLE_SSLKEYLOGFILE when building libcurl and set environment + variable SSLKEYLOGFILE to a pathname that will receive the keys. - Prior to this change partial downloads were (erroneously?) allowed since - only the server code was checked to be 200. + And in Wireshark change your preferences to point to that key file: + Edit > Preferences > Protocols > SSL > Master-Secret - Bug: https://github.com/curl/curl/pull/1577 - Reported-by: Matteo B. - -Daniel Stenberg (16 Jun 2017) -- dist: add the fuzz dir to the tarball + Co-authored-by: Peter Wu + + Ref: https://github.com/curl/curl/pull/1030 + Ref: https://github.com/curl/curl/pull/1346 + + Closes https://github.com/curl/curl/pull/1866 -- configure: disable nghttp2 too if HTTP has been disabled +Patrick Monnerat (5 Sep 2017) +- mime: fix a trivial warning. -- http-proxy: fix build with --disable-proxy or --disable-http +- mime: replace 'struct Curl_mimepart' by 'curl_mimepart' in encoder code. - Reported-by: Dan Fandrich + mime_state is now a typedef. -- fuzz/README: document how to build +- mime: implement encoders. - Fixes #1476 + curl_mime_encoder() is operational and documented. + curl tool -F option is extended with ";encoder=". + curl tool --libcurl option generates calls to curl_mime_encoder(). + New encoder tests 648 & 649. + Test 1404 extended with an encoder specification. -- [Frederik B brought this change] +- runtests.pl: support attribute "nonewline" in part verify/upload. - fuzz: corpora file structure, initial commit +- [Daniel Stenberg brought this change] -- [Frederik B brought this change] + fixup data/test1135 - fuzz: bring oss-fuzz initial code converted to C89 +- [Daniel Stenberg brought this change] -- http-proxy: only attempt FTP over HTTP proxy + mime: unified to use the typedef'd mime structs everywhere - ... all other non-HTTP protocol schemes are now defaulting to "tunnel - trough" mode if a HTTP proxy is specified. In reality there are no HTTP - proxies out there that allow those other schemes. + ... and slightly edited to follow our code style better. + +- [Daniel Stenberg brought this change] + + curl.h: use lower case curl_mime* as for all public symbols + +- [Daniel Stenberg brought this change] + + docs/curl_mime_*.3: use correct variable types in examples + +Kamil Dudka (5 Sep 2017) +- openssl: use OpenSSL's default ciphers by default - Assisted-by: Ray Satiro, Michael Kaufmann + Up2date versions of OpenSSL maintain the default reasonably secure + without breaking compatibility, so it is better not to override the + default by curl. Suggested at https://bugzilla.redhat.com/1483972 - Closes #1505 + Closes #1846 -- TODO: the generated include file is gone - - ... since commit 73a2fcea0b +Viktor Szakats (5 Sep 2017) +- examples/mime: minor example code fixes -- curl_setup.h: error out on CURL_WANTS_CA_BUNDLE_ENV use +Daniel Stenberg (5 Sep 2017) +- docs/curl_mime_*.3: added examples + +- configure: add MultiSSL to FEATURES when enabled - ... to make it really apparent if there's any user using this on purpose. + ...for curl-config and its corresponding test 1014 + +- http-proxy: treat all 2xx as CONNECT success - Suggested-by: Jay Satiro + Added test 1904 to verify. - Closes #1542 + Reported-by: Lawrence Wagerfield + Fixes #1859 + Closes #1860 -- lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV - - When this define was set, libcurl would check the environment variable - named CURL_CA_BUNDLE at run-time and use that CA cert bundle. This - feature was only defined by the watcom and m32 makefiles and caused - inconsistent behaviours among libcurls built on different platforms. - - The curl tool does already feature its own similar logic and the library - does not really need it, and it isn't documented libcurl behavior. So - this change removes it. +- MAIL-ETIQUETTE: added "1.9 Your emails are public" + +- curl.h: fix "unused checksrc ignore", remove dangling reference - Ref: #1538 + ... to a README file that doesn't exist anymore -- test1147: verify -H on a file +Viktor Szakats (4 Sep 2017) +- docs: Update to secure URL versions -- curl: allow --header and --proxy-header read from file +- mime: use CURL_ZERO_TERMINATED in examples - So many headers can be provided as @filename. + and some minor whitespace fixes + +Daniel Stenberg (4 Sep 2017) +- schannel: return CURLE_SSL_CACERT on failed verification - Suggested-by: Timothe Litt + ... not *CACERT_BADFILE as it isn't really because of a bad file. - Closes #1486 - -- RELEASE-NOTES: synced with 2ad80eec5 + Bug: https://curl.haxx.se/mail/lib-2017-09/0002.html + Closes #1858 -- curl/curlver.h: start working on 7.55.0 +- test1135: fixed after bd8070085f9 -- http-proxy: do the HTTP CONNECT process entirely non-blocking +- examples/post-callback: stop returning one byte at a time - Mentioned as a problem since 2007 (8f87c15bdac63) and of course it - existed even before that. + ... since people copy and paste code from this example and thus they get + an inefficient POST operation without a good reason and sometimes + without understanding why. - Closes #1547 + Instead this now returns as much data as possible. -- progress: let "current speed" be UL + DL speeds combined +- RELEASE-NOTES: fixed the function counter script + +- curl.h: make the curl_strequal() protos use the same style - Bug #1556 - Reported-by: Paul Harris - Closes #1559 + ... as the other functions. Makes it easier to machine-parse! -Marcel Raad (14 Jun 2017) -- system.h: fix MinGW build +- docs: curl_mime_*.3 man page formatting edits + +- RELEASE-NOTES: synced with 1ab9e9b50 + +Patrick Monnerat (4 Sep 2017) +- lib: bump version info (soname). Adapt and reenable test 1135. + +Daniel Stenberg (3 Sep 2017) +- headers: move the global_sslset() proto from multi.h to curl.h - CURLSYS_PULL_WS2TCPIP_H got renamed to CURL_PULL_WS2TCPIP_H in commit - 73a2fcea0b4adea6ba342cd7ed1149782c214ae3. + As it was added to multi.h simply to not break test 1135, which now has + been disabled due to the mime API addition anyway and su we can now move + the sslset stuff to where the other curl_global_* prototypes are. -Daniel Stenberg (14 Jun 2017) -- timers: store internal time stamps as time_t instead of doubles +Patrick Monnerat (3 Sep 2017) +- mime: fix signed/unsigned conversions. - This gives us accurate precision and it allows us to avoid storing "no - time" for systems with too low timer resolution as we then bump the time - up to 1 microsecond. Should fix test 573 on windows. + Use and generate CURL_ZERO_TERMINATED in curl tool and tests. + +Jay Satiro (3 Sep 2017) +- tool_formparse: fix some trivial warnings + +Patrick Monnerat (3 Sep 2017) +- mime: use size_t instead of ssize_t in public API interface. - Remove the now unused curlx_tvdiff_secs() function. + To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED + has been introduced. - Maintains the external getinfo() API with using doubles. + Documentation updated accordingly. - Fixes #1531 + symbols in versions updated. Added form API symbols deprecation info. -- dist: make the hugehelp.c not get regenerated unnecessarily - - The maketgz script now makes sure the generated hugehelp.c file in the - tarball is newer than the generated curl.1 man page, so that it doesn't - have to get unnecessarily rebuilt first thing in a typical build. It - thus also removes the need for perl to build off a plain release - tarball. +- mime: remove support "-" stdin pseudo-file name in curl_mime_filedata(). - Fixes #1565 - -- includes: remove curl/curlbuild.h and curl/curlrules.h + This feature is badly supported in Windows: as a replacement, a caller has + to use curl_mime_data_cb() with fread, fseek and possibly fclose + callbacks to process opened files. - Rely entirely on curl/system.h now. + The cli tool and documentation are updated accordingly. - Introduced in Aug 2008 with commit 14240e9e109f. Now gone. + The feature is however kept internally for form API compatibility, with + the known caveats it always had. - Fixes #1456 - -Version 7.54.1 (14 Jun 2017) + As a side effect, stdin size is not determined by the cli tool even if + possible and this results in a chunked transfer encoding. Test 173 is + updated accordingly. -Daniel Stenberg (14 Jun 2017) -- release: 7.54.1 +- mime: fix some implicit curl_off_t --> size_t conversion warnings. -Dan Fandrich (13 Jun 2017) -- mk-lib1521.pl: updated to match the test changes in 916ec30a +- mime: tests and examples. + + Additional mime-specific tests. + Existing tests updated to reflect small differences (Expect: 100-continue, + data size change due to empty lines, etc). + Option -F headers= keyword added to tests. + test1135 disabled until the entry point order change is resolved. + New example smtp-mime. + Examples postit2 and multi-post converted from form API to mime API. -Daniel Stenberg (13 Jun 2017) -- [Stuart Henderson brought this change] +- mime: use in curl cli tool instead of form API. + + Extended -F option syntax to support multipart mail messages. + -F keyword headers= added to include custom headers in parts. + Documentation upgraded. - libressl: OCSP and intermediate certs workaround no longer needed +- mime: new MIME API. - lib/vtls/openssl.c has a workaround for a bug with OCSP responses signed - by intermediate certs, this was fixed in LibreSSL in - https://github.com/libressl-portable/openbsd/commit/912c64f68f7ac4f225b7d1fdc8fbd43168912ba0 + Available in HTTP, SMTP and IMAP. + Deprecates the FORM API. + See CURLOPT_MIMEPOST. + Lib code and associated documentation. + +- test564: Add a warning comment about shell profile output. - Bug: https://curl.haxx.se/mail/lib-2017-06/0038.html + Shell profile output makes the SSH server failing and this problem reason + is not easy to find when no hint is given. -- url: fix buffer overwrite with file protocol (CVE-2017-9502) +- checksrc: disable SPACEBEFOREPAREN for case statement. - Bug: https://github.com/curl/curl/issues/1540 - Advisory: https://curl.haxx.se/docs/adv_20170614.html + The case keyword may be followed by a constant expression and thus should + allow it to start with an open parenthesis. + +- runtests.pl: allow tags in client section. - Assisted-by: Ray Satiro - Reported-by: Marcel Raad + This enables tests to create more than one file on the client side. -- urlglob: fix division by zero +- runtests.pl: Apply strippart to upload too. - The multiply() function that is used to avoid integer overflows, was - itself reason for a possible division by zero error when passed a - specially formatted glob. + This will allow substitution of boundaries in mail messages. + +- Curl_base64_encode: always call with a real data handle. - Reported-by: GwanYeong Kim + Some calls in different modules were setting the data handle to NULL, causing + segmentation faults when using builds that enable character code conversions. -- configure: update the copyright year in the output +- non-ascii: allow conversion functions to be called with a NULL data handle. -- [ygrek brought this change] +- http: fix a memory leakage in checkrtspprefix(). - BINDINGS: update SP-Forth and OCaml urls +Daniel Stenberg (2 Sep 2017) +- [Max Dymond brought this change] -Michael Kaufmann (11 Jun 2017) -- FindWin32CACert: Use a temporary buffer on the stack + ossfuzz: Move to C++ for curl_fuzzer. - Don't malloc() the temporary buffer, and use the correct type: - SearchPath() works with TCHAR, but SearchPathA() works with char. - Set the buffer size to MAX_PATH, because the terminating null byte - is already included in MAX_PATH. + Automake gets confused if you want to use C++ static libraries with C + code - basically we need to involve the clang++ linker. The easiest way + of achieving this is to rename the C code as C++ code. This gets us a + bit further along the path and ought to be compatible with Google's + version of clang. + +- curl_global_sslset: select backend by name case insensitively - Reviewed-by: Daniel Stenberg - Reviewed-by: Marcel Raad + Closes #1849 + +- [Max Dymond brought this change] + + ossfuzz: additional seed corpora - Closes #1548 + Create simple seed corpora for: + - FTP + - telnet + - dict + - tftp + - imap + - pop3 + + based off the tests of the same number. + + Closes #1842 -Dan Fandrich (11 Jun 2017) -- test1521: fixed OOM handling +- [Max Dymond brought this change] -Daniel Stenberg (9 Jun 2017) -- RELEASE-PROCEDURE: updated future release dates + ossfuzz: moving towards the ideal integration + + - Start with the basic code from the ossfuzz project. + - Rewrite fuzz corpora to be binary files full of Type-Length-Value + data, and write a glue layer in the fuzzing function to convert + corpora into CURL options. + - Have supporting functions to generate corpora from existing tests + - Integrate with Makefile.am -- [Paul Harris brought this change] +- strcase: corrected comment header for Curl_strcasecompare() - gitignore: ignore all vim swap files +- unit1301: fix error message on first test + +- curl_global_sslset.3: show the struct and enum too - Closes #1561 + ... so that users can actually write code based on the man page alone, + not having to read the header file. -- lib1521: fix compiler warnings on the use of bad 'long' values +Jay Satiro (31 Aug 2017) +- darwinssl: handle long strings in TLS certs (follow-up) - Reported-by: Marcel Raad - Bug: https://github.com/curl/curl/commit/cccac4fb2b20d6ed87da7978408c3ecacc464fe4#commitcomment-22453387 + - Fix handling certificate subjects that are already UTF-8 encoded. + + Follow-up to b3b75d1 from two days ago. Since then a copy would be + skipped if the subject was already UTF-8, possibly resulting in a NULL + deref later on. + + Ref: https://github.com/curl/curl/issues/1823 + Ref: https://github.com/curl/curl/pull/1831 + + Closes https://github.com/curl/curl/pull/1836 -- setopt: check CURLOPT_ADDRESS_SCOPE option range +Daniel Stenberg (31 Aug 2017) +- cyassl: call it the "WolfSSL" backend - ... and return error instead of triggering an assert() when being way - out of range. + ... instead of cyassl, as this is the current name for it. + + Closes #1844 -Jay Satiro (8 Jun 2017) -- [TheAssassin brought this change] +- polarssl: fix multissl breakage + + Reported-by: Dan Fandrich + Bug: https://curl.haxx.se/mail/lib-2017-08/0121.html + Closes #1843 - cmake: Fix inconsistency regarding mbed TLS include directory +- configure: remove the leading comma from the backends list - Previously, one had to set MBEDTLS_INCLUDE_DIR to make CMake find the - headers, but the system complained that mbed TLS wasn't found due to - MBEDTLS_INCLUDE_DIRS (note the trailing s) was not set. This commit - attempts to fix that. + ... when darwinssl is used. - Closes https://github.com/curl/curl/pull/1541 - -Daniel Stenberg (8 Jun 2017) -- [Ryuichi KAWAMATA brought this change] + Reported-by: Viktor Szakats + Bug: https://github.com/curl/curl/commit/b0989cd3abaff4f9a0717b4875022fa79e33b481#commitcomment-23943493 + + Closes #1845 - examples/multi-uv.c: fix deprecated symbol +Kamil Dudka (30 Aug 2017) +- examples/sslbackend.c: fix failure of 'make checksrc' - Closes #1557 + ./sslbackend.c:58:3: warning: else after closing brace on same line (BRACEELSE) + } else if(isdigit(*name)) { + ^ + ./sslbackend.c:62:3: warning: else after closing brace on same line (BRACEELSE) + } else + ^ -- asyn-ares: s/Curl_expire_latest/Curl_expire +Viktor Szakats (30 Aug 2017) +- makefile.m32: add multissl support + + Closes https://github.com/curl/curl/pull/1840 -- expire: remove Curl_expire_latest() +Daniel Stenberg (30 Aug 2017) +- curl.h: CURLSSLBACKEND_WOLFSSL used wrong value - With the introduction of expire IDs and the fact that existing timers - can be removed now and thus never expire, the concept with adding a - "latest" timer is not working anymore as it risks to not expire at all. + The CURLSSLBACKEND_WOLFSSL is supposed to be an alias for + CURLSSLBACKEND_CYASSL, but used an erronous value. To reduce the risk + for a similar mistake, define the backend aliases to use the enum values + instead. - So, to be certain the timers actually are in line and will expire, the - plain Curl_expire() needs to be used. The _latest() function was added - as a sort of shortcut in the past that's quite simply not necessary - anymore. + Reported-by: Gisle Vanem + Bug: https://curl.haxx.se/mail/lib-2017-08/0120.html + +- curl_global_sslset.3: clarify - Follow-up to 31b39c40cf90 + it is a one time *set*, not necessarily a one time use... it can be + called again if the first call failed or just listed the alternatives. - Reported-by: Paul Harris + clarify that the available backends are the ones this build supports - Closes #1555 - -- [Chris Carlmar brought this change] - - configure: fix link with librtmp when specifying path + plus add some formatting - Bug: https://curl.haxx.se/mail/lib-2017-06/0017.html + Reported-by: Rich Gray + Bug: https://curl.haxx.se/mail/lib-2017-08/0119.html -- file: make speedcheck use current time for checks +- curl/multi.h: remove duplicated closing c++ brace - ... as it would previously just get the "now" timestamp before the - transfer starts and then not update it again. + Regression since 1328f69d53f2f2e93 - Closes #1550 + Fixes #1841 + Reported-by: Andrei Karas -- metalink: remove unused printf() argument +- RELEASE-NOTES: synced with 8c33c963a -- travis: let some builds *not* use --enable-debug +- HELP-US.md: spelling + +- HELP-US.md: "How to get started helping out in the curl project" - typecheck-gcc and other things require optimized builds + Closes #1837 + +Dan Fandrich (29 Aug 2017) +- asyn-thread: Fixed cleanup after OOM - Closes #1544 + destroy_async_data() assumes that if the flag "done" is not set yet, the + thread itself will clean up once the request is complete. But if an + error (generally OOM) occurs before the thread even has a chance to + start, it will never get a chance to clean up and memory will be leaked. + By clearing "done" only just before starting the thread, the correct + cleanup sequence will happen in all cases. -- README.md: show the coverall coverage on github +Daniel Stenberg (28 Aug 2017) +- curl_global_init.3: mention curl_global_sslset(3) -- lib1521: fix compiler warnings +Dan Fandrich (28 Aug 2017) +- unit1606: Fixed shadowed variable warning -- test1521: make the code < 80 columns wide +- asyn-thread: Improved cleanup after OOM situations -- test1121: use stricter types to work with typcheck-gcc +- asyn-thread: Set errno to the proper value ENOMEM in OOM situation + + This used to be set in some configurations to EAI_MEMORY which is not a + valid value for errno and caused Curl_strerror to fail an assertion. -- typecheck-gcc: allow CURLOPT_STDERR to be NULL too +Daniel Stenberg (28 Aug 2017) +- [Johannes Schindelin brought this change] -- test1521: test *all* curl_easy_setopt options - - mk-lib1521.pl generates a test program (lib1521.c) that calls - curl_easy_setopt() for every known option with a few typical values to - make sure they work (ignoring the return codes). + configure: Handle "MultiSSL" specially When versioning symbols - Some small changes were necessary to avoid asserts and NULL accesses - when doing this. + There is a mode in which libcurl is compiled with versioned symbols, + depending on the active SSL backend. - The perl script needs to be manually rerun when we add new options. + When multiple SSL backends are active, it does not make sense to favor + one over the others, so let's not: introduce a new prefix for the case + where multiple SSL backends are compiled into cURL. - Closes #1543 + Signed-off-by: Johannes Schindelin -Dan Fandrich (5 Jun 2017) -- test1538: added "verbose logs" keyword +- [Johannes Schindelin brought this change] + + configure: allow setting the default SSL backend - These error messages are not displayed with --disable-verbose + Previously, we used as default SSL backend whatever was first in the + `available_backends` array. + + However, some users may want to override that default without patching + the source code. + + Now they can: with the --with-default-ssl-backend= option of + the ./configure script. + + Signed-off-by: Johannes Schindelin -Daniel Stenberg (5 Jun 2017) -- test1262: verify ftp download with -z for "if older than this" +- [Johannes Schindelin brought this change] -Marcel Raad (5 Jun 2017) -- curl_ntlm_core: use Curl_raw_toupper instead of toupper + vtls: use Curl_ssl_multi pseudo backend only when needed - This was the only remaining use of toupper in the entire source code. + When only one SSL backend is configured, it is totally unnecessary to + let multissl_init() configure the backend at runtime, we can select the + correct backend at build time already. - Suggested-by: Daniel Stenberg + Signed-off-by: Johannes Schindelin -Daniel Stenberg (4 Jun 2017) -- RELEASE-NOTES: synced with 65ba92650 +- [Johannes Schindelin brought this change] -Marcel Raad (4 Jun 2017) -- curl_ntlm_core: pass unsigned char to toupper + version: if built with more than one SSL backend, report all of them - Otherwise, clang on Cygwin64 warns: - curl_ntlm_core.c:525:35: error: array subscript is of type 'char' - [-Werror,-Wchar-subscripts] - dest[2 * i] = (unsigned char)(toupper(src[i])); - ^~~~~~~~~~~~~~~ - /usr/include/ctype.h:152:25: note: expanded from macro 'toupper' - (void) __CTYPE_PTR[__x]; (toupper) (__x);}) - ^~~~ + To discern the active one from the inactive ones, put the latter into + parentheses. + + Signed-off-by: Johannes Schindelin -Jay Satiro (3 Jun 2017) -- [Mahmoud Samir Fayed brought this change] +- [Johannes Schindelin brought this change] - BINDINGS: add Ring binding + version: add the CURL_VERSION_MULTI_SSL feature flag - Closes https://github.com/curl/curl/pull/1539 + This new feature flag reports When cURL was built with multiple SSL + backends. + + Signed-off-by: Johannes Schindelin -Daniel Stenberg (4 Jun 2017) -- CONTRIBUTE.md: mention tests done on pull requests +- [Johannes Schindelin brought this change] -- travis: add coverage, distcheck and cmake builds + metalink: allow compiling with multiple SSL backends - Closes #1534 - -Marcel Raad (3 Jun 2017) -- libtest: fix int-in-bool-context warnings + Previously, the code assumed that at most one of the SSL backends would + be compiled in, emulating OpenSSL's functions if the configured backend + was not OpenSSL itself. + + However, now we allow building with multiple SSL backends and choosing + one at runtime. Therefore, metalink needs to be adjusted to handle this + scenario, too. - GCC 7 complained: - ‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context] - -- libtest: fix implicit-fallthrough warnings with GCC 7 + Signed-off-by: Johannes Schindelin -- x509asn1: fix implicit-fallthrough warning with GCC 7 +- [Johannes Schindelin brought this change] -- curl_sasl: fix unused-variable warning + docs/examples: demonstrate how to select SSL backends - This fixes the following warning with CURL_DISABLE_CRYPTO_AUTH, - as seen in the autobuilds: + The newly-introduced curl_global_sslset() function deserves to be + show-cased. - curl_sasl.c:417:9: warning: unused variable 'serverdata' - [-Wunused-variable] + Signed-off-by: Johannes Schindelin -Daniel Stenberg (3 Jun 2017) -- updatemanpages.pl: error out on too old git version +- [Johannes Schindelin brought this change] -Marcel Raad (3 Jun 2017) -- cyassl: define build macros before including ssl.h - - cyassl/ssl.h needs the macros from cyassl/options.h, so define them - before including cyassl/ssl.h the first time, which happens in - urldata.h. - This broke the build on Ubuntu Xenial, which comes with WolfSSL 3.4.8 - and therefore redefines the symbols from cyassl/options.h instead of - including the header. + Add a man page for curl_global_sslset() - Closes https://github.com/curl/curl/pull/1536 + Signed-off-by: Johannes Schindelin -Daniel Stenberg (3 Jun 2017) -- tool_util: remove unused tvdiff_secs and remove tool_ prefix - - Closes #1532 +- [Johannes Schindelin brought this change] -- dedotdot: fixed output for ".." and "." only input + vtls: introduce curl_global_sslset() - Found when updating test 1395, which I did to increase test coverage of - this source file... + Let's add a compile time safe API to select an SSL backend. This + function needs to be called *before* curl_global_init(), and can be + called only once. + + Side note: we do not explicitly test that it is called before + curl_global_init(), but we do verify that it is not called multiple times + (even implicitly). + + If SSL is used before the function was called, it will use whatever the + CURL_SSL_BACKEND environment variable says (or default to the first + available SSL backend), and if a subsequent call to + curl_global_sslset() disagrees with the previous choice, it will fail + with CURLSSLSET_TOO_LATE. + + The function also accepts an "avail" parameter to point to a (read-only) + NULL-terminated list of available backends. This comes in real handy if + an application wants to let the user choose between whatever SSL backends + the currently available libcurl has to offer: simply call + + curl_global_sslset(-1, NULL, &avail); + + which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail + variable to point to the relevant information to present to the user. + + Just like with the HTTP/2 push functions, we have to add the function + declaration of curl_global_sslset() function to the header file + *multi.h* because VMS and OS/400 require a stable order of functions + declared in include/curl/*.h (where the header files are sorted + alphabetically). This looks a bit funny, but it cannot be helped. - Closes #1535 + Signed-off-by: Johannes Schindelin -Marcel Raad (2 Jun 2017) -- mbedtls: make TU-local variable static - - mbedtls_x509_crt_profile_fr is only used locally. - This fixes a missing-variable-declarations warning with clang. +- [Johannes Schindelin brought this change] -- MD(4|5): silence cast-align clang warning + vtls: refactor out essential information about the SSL backends - Unaligned access is on purpose here and the warning is harmless on - affected architectures. GCC knows that, while clang warns on all - architectures. - -Daniel Stenberg (2 Jun 2017) -- test1538: fix typo + There is information about the compiled-in SSL backends that is really + no concern of any code other than the SSL backend itself, such as which + function (if any) implements SHA-256 summing. + + And there is information that is really interesting to the user, such as + the name, or the curl_sslbackend value. + + Let's factor out the latter into a publicly visible struct. This + information will be used in the upcoming API to set the SSL backend + globally. + + Signed-off-by: Johannes Schindelin -- test1538: verify the libcurl strerror API calls +- [Johannes Schindelin brought this change] -- curl_endian: remove unused functions + vtls: allow selecting which SSL backend to use at runtime - Closes #1529 - -- test1537: dedicated tests of the URL (un)escape API calls + When building software for the masses, it is sometimes not possible to + decide for all users which SSL backend is appropriate. - Closes #1530 + Git for Windows, for example, uses cURL to perform clones, fetches and + pushes via HTTPS, and some users strongly prefer OpenSSL, while other + users really need to use Secure Channel because it offers + enterprise-ready tools to manage credentials via Windows' Credential + Store. + + The current Git for Windows versions use the ugly work-around of + building libcurl once with OpenSSL support and once with Secure Channel + support, and switching out the binaries in the installer depending on + the user's choice. + + Needless to say, this is a super ugly workaround that actually only + works in some cases: Git for Windows also comes in a portable form, and + in a form intended for third-party applications requiring Git + functionality, in which cases this "swap out libcurl-4.dll" simply is + not an option. + + Therefore, the Git for Windows project has a vested interest in teaching + cURL to make the SSL backend a *runtime* option. + + This patch makes that possible. + + By running ./configure with multiple --with- options, cURL will + be built with multiple backends. + + For the moment, the backend can be configured using the environment + variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and + "schannel"). + + Signed-off-by: Johannes Schindelin -- coverage: run event tests too +- [Johannes Schindelin brought this change] + + vtls: fold the backend ID into the Curl_ssl structure - ... the torture ones are commented out only because they are slooooow. + Signed-off-by: Johannes Schindelin -- build: provide easy code coverage measuring +- [Johannes Schindelin brought this change] + + curl_ntlm_core: don't complain but #include OpenSSL header if needed - Closes #1528 + Signed-off-by: Johannes Schindelin -- typecheck-gcc.h: check CURLINFO_CERTINFO +- [Johannes Schindelin brought this change] + + vtls: encapsulate SSL backend-specific data - ... and update the certinfo.c example accordingly. + So far, all of the SSL backends' private data has been declared as + part of the ssl_connect_data struct, in one big #if .. #elif .. #endif + block. + + This can only work as long as the SSL backend is a compile-time option, + something we want to change in the next commits. + + Therefore, let's encapsulate the exact data needed by each SSL backend + into a private struct, and let's avoid bleeding any SSL backend-specific + information into urldata.h. This is also necessary to allow multiple SSL + backends to be compiled in at the same time, as e.g. OpenSSL's and + CyaSSL's headers cannot be included in the same .c file. + + To avoid too many malloc() calls, we simply append the private structs + to the connectdata struct in allocate_conn(). + + This requires us to take extra care of alignment issues: struct fields + often need to be aligned on certain boundaries e.g. 32-bit values need to + be stored at addresses that divide evenly by 4 (= 32 bit / 8 + bit-per-byte). + + We do that by assuming that no SSL backend's private data contains any + fields that need to be aligned on boundaries larger than `long long` + (typically 64-bit) would need. Under this assumption, we simply add a + dummy field of type `long long` to the `struct connectdata` struct. This + field will never be accessed but acts as a placeholder for the four + instances of ssl_backend_data instead. the size of each ssl_backend_data + struct is stored in the SSL backend-specific metadata, to allow + allocate_conn() to know how much extra space to allocate, and how to + initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend + pointers. - Fixes https://github.com/curl/curl/issues/846 - -- typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION + This would appear to be a little complicated at first, but is really + necessary to encapsulate the private data of each SSL backend correctly. + And we need to encapsulate thusly if we ever want to allow selecting + CyaSSL and OpenSSL at runtime, as their headers cannot be included within + the same .c file (there are just too many conflicting definitions and + declarations for that). - ... so that they get the required "struct curl_tlssessioninfo **" - arguments. + Signed-off-by: Johannes Schindelin -- typecheck-gcc.h: separate getinfo slist checks from other pointers - - Fixes #1524 +- [Johannes Schindelin brought this change] -Marcel Raad (1 Jun 2017) -- curl-compilers.m4: escape square brackets in regex + vtls: prepare the SSL backends for encapsulated private data - Otherwise, they are removed in the final configure file. - Also changed sed to "$SED" like in most other calls in this file. + At the moment, cURL's SSL backend needs to be configured at build time. + As such, it is totally okay for them to hard-code their backend-specific + data in the ssl_connect_data struct. + + In preparation for making the SSL backend a runtime option, let's make + the access of said private data a bit more abstract so that it can be + adjusted later in an easy manner. + + Signed-off-by: Johannes Schindelin -- curl-compilers.m4: fix compiler_num for clang +- [Johannes Schindelin brought this change] + + urldata.h: move SSPI-specific #include to correct location - "clang -dumpversion" always returns "4.2.1", the GCC version that clang - was initially compatible to. Use "clang -v" instead, which returns the - actual clang version. + In 86b889485 (sasl_gssapi: Added GSS-API based Kerberos V5 variables, + 2014-12-03), an SSPI-specific field was added to the kerberos5data + struct without moving the #include "curl_sspi.h" later in the same file. + + This broke the build when SSPI was enabled, unless Secure Channel was + used as SSL backend, because it just so happens that Secure Channel also + requires "curl_sspi.h" to be #included. + + In f4739f639 (urldata: include curl_sspi.h when Windows SSPI is enabled, + 2017-02-21), this bug was fixed incorrectly: Instead of moving the + appropriate conditional #include, the Secure Channel-conditional part + was now also SSPI-conditional. + + Fix this problem by moving the correct #include instead. + + This is also required for an upcoming patch that moves all the Secure + Channel-specific stuff out of urldata.h and encapsulates it properly in + vtls/schannel.c instead. - Fixes https://github.com/curl/curl/issues/1522 - Closes https://github.com/curl/curl/pull/1523 + Signed-off-by: Johannes Schindelin -Daniel Stenberg (31 May 2017) -- examples/externalsocket.c: s/closesocket/closecb +- [Johannes Schindelin brought this change] + + urldata.h: remove support for obsolete PolarSSL version - ... since closesocket is a function in WinSock. + Since 5017d5ada (polarssl: now require 1.3.0+, 2014-03-17), we require + a newer PolarSSL version. No need to keep code trying to support any + older version. - Reported-by: Marcel Raad - Bug: https://github.com/curl/curl/commit/55fcb8485914700132fd1854c9509b66c955efbe#co - mmitcomment-22347818 + Signed-off-by: Johannes Schindelin -Marcel Raad (31 May 2017) -- lib583: fix compiler warning +- [Johannes Schindelin brought this change] + + getinfo: access SSL internals via Curl_ssl - Use CURLMcode for variable 'res' and cast to int where necessary - instead of the other way around. Other tests do the same. + In the ongoing endeavor to abstract out all SSL backend-specific + functionality, this is the next step: Instead of hard-coding how the + different SSL backends access their internal data in getinfo.c, let's + implement backend-specific functions to do that task. - This fixes the following clang warning: - lib583.c:68:15: warning: cast from function call of type 'CURLMcode' to - non-matching type 'int' [-Wbad-function-cast] + This will also allow for switching SSL backends as a runtime option. + + Signed-off-by: Johannes Schindelin -Daniel Stenberg (31 May 2017) -- CURLOPT_SSH_KEY*.3: typos +- [Johannes Schindelin brought this change] + + vtls: move SSL backends' private constants out of their header files - Reported-by: Gisle Vanem + Signed-off-by: Johannes Schindelin -- CURLOPT_STREAM_DEPENDS.3: typo +- [Johannes Schindelin brought this change] -- CURLOPT_FNMATCH_FUNCTION.3: also modified example to avoid fcpp issues + axtls: use Curl_none_* versions of init() and cleanup() + + There are convenient no-op versions of the init/cleanup functions now, + no need to define private ones for axTLS. + + Signed-off-by: Johannes Schindelin -- CURLOPT_FNMATCH_DATA.3: modified example to avoid fcpp issues +- [Johannes Schindelin brought this change] -- opts: more than 100 more examples for man pages... + vtls: remove obsolete declarations of SSL backend functionality + + These functions are all available via the Curl_ssl struct now, no need + to declare them separately anymore. + + As the global declarations are removed, the corresponding function + definitions are marked as file-local. The only two exceptions here are + Curl_mbedtls_shutdown() and Curl_polarssl_shutdown(): only the + declarations were removed, there are no function definitions to mark + file-local. + + Please note that Curl_nss_force_init() is *still* declared globally, as + the only SSL backend-specific function, because it was introduced + specifically for the use case where cURL was compiled with + `--without-ssl --with-nss`. For details, see f3b77e561 (http_ntlm: add + support for NSS, 2010-06-27). + + Signed-off-by: Johannes Schindelin -- libtest/lib574.c: use correct callback proto +- [Johannes Schindelin brought this change] -- examples/sampleconv.c: indent changes, made callbacks static + schannel: reorder functions topologically + + The _shutdown() function calls the _session_free() function; While this + is not a problem now (because schannel.h declares both functions), a + patch looming in the immediate future with make all of these functions + file-local. + + So let's just move the _session_free() function's definition before it + is called. + + Signed-off-by: Johannes Schindelin -- example/externalsocket.c: make it use CLOSESOCKETFUNCTION too +- [Johannes Schindelin brought this change] -Marcel Raad (31 May 2017) -- curl-compilers.m4: enable -Wshift-sign-overflow for clang + axtls: reorder functions topologically - clang 2.9+ supports -Wshift-sign-overflow, which warns about undefined - behavior on signed left shifts when shifting by too many places. + The connect_finish() function (like many other functions after it) calls + the Curl_axtls_close() function; While this is not a problem now + (because axtls.h declares the latter function), a patch looming in the + immediate future with make all of these functions file-local. - Ref: https://github.com/curl/curl/issues/1516 - Closes https://github.com/curl/curl/pull/1517 + So let's just move the Curl_axtls_close() function's definition before + it is called. + + Signed-off-by: Johannes Schindelin -Daniel Stenberg (31 May 2017) -- CURLOPT_PROXY.3: fix test 1140 breakage +- [Johannes Schindelin brought this change] -Jay Satiro (31 May 2017) -- build-wolfssl: Sync config with wolfSSL 3.11 + vtls: move the SUPPORT_HTTPS_PROXY flag into the Curl_ssl struct - wolfSSL configure script relevant changes from 3.10 to 3.11: + That will allow us to choose the SSL backend at runtime. - - Async threading support added; disabled by default without async - crypto, which continues to be disabled by default. + Signed-off-by: Johannes Schindelin + +- [Johannes Schindelin brought this change] + + vtls: convert the have_curlssl_* constants to runtime flags - wolfSSL configure script relevant changes from 3.11 to 3.11.1 (beta): + The entire idea of introducing the Curl_ssl struct to describe SSL + backends is to prepare for choosing the SSL backend at runtime. - - TLS 1.3 beta support added; disabled by default. + To that end, convert all the #ifdef have_curlssl_* style conditionals + to use bit flags instead. - For experimenting I put in a comment block the defines needed to enable - TLS 1.3 support (ie the equivalent of --enable-tls13). + Signed-off-by: Johannes Schindelin -Daniel Stenberg (30 May 2017) -- opts: more examples added to man pages +- [Johannes Schindelin brought this change] -- docs: clarify NO_PROXY further + vtls: move sha256sum into the Curl_ssl struct - Fixes #1208 + The SHA-256 checksumming is also an SSL backend-specific function. + Let's include it in the struct declaring the functionality of SSL + backends. + + In contrast to MD5, there is no fall-back code. To indicate this, the + respective entries are NULL for those backends that offer no support for + SHA-256 checksumming. + + Signed-off-by: Johannes Schindelin -- CURLOPT_PROXY.3: describe the environment variables more +- [Johannes Schindelin brought this change] -- transfer: init the infilesize from the postfields... + vtls: move md5sum into the Curl_ssl struct - ... with a strlen() if no size was set, and do this in the pretransfer - function so that the info is set early. Otherwise, the default strlen() - done on the POSTFIELDS data never sets state.infilesize. + The MD5 summing is also an SSL backend-specific function. So let's + include it, offering the previous fall-back code as a separate function + now: Curl_none_md5sum(). To allow for that, the signature had to be + changed so that an error could be returned from the implementation + (Curl_none_md5sum() can run out of memory). - Reported-by: Vincas Razma - Bug: #1294 + Signed-off-by: Johannes Schindelin -Jay Satiro (29 May 2017) -- test557: fix ubsan runtime error due to int left shift +- [Johannes Schindelin brought this change] + + vtls: use the Curl_ssl struct to access all SSL backends' functionality - - Test curl_msnprintf negative int width arg using INT_MIN instead of - 1 << 31 which is undefined behavior. + This is the first step to unify the SSL backend handling. Now all the + SSL backend-specific functionality is accessed via a global instance of + the Curl_ssl struct. - Closes https://github.com/curl/curl/issues/1516 + Signed-off-by: Johannes Schindelin -- mbedtls: fix variable shadow warning +- [Johannes Schindelin brought this change] + + vtls: declare Curl_ssl structs for every SSL backend - vtls/mbedtls.c:804:69: warning: declaration of 'entropy' shadows a global declaration [-Wshadow] - CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, - ^~~~~~~ + The idea of introducing the Curl_ssl struct was to unify how the SSL + backends are declared and called. To this end, we now provide an + instance of the Curl_ssl struct for each and every SSL backend. + + Signed-off-by: Johannes Schindelin -Daniel Stenberg (29 May 2017) -- RELEASE-NOTES: synced with 3aaac8c2f +- [Johannes Schindelin brought this change] -Dan Fandrich (28 May 2017) -- tests: removed some redundant empty sections + vtls: introduce a new struct for SSL backends + + This new struct is similar in nature to Curl_handler: it will define the + functions and capabilities of all the SSL backends (where Curl_handler + defines the functions and capabilities of protocol handlers). + + Signed-off-by: Johannes Schindelin -- runtests.pl: removed feature +- [Johannes Schindelin brought this change] + + vtls: make sure every _sha256sum()'s first arg is const - This hasn't been used in over a decade. can still be used to - run commands before the main test. + This patch makes the signature of the _sha256sum() functions consistent + among the SSL backends, in preparation for unifying the way all SSL + backends are accessed. + + Signed-off-by: Johannes Schindelin -Daniel Stenberg (27 May 2017) -- opts: more examples added in option man pages +- [Johannes Schindelin brought this change] -Dan Fandrich (27 May 2017) -- runtests.pl: removed unused arguments to valgrindparse + vtls: make sure all _data_pending() functions return bool + + This patch makes the signature of the _data_pending() functions + consistent among the SSL backends, in preparation for unifying the way + all SSL backends are accessed. + + Signed-off-by: Johannes Schindelin -Daniel Stenberg (25 May 2017) -- TODO: 6.4 is done, send telnet data in chunks +- [Johannes Schindelin brought this change] -- [Phil Crump brought this change] + vtls: make sure all _cleanup() functions return void + + This patch makes the signature of the _cleanup() functions consistent + among the SSL backends, in preparation for unifying the way all SSL + backends are accessed. + + Signed-off-by: Johannes Schindelin - docs/CURLOPT_SSLVERSION.3: Correct define name in example +- [Johannes Schindelin brought this change] + + vtls: use consistent signature for _random() implementations - Closes #1509 + This will make the upcoming multissl backend much easier to implement. + + Signed-off-by: Johannes Schindelin -- ssh: fix 'left' may be used uninitialized +- strtooff: fix build for systems with long long but no strtoll option - follow-up to f31760e63b4e + Closes #1829 - Reported-by: Michael Kaufmann - Bug: https://github.com/curl/curl/pull/1495#issuecomment-303982793 + Reported-by: Dan Fandrich + Bug: https://github.com/curl/curl/pull/1758#issuecomment-324861615 -Michael Kaufmann (24 May 2017) -- time: fix type conversions and compiler warnings +- darwinssl: handle long strings in TLS certs - Fix bugs and compiler warnings on systems with 32-bit long and - 64-bit time_t. + ... as the previous fixed length 128 bytes buffer was sometimes too + small. - Reviewed-by: Daniel Stenberg + Fixes #1823 + Closes #1831 - Closes #1499 + Reported-by: Benjamin Sergeant + Assisted-by: Bill Pyne, Ray Satiro, Nick Zitzmann -Marcel Raad (24 May 2017) -- examples: fix Wimplicit-fallthrough warnings +- system.h: include sys/poll.h for AIX - This is contained in -Wextra with GCC 7. + ... to get the event/revent defines that might be used for the poll + struct. + + Reported-by: Michael Smith + Fixes #1828 + Closes #1833 -Daniel Stenberg (24 May 2017) -- [Anatol Belski brought this change] +Dan Fandrich (26 Aug 2017) +- tests: Make sure libtests & unittests call curl_global_cleanup() + + These were missed in commit c468c27b. - winbuild: fix the nghttp2 build +Jay Satiro (26 Aug 2017) +- [theantigod brought this change] + + winbuild: fix embedded manifest option - Closes #1321 + Embedded manifest option didn't work due to incorrect path. + + Fixes https://github.com/curl/curl/issues/1832 -GitHub (24 May 2017) -- [Sergei Nikulov brought this change] +Daniel Stenberg (25 Aug 2017) +- fuzz/Makefile.am: remove curlbuild.h leftovers - LDAP: documentation update per #878 changes (#1506) +- examples/threaded-ssl: mention that this is for openssl before 1.1 -Daniel Stenberg (23 May 2017) -- redirect: store the "would redirect to" URL when max redirs is reached +- imap: use defined names for response codes - Test 1261 added to verify. + When working on this code I found the previous setup a bit weird while + using proper defines increases readability. - Reported-by: Lloyd Fournier + Closes #1824 + +- CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD + +- imap: support PREAUTH - Fixes #1489 - Closes #1497 + It is a defined possible greeting at server startup that means the + connection is already authenticated. See + https://tools.ietf.org/html/rfc3501#section-7.1.4 + + Test 846 added to verify. + + Fixes #1818 + Closes #1820 -GitHub (24 May 2017) -- [Sergei Nikulov brought this change] +Jay Satiro (23 Aug 2017) +- config-tpf: define SIZEOF_LONG + + Recent changes that replaced CURL_SIZEOF_LONG in the source with + SIZEOF_LONG broke builds that use the premade configuration files and + don't have SIZEOF_LONG defined. + + Bug: https://github.com/curl/curl/issues/1816 - LDAP: fixed checksrc issue +Dan Fandrich (23 Aug 2017) +- test1453: Fixed -- [Sergei Nikulov brought this change] +Daniel Stenberg (22 Aug 2017) +- [Gisle Vanem brought this change] - LDAP: using ldap_bind_s on Windows with methods (#878) - - * LDAP: using ldap_bind_s on Windows with methods(BASIC/DIGEST/NTLM/AUTONEG) - - * ldap: updated per build options handling + config-dos: add missing defines, SIZEOF_* and two others - * ldap: fixed logic for auth selection - -Daniel Stenberg (23 May 2017) -- [Akhil Kedia brought this change] + Bug: #1816 - cmake: fix build on Ubuntu 14.04 +- curl: shorten and clean up CA cert verification error message - Fixed a syntax error with setting cache variables (The type and - docstring were missing), resulting in build errors. Quoted the - CURL_CA_PATH and CURL_CA_BUNDLE otherwise the path was written without - quotes in C code, resulting in build errors. + The previous message was just too long for ordinary people and it was + encouraging users to use `--insecure` a little too easy. - Closes #1503 + Based-on-work-by: Frank Denis - Signed-off-by: Akhil + Closes #1810 + Closes #1817 -- url: fix declaration of 'pipe' shadows a global declaration - - follow-up to 4cdb1be8246c +- request-target.d: mention added in 7.55.0 -Kamil Dudka (22 May 2017) -- memdebug: fix compilation failure +Marcel Raad (22 Aug 2017) +- tool_main: turn off MinGW CRT's globbing - .... caused by a typo in the last commit (fixing issue #1504): + By default, the MinGW CRT globs command-line arguments. This prevents + getting a single asterisk into an argument as test 1299 does. Turn off + globbing by setting the global variable _CRT_glob to 0 for MinGW. - memdebug.c: In function ‘curl_fclose’: - memdebug.c:444:3: error: implicit declaration of function - ‘DEBUGDEBUGASSERT’ [-Werror=implicit-function-declaration] + Fixes https://github.com/curl/curl/issues/1751 + Closes https://github.com/curl/curl/pull/1813 -Daniel Stenberg (22 May 2017) -- assert: avoid, use DEBUGASSERT instead! +Viktor Szakats (22 Aug 2017) +- makefile.m32: add support for libidn2 - ... as it does extra checks to actually work. + libidn was replaced with libidn2 last year in configure. + Caveat: libidn2 may depend on a list of further libs. + These can be manually specified via CURL_LDFLAG_EXTRAS. - Reported-by: jonrumsey at github - Fixes #1504 - -- [Simon Warta brought this change] - - cmake: remove unused variables: GNUTLS_ENABLED, NSS_ENABLED - -- [Simon Warta brought this change] - - cmake: remove CURL_CA_BUNDLE from cmake TODO + Closes https://github.com/curl/curl/pull/1815 -- [Simon Warta brought this change] +Jay Satiro (22 Aug 2017) +- [Viktor Szakats brought this change] - cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH + config-win32: define SIZEOF_LONG - Closes #1461 - -- [Simon Warta brought this change] - - cmake: add CURL_CA_BUNDLE/CURL_CA_FALLBACK/CURL_CA_PATH options + Recent changes that replaced CURL_SIZEOF_LONG in the source with + SIZEOF_LONG broke builds that use the premade configuration files and + don't have SIZEOF_LONG defined. + + Closes https://github.com/curl/curl/pull/1814 -- [Simon Warta brought this change] +Daniel Stenberg (20 Aug 2017) +- cmake: enable picky compiler options with clang and gcc + + closes #1799 - cmake: Add CURL_CA_FALLBACK to curl_config.h.cmake +- curl/system.h: fix build for hppa - This is for symmetry with the autoconf generated curl_config.h.in + Reported-by: John David Anglin + Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872502#10 -- RELEASE-NOTES: synced with 052a14e3c +- [Even Rouault brought this change] -Michael Kaufmann (20 May 2017) -- tests: stabilize test 1034 + tftp: fix memory leak on too long filename - Pass the invalid domain name on stdin. On some systems, the test - framework cannot pass invalid UTF-8 sequences on the command line. + Fixes - Closes #1488 - -Daniel Stenberg (20 May 2017) -- ssh: ignore timeouts during disconnect + $ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz - ... as otherwise it risks not cleaning up the libssh2 handle properly - which leads to memory leak! + ==9752== Memcheck, a memory error detector + ==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. + ==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info + ==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz + ==9752== + curl: (71) TFTP file name too long - Assisted-by: Joel Depooter + ==9752== + ==9752== HEAP SUMMARY: + ==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11 + ==9752== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) + ==9752== by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) + ==9752== by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) + ==9752== by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) + ==9752== by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) + ==9752== by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) + ==9752== by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) + ==9752== by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl) + ==9752== by 0x40E849: operate (in /home/even/install-curl-git/bin/curl) + ==9752== by 0x402693: main (in /home/even/install-curl-git/bin/curl) - Closes #1495 - Closes #1479 + Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568 + Credit to OSS Fuzz - Bug: https://curl.haxx.se/mail/lib-2017-04/0024.html + Closes #1808 -- ghiper.c/hiperfifo.c: add comment about missing timer functionality - - It takes someone to read up on the APIs of these libraries to figure out - how to do this correctly. +Dan Fandrich (19 Aug 2017) +- runtests: fixed case insensitive matching of keywords - Reported-by: Michael Kaufmann + Commit 5c2aac71 didn't work in the case of mixed-case keywords given on + the command-line. + +- tests: Make sure libtests call curl_global_cleanup() - Closes #1253 + This ensures that global data allocations are freed so Valgrind stays + happy. This was a problem with at least PolarSSL and mbedTLS. -- asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input +Daniel Stenberg (18 Aug 2017) +- RELEASE-NOTES: synced with 8baead425 + +- scripts/contri*sh: use "git log --use-mailmap" + +- mailmap: de-duplify some git authors + +- http2_recv: return error better on fatal h2 errors - That means delete the timer. + Ref #1012 + Figured-out-by: Tatsuhiro Tsujikawa + +- KNOWN_BUGS: HTTP test server 'connection-monitor' problems - Reported-by: Michael Kaufmann - Ref: #1253 + Closes #868 -- cmdline-opts/write-out.d: s/-L/--location +- curl/system.h: check for __ppc__ as well - Since the man page generator wants the long option name version to - generate the proper output. + ... regression since issue #1774 (commit 10b3df10596a) since obviously + some older gcc doesn't know __powerpc__ while some newer doesn't know + __ppc__ ... + + Fixes #1797 + Closes #1798 + Reported-by: Ryan Schmidt -- [Bernhard M. Wiedemann brought this change] +- [Jan Alexander Steffens (heftig) brought this change] - mkhelp.pl: do not add current time into curl binary + http: Don't wait on CONNECT when there is no proxy - ... as part of hugehelpgz rodata to make build reproducible. + Since curl 7.55.0, NetworkManager almost always failed its connectivity + check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP + CONNECT process entirely non-blocking). - See https://reproducible-builds.org/ for why this is good + This patch replaces !Curl_connect_complete with Curl_connect_ongoing, + which returns false if the CONNECT state was left uninitialized and lets + the connection continue. - Closes #1490 + Closes #1803 + Fixes #1804 + + Also-fixed-by: Gergely Nagy -- oauth2-bearer.d: mention the argument +- [Johannes Schindelin brought this change] -Nick Zitzmann (16 May 2017) -- darwinssl: Fix exception when processing a client-side certificate file - if no error was raised by the API but the SecIdentityRef was null + metalink: adjust source code style - Fixes #1450 + Signed-off-by: Johannes Schindelin -Daniel Stenberg (16 May 2017) -- curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM - - Reported-by: wyattoday at github - Fixes #1487 +- CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG -- docs/cmdline-opts/config.d: edit for language +- lib557: no longer use CURL_SIZEOF_* defines -- RELEASE-NOTES: synced with eb16305e6 +- config-win32: define SIZEOF_CURL_OFF_T -- [moparisthebest brought this change] +- cmake: sizeof curl_off_t, remove unused detections - SecureTransport/DarwinSSL: Implement public key pinning +- system.h: remove all CURL_SIZEOF_* defines - Closes #1400 + ... as they're not used externally and internally we check for the sizes + already in configure etc. + + Closes #1767 -- man pages: fix example syntax errors +- ftp: fix CWD when doing multicwd then nocwd on same connection - follow-up to 5ddad099b42b50 + Fixes #1782 + Closes #1787 + Reported-by: Peter Lamare -- docs/libcurl/opts: added more examples in man pages +- CURLOPT_SSH_COMPRESSION.3: enable with 1L + + (leaves other values reserved for the future) -- CURLOPT_HTTPPROXYTUNNEL: clarify, add example +- compressed-ssh.d: "Added: 7.56.0" -- curl: show the libcurl release date in --version output - - ... and support and additional "security patched" date for those who - enhance older versions that way. Pass on the define CURL_PATCHSTAMP with - a date for that. - - Building with non-release headers shows the date as [unreleased]. +- curl/system.h: checksrc compliance + +Jay Satiro (17 Aug 2017) +- [Viktor Szakats brought this change] + + ssh: add the ability to enable compression (for SCP/SFTP) - Also: this changes the date format generated in the curlver.h file to be - "YYYY-MM-DD" (no name of the day or month, no time, no time zone) to - make it easier on the eye and easier to parse. Example (new) date - string: 2017-05-09 + The required low-level logic was already available as part of + `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] + option.) - Suggested-by: Brian Childs + This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` + (boolean) and the new `curl` command-line option `--compressed-ssh` + to request this `libssh2` feature. To have compression enabled, it + is required that the SSH server supports a (zlib) compatible + compression method and that `libssh2` was built with `zlib` support + enabled. - Closes #1474 - -Dan Fandrich (13 May 2017) -- url.c: add a compile-time check that CURL_MAX_WRITE_SIZE is large enough + [1] https://www.libssh2.org/libssh2_session_flag.html - Some code (e.g. Curl_fillreadbuffer) assumes that this buffer is not - exceedingly tiny and will break if it is. This same check is already - done at run time in the CURLOPT_BUFFERSIZE option. + Ref: https://github.com/curl/curl/issues/1732 + Closes https://github.com/curl/curl/pull/1735 -- lib510: don't write past the end of the buffer if it's too small +- examples/ftpuploadresume: checksrc compliance -- tests: added missing keywords "chunked Transfer-Encoding" +- [Maksim Stsepanenka brought this change] -Daniel Stenberg (13 May 2017) -- THANKS: add a few missing names + http_proxy: fix build error for CURL_DOES_CONVERSIONS - ... I found them in the commit logs from the early years + Closes https://github.com/curl/curl/pull/1793 -Dan Fandrich (13 May 2017) -- tests: made a couple of prechecks consistent with others - - Also removed a TODO suggesting caching the precheck results. Tests - showed this would save about 0.1 sec on the total test run time on a - relatively modern system, an unnoticeable gain at the cost of longer and - more complicated code. There would also be a danger that a cached test - result would be inappropriately returned, such as when other test - dependencies (like environment variables) are different or when the - precheck causes side effects (like filesystem changes). +GitHub (16 Aug 2017) +- [Nick Zitzmann brought this change] -Daniel Stenberg (12 May 2017) -- FAQ: add 7.4 to toc + configure: check for __builtin_available() availability (#1788) - ... and delete trailing whitespace + This change does two things: + 1. It un-breaks the build in Xcode 9.0. (Xcode 9.0 is currently + failing trying to compile connectx() in lib/connect.c.) + 2. It finally weak-links the connectx() function, and falls back on + connect() when run on older operating systems. + +Daniel Stenberg (16 Aug 2017) +- travis: add metalink to some osx builds - Fixes #1484 + Closes #1790 -- multi: remove leftover debug infof() calls from e9fd794a6 +- [Max Dymond brought this change] -- pipeline: fix mistakenly trying to pipeline POSTs - - The function IsPipeliningPossible() would return TRUE if either - pipelining OR HTTP/2 were possible on a connection, which would lead to - it returning TRUE even for POSTs on HTTP/1 connections. + coverage: Use two coveralls commands to get lib/vtls results - It now returns a bitmask so that the caller can differentiate which kind - the connection allows. - - Fixes #1481 - Closes #1483 - Reported-by: stootill at github + closes #1747 -Jay Satiro (12 May 2017) -- [Ron Eldor brought this change] +- darwinssi: fix error: variable length array used - mbedtls: Support server renegotiation request +- m4/curl-compilers.m4: use proper quotes around string, not backticks - Tested with servers: IIS 7.5; OpenSSL 1.0.2. + ... when setting clang version to assume 3.7 - Closes https://github.com/curl/curl/pull/1475 + Caused a lot of "integer expression expected" warnings by configure. -Marcel Raad (11 May 2017) -- cookie_interface: fix -Wcomma warning - - clang 5.0 complains: - possible misuse of comma operator here [-Wcomma] +- [Benbuck Nason brought this change] -- formdata: fix -Wcomma warning + cmake: remove dead code for DISABLED_THREADSAFE - clang 5.0 complains: - possible misuse of comma operator here [-Wcomma] + Closes #1786 + +Jay Satiro (15 Aug 2017) +- [Jakub Zakrzewski brought this change] + + curl-confopts.m4: fix --disable-threaded-resolver - Change the comma to a semicolon to fix that. + Closes https://github.com/curl/curl/issues/1784 -Daniel Stenberg (10 May 2017) -- multi: use a fixed array of timers instead of malloc +Daniel Stenberg (15 Aug 2017) +- [Ryan Winograd brought this change] + + progress: Track total times following redirects - ... since the total amount is low this is faster, easier and reduces - memory overhead. + Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`, + `t_pretransfer`, and `t_starttransfer` to track the total times for + these activities when a redirect is followed. Previously, only the times + for the most recent request would be tracked. - Also, Curl_expire_done() can now mark an expire timeout as done so that - it never times out. + Related changes: - Closes #1472 - -- multi: assign IDs to all timers and make each timer singleton + - Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes` + now that the function only resets transfer sizes and no longer + modifies any of the progress timers. - A) reduces the timeout lists drastically + - Add a bool to the `Progress` struct that is used to prevent + double-counting `t_starttransfer` times. - B) prevents a lot of superfluous loops for timers that expires "in vain" - when it has actually already been extended to fire later on + Added test case 1399. + + Fixes #522 and Known Bug 1.8 + Closes #1602 + Reported-by: joshhe on github -- [Richard Hsu brought this change] +- [Benbuck Nason brought this change] - tests: remove superfluous test 1399 + cmake: remove dead code for CURL_DISABLE_RTMP - @MarcelRaad noted that `test1399` causes infinite loop on MinGW. - Looking into this, seems like it is related to how Windows handles - CRLF. See https://github.com/curl/curl/commit/9e093f by @mback2k. - Removing `test1399` as it's identical to `test1326` then with such a - fix. + Closes #1785 + +Kamil Dudka (15 Aug 2017) +- zsh.pl: produce a working completion script again - Test 1399 was broughy by commit 862b02f8947039e + Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help + to use and instead of FILE and DIR, which caused zsh.pl to + produce a broken completion script: - Closes #1478 - -Dan Fandrich (9 May 2017) -- tests: make test file names more unique + % curl -- + _curl:10: no such file or directory: seconds - Include the test number in the names of files written out by tests to - reduce the chance of accidental duplication and to make it more clear - which test is associated with which file. + Closes #1779 -- tests: removed redundant --trace-ascii arguments - - This is already added by the test suite; it's not clear why all these - tests had it, unless it's cargo-culting. +Daniel Stenberg (15 Aug 2017) +- curlver: toward 7.56.0? -Marcel Raad (9 May 2017) -- tool: fix remaining -Wcast-qual warnings - - Avoid casting away low-level const. +- RELEASE-NOTES: synced with 91c46dc44 -Daniel Stenberg (9 May 2017) -- formboundary: convert assert into run-time check +- test1449: FTP download range with an too large size + +- strtoofft: reduce integer overflow risks globally - ... to really make sure the boundary fits in the target buffer. + ... make sure we bail out on overflows. - Fixes unused parameter 'buflen' warning. + Reported-by: Brian Carpenter + Closes #1758 + +- travis: build the examples too - Reported-by: Michael Kaufmann - Bug: https://github.com/curl/curl/pull/1468#issuecomment-300078754 + to make sure they keep building warning-free + + Closes #1777 -Dan Fandrich (9 May 2017) -- tests: list the primary server first in the server section +- runtests: match keywords case insensitively -Daniel Stenberg (8 May 2017) -- curl: generate the --help output - - ... using the docs/cmdline-opts/gen.pl script, so that we get all the - command line option documentation from the same source. +- examples/ftpuploadresume.c: use portable code - The generation of the list has to be done manually and pasted into the - source code. + ... converted from the MS specific _snscanf() + +Version 7.55.1 (13 Aug 2017) + +Daniel Stenberg (13 Aug 2017) +- RELEASE-NOTES/THANKS: curl 7.55.1 release time + +- gitignore: ignore .xz now instead of .lzma + +- [Sergei Nikulov brought this change] + + cmake: Threads detection update. ref: #1702 + + Closes #1719 + +- ipv6_scope: support unique local addresses + + Fixes #1764 + Closes #1773 + Reported-by: James Slaughter + +- [Alex Potapenko brought this change] + + curl/system.h: GCC doesn't define __ppc__ on PowerPC, uses __powerpc__ + + Closes #1774 + +- test1448: verify redirect to IDN using URL + + Closes #1772 + +- [Salah-Eddin Shaban brought this change] + + redirect: skip URL encoding for host names + + This fixes redirects to IDN URLs + + Fixes #1441 + Closes #1762 + Reported by: David Lord + +- test2032: mark as flaky (again) + +- travis: test cmake build on tarball too + + Could've prevented #1755 + +- [Simon Warta brought this change] + + cmake: allow user to override CMAKE_DEBUG_POSTFIX + + Closes #1763 + +- connect-to.d: better language + +- connect-to.d: clarified + +- bagder/Curl_tvdiff_us: fix the math + + Regression since adef394ac5 (released in 7.55.0) + + Reported-by: Han Qiao + Fixes #1769 + Closes #1771 + +- curl/system.h: add Oracle Solaris Studio + + Fixes #1752 + +- [Alessandro Ghedini brought this change] + + docs: fix typo funtion -> function + + Closes #1770 + +Alessandro Ghedini (12 Aug 2017) +- docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description + +- docs: fix typo stuct -> struct + +Dan Fandrich (12 Aug 2017) +- test1447: require a curl with http support + +Daniel Stenberg (11 Aug 2017) +- [Thomas Petazzoni brought this change] + + curl/system.h: support more architectures + + The long list of architectures in include/curl/system.h is annoying to + maintain, and needs to be extended for each and every architecture to + support. + + Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler + (we are in the GNUC condition anyway), which tells us if long is 4 + bytes or 8 bytes. + + This fixes the build of libcurl 7.55.0 on architectures such as + OpenRISC or ARC. + + Closes #1766 + + Signed-off-by: Thomas Petazzoni + +- test2033: this went flaky again + + Suspicion: when we enabled the threaded resolver by default. + +- test1447: verifies the parse proxy fix in 6e0e152ce5c + +- [Even Rouault brought this change] + + parse_proxy(): fix memory leak in case of invalid proxy server name + + Fixes the below leak: + + $ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1 + curl: (5) Couldn't resolve proxy name + ==5048== + ==5048== HEAP SUMMARY: + ==5048== in use at exit: 532 bytes in 12 blocks + ==5048== total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated + ==5048== + ==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12 + ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) + ==5048== by 0x4E6CB79: parse_login_details (url.c:5614) + ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) + ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) + ==5048== by 0x4E6EA18: create_conn (url.c:6498) + ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) + ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) + ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) + ==5048== by 0x4E7C515: easy_transfer (easy.c:708) + ==5048== by 0x4E7C74A: easy_perform (easy.c:794) + ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) + ==5048== by 0x414025: operate_do (tool_operate.c:1563) + ==5048== + ==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12 + ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) + ==5048== by 0x4E6CBB6: parse_login_details (url.c:5621) + ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) + ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) + ==5048== by 0x4E6EA18: create_conn (url.c:6498) + ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) + ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) + ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) + ==5048== by 0x4E7C515: easy_transfer (easy.c:708) + ==5048== by 0x4E7C74A: easy_perform (easy.c:794) + ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) + ==5048== by 0x414025: operate_do (tool_operate.c:1563) + + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984 + Credit to OSS Fuzz for discovery + + Closes #1761 + +- RELEASE-NOTES: synced with 37f2195a9 + +- curlver: bump to 7.55.1 + +- openssl: fix "error: this statement may fall through" + + A gcc7 warning. + +- [David Benjamin brought this change] + + openssl: remove CONST_ASN1_BIT_STRING. + + Just making the pointer as const works for the pre-1.1.0 path too. + + Closes #1759 + +- maketgz: remove old *.dist files before making the tarball + + To avoid "old crap" unintentionally getting shipped. + + Bug: https://curl.haxx.se/mail/lib-2017-08/0050.html + Reported-by: Christian Weisgerber + +Jay Satiro (10 Aug 2017) +- mkhelp.pl: allow executing this script directly + + - Enable execute permission (chmod +x) + + - Change interpreter to /usr/bin/env perl + + Ref: https://github.com/curl/curl/issues/1743 + +Daniel Stenberg (10 Aug 2017) +- configure: use the threaded resolver backend by default if possible + + Closes #1647 + +- cmake: move cmake_uninstall.cmake to CMake/ + + Closes #1756 + +- metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead + +- dist: fix the cmake build by shipping cmake_uninstall.cmake.in too + + Fixes #1755 + +- travis: verify "make install" + + Help-by: Jay Satiro + Closes #1753 + +Marcel Raad (10 Aug 2017) +- build: check out *.sln files with Windows line endings + + Visual Studio doesn't like LF line endings in solution files and always + converts them to CRLF when doing changes to the solution. Notably, this + affects the solutions in the release archive. + + Closes https://github.com/curl/curl/pull/1746 + +- gitignore: ignore top-level .vs folder + + This folder is generated when using the CMake build system from within + Visual Studio. + + Closes https://github.com/curl/curl/pull/1746 + +Jay Satiro (10 Aug 2017) +- digest_sspi: Don't reuse context if the user/passwd has changed + + Bug: https://github.com/curl/curl/issues/1685 + Reported-by: paulharris@users.noreply.github.com + + Assisted-by: Isaac Boukris + + Closes https://github.com/curl/curl/pull/1742 + +Daniel Stenberg (9 Aug 2017) +- [Adam Sampson brought this change] + + dist: Add dictserver.py/negtelnetserver.py to EXTRA_DIST + + These weren't included in the 7.55.0 release, but are required in order + to run the full test suite. + + Closes #1744 + +- [Adam Sampson brought this change] + + curl: do bounds check using a double comparison + + The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't + complete: if the parsed number in num is larger than will fit in a long, + the conversion is undefined behaviour (causing test1427 to fail for me + on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting + rid of the cast means the comparison will be done using doubles. + + It might make more sense for the max argument to also be a double... + + Fixes #1750 + Closes #1749 + +- make install: add 8 missing man pages to the installation + +- build: fix 'make install' with configure, install docs/libcurl/* too + + Broken since d24838d4da9faa + + Reported-by: Bernard Spil + +Version 7.55.0 (9 Aug 2017) + +Daniel Stenberg (9 Aug 2017) +- RELEASE-NOTES: curl 7.55.0 + +- THANKS: 20 new contributors in 7.55.0 + +- [Viktor Szakats brought this change] + + docs/comments: Update to secure URL versions + + Closes #1741 + +- configure: fix recv/send/select detection on Android + + ... since they now provide several functions as + __attribute__((overloadable)), the argument detection logic need + updates. + + Patched-by: destman at github + + Fixes #1738 + Closes #1739 + +Marcel Raad (8 Aug 2017) +- ax_code_coverage.m4: update to latest version + + This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d + from August 01, 2017. Notably, this removes the lconv version whitelist. + + Closes https://github.com/curl/curl/pull/1716 + +Daniel Stenberg (7 Aug 2017) +- test1427: verify command line parser integer overflow detection + +- curl: detect and bail out early on parameter integer overflows + + Make the number parser aware of the maximum limit curl accepts for a + value and return an error immediately if larger, instead of running an + integer overflow later. + + Fixes #1730 + Closes #1736 + +- glob: do not continue parsing after a strtoul() overflow range + + Added test 1289 to verify. + + CVE-2017-1000101 + + Bug: https://curl.haxx.se/docs/adv_20170809A.html + Reported-by: Brian Carpenter + +- tftp: reject file name lengths that don't fit + + ... and thereby avoid telling send() to send off more bytes than the + size of the buffer! + + CVE-2017-1000100 + + Bug: https://curl.haxx.se/docs/adv_20170809B.html + Reported-by: Even Rouault + + Credit to OSS-Fuzz for the discovery + +- [Even Rouault brought this change] + + file: output the correct buffer to the user + + Regression brought by 7c312f84ea930d8 (April 2017) + + CVE-2017-1000099 + + Bug: https://curl.haxx.se/docs/adv_20170809C.html + + Credit to OSS-Fuzz for the discovery + +- easy_events: make event data static + + First: this function is only used in debug-builds and not in + release/real builds. It is used to drive tests using the event-based + API. + + A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the + CURLMOPT_TIMERFUNCTION calback can in fact be called even after this + funtion returns, namely when curl_multi_remove_handle() is called. + + Reported-by: Brian Carpenter + +- getparameter: avoid returning uninitialized 'usedarg' + + Fixes #1728 + +Marcel Raad (5 Aug 2017) +- [Isaac Boukris brought this change] + + gssapi: fix memory leak of output token in multi round context + + When multiple rounds are needed to establish a security context + (usually ntlm), we overwrite old token with a new one without free. + Found by proposed gss tests using stub a gss implementation (by + valgrind error), though I have confirmed the leak with a real + gssapi implementation as well. + + Closes https://github.com/curl/curl/pull/1733 + +- darwinssl: fix compiler warning + + clang complains: + vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive + [-Werror,-Wextra-tokens] + + This breaks the darwinssl build on Travis. Fix it by making this token + a comment. + + Closes https://github.com/curl/curl/pull/1734 + +- CMake: fix CURL_WERROR for MSVC + + When using CURL_WERROR in MSVC builds, the debug flags were overridden + by the release flags and /WX got added twice in debug mode. - Closes #1465 + Closes https://github.com/curl/curl/pull/1715 -- tests: updated for modified fake random +Daniel Stenberg (4 Aug 2017) +- RELEASE-NOTES: synced with 561e9217c -- [Jay Satiro brought this change] +- test1010: verify that #1718 is fixed + + ... by doing two transfers in nocwd mode and check that there's no + superfluous CWD command. - rand: treat fake entropy the same regardless of endianness +- FTP: skip unnecessary CWD when in nocwd mode - When the random seed is purposely made predictable for testing purposes - by using the CURL_ENTROPY environment variable, process that data in an - endian agnostic way so the the initial random seed is the same - regardless of endianness. + ... when reusing a connection. If it didn't do any CWD previously. - - Change Curl_rand to write to a char array instead of int array. + Fixes #1718 + +Marcel Raad (4 Aug 2017) +- travis: explicitly specify dist - - Add Curl_rand_hex to write random hex characters to a buffer. + This makes the builds more reproducible as travis is currently rolling + out trusty as default dist [1]. Specifically, this avoids coverage + check failures when trusty is used as seen in [2] until we figure out + what's wrong. - Fixes #1315 - Closes #1468 + [1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming + [2] https://github.com/curl/curl/pull/1692 - Co-authored-by: Daniel Stenberg - Reported-by: Michael Kaufmann + Closes https://github.com/curl/curl/pull/1725 -Dan Fandrich (8 May 2017) -- tests: give each stunnel.conf file a unique name +Daniel Stenberg (4 Aug 2017) +- travis: BUILD_TYPE => T - Otherwise, subsequent uses of stunnel overwrite the configuration file - of previous invocations so they can no longer be inspected. + (to make the full line appear nicer on travis web UI) -Marcel Raad (8 May 2017) -- tool_msgs: remove wrong cast +- travis: add osx build with darwinssl - Commit 481e0de00a9003b9c5220b120e3fc302d9b0932d changed the variable - type from int to size_t, so don't cast the result of strlen to int - anymore. + Closes #1706 -- tftpd: fix signed/unsigned mismatch warnings +- darwin: silence compiler warnings - alarm's argument is unsigned. - -- libtest: fix MinGW-w64 warnings + With a clang pragma and three type fixes - long is 32 bits while size_t is 64 bits on MinGW-w64, so - typecheck-gcc.h complains when using size_t for a long option. - Also, curl_socket_t is unsigned long long rather than int. + Fixes #1722 -Daniel Stenberg (8 May 2017) -- curl.1: depend the build on the Makefile.inc too - - ... to also make it update when we remove files, like we did for - --environment in commit a8e388dd1095. +- BUILD.WINDOWS: mention buildconf.bat for builds off git -- RELEASE-NOTES: synced with e3f84efc32d6b01a +- darwinssl: fix curlssl_sha256sum() compiler warnings on first argument -- runtests: fix "use of undefined value" warning in -R handling +- test130: verify comments in .netrc -Marcel Raad (8 May 2017) -- test537: use correct variable type - - Avoids narrowing conversion warnings because rlim_t is usually - unsigned long. +- [Gisle Vanem brought this change] + + netrc: skip lines starting with '#' - Closes https://github.com/curl/curl/pull/1469 + Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html -- sendrecv: fix MinGW-w64 warning +Marcel Raad (3 Aug 2017) +- CMake: set MSVC warning level to 4 - The first argument to select is an int, while curl_socket_t is - unsigned long long when using WinSock. It's ignored anyway [1]. + The MSVC warning level defaults to 3 in CMake. Change it to 4, which is + consistent with the Visual Studio and NMake builds. Disable level 4 + warning C4127 for the library and additionally C4306 for the test + servers to get a clean CURL_WERROR build as that warning is raised in + some macros in older Visual Studio versions. - [1] https://msdn.microsoft.com/en-us/library/windows/desktop/ms740141.aspx + Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794 + Closes https://github.com/curl/curl/pull/1711 -- tool_parsecfg: fix -Wcast-qual warning +Daniel Stenberg (2 Aug 2017) +- CURLOPT_NETRC.3: fix typo in 7e48aa386156f9c2 - Don't convert string literal to char * before assigning it to - const char *. + Reported-by: Viktor Szakats -- asyn-thread: fix unused macro warnings +- CURLOPT_NETRC.3: mention the file name on windows - Don't do anything in this file if CURLRES_THREADED is not defined. + ... and CURLOPT_NETRC_FILE(3). -- tftp: silence bad-function-cast warning - - The cases this warns about are handled elsewhere, so just use an - intermediate variable to silence the warning. +- travis: build osx with libressl too -Daniel Stenberg (7 May 2017) -- [canavan at github brought this change] +- travis: build osx with openssl too - buildconf: fix hang on IRIX +- tests/server/util: fix curltime mistake from 4dee50b9c80f9 + +Marcel Raad (1 Aug 2017) +- curl_threads: fix MSVC compiler warning - Apparently, /usr/bin/m4 ignores the --version parameter and waits for - input from stdin. + Use LongToHandle to convert from long to HANDLE in the Win32 + implementation. + This should fix the following warning when compiling with + MSVC 11 (2012) in 64-bit mode: + lib\curl_threads.c(113): warning C4306: + 'type cast' : conversion from 'long' to 'HANDLE' of greater size - Fixes #1471 + Closes https://github.com/curl/curl/pull/1717 -- opts: fix bad example formatting \n => \\n +Daniel Stenberg (1 Aug 2017) +- BUGS: improved phrasing about security bugs - ...to render properly nroff. + Reported-by: Max Dymond -- opts: examples added to 8 more libcurl option man pages +- BUGS: clarify how to report security related bugs -- curl: remove tool_writeenv.[ch] +- [Brad Spencer brought this change] + + multi: fix request timer management - ... and USE_ENVIRONMENT and --environment. It was once added for RISC OS - support and its platform specific behavior has been annoying ever - since. Added in commit c3c8bbd3b2688da8e, mostly unchanged since - then. Most probably not actually used for years. + There are some bugs in how timers are managed for a single easy handle + that causes the wrong "next timeout" value to be reported to the + application when a new minimum needs to be recomputed and that new + minimum should be an existing timer that isn't currently set for the + easy handle. When the application drives a set of easy handles via the + `curl_multi_socket_action()` API (for example), it gets told to wait the + wrong amount of time before the next call, which causes requests to + linger for a long time (or, it is my guess, possibly forever). - Closes #1463 + Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html -Dan Fandrich (6 May 2017) -- runtests.pl: simplify the datacheck read section +Jay Satiro (1 Aug 2017) +- curl_setup: Define CURL_NO_OLDIES for building libcurl - Also, document that numbered datacheck sections are possible. - -Marcel Raad (5 May 2017) -- tests: fix -Wcast-qual warnings + .. to catch accidental use of deprecated error codes. - Avoid casting string literals to non-const char *. - -Daniel Stenberg (5 May 2017) -- docs/opts: 24 more man pages now have examples - -- docs/opts: 23 more man pages now have examples - -- tests/server: run checksrc by default in debug-builds - -- curl_slist_append.3: clarify a NULL input creates a new list + Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237 -Marcel Raad (5 May 2017) -- unit1305: fix compiler warning - - calloc and ai_addrlen expect different (usually unsigned) types. +Daniel Stenberg (1 Aug 2017) +- [Jeremy Tan brought this change] -Daniel Stenberg (5 May 2017) -- runtests: use -R for random order + configure: fix the check for IdnToUnicode - Suggested-by: Dan Fandrich + Fixes #1669 + Closes #1713 -- runtests: add -o to run test cases in scrambled order +- http: fix response code parser to avoid integer overflow - ... instead of numerical order. + test 1429 and 1433 were updated to work with the stricter HTTP status line + parser. - Closes #1466 + Closes #1714 + Reported-by: Brian Carpenter -Dan Fandrich (4 May 2017) -- sockfilt.c: shortened too long line +Jay Satiro (31 Jul 2017) +- [Dwarakanath Yadavalli brought this change] -Marcel Raad (4 May 2017) -- tests/server: make string literals const + libcurl: Stop using error codes defined under CURL_NO_OLDIES - assign string literals to const char * instead of char * in order to - avoid a lot of these warnings: - cast from 'const char *' to 'char *' drops const qualifier - [-Wcast-qual] - -Dan Fandrich (4 May 2017) -- schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT + Fixes https://github.com/curl/curl/issues/1688 + Closes https://github.com/curl/curl/pull/1712 -- test557: set a known good numeric locale +- include.d: clarify --include is only for response headers - Windows does not allow setting the locale with environment variables (as - the test attempted to do), so the test failed when run with a user - locale that has a comma as radixchar. Changed the test to call - setlocale() explicitly to ensure that a known working locale is set even - on Windows. - -Daniel Stenberg (4 May 2017) -- curl: fix warning "comma at end of enumerator list" + Follow-up to 171f8de and de6de94. + + Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851 + Reported-by: Daniel Stenberg -- test559: verify use of minimum CURLOPT_BUFFERSIZE +Daniel Stenberg (30 Jul 2017) +- [jasjuang brought this change] -Marcel Raad (4 May 2017) -- curl_setup_once: use SEND_QUAL_ARG2 for swrite - - SEND_QUAL_ARG2 had to be set, but was never used. Use it in swrite to - avoid warnings about casting away low-level const. + cmake: support make uninstall - Closes https://github.com/curl/curl/pull/1464 + Closes #1674 -Daniel Stenberg (4 May 2017) -- CURLINFO_REDIRECT_URL.3: add example +- RELEASE-NOTES: synced with 001701c47 -- CURLINFO_EFFECTIVE_URL.3: add example +Marcel Raad (29 Jul 2017) +- AppVeyor: now really use CURL_WERROR + + It was misspelled as CURL_ERROR in commit + 2d86e8d1286e0fbe3d811e2e87fa0b5e53722db4. + + Closes https://github.com/curl/curl/pull/1686 -Marcel Raad (3 May 2017) -- lib: fix compiler warnings +Jay Satiro (29 Jul 2017) +- tool_help: clarify --include is only for response headers - Fix the following warnings when building the tests by using the correct - types: - cast from 'const char *' to 'void *' drops const qualifier - [-Wcast-qual] - implicit conversion changes signedness [-Wsign-conversion] + Follow-up to 171f8de. + + Ref: https://github.com/curl/curl/issues/1704 -- typecheck-gcc: add support for CURLINFO_SOCKET +- splay: fix signed/unsigned mismatch warning - Closes https://github.com/curl/curl/pull/1452 + Follow-up to 4dee50b. + + Ref: https://github.com/curl/curl/pull/1693 -- typecheck-gcc: add missing string options +Daniel Stenberg (28 Jul 2017) +- include.d: clarify that it concerns the response headers - Closes https://github.com/curl/curl/pull/1452 + Reported-by: olesteban at github + Fixes #1704 -Daniel Stenberg (3 May 2017) -- abstract-unix-socket.d: shorten the help text to fit within 79 cols +- [Johannes Schindelin brought this change] -- RELEASE-NOTES: synced with 862b02f89 + curl_rtmp: fix a compiler warning + + The headers of librtmp declare the socket as `int`, and on Windows, that + disagrees with curl_socket_t. + + Bug: #1652 + + Signed-off-by: Johannes Schindelin -- [Richard Hsu brought this change] +- test1323: verify curlx_tvdiff - Telnet: Write full buffer instead of byte-by-byte +- timeval: struct curltime is a struct timeval replacement - Previous TODO wanting to write in chunks. We should support writing more - at once since some TELNET servers may respond immediately upon first - byte written such as WHOIS servers. + ... to make all libcurl internals able to use the same data types for + the struct members. The timeval struct differs subtly on several + platforms so it makes it cumbersome to use everywhere. - Closes #1389 + Ref: #1652 + Closes #1693 -- curl: non-boolean command line args reject --no- prefixes +- darwinssl: fix variable type mistake (regression) - ... and instead properly respond with an error message to the user - instead of silently ignoring. + ... which made --tlsv1.2 not work because it would blank the max tls + version variable. - Fixes #1453 - Closes #1458 + Reported-by: Nick Miyake + Bug: #1703 -Marcel Raad (2 May 2017) -- testpart: remove _MPRINTF_REPLACE +- multi: mention integer overflow risk if using > 500 million sockets - Support for _MPRINTF_REPLACE in mprintf.h was removed in - 55452ebdff47f98bf3cc383f1dfc3623fcaefefd, replaced with curl_printf.h. - -Dan Fandrich (2 May 2017) -- gtls: fixed a lingering BUFSIZE reference + Reported-by: ovidiu-benea@users.noreply.github.com + + Closes #1675 + Closes #1683 -Daniel Stenberg (2 May 2017) -- ssh: fix compiler warning from e40e9d7f0de +- checksrc: escape open brace in regex + + ... to silence warning. -- url: let CURLOPT_BUFFERSIZE realloc to smaller sizes too +Kamil Dudka (20 Jul 2017) +- nss: fix a possible use-after-free in SelectClientCert() - Closes #1449 + ... causing a SIGSEGV in showit() in case the handle used to initiate + the connection has already been freed. + + This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803. + + Reported-by: Rob Sanders + Bug: https://bugzilla.redhat.com/1436158 -- BUFSIZE: rename to READBUFFER_*, make separate MASTERBUF_SIZE +- nss: unify the coding style of nss_send() and nss_recv() + + No changes in behavior intended by this commit. -- openssl: use local stack for temp storage +Marcel Raad (18 Jul 2017) +- tests/server/resolve.c: fix deprecation warning + + MSVC warns that gethostbyname is deprecated. Always use getaddrinfo + instead to fix this when IPv6 is enabled, also for IPv4 resolves. This + is also consistent with what libcurl does. + + Closes https://github.com/curl/curl/pull/1682 -- sendf: remove use of BUFSIZE from debug data conversions +Jay Satiro (17 Jul 2017) +- darwinssl: fix pinnedpubkey build error - The buffer can have other sizes. + - s/SessionHandle/Curl_easy/ + + Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670 + Reported-by: Gisle Vanem -- buffer: use data->set.buffer_size instead of BUFSIZE +Marcel Raad (16 Jul 2017) +- rtspd: fix GCC warning after MSVC warning fix - ... to properly use the dynamically set buffer size! + Older GCC warns: + /tests/server/rtspd.c:1194:10: warning: missing braces around + initializer [-Wmissing-braces] + + Fix this by using memset instead of an initializer. -- krb5: use private buffer for temp string, not receive buffer +- libtest: fix MSVC warning C4706 + + With warning level 4, MSVC warns about assignments within conditional + expressions. Change the while loop to a do-while loop to fix this. This + change is also consistent with CODE_STYLE.md. -- upload: UPLOAD_BUFSIZE is now for the upload buffer +- sockfilt: suppress conversion warning with explicit cast + + MSVC warns when implicitly casting -1 to unsigned long. -- unit1606: do not print/access buffer +- rtspd: fix MSVC level 4 warning - It was a wrong assumption that it could do that! + warning C4701: potentially uninitialized local variable 'req' used -- http-proxy: use a dedicated CONNECT response buffer +- winbuild: re-enable warning C4127 for curl tool - To make it suitably independent of the receive buffer and its flexible - size. + Disabled in cda19a345f6970e22fe8b7a808aeb8f086a21eac. It only needs to + be disabled for libcurl. -- transfer: fix minor buffer_size mistake +- winbuild: build with warning level 4 + + This is consistent with 7bc64561a2e63ca93e4b0b31d350773ba80955c2, which + changed the warning level from 3 to 4 for the Visual Studio project + files. But disable the level 4 warning C4127 "conditional expression is + constant", as that one is issued by older versions of the Windows SDK + as well as curl itself under some circumstances. + + Closes https://github.com/curl/curl/pull/1667 -- failf: use private buffer, don't clobber receive buffer +Jay Satiro (12 Jul 2017) +- [Max Dymond brought this change] -- pingpong: use the set buffer size + travis: install libidn2 + + Install libidn2 to increase test coverage (IDN tests) + + Closes https://github.com/curl/curl/pull/1673 -- http2: use the correct set buffer size +Marcel Raad (12 Jul 2017) +- travis: enable warnings also in release mode + + ... to get warnings also on Linux/GCC and OSX/clang. + + Closes https://github.com/curl/curl/pull/1666 -- http: don't clobber the receive buffer for timecond +Daniel Stenberg (12 Jul 2017) +- [Max Dymond brought this change] -- buffer_size: make sure it always has the correct size + travis: install libssh2 - Removes the need for CURL_BUFSIZE + Install libssh2 to increase test coverage (SFTP, SCP) -- file: use private buffer for C-L output +Marcel Raad (12 Jul 2017) +- system.h: include winsock2.h before windows.h - ... instead of clobbering the download buffer. + ... to avoid compiler warnings if the user doesn't want + WIN32_LEAN_AND_MEAN. -- CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size +- build: remove WIN32_LEAN_AND_MEAN from individual build systems - The buffer is needed to receive FTP, HTTP CONNECT responses etc so - already at this size things risk breaking and smaller is certainly not - wise. + It's defined for all build systems in curl_setup.h since commit + beb08481d01a07a8b10938b1078a5e298b1c2912. This caused macro + redefinition warnings in the configure builds. + + Closes https://github.com/curl/curl/pull/1677 -- ftp: use private buffer for temp storage, not receive buffer +Jay Satiro (11 Jul 2017) +- ISSUE_TEMPLATE: Add a comment not to file security issues on github -- http: use private user:password output buffer +Marcel Raad (11 Jul 2017) +- curl_setup: always define WIN32_LEAN_AND_MEAN on Windows - Don't clobber the receive buffer. - -Marcel Raad (1 May 2017) -- anyauthput: remove unused code + Make sure to always define WIN32_LEAN_AND_MEAN before including any + Windows headers to avoid pulling in unnecessary headers. This avoids + unnecessary macro clashes and compiler warnings. - The definition of TRUE was introduced in - 4a728747e6f8845e500910e397dfc99aaf4a7984 and is not used anymore since - e664cd5826d43930fcc5b5dbaedbec94af33184b. - The usage of intptr_t was removed in - 32e38b8f42477cf5ce3c3fef2fcc9db82f7fb7be. + Ref: https://github.com/curl/curl/issues/1562 + Closes https://github.com/curl/curl/pull/1672 -Jay Satiro (1 May 2017) -- tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS +Jay Satiro (11 Jul 2017) +- strerror: Preserve Windows error code in some functions - - Include tool_convert.h where needed. + This is a follow-up to af02162 which removed (SET_)ERRNO macros. That + commit was an earlier draft that I committed by mistake, which was then + remedied by a5834e5 and e909de6, and now this commit. With this commit + there is now no difference between the current code and the changes that + were approved in the final draft. - Bug: https://github.com/curl/curl/issues/1460 - Reported-by: Gisle Vanem + Thanks-to: Max Dymond, Marcel Raad, Daniel Stenberg, Gisle Vanem + Ref: https://github.com/curl/curl/pull/1589 -- curl_setup: Ensure no more than one IDN lib is enabled - - Prior to this change it was possible for libcurl to be built with both - Windows' native IDN lib (normaliz) and libidn2 enabled. It appears that - doesn't offer any benefit --and could cause a bug-- since libcurl's IDN - handling is written to use either one but not both. +Marcel Raad (10 Jul 2017) +- [Max Dymond brought this change] + + tests: Fix up issues with errno in test files - Bug: https://github.com/curl/curl/issues/1441#issuecomment-297689856 - Reported-by: Gisle Vanem + Closes https://github.com/curl/curl/pull/1671 -Marcel Raad (1 May 2017) -- getpart: use correct variable type +Daniel Stenberg (10 Jul 2017) +- errno: fix non-windows builds after af0216251b94e7 + +- [Ryan Winograd brought this change] + + make: fix docs build on OpenBSD - This fixes the following clang warning: - getpart.c:201:17: warning: cast from function call of type 'CURLcode' - to non-matching type 'int' [-Wbad-function-cast] + Ref: #1591 -- tests: declare TU-local variables static +Marcel Raad (10 Jul 2017) +- ldap: fix MinGW compiler warning - This fixes missing-variable-declarations warnings when building with - clang. + ldap_bind_s is marked as deprecated in w32api's winldap.h shipping with + the latest original MinGW, resulting in compiler warnings since commit + f0fe66f13c93d3d0af45d9fb1231c9164e0f9dc8. Fix this for the non-SSPI + case by using ldap_simple_bind_s again instead of ldap_bind_s with + LDAP_AUTH_SIMPLE. + + Closes https://github.com/curl/curl/pull/1664 -- tool_cb_prg: fix double-promotion warning +- curl-compilers.m4: disable warning spam with Cygwin's clang - clang complains: - tool_cb_prg.c:86:22: error: implicit conversion increases - floating-point precision: 'float' to 'double' - [-Werror,-Wdouble-promotion] + When building with Cygwin or MinGW, libtool uses a wrapper executable + instead of a wrapper script [1], which is written in C and throws + missing-variable-declarations warnings. Don't enable these warnings on + Cygwin and MinGW in order to avoid warnings for every executable built, + which spams the test suite output when using Cygwin's clang. + + [1] https://www.gnu.org/software/libtool/manual/html_node/Wrapper-executables.html - Fix this by using a double instead of a float constant. - -Dan Fandrich (1 May 2017) -- examples: fixed too long line and too long string warnings + Closes https://github.com/curl/curl/pull/1665 -Marcel Raad (30 Apr 2017) -- examples: declare TU-local variables static +Jay Satiro (10 Jul 2017) +- curl_setup_once: Remove ERRNO/SET_ERRNO macros - This fixes missing-variable-declarations warnings when building with - clang. - -- http2: declare TU-local variables static + Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError + for Win32 and regular errno otherwise. - This fixes the following clang warnings: + I reviewed the code and found no justifiable reason for conflating errno + on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno, + and any Win32 multithreaded CRT supports thread-local errno. - http2.c:184:27: error: no previous extern declaration for non-static - variable 'Curl_handler_http2' [-Werror,-Wmissing-variable-declarations] - http2.c:204:27: error: no previous extern declaration for non-static - variable 'Curl_handler_http2_ssl' - [-Werror,-Wmissing-variable-declarations] - -Dan Fandrich (30 Apr 2017) -- unit1604: fixed indentation + Fixes https://github.com/curl/curl/issues/895 + Closes https://github.com/curl/curl/pull/1589 -- unit1604: fixed compilation under Windows, broken in the previous commit +- tool_getparam: fix potentially uninitialized err -- tests: fixed OOM handling of unit tests to abort test +Marcel Raad (9 Jul 2017) +- smb: rename variable to fix shadowing warning - It's dangerous to continue to run the test when a memory alloc fails. + GCC 4.6.3 on travis complains: + smb.c: In function ‘get_posix_time’: + smb.c:725:13: error: declaration of ‘time’ shadows a global declaration + [-Werror=shadow] + + Fix this by renaming the variable. -Marcel Raad (29 Apr 2017) -- curl_rtmp: fix missing-variable-declarations warnings +- tool_cb_wrt: fix variable shadowing warning - clang complains: + GCC 4.4 complains: + tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global + declaration + /usr/include/unistd.h:782: error: shadowed declaration is here - curl_rtmp.c:61:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmp' [-Werror,-Wmissing-variable-declarations] - curl_rtmp.c:81:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpt' [-Werror,-Wmissing-variable-declarations] - curl_rtmp.c:101:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpe' [-Werror,-Wmissing-variable-declarations] - curl_rtmp.c:121:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpte' [-Werror,-Wmissing-variable-declarations] - curl_rtmp.c:141:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmps' [-Werror,-Wmissing-variable-declarations] - curl_rtmp.c:161:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpts' [-Werror,-Wmissing-variable-declarations] + Fix this by renaming the variable. - Fix this by including the header file. - -Dan Fandrich (29 Apr 2017) -- url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE - -- tests: added --remote-time tests for remaining protocols that support it + Closes https://github.com/curl/curl/pull/1661 -- runtests.pl: support multiline commands +Daniel Stenberg (8 Jul 2017) +- RELEASE-NOTES: synced with be2c999b8 -- tool_operate: use utimes instead of obsolescent utime when available +- travis: install stunnel -- test1443: test --remote-time +- valgrind.supp: supress OpenSSL false positive seen on travis -- http-proxy: removed unused argument in CURL_DISABLE_PROXY case +- travis: detect and use valgrind for normal builds - Missed in commit 55c3c02e - -Daniel Stenberg (27 Apr 2017) -- cookie_interface.c: changed the other domain to example.com too + Closes #1653 -- cookie_interface.c: fix cookie domain so the example works +- travis: add SMB, DICT, TELNET torture to coverage test -Dan Fandrich (26 Apr 2017) -- Makefile: fix make dist - - Commit 80a87e8a broke 'make dist' as it can't handle installing from - absolute target names. Rearranged the dependencies so the absolute name - is used for building but the relative name is use for distributing. +- [Paul Harris brought this change] -Marcel Raad (26 Apr 2017) -- lib: remove unused code + cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC - This fixes the following clang warnings: - macro is not used [-Wunused-macros] - will never be executed [-Wunreachable-code] + Removes BUILD_RELEASE_DEBUG_DIRS since it wasn't used anywhere. - Closes https://github.com/curl/curl/pull/1448 + Closes #1649 -Daniel Stenberg (26 Apr 2017) -- http-proxy: remove unused argument from Curl_proxyCONNECT() +- CURLOPT_POSTFIELDS.3: explain the 100-continue magic better -- [Martin Kepplinger brought this change] +- [Max Dymond brought this change] - url: declare get_protocol_family() static + test1452: add telnet negotiation - get_protocol_family() is not defined static even though there is a - static local forward declaration. Let's simply make the definition match - it's declaration. + Add a basic telnet server for negotiating some telnet options before + echoing back any data that's sent to it. - Bug: https://curl.haxx.se/mail/lib-2017-04/0127.html + Closes #1645 -- examples: ftpuploadfrommem.c - - Uploads data to an FTP site, directly from memory. +- travis: do more tests in the coverage run - Closes #1451 + I added a selection of torture and event tests that run "fast enough" -Kamil Dudka (25 Apr 2017) -- nss: load libnssckbi.so if no other trust is specified - - The module contains a more comprehensive set of trust information than - supported by nss-pem, because libnssckbi.so also includes information - about distrusted certificates. +- curl_easy_escape.3: mention the (lack of) encoding - Reviewed-by: Kai Engert - Closes #1414 + Fixes #1612 + Reported-by: Jeroen Ooms -- nss: factorize out nss_{un,}load_module to separate fncs - - No change of behavior is intended by this commit. +- [Gisle Vanem brought this change] -- nss: do not leak PKCS #11 slot while loading a key - - It could prevent nss-pem from being unloaded later on. + memdebug: don't setbuf() if the file open failed - Bug: https://bugzilla.redhat.com/1444860 + Bug: https://github.com/curl/curl/issues/828#issuecomment-313475151 -Marcel Raad (25 Apr 2017) -- typecheck-gcc: fix _curl_is_slist_info - - Info values starting with CURLINFO_SOCKET expect a curl_socket_t, not a - curl_slist argument. - - This fixes the following GCC warning when building the examples with - --enable-optimize: +- appveyor: enable CURL_WERROR on all builds + +- cmake: add CURL_WERROR for enabling "warning as errors" + +- [Hannes Magnusson brought this change] + + cmake: remove spurious "-l" from linker flags - ../../include/curl/typecheck-gcc.h:126:42: warning: call to - ‘_curl_easy_getinfo_err_curl_slist’ declared with attribute warning: - curl_easy_getinfo expects a pointer to 'struct curl_slist *' for this - info [enabled by default] - sendrecv.c:90:11: note: in expansion of macro ‘curl_easy_getinfo’ - res = curl_easy_getinfo(curl, CURLINFO_ACTIVESOCKET, &sockfd); + Fixes #1552 + +- test506: skip if threaded-resolver + +- runtests: support "threaded-resolver" as a feature - Closes https://github.com/curl/curl/pull/1447 + ... to let tests require it or skip if present -Daniel Stenberg (25 Apr 2017) -- curl: set a 100K buffer size by default +- asyn-thread.c: fix unused variable warnings on macOS + +- http: s/TINY_INITIAL_POST_SIZE/EXPECT_100_THRESHOLD - Test command 'time curl http://localhost/80GB -so /dev/null' on a Debian - Linux. + Make the name reflect its use better, and add a short comment describing + what it's for. + +- cmake: if inet_pton is used, bump _WIN32_WINNT - Before (middle performing run out 9): + ... and make sure inet_pton is always checked for when *not* using Windows, + which is a regression from 4fc6ebe18. - real 0m28.078s - user 0m11.240s - sys 0m12.876s + Idea-by: Sergei Nikulov + +- select.h: avoid macro redefinition harder - After (middle performing run out 9) + ... by checking the POLLIN define, as the header file checks don't work + on Windows. + +- inet_pton: fix include on windows to get prototype - real 0m26.356s (93.9%) - user 0m5.324s (47.4%) - sys 0m8.368s (65.0%) + inet_pton() exists on Windows and gets used by our cmake builds. Make + sure the correct header file is included to avoid compiler warnings. - Also, doing SFTP over a 200 millsecond latency link is now about 6 times - faster. + Closes #1639 + +- TODO: 1.10 auto-detect proxy - Closes #1446 + Closes #1572 -- transfer: remove 'uploadbuf' pointer and cleanup readwrite_upload() +- TODO: HTTP proxy CONNECT is non-blocking now + +- cmake: fix send/recv argument scanner for windows - The data->req.uploadbuf struct member served no good purpose, instead we - use ->state.uploadbuffer directly. It makes it clearer in the code which - buffer that's being used. + ... by simply trying the Windows argument types first. - Removed the 'SingleRequest *' argument from the readwrite_upload() proto - as it can be derived from the Curl_easy struct. Also made the code in - the readwrite_upload() function use the 'k->' shortcut to all references - to struct fields in 'data->req', which previously was made with a mix of - both. + Fixes #1640 -Jay Satiro (25 Apr 2017) -- configure: stop prepending to LDFLAGS, CPPFLAGS +- RELEASE-NOTES: synced with 596cfb6c0 + +- [Gisle Vanem brought this change] + + smb: add support for CURLOPT_FILETIME - - Change prepends to appends because user's LDFLAGS and CPPFLAGS should - always come first so they're searched before ours. + Bug: https://curl.haxx.se/mail/lib-2017-07/0005.html - Bug: https://github.com/curl/curl/issues/1420 - Reported-by: Helmut K. C. Tessarek + Closes #1643 -Marcel Raad (25 Apr 2017) -- if2ip: fix -Wcast-align warning +- travis: install nghttp2 on linux builds - Follow-up to 119037325de02579f5c58256ca2ed2a0aa592c86, which fixed the - warning in the HAVE_GETIFADDRS block, but not in the - HAVE_IOCTL_SIOCGIFADDR block. + Closes #1642 -Dan Fandrich (24 Apr 2017) -- Makefile: avoid use of GNU-specific form of $< +- [Gisle Vanem brought this change] + + smb: fix build for djgpp/MSDOS - $< is only allowed in implicit rules in some non-GNU makes (e.g. BSD, - AIX) so avoid use elsewhere by referencing the dependent curl.1 file - directly instead. This is somewhat tricky because the file is supplied - in the packaged tar ball (but not in git) but must still be able to be - rebuilt when its dependencies change. The right thing must happen in - both tar ball and git source trees, as well as in both in-tree and - out-of-tree builds. + bug: https://curl.haxx.se/mail/lib-2017-07/0005.html -Kamil Dudka (24 Apr 2017) -- nss: adapt to the new Curl_llist API +- configure: try ldap/lber in reversed order first + + When scanning for which LDAP libraries to use, try the -lldap -llber + combination before the reversed order since it has a greater chance of + working when linking with libcurl statically. - This commit fixes compilation failure caused by - cbae73e1dd95946597ea74ccb580c30f78e3fa73. + Fixes #1619 + Closes #1634 + Reported-by: David E. Narváez -Marcel Raad (24 Apr 2017) -- curl-compilers.m4: accept -Og and -Ofast GCC flags +- configure: remove checks for 5 functions never used - -Og, introduced in GCC 4.8, optimizes for debugging experience. - -Ofast, introduced in GCC 4.7, builds on -O3 and enables further - optimizations breaking strict standards compliance. - When specified in CFLAGS, these were always overridden by -O0 or -O2. - Fix this by adding them to flags_opt_all. + fork, getprotobyname, inet_addr, perror, uname - Ref: https://gcc.gnu.org/onlinedocs/gcc-4.8.0/gcc/Optimize-Options.html - Ref: https://github.com/curl/curl/pull/1404#issuecomment-296401570 - Closes https://github.com/curl/curl/pull/1440 + closes #1638 -Daniel Stenberg (24 Apr 2017) -- RELEASE-NOTES: synced with c68fed875 +- dist: add SMB python deps into the tarball -- configure: fix the -ldl check for openssl, add -lpthread check +- [Max Dymond brought this change] + + test1451: add SMB support to the testbed - The check for if -ldl is needed to build with (a statically built) - openssl was broken. This repairs the check, and adds a check for - -lpthread as well since OpenSSL 1.1.0+ does in fact require -lpthread so - only adding -ldl for a static openssl build is no longer enough. + Add test 1451 which does some very basic SMB testing using the impacket + SMB server. - Reported-by: Jay Satiro - Ref: #1426 - Closes #1427 + Closes #1630 -- llist: fix a comment after cbae73e1dd9 - - Pointed-it-by: Kevin Ji - URL: https://github.com/curl/curl/commit/cbae73e1dd95946597ea74ccb580c30f78e3fa73#commitcomment-21872622 +- [Max Dymond brought this change] -Jay Satiro (22 Apr 2017) -- schannel: Don't treat encrypted partial record as pending data + test: add impacket for SMB testing - - Track when the cached encrypted data contains only a partial record - that can't be decrypted without more data (SEC_E_INCOMPLETE_MESSAGE). + Import impacket 0.9.15 for use in SMB testing. This was generated by + doing "pip2.7 install -t . impacket" - - Change Curl_schannel_data_pending to return false in such a case. + Unnecessary files for current testing were deleted. + +- travis.yml: use --enable-werror on debug builds - Other SSL libraries have pending data functions that behave similarly. + ... to better detect and fault on compiler warnings/errors - Ref: https://github.com/curl/curl/pull/1387 + Closes #1637 + +- tool_sleep: typecast to avoid macos compiler warning - Closes https://github.com/curl/curl/pull/1392 + tool_sleep.c:54:24: error: implicit conversion loses integer precision: + 'long' to '__darwin_suseconds_t' (aka 'int') + [-Werror,-Wshorten-64-to-32] -Daniel Stenberg (22 Apr 2017) -- [Alan Jenkins brought this change] +- [Martin Kepplinger brought this change] - multi: clarify condition in curl_multi_wait + timeval.c: Use long long constant type for timeval assignment - `if(nfds || extra_nfds) {` is followed by `malloc(nfds * ...)`. + On a 64 bit host, sparse says: - If `extra_fs` could be non-zero when `nfds` was zero, then we have - `malloc(0)` which is allowed to return `NULL`. But, malloc returning - NULL can be confusing. In this code, the next line would treat the NULL - as an allocation failure. + timeval.c:148:15: warning: constant 0x7fffffffffffffff is so big it is long + timeval.c:149:12: warning: constant 0x7fffffffffffffff is so big it is long - It turns out, if `nfds` is zero then `extra_nfds` must also be zero. - The final value of `nfds` includes `extra_nfds`. So the test for - `extra_nfds` is redundant. It can only confuse the reader. + so let's use long long constant types in order to prevent undesired overflow + failures. - Closes #1439 - -Marcel Raad (22 Apr 2017) -- lib: fix maybe-uninitialized warnings + Bug: https://curl.haxx.se/mail/lib-2017-07/0003.html - With -Og, GCC complains: + Closes #1636 - easy.c:628:7: error: ‘mcode’ may be used uninitialized in this function [-Werror=maybe-uninitialized] + Signed-off-by: Martin Kepplinger + +- url: make the original string get used on subsequent transfers - ../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized] - vauth/digest.c:208:9: note: ‘tok_buf’ was declared here + ... since CURLOPT_URL should follow the same rules as other options: + they remain set until changed or cleared. - ../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized] - vauth/digest.c:566:15: note: ‘tok_buf’ was declared here + Added test 1551 to verify. - Fix this by initializing the variables. + Fixes #1631 + Closes #1632 + Reported-by: Pavel Rochnyak -Dan Fandrich (22 Apr 2017) -- gnutls: removed some code when --disable-verbose is configured - - This reduces the binary size and fixes a compile warning. +- [Johannes Schindelin brought this change] -Daniel Stenberg (22 Apr 2017) -- llist: no longer uses malloc - - The 'list element' struct now has to be within the data that is being - added to the list. Removes 16.6% (tiny) mallocs from a simple HTTP - transfer. (96 => 80) - - Also removed return codes since the llist functions can't fail now. + gtls: fix build when sizeof(long) < sizeof(void *) - Test 1300 updated accordingly. + - Change gnutls pointer/int macros to pointer/curl_socket_t. + Prior to this change they used long type as well. - Closes #1435 - -Marcel Raad (21 Apr 2017) -- typecheck-gcc: handle function pointers properly + The size of the `long` data type can be shorter than that of pointer + types. This is the case most notably on Windows. - All the callbacks passed to curl_easy_setopt are defined as function - pointers. The possibility to pass both functions and function pointers - was handled for the callbacks that typecheck-gcc.h defined as - compatible, but not for the public callback types themselves. + If C99 were acceptable, we could simply use `intptr_t` here. But we + want to retain C89 compatibility. - This makes all compatible callback types defined in typecheck-gcc.h - function pointers too and checks all functions uniformly with - _curl_callback_compatible, which handles both functions and function - pointers. + Simply use the trick of performing pointer arithmetic with the NULL + pointer: to convert an integer `i` to a pointer, simply take the + address of the `i`th element of a hypothetical character array + starting at address NULL. To convert back, simply cast the pointer + difference. - A symptom of the problem was a warning in tool_operate.c with - --disable-libcurl-option and without --enable-debug as that file - passes the callback functions to curl_easy_setopt directly. + Thanks to Jay Satiro for the initial modification to use curl_socket_t + instead of int/long. - Fixes https://github.com/curl/curl/issues/1403 - Closes https://github.com/curl/curl/pull/1404 - -Dan Fandrich (21 Apr 2017) -- mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable + Closes #1617 - In that case, use libcurl's internal MD4 routine. This fixes tests 1013 - and 1014 which were failing due to configure assuming NTLM and SMB were - always available whenever mbed TLS was in use (which is now true). + Signed-off-by: Johannes Schindelin -Daniel Stenberg (21 Apr 2017) -- tests: remove the html and PDF versions from the tarball +- [Ryan Winograd brought this change] -- openssl: fix memory leak in servercert + unit1399: fix integer overflow - ... when failing to get the server certificate. + Bug: #1616 + Closes #1633 -- Revert "src/Makefile.am: avoid explicit $<" +- [Per Malmberg brought this change] + + cmake: Added compatibility options for older Windows versions - This reverts commit 5b4cbcf11d5100ff793a8e9edbaa6fe1fc7495f5. + CURL_STATIC_CRT and ENABLE_INET_PTON - Since it broke out-of-tree builds from tarballs. See discussion in #1432 - -- bump: start working on next release + Closes #1621 -- src/Makefile.am: avoid explicit $< +- unit1399: add logging to time comparison - ... since apparently "BSD make" doesn't support it. + ... to enable tracking down why autobuilds fail on this - Reported-by: Thomas Klausner - Fixes #1432 - -Version 7.54.0 (19 Apr 2017) - -Daniel Stenberg (19 Apr 2017) -- THANKS: add contributors from 7.54.0 release notes - -- RELEASE-NOTES: curl 7.54.0 + Bug: #1616 -Marcel Raad (18 Apr 2017) -- nss: fix MinGW compiler warnings - - This fixes 3 warnings issued by MinGW: - 1. PR_ImportTCPSocket actually has a paramter of type PROsfd instead of - PRInt32, which is 64 bits on Windows. Fixed this by including the - corresponding header file instead of redeclaring the function, which is - supported even though it is in the private include folder. [1] - 2. In 64-bit mode, size_t is 64 bits while CK_ULONG is 32 bits, so an explicit - narrowing cast is needed. - 3. Curl_timeleft returns time_t instead of long since commit - 21aa32d30dbf319f2d336e0cb68d3a3235869fbb. +- make: build the docs subdir only from within src - [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PR_ImportTCPSocket + ... and don't build at all in include - Closes https://github.com/curl/curl/pull/1393 + Prompted-by-work-by: Simon Warta + Ref: #1590 + Closes #1591 -Daniel Stenberg (18 Apr 2017) -- [Jay Satiro brought this change] +- [Max Dymond brought this change] - TLS: Fix switching off SSL session id when client cert is used - - Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl - will each have their own sessionid flag. - - Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that - this issue had been fixed in 247d890, CVE-2016-5419. + test1450: fix up DICT server in torture mode - Bug: https://github.com/curl/curl/issues/1341 - Reported-by: lijian996@users.noreply.github.com + As per https://github.com/curl/curl/pull/1615, the DICT server is a + little spammy in torture mode due to the sockets being torn down + unexpectedly. Fix this by adding some error handling to the handling + function. - The new incarnation of this bug is called CVE-2017-7468 and is documented - here: https://curl.haxx.se/docs/adv_20170419.html + Closes #1629 -- [David Benjamin brought this change] +- [Max Dymond brought this change] - openssl: don't try to print nonexistant peer private keys + test1450: add simple testing for DICT - X.509 certificates carry public keys, not private keys. Fields - corresponding to the private half of the key will always be NULL. + Add a new server which provides a DICT interface. This is intended to + begin coverage testing for lib/dict.c - Closes #1425 + Closes #1615 -- [David Benjamin brought this change] +- [Dan Fandrich brought this change] - openssl: fix thread-safety bugs in error-handling - - ERR_error_string with NULL parameter is not thread-safe. The library - writes the string into some static buffer. Two threads doing this at - once may clobber each other and run into problems. Switch to - ERR_error_string_n which avoids this problem and is explicitly - bounds-checked. + test1521: fix out-of-tree builds, broken with 467da3af - Also clean up some remnants of OpenSSL 0.9.5 around here. A number of - comments (fixed buffer size, explaining that ERR_error_string_n was - added in a particular version) date to when ossl_strerror tried to - support pre-ERR_error_string_n OpenSSLs. + The test.h file is no longer in the same directory as the source file, + so that directory needs to be added to the include path. - Closes #1424 + Fixes #1627 + Closes #1628 -- [David Benjamin brought this change] +- [Max Dymond brought this change] - openssl: make SSL_ERROR_to_str more future-proof + http2: handle PING frames - Rather than making assumptions about the values, use a switch-case. + Add a connection check function to HTTP2 based off RTSP. This causes + PINGs to be handled the next time the connection is reused. - Closes #1424 + Closes #1521 -- [Daniel Gustafsson brought this change] +- [Max Dymond brought this change] - code: fix typos and style in comments - - A few random typos, and minor whitespace cleanups, found in comments - while reading code. + handler: refactor connection checking - Closes #1423 + Add a new type of callback to Curl_handler which performs checks on + the connection. Alter RTSP so that it uses this callback to do its + own check on connection health. -Marcel Raad (17 Apr 2017) -- extern-scan.pl: strip trailing CR - - This makes test 1135 pass with CRLF checkouts. +- [dmitrykos brought this change] + + openssl: improve fallback seed of PRNG with a time based hash - Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166 - Closes https://github.com/curl/curl/pull/1422 + Fixes #1620 -- configure.ac: ignore CR after version numbers +- [Ryan Winograd brought this change] + + progress: prevent resetting t_starttransfer - Ignore everything after the version numbers in LIBCURL_VERSION and - LIBCURL_VERSION_NUM to ged rid of the extra CR character. - This makes tests 1022 and 1023 pass on Linux with a CRLF checkout. + Prevent `Curl_pgrsTime` from modifying `t_starttransfer` when invoked + with `TIMER_STARTTRANSFER` more than once during a single request. - Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166 - Closes https://github.com/curl/curl/pull/1422 - -- .gitattributes: force shell scripts to LF + When a redirect occurs, this is considered a new request and + `t_starttransfer` can be updated to reflect the `t_starttransfer` time + of the redirect request. - Bash on Linux errors out on CR characters. - This makes tests 1221 and 1222 pass on Linux with a CRLF checkout. + Closes #1616 - Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166 - Closes https://github.com/curl/curl/pull/1422 + Bug: https://github.com/curl/curl/pull/1602#issuecomment-310267370 -- unit1303: fix compiler warning +- curl_strequal.3: fix typo in SYNOPSIS - MinGW-w64 complains: - warning: conversion to 'long int' from 'time_t {aka long long int}' may - alter its value [-Wconversion] - Fix this by using the correct type. + Reported-by: Jesse Chisholm + + Fixes #1623 -Daniel Stenberg (16 Apr 2017) -- RELEASE-NOTES: synced with 1451271e0 +- RELEASE-NOTES: synced with ce2c3ebda -- [Larry Stefani brought this change] +Kamil Dudka (28 Jun 2017) +- curl --socks5-{basic,gssapi}: control socks5 auth + + Closes https://github.com/curl/curl/pull/1454 - http2: fix handle leak in error path +- CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy auth - Add missing newhandle free call in push_promise(). + If libcurl was built with GSS-API support, it unconditionally advertised + GSS-API authentication while connecting to a SOCKS5 proxy. This caused + problems in environments with improperly configured Kerberos: a stock + libcurl failed to connect, despite libcurl built without GSS-API + connected fine using username and password. - Closes #1416 + This commit introduces the CURLOPT_SOCKS5_AUTH option to control the + allowed methods for SOCKS5 authentication at run time. + + Note that a new option was preferred over reusing CURLOPT_PROXYAUTH + for compatibility reasons because the set of authentication methods + allowed by default was different for HTTP and SOCKS5 proxies. + + Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html + Closes https://github.com/curl/curl/pull/1454 -- [Larry Stefani brought this change] +- socks: deduplicate the code for auth request - mbedtls: fix memory leak in error path - - Add missing our_ssl_sessionid free call in mbed_connect_step3(). +- socks: use proxy_user instead of proxy_name - Closes #1417 + ... to make it obvious what the data is used for -Marcel Raad (15 Apr 2017) -- curl-compilers.m4: turn implicit function declarations into errors +Daniel Stenberg (27 Jun 2017) +- libtest/make: generate lib1521.c - This adds -Werror-implicit-function-declaration for GCC 2.95+ so that - these errors are visible at the point where they occur instead of only - at link time. - Implicit function declarations are illegal in C99 and C++ anyway, and - the same warning has been turned into an error for ICC in commit - 3072c5b8a127057aa922b7c51051bbb4a630b091. + ... instead of having the generated code checked in. This saves space in + the tarball but primarily automatically adapts to newly added options. - Ref: https://gcc.gnu.org/onlinedocs/gcc-2.95.2/gcc_2.html#SEC8 - Ref: https://curl.haxx.se/mail/lib-2017-04/0001.html - Closes https://github.com/curl/curl/pull/1419 + Closes #1614 -- test1541: also test for CURL_PULL_WS2TCPIP_H +Jay Satiro (26 Jun 2017) +- tool_getparam: fix memory leak on test 1147 OOM (torture tests) - Ref: https://github.com/curl/curl/issues/1408 - Closes https://github.com/curl/curl/pull/1412 + Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872 + Reported-by: Dan Fandrich -- tests/server/util: prefer over - - Follow-up to aa573c3c55cda72ec5ef677d87f6f46a53385f0c - - Ref: https://github.com/curl/curl/pull/1406 +Dan Fandrich (25 Jun 2017) +- test1537: fixed memory leak on OOM -Daniel Stenberg (11 Apr 2017) -- Curl_expire_latest: ignore already expired timers +Marcel Raad (25 Jun 2017) +- test1521: fix compiler warnings - If the existing timer is still in there but has expired, the new timer - should be added. + The integer literal 3123123123 doesn't fit into a 32-bit signed + integer, so GCC with 32-bit long warns in C90 mode: + this decimal constant is unsigned only in ISO C90 [enabled by default] + Fix this by using ULONG_MAX, which should fit in any curl_off_t and has + the correct suffix to not issue any warnings. + Also adds the missing CURLOPT_REQUEST_TARGET from commit + 9b167fd090f596eac828817d48c247eeae53407f. - Reported-by: Rainer Canavan - Bug: https://curl.haxx.se/mail/lib-2017-04/0030.html - Closes #1407 + Closes https://github.com/curl/curl/pull/1611 -- system.h: fix mingw section +Daniel Stenberg (24 Jun 2017) +- curl/system.h: add check for XTENSA for 32bit gcc - Reported-by: Marcel Raad - Fixes #1408 - Closes #1409 + Reported-by: Neil Kolban + Fixes: 1598 -Marcel Raad (11 Apr 2017) -- polarssl: unbreak build with versions < 1.3.8 +- [Henrik S. Gaßmann brought this change] + + winbuild: fix boringssl build - ssl_session_init was only introduced in version 1.3.8, the penultimate - version. The function only contains a memset, so replace it with that. + Compile with `WIN32_LEAN_AND_MEAN` which prevents `windows.h` from + including too much clutter including `wincrypt.h` which in turn contains + some preprocessor macros that clash with boringssl symbols. - Suggested-by: Jay Satiro - Fixes https://github.com/curl/curl/issues/1401 + Detect boringssl by checking the existance of `is_boringssl.h` and set + the corresponding `HAVE_BORINGSSL` for compilation which is used in + `ldap.c` to undefine the evil macros. + + Closes #1610 -- poll: prefer over +- progress: progress.timespent needs to be us - The POSIX standard location is . Using results in - warning spam when using the musl standard library. + follow-up to 64ed44a815e4e to fix test 500 failures + +Marcel Raad (24 Jun 2017) +- curl-compilers.m4: fix unknown-warning-option on Apple clang - Closes https://github.com/curl/curl/pull/1406 + Since 5598b0bd63f690c151074494ce47ef872f004ab4, clang -v is used to + detect the clang version. The version number was expected to come after + the word "version". For Apple clang, this doesn't work as it has its + own versioning scheme. + The version number is now first searched after the string + "based on LLVM". This works for Apple clang before version 7, and also + for e.g. Ubuntu's clang up to version 3.7. If it's not found and the + version string contains "Apple LLVM version", clang version 3.7 is + assumed, which is the version that comes with Xcode 7. Otherwise, the + version number is still expected after the word "version", which works + for very old Apple clang versions. + + Ref: https://trac.macports.org/wiki/XcodeVersionInfo + Fixes https://github.com/curl/curl/issues/1606 + Closes https://github.com/curl/curl/pull/1607 -Daniel Stenberg (10 Apr 2017) -- [Alexis La Goutte brought this change] +Daniel Stenberg (24 Jun 2017) +- progress: fix "time spent", broke in adef394ac - openssl: fix this statement may fall through [-Wimplicit-fallthrough=] +- CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case - Closes #1402 + ... supported since 7.54.1 -Kamil Dudka (10 Apr 2017) -- nss: load CA certificates even with --insecure +- maketgz: switch to -6e for xz - ... because they may include an intermediate certificate for a client - certificate and the intermediate certificate needs to be presented to - the server, no matter if we verify the peer or not. + To reduce the memory requirement for decompress, and still do almost as + good compression as with -9e. - Reported-by: thraidh - Closes #851 - -Daniel Stenberg (10 Apr 2017) -- RELEASE-NOTES: synced with f9d1e9a27f7e1 + Pointed-out-by: Dan Fandrich -Dan Fandrich (10 Apr 2017) -- libcurl-thread.3: fixed a bad macro that caused test 1140 to fail +- libtest/Makefile: remove unused lib1541 variables -Daniel Stenberg (9 Apr 2017) -- libcurl-thread.3: also mention threaded-resolver - - Reported-by: Alex Bligh - Bug: https://curl.haxx.se/mail/lib-2017-04/0044.html +- CONTRIBUTE.md: mention the out-of-tree build test too -- .github/stale.yml: enable the stale bot +- maketgz: switch to xz instead of lzma - Issues and PRs with no activity for 180 days will get marked as stale, - and if no further activity happens within 14 more days, the issue gets - closed. + The compressed output size seems to be a tad bit smaller, but generally + xz seems more preferred these days and is used directly by for example + gentoo instead of bz2. - This follows our established policy of not letting stalled bugs "get in - the way": https://curl.haxx.se/docs/bugs.html#Closing_off_stalled_bugs + "Users of LZMA Utils should move to XZ Utils" => + https://tukaani.org/lzma/ - Closes #1398 + Closes #1604 -Jay Satiro (8 Apr 2017) -- CURLINFO_SCHEME.3: fix variable type +- --request-target: instead of --strip-path-slash - - Change documented param type to char ** from incorrect long *. - -Marcel Raad (8 Apr 2017) -- INSTALL.md: fix secure transport configure arguments + ... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH. - --without-ssl is needed instead of --with-winssl. - -- vtls: fix unreferenced variable warnings + This option instead provides the full "alternative" target to use in the + request, instead of extracting the path from the URL. - ... by moving the variables into the correct #ifdef block. - -Daniel Stenberg (7 Apr 2017) -- BUGS: "Bugs in old versions" + Test 1298 and 1299 updated accordingly. + + Idea-by: Evert Pot + Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373 + + Closes #1593 -- system.h: add section for tcc +Marcel Raad (21 Jun 2017) +- lib1521: fix missing-variable-declarations clang warnings - Closes #1397 + Declare TU-local variables static. -Marcel Raad (7 Apr 2017) -- schannel: fix compiler warnings +- travis: enable typecheck-gcc warnings - When UNICODE is not defined, the Curl_convert_UTF8_to_tchar macro maps - directly to its argument. As it is declared as a pointer to const and - InitializeSecurityContext expects a pointer to non-const, both MSVC and MinGW - issue a warning about implicitly casting away the const. Fix this by declaring - the variables as pointers to non-const. + - switch debug and release configurations so that we get an optimized + build with GCC 4.3+ as required by typecheck-gcc + - enable warnings-as-errors for release builds + (which have warnings disabled) - Closes https://github.com/curl/curl/pull/1394 - -- [Isaac Boukris brought this change] + Closes https://github.com/curl/curl/pull/1595 - sspi: print out InitializeSecurityContext() error message +- typecheck-gcc: add support for CURLINFO_OFF_T - Reported-by: Carsten (talksinmath) + typecheck-gcc expected curl_socket_t instead of curl_off_t arguments + for CURLINFO_OFF_T. Detected by test1521, unfortunately only when run + locally. - Fixes #1384 - Closes #1395 + Closes https://github.com/curl/curl/pull/1592 -- gtls: fix compiler warning - - Curl_timeleft returns time_t instead of long since commit - 21aa32d30dbf319f2d336e0cb68d3a3235869fbb. +Daniel Stenberg (21 Jun 2017) +- [Simon Warta brought this change] -Daniel Stenberg (6 Apr 2017) -- test1606: verify speedcheck + ci: whitelist branches to avoid testing feature branches twice -- low_speed_limit: improved function for longer time periods - - Previously, periods of fast speed between periods of slow speed would - not count and could still erroneously trigger a timeout. - - Reported-by: Paul Harris - Fixes #1345 - Closes #1390 +- [Gisle Vanem brought this change] -- system.h: set sizeof long to 4 on "default 32 bit" systems + lib: fix the djgpp build - Triggered a test failure on test 1541 for the build known as - "Linux 4.4 i686 tcc 0.9.26 glibc 2.20" + Bug: https://github.com/curl/curl/commit/73a2fcea0b4adea6ba342cd7ed1149782c214ae3#commitcomment-22655993 -Marcel Raad (6 Apr 2017) -- nss: fix build after e60fe20fdf94e829ba5fce33f7a9d6c281149f7d - - Curl_llist_alloc is now Curl_llist_init. +Marcel Raad (20 Jun 2017) +- if2ip: fix compiler warning in ISO C90 mode - Closes https://github.com/curl/curl/pull/1391 + remote_scope_id is only used when both HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID + and ENABLE_IPV6 are defined instead of only one of them. -Daniel Stenberg (6 Apr 2017) -- INSTALL.cmake: more problems - - and mention specific issues where they are discussed +Daniel Stenberg (20 Jun 2017) +- travis: do the distcheck test build out-of-tree as well -- test1541: ignore the curl_off_t variable type name comparison +- http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH - ... the sizes and the formatting strings are what's really important and - avoids problems with int64_t vs "long long". + ... to enable sending "OPTIONS *" which wasn't possible previously. - Bug: https://curl.haxx.se/mail/lib-2017-04/0019.html - -- Revert "configure: prefer 'long long' to int64_t for curl_off_t" + This option currently only works for HTTP. - This reverts commit 81284374bf3c670d2050f8562edeb69f060b07cc. + Added test cases 1298 + 1299 to verify - Due to mingw32 brekage. + Fixes #1280 + Closes #1462 -Marcel Raad (5 Apr 2017) -- tool_operate: fix MinGW compiler warning - - MinGW complains: - tool_operate.c:197:15: error: comparison is always true due to limited range - of data type [-Werror=type-limits] +- test1521: test getinfo's OFF_T types too - Fix this by only doing the comparison if 'long' is large enough to hold the - constant it is compared with. + Closes #1588 + +- lib1521: add curl_easy_getinfo calls to the test set - Closes https://github.com/curl/curl/pull/1378 + Also added return value checks to make sure no unexpected return codes + are used. -- tool_operate: move filetime code to its own function +- [Simon Warta brought this change] + + automake: use $(MKHELP) variable instead if constant mkhelp.pl - Ref: https://github.com/curl/curl/pull/1378 + this improves symmetry with the rule above -Daniel Stenberg (5 Apr 2017) -- configure: prefer 'long long' to int64_t for curl_off_t +- [Simon Warta brought this change] + + mkhelp.pl: fix script name in usage text + +- RELEASE-NOTES: synced with 3b80d3ca4 + +- getinfo: return sizes as curl_off_t - Since it is a native type and it makes it less complicated to find a - matching one in system.h + This change introduces new alternatives for the existing six + curl_easy_getinfo() options that return sizes or speeds as doubles. The + new versions are named like the old ones but with an appended '_T': - Bug: https://curl.haxx.se/mail/lib-2017-04/0010.html - Reported-by: Dan Fandrich + CURLINFO_CONTENT_LENGTH_DOWNLOAD_T + CURLINFO_CONTENT_LENGTH_UPLOAD_T + CURLINFO_SIZE_DOWNLOAD_T + CURLINFO_SIZE_UPLOAD_T + CURLINFO_SPEED_DOWNLOAD_T + CURLINFO_SPEED_UPLOAD_T - Closes #1388 - -- [Dániel Bakai brought this change] + Closes #1511 - tests: added test for Curl_splaygetbest to unit1309 +- PIPELINING_SERVER_BL: cleanup the internal list use - This checks the new behavior of Curl_splaygetbest, so that the smallest - node not larger than the key is removed, and FIFO behavior is kept even - when there are multiple nodes with the same key. + The list was freed incorrectly since the llist refactor of + cbae73e1dd959. Added test 1550 to verify that it works and avoid future + regressions. - Closes #1358 - -- [Dániel Bakai brought this change] - - multi: fix queueing of pending easy handles + Reported-by: Pascal Terjan - Multi handles repeatedly invert the queue of pending easy handles when - used with CURLMOPT_MAX_TOTAL_CONNECTIONS. This is caused by a multistep - process involving Curl_splaygetbest and violates the FIFO property of - the multi handle. - This patch fixes this issue by redefining the "best" node in the - context of timeouts as the "smallest not larger than now", and - implementing the necessary data structure modifications to do this - effectively, namely: - - splay nodes with the same key are now stored in a doubly-linked - circular list instead of a non-circular one to enable O(1) - insertion to the tail of the list - - Curl_splayinsert inserts nodes with the same key to the tail of - the same list - - in case of multiple nodes with the same key, the one on the head of - the list gets selected + Fixes #1584 + Closes #1585 -Marcel Raad (4 Apr 2017) -- tool: fix Windows Unicode build +- http2: fix OOM crash - ... by explicitly calling the ANSI versions of Windows API functions where - required. + torture mode with test 1021 found it -Daniel Stenberg (4 Apr 2017) -- [Martin Kepplinger brought this change] +- CURLOPT_PREQUOTE.3: spellfix man page reference - curl_sasl: declare mechtable static +Marcel Raad (18 Jun 2017) +- http_proxy: fix build with http and proxy - struct mechtable is only used locally here. It can be declared static. - -Jay Satiro (4 Apr 2017) -- [Antti Hätälä brought this change] + After deff7de0eb0e22d2d142b96b9cc84cd8db5d2a48, the build without + CURL_DISABLE_PROXY and CURL_DISABLE_HTTP was failing because of missing + includes. - url: don't free postponed data on connection reuse - - - Don't free postponed data on a connection that will be reused since - doing so can cause data loss when pipelining. - - Only Windows builds are affected by this. +- http_proxy: fix compiler warning - Closes https://github.com/curl/curl/issues/1380 + With CURL_DISABLE_PROXY or CURL_DISABLE_HTTP, GCC complained about a + missing prototype for Curl_connect_free. -Daniel Stenberg (4 Apr 2017) -- RELEASE-NOTES: synced with 4f2e348f9b42c69c480 +Daniel Stenberg (18 Jun 2017) +- TODO: update the TOC too -- hash: move key into hash struct to reduce mallocs +- TODO: implement support for CURLOPT_PREQUOTE with SFTP - This removes one tiny malloc for each hash struct allocated. In a simple - case like "curl localhost", this save three mallocs. + ... also updated the CURLOPT_PREQUOTE.3 man page to mention the correct + protocol support. - Closes #1376 + Closes #1514 -- llist: replace Curl_llist_alloc with Curl_llist_init +- tool_wrte_cb: remove check for config == NULL - No longer allocate the curl_llist head struct for lists separately. + ... as it really cannot have reached this far with config being NULL, + thus this is unnecesary and misleading. - Removes 17 (15%) tiny allocations in a normal "curl localhost" invoke. + Bug: https://news.ycombinator.com/item?id=14577585 and + https://daniel.haxx.se/blog/2017/06/17/curl-doesnt-spew-binary-anymore/comment-page-1/#comment-18356 - closes #1381 + Forwarded-to-us-by: Jakub Wilk -Jay Satiro (4 Apr 2017) -- easy: silence compiler warning +- curl: prevent binary output spewed to terminal - Safe to silence warning adding time delta of poll, which can trigger on - Windows since sizeof time_t > sizeof long. + ... unless "--output -" is used. Binary detection is done by simply + checking for a binary zero in early data. - warning C4244: '+=' : conversion from 'time_t' to 'long', possible loss - of data - -Daniel Stenberg (4 Apr 2017) -- [Richlv brought this change] - - docs: minor typo in write-out.d + Added test 1425 1426 to verify. - Closes #1382 + Closes #1512 -- include: curl/system.h is a run-time version of curlbuild.h +Marcel Raad (16 Jun 2017) +- Makefile.m32: enable -W for MinGW32 build - system.h is aimed to replace curlbuild.h at a later point in time when - we feel confident system.h works sufficiently well. + The configure-based build also has this in addition to -Wall. - curl/system.h is currently used in parallel with curl/curlbuild.h + Closes https://github.com/curl/curl/pull/1578 + +- curl-compilers.m4: enable comma clang warning - curl/system.h determines a data sizes, data types and include file - status based on available preprocessor defines instead of getting - generated at build-time. This, in order to avoid relying on a build-time - generated file that makes it complicated to do 32 and 64 bit bields from - the same installed set of headers. + It usually warns when using commas instead of semicolons or other + operators by accident. - Test 1541 verifies that system.h comes to the same conclusion that - curlbuild.h offers. + Closes https://github.com/curl/curl/pull/1578 + +- curl-compilers.m4: enable missing-variable-declarations clang warning - Closes #1373 + It usually warns when forgetting to declare TU-local variables static. + + Closes https://github.com/curl/curl/pull/1578 -- multi: make curl_multi_wait avoid malloc in the typical case +- curl-compilers.m4: enable double-promotion warning - When only a few additional file descriptors are used, avoid the malloc. + Enable -Wdouble-promotion for both GCC and clang. It warns on implicit + promotion from float to double. - Closes #1377 + Closes https://github.com/curl/curl/pull/1578 -Marcel Raad (3 Apr 2017) -- tests/server/util: remove in6addr_any for recent MinGW - - In ancient MinGW versions, in6addr_any was declared as extern, but not - defined. Because of that, 22a0c57746ae12506b1ba0f0fafffd26c1907d6a added - definitions for in6addr_any when compiling with MinGW. The bug was fixed in - w32api version 3.6 from 2006, so this workaround is not needed anymore for - recent versions. +- curl-compilers.m4: enable vla warning for clang - This fixes the following MinGW-w64 warnings because the MinGW-w64 version of - IN6ADDR_ANY_INIT has the two additional braces inside the macro: - util.c:59:14: warning: braces around scalar initializer - util.c:59:40: warning: excess elements in scalar initializer + Previously, that warning was only implicitly active in C90 mode. + Enable it unconditionally as already done for GCC. - Ref: https://sourceforge.net/p/mingw/mingw-org-wsl/ci/e4803e0da25c57ae1ad0fa75ae2b7182ff7fa339/tree/w32api/ChangeLog - Closes https://github.com/curl/curl/pull/1379 - -Daniel Stenberg (3 Apr 2017) -- docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3 - -Jay Satiro (31 Mar 2017) -- fail-early.d: fix typos + Closes https://github.com/curl/curl/pull/1578 -- docs: Explain --fail-early does not imply --fail +Daniel Stenberg (16 Jun 2017) +- http-proxy: fix chunked-encoded CONNECT responses - Closes https://github.com/curl/curl/pull/1375 - -Daniel Stenberg (1 Apr 2017) -- telnet: (win32) fix read callback return variable + Regression since 5113ad0424. - telnet.c(1427,21): warning: comparison of constant 268435456 with - expression of type 'CURLcode' is always false + ... and remove 'flaky' from test 1061 again - telnet.c(1433,21): warning: comparison of constant 268435457 with - expression of type 'CURLcode' is always false + Closes #1579 + +- http-proxy: deal with EAGAIN - Reviewed-by: Jay Satiro - Reported-by: Gisle Vanem - Bug: https://github.com/curl/curl/issues/1225#issuecomment-290340890 + ... the previous code would reset the header length wrongly (since + 5113ad0424). This makes test 1060 reliable again. - Closes #1374 - -- CTestConfig.cmake: removed, unused - -- libcurl.def: removed, unused + Also: make sws send even smaller chunks of data to increase the + likeliness of this happening. -- docs/index.html: removed, was not shipped anyway +- libtest/libntlmconnect: fix compiler warnings from f94fcdb -- dist: add missing files to the tarball +- [Jay Satiro brought this change] -Peter Wu (30 Mar 2017) -- cmake: fix build with cmake 2.8.12.2 - - For some reason, CMake 2.8.12.2 did not expand the list argument in a - single DEPENDS argument. Remove the quotes, so it gets expanded into - multiple arguments for add_custom_command and add_custom_target. + HTTPS-Proxy: don't offer h2 for https proxy connections - Fixes https://github.com/curl/curl/issues/1370 - Closes #1372 - -Marcel Raad (30 Mar 2017) -- ssh: fix narrowing conversion warning + Bug: https://github.com/curl/curl/issues/1254 - 'left' is used as time_t but declared as long. - MinGW complains: - error: conversion to 'long int' from 'time_t {aka long long int}' may alter - its value [-Werror=conversion] - Changed the declaration to time_t. + Closes #1546 -- http2: silence unused parameter warnings +- tests: stabilize test 2032 and 2033 - In release mode, MinGW complains: - error: unused parameter 'lib_error_code' [-Werror=unused-parameter] - -Daniel Stenberg (30 Mar 2017) -- [Hanno Böck brought this change] - - curl: fix callback functions to match prototype + Both these tests run the same underlying test code: libntlmconnect.c - + this test code made some assumptions about socket ordering when it used + curl_easy_fdset() and when we changed timing or got accidental changes + in libcurl the tests would fail. - The function tool_debug_cb doesn't match curl_debug_callback in curl.h - (unsigned vs. signed char* for 3rd param). + The tests verify that the different transfers keep using the same + connections, which I now instead made sure by adding the number of bytes + each transfer gets and then verifies that they always get the same + amount as when these tests worked. - Bug: https://curl.haxx.se/mail/lib-2017-03/0120.html - -- [Alexis La Goutte brought this change] + Closes #1576 - gcc7: fix ‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context] +- test1148: verify the -# progressbar - Closes #1371 + Closes #1569 -Marcel Raad (30 Mar 2017) -- schannel: fix unused variable warning +- test1061: mark as flaky - If CURL_DISABLE_VERBOSE_STRINGS is defined, hostname is not used in - schannel_connect_step3. + Fails intermittently on travis builds since a few days. Likely due to + 5113ad0424. -- connect: fix unreferenced parameter warning +Jay Satiro (16 Jun 2017) +- url: refactor the check for Windows drive letter in path + + - Move the logic to detect a Windows drive letter prefix + (eg c: in c:foo) into a function-like macro. - When CURL_DISABLE_VERBOSE_STRINGS is defined, the reason parameter in - Curl_conncontrol is not used as the infof macro expands to nothing. + Closes https://github.com/curl/curl/pull/1571 -- select: use correct SIZEOF_ constant +- mk-ca-bundle.pl: Check curl's exit code after certdata download - At least under Windows, there is no SIZEOF_LONG, so it evaluates to 0 even - though sizeof(int) == sizeof(long). This should probably have been - CURL_SIZEOF_LONG, but the type of timeout_ms changed from long to time_t - anyway. - This triggered MSVC warning C4668 about implicitly replacing undefined - macros with '0'. + - No longer allow partial downloads of certdata. - Closes https://github.com/curl/curl/pull/1362 - -Daniel Stenberg (30 Mar 2017) -- cmake: add cmake file in docs/libcurl/opts/ to dist + Prior to this change partial downloads were (erroneously?) allowed since + only the server code was checked to be 200. + + Bug: https://github.com/curl/curl/pull/1577 + Reported-by: Matteo B. -- cmake: add more missing files to the dist +Daniel Stenberg (16 Jun 2017) +- dist: add the fuzz dir to the tarball -- docs/Makefile.am: include CMakeLists.txt in the dist tarball +- configure: disable nghttp2 too if HTTP has been disabled -Marcel Raad (29 Mar 2017) -- NTLM: check for features with #ifdef instead of #if +- http-proxy: fix build with --disable-proxy or --disable-http - Feature defines are normally checked with #ifdef instead of #if in the rest of - the codebase. Additionally, some compilers warn when a macro is implicitly - evaluated to 0 because it is not defined, which was the case here. + Reported-by: Dan Fandrich + +- fuzz/README: document how to build - Ref: https://github.com/curl/curl/pull/1362#discussion_r108605101 - Closes https://github.com/curl/curl/pull/1367 + Fixes #1476 -Daniel Stenberg (29 Mar 2017) -- [Hanno Böck brought this change] +- [Frederik B brought this change] - curl: fix callback argument inconsistency - - As you can see the callback definition uses a char* for the first - argument, while the function uses a void*. - - URL: https://curl.haxx.se/mail/lib-2017-03/0116.html + fuzz: corpora file structure, initial commit -- RELEASE-NOTES: synced with 556c51a2df +- [Frederik B brought this change] -- [madblobfish brought this change] + fuzz: bring oss-fuzz initial code converted to C89 - KNOWN_BUGS: typo +- http-proxy: only attempt FTP over HTTP proxy - Closes #1364 - -- [Maksim Stsepanenka brought this change] + ... all other non-HTTP protocol schemes are now defaulting to "tunnel + trough" mode if a HTTP proxy is specified. In reality there are no HTTP + proxies out there that allow those other schemes. + + Assisted-by: Ray Satiro, Michael Kaufmann + + Closes #1505 - make: use the variable MAKE for recursive calls +- TODO: the generated include file is gone - Closes #1366 + ... since commit 73a2fcea0b -- conncache: make hashkey avoid malloc +- curl_setup.h: error out on CURL_WANTS_CA_BUNDLE_ENV use - ... to make it much faster. Idea developed with primepie on IRC. + ... to make it really apparent if there's any user using this on purpose. + + Suggested-by: Jay Satiro - Closes #1365 + Closes #1542 -Kamil Dudka (28 Mar 2017) -- http: do not treat FTPS over CONNECT as HTTPS +- lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV + + When this define was set, libcurl would check the environment variable + named CURL_CA_BUNDLE at run-time and use that CA cert bundle. This + feature was only defined by the watcom and m32 makefiles and caused + inconsistent behaviours among libcurls built on different platforms. - If we use FTPS over CONNECT, the TLS handshake for the FTPS control - connection needs to be initiated in the SENDPROTOCONNECT state, not - the WAITPROXYCONNECT state. Otherwise, if the TLS handshake completed - without blocking, the information about the completed TLS handshake - would be saved to a wrong flag. Consequently, the TLS handshake would - be initiated in the SENDPROTOCONNECT state once again on the same - connection, resulting in a failure of the TLS handshake. I was able to - observe the failure with the NSS backend if curl ran through valgrind. + The curl tool does already feature its own similar logic and the library + does not really need it, and it isn't documented libcurl behavior. So + this change removes it. - Note that this commit partially reverts curl-7_21_6-52-ge34131d. + Ref: #1538 + +- test1147: verify -H on a file -Daniel Stenberg (28 Mar 2017) -- pause: handle mixed types of data when paused +- curl: allow --header and --proxy-header read from file - When receiving chunked encoded data with trailers, and the write - callback returns PAUSE, there might be both body and header to store to - resend on unpause. Previously libcurl returned error for that case. + So many headers can be provided as @filename. - Added test case 1540 to verify. + Suggested-by: Timothe Litt - Reported-by: Stephen Toub - Fixes #1354 - Closes #1357 + Closes #1486 -Jay Satiro (28 Mar 2017) -- [Isaac Boukris brought this change] +- RELEASE-NOTES: synced with 2ad80eec5 + +- curl/curlver.h: start working on 7.55.0 - http: Fix proxy connection reuse with basic-auth +- http-proxy: do the HTTP CONNECT process entirely non-blocking - When using basic-auth, connections and proxy connections - can be re-used with different Authorization headers since - it does not authenticate the connection (like NTLM does). + Mentioned as a problem since 2007 (8f87c15bdac63) and of course it + existed even before that. - For instance, the below command should re-use the proxy - connection, but it currently doesn't: - curl -v -U alice:a -x http://localhost:8181 http://localhost/ - --next -U bob:b -x http://localhost:8181 http://localhost/ + Closes #1547 + +- progress: let "current speed" be UL + DL speeds combined - This is a regression since refactoring of ConnectionExists() - as part of: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151 + Bug #1556 + Reported-by: Paul Harris + Closes #1559 + +Marcel Raad (14 Jun 2017) +- system.h: fix MinGW build - Fix the above by removing the username and password compare - when re-using proxy connection at proxy_info_matches(). + CURLSYS_PULL_WS2TCPIP_H got renamed to CURL_PULL_WS2TCPIP_H in commit + 73a2fcea0b4adea6ba342cd7ed1149782c214ae3. + +Daniel Stenberg (14 Jun 2017) +- timers: store internal time stamps as time_t instead of doubles - However, this fix brings back another bug would make curl - to re-print the old proxy-authorization header of previous - proxy basic-auth connection because it wasn't cleared. + This gives us accurate precision and it allows us to avoid storing "no + time" for systems with too low timer resolution as we then bump the time + up to 1 microsecond. Should fix test 573 on windows. - For instance, in the below command the second request should - fail if the proxy requires authentication, but would succeed - after the above fix (and before aforementioned commit): - curl -v -U alice:a -x http://localhost:8181 http://localhost/ - --next -x http://localhost:8181 http://localhost/ + Remove the now unused curlx_tvdiff_secs() function. - Fix this by clearing conn->allocptr.proxyuserpwd after use - unconditionally, same as we do for conn->allocptr.userpwd. + Maintains the external getinfo() API with using doubles. - Also fix test 540 to not expect digest auth header to be - resent when connection is reused. + Fixes #1531 + +- dist: make the hugehelp.c not get regenerated unnecessarily - Signed-off-by: Isaac Boukris + The maketgz script now makes sure the generated hugehelp.c file in the + tarball is newer than the generated curl.1 man page, so that it doesn't + have to get unnecessarily rebuilt first thing in a typical build. It + thus also removes the need for perl to build off a plain release + tarball. - Closes https://github.com/curl/curl/pull/1350 + Fixes #1565 -- openssl: exclude DSA code when OPENSSL_NO_DSA is defined +- includes: remove curl/curlbuild.h and curl/curlrules.h - - Fix compile errors that occur in openssl.c when OpenSSL lib was - built without DSA support. + Rely entirely on curl/system.h now. - Bug: https://github.com/curl/curl/issues/1361 - Reported-by: neheb@users.noreply.github.com - -- examples/fopen: checksrc compliance - -Marcel Raad (28 Mar 2017) -- schannel: fix variable shadowing warning + Introduced in Aug 2008 with commit 14240e9e109f. Now gone. - No need to redeclare the variable. + Fixes #1456 -- multi: fix MinGW-w64 compiler warnings - - error: conversion to 'long int' from 'time_t {aka long long int}' may alter - its value [-Werror=conversion] +Version 7.54.1 (14 Jun 2017) -- .gitattributes: turn off CRLF for *.am - - If Makefile.am uses CRLF, buildconf in a Windows checkout fails with: - ".ibtoolize: error: AC_CONFIG_MACRO_DIRS([m4]) conflicts with - ACLOCAL_AMFLAGS=-I m4" +Daniel Stenberg (14 Jun 2017) +- release: 7.54.1 + +Dan Fandrich (13 Jun 2017) +- mk-lib1521.pl: updated to match the test changes in 916ec30a -Daniel Stenberg (26 Mar 2017) -- [klemens brought this change] +Daniel Stenberg (13 Jun 2017) +- [Stuart Henderson brought this change] - spelling fixes + libressl: OCSP and intermediate certs workaround no longer needed - Closes #1356 + lib/vtls/openssl.c has a workaround for a bug with OCSP responses signed + by intermediate certs, this was fixed in LibreSSL in + https://github.com/libressl-portable/openbsd/commit/912c64f68f7ac4f225b7d1fdc8fbd43168912ba0 + + Bug: https://curl.haxx.se/mail/lib-2017-06/0038.html -- curl: check for end of input in writeout backslash handling +- url: fix buffer overwrite with file protocol (CVE-2017-9502) - Reported-by: Brian Carpenter + Bug: https://github.com/curl/curl/issues/1540 + Advisory: https://curl.haxx.se/docs/adv_20170614.html - Added test 1442 to verify + Assisted-by: Ray Satiro + Reported-by: Marcel Raad -Marcel Raad (24 Mar 2017) -- tests/README: make "Run" section foolproof +- urlglob: fix division by zero - curl must be built before building the tests. + The multiply() function that is used to avoid integer overflows, was + itself reason for a possible division by zero error when passed a + specially formatted glob. - Closes https://github.com/curl/curl/pull/1352 + Reported-by: GwanYeong Kim -Daniel Stenberg (23 Mar 2017) -- openssl: fix comparison between signed and unsigned integer expressions +- configure: update the copyright year in the output + +- [ygrek brought this change] -Marcel Raad (23 Mar 2017) -- [Edward Kimmel brought this change] + BINDINGS: update SP-Forth and OCaml urls - asiohiper: make sure socket is open in event_cb +Michael Kaufmann (11 Jun 2017) +- FindWin32CACert: Use a temporary buffer on the stack + + Don't malloc() the temporary buffer, and use the correct type: + SearchPath() works with TCHAR, but SearchPathA() works with char. + Set the buffer size to MAX_PATH, because the terminating null byte + is already included in MAX_PATH. - Send curl_socket_t to event_cb and make sure it hasn't been closed yet. + Reviewed-by: Daniel Stenberg + Reviewed-by: Marcel Raad - Closes https://github.com/curl/curl/pull/1318 + Closes #1548 + +Dan Fandrich (11 Jun 2017) +- test1521: fixed OOM handling -Dan Fandrich (23 Mar 2017) -- openssl: made the error table static const +Daniel Stenberg (9 Jun 2017) +- RELEASE-PROCEDURE: updated future release dates -Jay Satiro (23 Mar 2017) -- openssl: fall back on SSL_ERROR_* string when no error detail - - - If SSL_get_error is called but no extended error detail is available - then show that SSL_ERROR_* as a string. - - Prior to this change there was some inconsistency in that case: the - SSL_ERROR_* code may or may not have been shown, or may have been shown - as unknown even if it was known. +- [Paul Harris brought this change] + + gitignore: ignore all vim swap files - Ref: https://github.com/curl/curl/issues/1300 + Closes #1561 + +- lib1521: fix compiler warnings on the use of bad 'long' values - Closes https://github.com/curl/curl/pull/1348 + Reported-by: Marcel Raad + Bug: https://github.com/curl/curl/commit/cccac4fb2b20d6ed87da7978408c3ecacc464fe4#commitcomment-22453387 -Dan Fandrich (23 Mar 2017) -- mkhelp: disable compression if the perl gzip module is unavailable +- setopt: check CURLOPT_ADDRESS_SCOPE option range - This is nowadays included with the base perl distribution, but wasn't - prior to about perl 5.14 + ... and return error instead of triggering an assert() when being way + out of range. -Daniel Stenberg (23 Mar 2017) -- [Anders Roxell brought this change] +Jay Satiro (8 Jun 2017) +- [TheAssassin brought this change] - tests/README: mention nroff for --manual tests + cmake: Fix inconsistency regarding mbed TLS include directory - Signed-off-by: Anders Roxell + Previously, one had to set MBEDTLS_INCLUDE_DIR to make CMake find the + headers, but the system complained that mbed TLS wasn't found due to + MBEDTLS_INCLUDE_DIRS (note the trailing s) was not set. This commit + attempts to fix that. - Closes #1342 - -- CURLINFO_PRIMARY_IP.3: add example + Closes https://github.com/curl/curl/pull/1541 -- travis: run tests-nonflaky instead of tests-full +Daniel Stenberg (8 Jun 2017) +- [Ryuichi KAWAMATA brought this change] -- make: introduce 'test-nonflaky' target + examples/multi-uv.c: fix deprecated symbol - Running this in the root build dir will invoke the test suite to only - run tests not marked as 'flaky'. - -- test2033: flaky + Closes #1557 -Jay Satiro (21 Mar 2017) -- [Ales Mlakar brought this change] +- asyn-ares: s/Curl_expire_latest/Curl_expire - mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION - - Ref: https://curl.haxx.se/mail/lib-2017-02/0097.html +- expire: remove Curl_expire_latest() - Closes https://github.com/curl/curl/pull/1272 - -Peter Wu (21 Mar 2017) -- cmake: add support for building HTML and PDF docs + With the introduction of expire IDs and the fact that existing timers + can be removed now and thus never expire, the concept with adding a + "latest" timer is not working anymore as it risks to not expire at all. - Note that for some reason there is this warning (that also exists with - autotools, added since curl-7_15_1-94-ga718cb05f): + So, to be certain the timers actually are in line and will expire, the + plain Curl_expire() needs to be used. The _latest() function was added + as a sort of shortcut in the past that's quite simply not necessary + anymore. - docs/libcurl/curl_multi_socket_all.3:1: can't open `man3/curl_multi_socket.3': No such file or directory + Follow-up to 31b39c40cf90 - Additionally, adjust the roffit --mandir option to support creating - links when doing out-of-tree builds. + Reported-by: Paul Harris - Ref: https://github.com/curl/curl/pull/1288 + Closes #1555 -- cmake: build manual pages (including curl.1) - - Also make Perl mandatory to allow building the docs. - - While CMakeLists.txt could probably read the list of manual pages from - Makefile.am, actually putting those in CMakeLists.txt is cleaner so that - is what is done here. +- [Chris Carlmar brought this change] + + configure: fix link with librtmp when specifying path - Fixes #1230 - Ref: https://github.com/curl/curl/pull/1288 + Bug: https://curl.haxx.se/mail/lib-2017-06/0017.html -- docs: split file lists into Makefile.inc +- file: make speedcheck use current time for checks - For easier sharing with CMake. The contents were reformatted to use - two-space indent and expanded tabs (matching lib/Makefile.common). + ... as it would previously just get the "now" timestamp before the + transfer starts and then not update it again. - Ref: https://github.com/curl/curl/pull/1288 - -Daniel Stenberg (21 Mar 2017) -- examples: comment typos in http2 examples - -- RELEASE-NOTES: typo + Closes #1550 -- RELEASE-NOTES: synced with 6e0f26c8a8c28df +- metalink: remove unused printf() argument -- multi: fix streamclose() crash in debug mode +- travis: let some builds *not* use --enable-debug - The code would refer to the wrong data pointer. Only debug builds do - this - for verbosity. + typecheck-gcc and other things require optimized builds - Reported-by: zelinchen@users.noreply.github.com - Fixes #1329 + Closes #1544 + +- README.md: show the coverall coverage on github + +- lib1521: fix compiler warnings -- CONTRIBUTE: mention referring to github issues in commit msgs +- test1521: make the code < 80 columns wide -Dan Fandrich (20 Mar 2017) -- runtests.pl: fixed display of the Gopher IPv6 port number +- test1121: use stricter types to work with typcheck-gcc -- tests: fixed the documented test server port numbers +- typecheck-gcc: allow CURLOPT_STDERR to be NULL too -- test714/5: added HTTP as a required feature +- test1521: test *all* curl_easy_setopt options - These tests use an HTTP proxy so require that curl be built with HTTP - support. + mk-lib1521.pl generates a test program (lib1521.c) that calls + curl_easy_setopt() for every known option with a few typical values to + make sure they work (ignoring the return codes). + + Some small changes were necessary to avoid asserts and NULL accesses + when doing this. + + The perl script needs to be manually rerun when we add new options. + + Closes #1543 -- tests: strip more options from non-HTTP --libcurl tests +Dan Fandrich (5 Jun 2017) +- test1538: added "verbose logs" keyword - The CURLOPT_USERAGENT and CURLOPT_MAXREDIRS options are only set if HTTP - support is available, so ignore them in tests where HTTP is not - guaranteed. + These error messages are not displayed with --disable-verbose -Jay Satiro (18 Mar 2017) -- [Palo Markovic brought this change] +Daniel Stenberg (5 Jun 2017) +- test1262: verify ftp download with -z for "if older than this" - darwinssl: fix typo in variable name +Marcel Raad (5 Jun 2017) +- curl_ntlm_core: use Curl_raw_toupper instead of toupper - Broken a week ago in 6448f98. + This was the only remaining use of toupper in the entire source code. - Closes https://github.com/curl/curl/pull/1337 + Suggested-by: Daniel Stenberg -- tool_operate: Fix showing HTTPS-Proxy options on CURLE_SSL_CACERT - - - Show the HTTPS-proxy options on CURLE_SSL_CACERT if libcurl was built - with HTTPS-proxy support. - - Prior to this change those options were shown only if an HTTPS-proxy was - specified by --proxy, but that did not take into account environment - variables such as http_proxy, https_proxy, etc. Follow-up to e1187c4. +Daniel Stenberg (4 Jun 2017) +- RELEASE-NOTES: synced with 65ba92650 + +Marcel Raad (4 Jun 2017) +- curl_ntlm_core: pass unsigned char to toupper - Bug: https://github.com/curl/curl/issues/1331 - Reported-by: Nehal J Wani + Otherwise, clang on Cygwin64 warns: + curl_ntlm_core.c:525:35: error: array subscript is of type 'char' + [-Werror,-Wchar-subscripts] + dest[2 * i] = (unsigned char)(toupper(src[i])); + ^~~~~~~~~~~~~~~ + /usr/include/ctype.h:152:25: note: expanded from macro 'toupper' + (void) __CTYPE_PTR[__x]; (toupper) (__x);}) + ^~~~ -- CURLINFO_LOCAL_PORT.3: fix typo +Jay Satiro (3 Jun 2017) +- [Mahmoud Samir Fayed brought this change] -Daniel Stenberg (16 Mar 2017) -- CURLINFO_LOCAL_PORT.3: added example + BINDINGS: add Ring binding + + Closes https://github.com/curl/curl/pull/1539 -- SSLCERTS.md: mention HTTPS proxies and their separate options +Daniel Stenberg (4 Jun 2017) +- CONTRIBUTE.md: mention tests done on pull requests -- BINDINGS: a Delphi binding +- travis: add coverage, distcheck and cmake builds + + Closes #1534 -- KNOWN_BUGS: remove libidn related issue +Marcel Raad (3 Jun 2017) +- libtest: fix int-in-bool-context warnings - ... as we no longer use libidn + GCC 7 complained: + ‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context] -Dan Fandrich (14 Mar 2017) -- build: removed redundant DEPENDENCIES from makefiles +- libtest: fix implicit-fallthrough warnings with GCC 7 -Daniel Stenberg (13 Mar 2017) -- [Sylvestre Ledru brought this change] +- x509asn1: fix implicit-fallthrough warning with GCC 7 - Improve code readbility +- curl_sasl: fix unused-variable warning - ... by removing the else branch after a return, break or continue. + This fixes the following warning with CURL_DISABLE_CRYPTO_AUTH, + as seen in the autobuilds: - Closes #1310 + curl_sasl.c:417:9: warning: unused variable 'serverdata' + [-Wunused-variable] -Jay Satiro (13 Mar 2017) -- [Anatol Belski brought this change] +Daniel Stenberg (3 Jun 2017) +- updatemanpages.pl: error out on too old git version - winbuild: add basic support for OpenSSL 1.1.x +Marcel Raad (3 Jun 2017) +- cyassl: define build macros before including ssl.h - - Auto-detect OpenSSL 1.1 libs + cyassl/ssl.h needs the macros from cyassl/options.h, so define them + before including cyassl/ssl.h the first time, which happens in + urldata.h. + This broke the build on Ubuntu Xenial, which comes with WolfSSL 3.4.8 + and therefore redefines the symbols from cyassl/options.h instead of + including the header. - Closes https://github.com/curl/curl/pull/1322 + Closes https://github.com/curl/curl/pull/1536 -Daniel Stenberg (13 Mar 2017) -- RELEASE-NOTES: synced with c25e0761d0fc49c4 +Daniel Stenberg (3 Jun 2017) +- tool_util: remove unused tvdiff_secs and remove tool_ prefix + + Closes #1532 -- make: regenerate docs/curl.1 by runinng make in docs +- dedotdot: fixed output for ".." and "." only input - ... previously, docs/ was only a dist subdir, now also a build subdir. + Found when updating test 1395, which I did to increase test coverage of + this source file... - Reported-by: Dan Fandrich - Bug: https://curl.haxx.se/mail/lib-2017-03/0017.html + Closes #1535 -Dan Fandrich (12 Mar 2017) -- test1440/1: depend on well-defined file: behaviour +Marcel Raad (2 Jun 2017) +- mbedtls: make TU-local variable static - Depend on the known behaviour of URLs for nonexistent files rather than - the undefined behaviour of URLs for directories (which fails on Windows). - The test isn't about file: URLs at all, so the URL used doesn't really - matter. + mbedtls_x509_crt_profile_fr is only used locally. + This fixes a missing-variable-declarations warning with clang. -- tests: clear the SSL_CERT_FILE variable on --libcurl tests +- MD(4|5): silence cast-align clang warning - Otherwise, the contents will end up in the output and fail the - verification. + Unaligned access is on purpose here and the warning is harmless on + affected architectures. GCC knows that, while clang warns on all + architectures. -- test1287: added verbose logs keyword +Daniel Stenberg (2 Jun 2017) +- test1538: fix typo -- tool_writeout: fixed a buffer read overrun on --write-out - - If a % ended the statement, the string's trailing NUL would be skipped - and memory past the end of the buffer would be accessed and potentially - displayed as part of the --write-out output. Added tests 1440 and 1441 - to check for this kind of condition. +- test1538: verify the libcurl strerror API calls + +- curl_endian: remove unused functions - Reported-by: Brian Carpenter + Closes #1529 -Jay Satiro (12 Mar 2017) -- [Desmond O. Chang brought this change] +- test1537: dedicated tests of the URL (un)escape API calls + + Closes #1530 - url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS +- coverage: run event tests too - - Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing - proxy CONNECT response headers from the user callback functions - CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION. - - - Add new tool option --suppress-connect-headers to expose - CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT - response headers from --dump-header and --include. + ... the torture ones are commented out only because they are slooooow. + +- build: provide easy code coverage measuring - Assisted-by: Jay Satiro - Assisted-by: CarloCannas@users.noreply.github.com - Closes https://github.com/curl/curl/pull/783 + Closes #1528 -- http_proxy: Ignore TE and CL in CONNECT 2xx responses +- typecheck-gcc.h: check CURLINFO_CERTINFO - A client MUST ignore any Content-Length or Transfer-Encoding header - fields received in a successful response to CONNECT. - "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 + ... and update the certinfo.c example accordingly. - Prior to this change such a case would cause an error. + Fixes https://github.com/curl/curl/issues/846 + +- typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION - In some ways this bug appears to be a regression since c50b878. Prior to - that libcurl may have appeared to function correctly in such cases by - acting on those headers instead of causing an error. But that behavior - was also incorrect. + ... so that they get the required "struct curl_tlssessioninfo **" + arguments. + +- typecheck-gcc.h: separate getinfo slist checks from other pointers - Bug: https://github.com/curl/curl/issues/1317 - Reported-by: mkzero@users.noreply.github.com + Fixes #1524 -- [Thomas Glanzmann brought this change] +Marcel Raad (1 Jun 2017) +- curl-compilers.m4: escape square brackets in regex + + Otherwise, they are removed in the final configure file. + Also changed sed to "$SED" like in most other calls in this file. - mbedtls: fix typo in variable name +- curl-compilers.m4: fix compiler_num for clang - Broken a few days ago in 6448f98. + "clang -dumpversion" always returns "4.2.1", the GCC version that clang + was initially compatible to. Use "clang -v" instead, which returns the + actual clang version. - Bug: https://curl.haxx.se/mail/lib-2017-03/0015.html + Fixes https://github.com/curl/curl/issues/1522 + Closes https://github.com/curl/curl/pull/1523 -Michael Kaufmann (11 Mar 2017) -- tests: fix the authretry tests +Daniel Stenberg (31 May 2017) +- examples/externalsocket.c: s/closesocket/closecb - Do not call curl_easy_reset() between the requests, because the - auth state must be preserved for these tests. + ... since closesocket is a function in WinSock. - Follow-up to 0afbcfd + Reported-by: Marcel Raad + Bug: https://github.com/curl/curl/commit/55fcb8485914700132fd1854c9509b66c955efbe#co + mmitcomment-22347818 -- proxy: skip SSL initialization for closed connections - - This prevents a "Descriptor is not a socket" error for WinSSL. +Marcel Raad (31 May 2017) +- lib583: fix compiler warning - Reported-by: Antony74@users.noreply.github.com - Reviewed-by: Jay Satiro + Use CURLMcode for variable 'res' and cast to int where necessary + instead of the other way around. Other tests do the same. - Fixes https://github.com/curl/curl/issues/1239 + This fixes the following clang warning: + lib583.c:68:15: warning: cast from function call of type 'CURLMcode' to + non-matching type 'int' [-Wbad-function-cast] -- curl_easy_reset: Also reset the authentication state +Daniel Stenberg (31 May 2017) +- CURLOPT_SSH_KEY*.3: typos - Follow-up to 5278462 - See https://github.com/curl/curl/issues/1095 + Reported-by: Gisle Vanem -- [Isaac Boukris brought this change] +- CURLOPT_STREAM_DEPENDS.3: typo - authneg: clear auth.multi flag at http_done - - This flag is meant for the current request based on authentication - state, once the request is done we can clear the flag. - - Also change auth.multi to auth.multipass for better readability. - - Fixes https://github.com/curl/curl/issues/1095 - Closes https://github.com/curl/curl/pull/1326 - - Signed-off-by: Isaac Boukris - Reported-by: Michael Kaufmann +- CURLOPT_FNMATCH_FUNCTION.3: also modified example to avoid fcpp issues -Dan Fandrich (11 Mar 2017) -- url: don't compile detect_proxy if HTTP support is disabled +- CURLOPT_FNMATCH_DATA.3: modified example to avoid fcpp issues -- cmdline-opts: fixed a few typos +- opts: more than 100 more examples for man pages... -Daniel Stenberg (10 Mar 2017) -- README.md: add coverity and travis badges +- libtest/lib574.c: use correct callback proto -- ISSUE_TEMPLATE: for bugs, ask questions on the mailing list - - and try to add the top comment within an HTML comment in the hope - that it might get hidden if the text is kept +- examples/sampleconv.c: indent changes, made callbacks static -- openssl: add two /* FALLTHROUGH */ to satisfy coverity - - CID 1402159 and 1402158 +- example/externalsocket.c: make it use CLOSESOCKETFUNCTION too -- tests: disabled 1903 now +Marcel Raad (31 May 2017) +- curl-compilers.m4: enable -Wshift-sign-overflow for clang - Test 1903 is doing HTTP pipelining, and that is a timing and ordering - sensitive operation and this fails far too often on the Travis CI - leading to people more or less ignoring test failures there. Not good. + clang 2.9+ supports -Wshift-sign-overflow, which warns about undefined + behavior on signed left shifts when shifting by too many places. - The end of pipelning is probably coming sooner rather than later - anyway... - -Dan Fandrich (9 Mar 2017) -- tls-max.d: added to the makefile + Ref: https://github.com/curl/curl/issues/1516 + Closes https://github.com/curl/curl/pull/1517 -- build: fixed making man page in out-of-tree tarball builds - - The man page taken from the release package is found in a different - location than if it's built from source. It must be referenced as $< in - the rule to get its correct location in the VPATH. +Daniel Stenberg (31 May 2017) +- CURLOPT_PROXY.3: fix test 1140 breakage -- mkhelp: simplified the gzip code +Jay Satiro (31 May 2017) +- build-wolfssl: Sync config with wolfSSL 3.11 - This eliminates the need for an external gzip program, which wasn't - working with Busybox's gzip, anyway. It now compresses using perl's - IO::Compress::Gzip - -- polarssl: fixed compile errors introduced in 6448f98c - -Daniel Stenberg (8 Mar 2017) -- bump: next release will be known as 7.54.0 + wolfSSL configure script relevant changes from 3.10 to 3.11: - ...due to the newly added CURL_SSLVERSION_MAX_* functionality - -- openssl: unbreak the build after 6448f98c1857de + - Async threading support added; disabled by default without async + crypto, which continues to be disabled by default. - Verified with OpenSSL 1.1.0e and OpenSSL master (1.1.1) - -Kamil Dudka (8 Mar 2017) -- [Jozef Kralik brought this change] - - vtls: add options to specify range of enabled TLS versions + wolfSSL configure script relevant changes from 3.11 to 3.11.1 (beta): - This commit introduces the CURL_SSLVERSION_MAX_* constants as well as - the --tls-max option of the curl tool. + - TLS 1.3 beta support added; disabled by default. - Closes https://github.com/curl/curl/pull/1166 - -Daniel Stenberg (8 Mar 2017) -- RELEASE-NOTES: synced with 6888a670aa01 + For experimenting I put in a comment block the defines needed to enable + TLS 1.3 support (ie the equivalent of --enable-tls13). -- MANPAGE: clarify the dash situation in meta data +Daniel Stenberg (30 May 2017) +- opts: more examples added to man pages -- insecure.d: clarify that this is for server connections +- docs: clarify NO_PROXY further - Assisted-by: Ray Satiro - Bug: https://curl.haxx.se/mail/lib-2017-03/0002.html + Fixes #1208 -Dan Fandrich (8 Mar 2017) -- test1260: added http as a required feature +- CURLOPT_PROXY.3: describe the environment variables more -Daniel Stenberg (7 Mar 2017) -- [Steve Brokenshire brought this change] +- transfer: init the infilesize from the postfields... + + ... with a strlen() if no size was set, and do this in the pretransfer + function so that the info is set early. Otherwise, the default strlen() + done on the POSTFIELDS data never sets state.infilesize. + + Reported-by: Vincas Razma + Bug: #1294 - maketgz: Run updatemanpages.pl to update man pages +Jay Satiro (29 May 2017) +- test557: fix ubsan runtime error due to int left shift - maketgz now runs scripts/updatemanpages.pl to update the man pages .TH - section to use the current date and curl/libcurl version. + - Test curl_msnprintf negative int width arg using INT_MIN instead of + 1 << 31 which is undefined behavior. - (TODO Section 3.1) + Closes https://github.com/curl/curl/issues/1516 + +- mbedtls: fix variable shadow warning - Closes #1058 + vtls/mbedtls.c:804:69: warning: declaration of 'entropy' shadows a global declaration [-Wshadow] + CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, + ^~~~~~~ -- [Steve Brokenshire brought this change] +Daniel Stenberg (29 May 2017) +- RELEASE-NOTES: synced with 3aaac8c2f - gitignore: Ignore man page dist files - - Ignore man page dist files generated by scripts/updatemanpages.pl +Dan Fandrich (28 May 2017) +- tests: removed some redundant empty sections -- [Steve Brokenshire brought this change] +- runtests.pl: removed feature + + This hasn't been used in over a decade. can still be used to + run commands before the main test. - Makefile.am: Remove distribution man pages when running 'make clean' +Daniel Stenberg (27 May 2017) +- opts: more examples added in option man pages -- [Steve Brokenshire brought this change] +Dan Fandrich (27 May 2017) +- runtests.pl: removed unused arguments to valgrindparse - Makefile.am: Added scripts/updatemanpages.pl to EXTRA_DIST +Daniel Stenberg (25 May 2017) +- TODO: 6.4 is done, send telnet data in chunks -- [Steve Brokenshire brought this change] +- [Phil Crump brought this change] - updatemanpages.pl: Update man pages to use current date and versions - - Added script to update man pages to use the current date and - curl/libcurl versions. - - updatemanpages.pl has three arrays: list of directories to look in, - list of extensions to process, list of files to exclude from - processing. - - Check man page in git repoistory using the date from the existing man - page before updating to avoid updating the man page if no change is - made. - - If data is received from the git command then update the man page with - the current date and version otherwise leave alone. - - Applied patch from badger to make the date argument optional, change the - git command used, added date argument to processfile subroutine and - print to STDERR if no date is found in a man page. - - Added code to process the changed man page into a new man page with - .dist added to the filename to keep the original source files unchanged. - Updated POD documentation to reflect that the date argument optional. + docs/CURLOPT_SSLVERSION.3: Correct define name in example - Code style is in line with CODE_STYLE.md. + Closes #1509 + +- ssh: fix 'left' may be used uninitialized - Directories: docs/ docs/libcurl/ docs/libcurl/opts/ tests/ - Extensions: .1 .3 - Excluded files: mk-ca-bundle.1 template.3 + follow-up to f31760e63b4e - (TODO Section 3.1) - -- [Tatsuhiro Tsujikawa brought this change] + Reported-by: Michael Kaufmann + Bug: https://github.com/curl/curl/pull/1495#issuecomment-303982793 - http2: Fix assertion error on redirect with CL=0 +Michael Kaufmann (24 May 2017) +- time: fix type conversions and compiler warnings - This fixes assertion error which occurs when redirect is done with 0 - length body via HTTP/2, and the easy handle is reused, but new - connection is established due to hostname change: + Fix bugs and compiler warnings on systems with 32-bit long and + 64-bit time_t. - curl: http2.c:1572: ssize_t http2_recv(struct connectdata *, - int, char *, size_t, CURLcode *): - Assertion `httpc->drain_total >= data->state.drain' failed. + Reviewed-by: Daniel Stenberg - To fix this bug, ensure that http2_handle_stream is called. + Closes #1499 + +Marcel Raad (24 May 2017) +- examples: fix Wimplicit-fallthrough warnings - Fixes #1286 - Closes #1302 + This is contained in -Wextra with GCC 7. -- ares: Curl_resolver_wait_resolv: clear *entry first in function +Daniel Stenberg (24 May 2017) +- [Anatol Belski brought this change] -- ares: better error return on timeouts - - Assisted-by: Ray Satiro + winbuild: fix the nghttp2 build - Bug: https://curl.haxx.se/mail/lib-2017-03/0009.html + Closes #1321 -Jay Satiro (6 Mar 2017) -- KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password - - Bug: https://github.com/curl/curl/issues/1308 - Reported-by: Justin Clift +GitHub (24 May 2017) +- [Sergei Nikulov brought this change] -Dan Fandrich (6 Mar 2017) -- test1260: removed errant XML tag + LDAP: documentation update per #878 changes (#1506) -Daniel Stenberg (6 Mar 2017) -- URL: return error on malformed URLs with junk after port number - - ... because it causes confusion with users. Example URLs: - - "http://[127.0.0.1]:11211:80" which a lot of languages' URL parsers will - parse and claim uses port number 80, while libcurl would use port number - 11211. +Daniel Stenberg (23 May 2017) +- redirect: store the "would redirect to" URL when max redirs is reached - "http://user@example.com:80@localhost" which by the WHATWG URL spec will - be treated to contain user name 'user@example.com' but according to - RFC3986 is user name 'user' for the host 'example.com' and then port 80 - is followed by "@localhost" + Test 1261 added to verify. - Both these formats are now rejected, and verified so in test 1260. + Reported-by: Lloyd Fournier - Reported-by: Orange Tsai + Fixes #1489 + Closes #1497 -- BINDINGS: update the Lua-cURL URL +GitHub (24 May 2017) +- [Sergei Nikulov brought this change] -- [Sylvestre Ledru brought this change] + LDAP: fixed checksrc issue - BINDINGS: add Scilab binding - - Closes #1312 +- [Sergei Nikulov brought this change] -- BINDINGS: add go-curl and perl6-net-curl + LDAP: using ldap_bind_s on Windows with methods (#878) - Reported-by: Peter Pentchev - -- BINDINGS: add misssing C++ bindings + * LDAP: using ldap_bind_s on Windows with methods(BASIC/DIGEST/NTLM/AUTONEG) - Reported-by: Giuseppe Persico - -- ares: return error at once if timed out before name resolve starts + * ldap: updated per build options handling - Pointed-out-by: Ray Satiro - Bug: https://curl.haxx.se/mail/lib-2017-03/0004.html + * ldap: fixed logic for auth selection -Peter Wu (5 Mar 2017) -- [Michael Maltese brought this change] +Daniel Stenberg (23 May 2017) +- [Akhil Kedia brought this change] - CMake: Set at most one SSL library + cmake: fix build on Ubuntu 14.04 - Ref: https://github.com/curl/curl/pull/1228 - -- [Michael Maltese brought this change] - - CMake: Add mbedTLS support + Fixed a syntax error with setting cache variables (The type and + docstring were missing), resulting in build errors. Quoted the + CURL_CA_PATH and CURL_CA_BUNDLE otherwise the path was written without + quotes in C code, resulting in build errors. - Ref: https://github.com/curl/curl/pull/1228 - -- [Michael Maltese brought this change] - - CMake: Add DarwinSSL support + Closes #1503 - Assisted-by: Simon Warta - Ref: https://github.com/curl/curl/pull/1228 - -- [Michael Maltese brought this change] + Signed-off-by: Akhil - CMake: Reorganize SSL support, separate WinSSL and SSPI - - This is closer to how configure.ac does it +- url: fix declaration of 'pipe' shadows a global declaration - Ref: https://github.com/curl/curl/pull/1228 + follow-up to 4cdb1be8246c -Jay Satiro (4 Mar 2017) -- CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors +Kamil Dudka (22 May 2017) +- memdebug: fix compilation failure - .. also document that CURLE_NOT_BUILT_IN is a RETURN VALUE. + .... caused by a typo in the last commit (fixing issue #1504): - Ref: https://github.com/curl/curl/pull/1290 - -Daniel Stenberg (4 Mar 2017) -- [Andrew Krieger brought this change] + memdebug.c: In function ‘curl_fclose’: + memdebug.c:444:3: error: implicit declaration of function + ‘DEBUGDEBUGASSERT’ [-Werror=implicit-function-declaration] - fix potential use of uninitialized variables +Daniel Stenberg (22 May 2017) +- assert: avoid, use DEBUGASSERT instead! - MSVC with LTCG detects this at warning level 4. + ... as it does extra checks to actually work. - Closes #1304 - -Dan Fandrich (4 Mar 2017) -- [Sylvestre Ledru brought this change] - - fix some typos in the doc (#1306) + Reported-by: jonrumsey at github + Fixes #1504 -- tests: fixed a typo in some comments +- [Simon Warta brought this change] -Jay Satiro (3 Mar 2017) -- url: split off proxy init and parsing from create_conn - - Move the proxy parse/init into helper create_conn_helper_init_proxy to - mitigate the chances some non-proxy code will be mistakenly added to it. - - Ref: https://github.com/curl/curl/issues/1274#issuecomment-281556510 - Ref: https://github.com/curl/curl/pull/1293 - - Closes https://github.com/curl/curl/pull/1298 + cmake: remove unused variables: GNUTLS_ENABLED, NSS_ENABLED -- [Alexis La Goutte brought this change] +- [Simon Warta brought this change] - build: fix gcc7 implicit fallthrough warnings - - Mark intended fallthroughs with /* FALLTHROUGH */ so that gcc will know - it's expected and won't warn on [-Wimplicit-fallthrough=]. - - Closes https://github.com/curl/curl/pull/1297 + cmake: remove CURL_CA_BUNDLE from cmake TODO -- [Greg Rowe brought this change] +- [Simon Warta brought this change] - configure: fix --with-zlib when a path is specified - - Prior to this change if you attempted to configure curl using - --wtih-zlib and specified a path the path would be ignored if you also - had pkg-config installed on your system. This situation can easily - arise when you are cross compiling. This change moves the test for - detecting zlib settings via pkg-config only if OPT_ZLIB is not set. + cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH - Closes https://github.com/curl/curl/pull/1292 + Closes #1461 -- [c4rlo brought this change] +- [Simon Warta brought this change] - no-keepalive.d: fix typo - - Closes https://github.com/curl/curl/pull/1301 + cmake: add CURL_CA_BUNDLE/CURL_CA_FALLBACK/CURL_CA_PATH options -- checksrc.bat: Ignore curl_config.h.in, curl_config.h +- [Simon Warta brought this change] -- configure: fix for --enable-pthreads - - Better handle options conflicts that can occur if --enable-pthreads. + cmake: Add CURL_CA_FALLBACK to curl_config.h.cmake - Bug: https://github.com/curl/curl/pull/1295 - Reported-by: Marc-Antoine Perennou + This is for symmetry with the autoconf generated curl_config.h.in -- [JDepooter brought this change] +- RELEASE-NOTES: synced with 052a14e3c - darwinssl: Warn that disabling host verify also disables SNI +Michael Kaufmann (20 May 2017) +- tests: stabilize test 1034 - In DarwinSSL the SSLSetPeerDomainName function is used to enable both - sending SNI and verifying the host. When host verification is disabled - the function cannot be called, therefore SNI is disabled as well. + Pass the invalid domain name on stdin. On some systems, the test + framework cannot pass invalid UTF-8 sequences on the command line. - Closes https://github.com/curl/curl/pull/1240 + Closes #1488 -Marcel Raad (28 Feb 2017) -- warnless: suppress compiler warning +Daniel Stenberg (20 May 2017) +- ssh: ignore timeouts during disconnect - If size_t is 32 bits, MSVC warns: - warning C4310: cast truncates constant value - The warning is harmless as CURL_MASK_SCOFFT gets - truncated to the maximum value of size_t. - -Dan Fandrich (27 Feb 2017) -- tests: enable HTTP/2 tests to run with non-default port numbers - -Marcel Raad (27 Feb 2017) -- digest_sspi: fix compilation warning + ... as otherwise it risks not cleaning up the libssh2 handle properly + which leads to memory leak! - MSVC complains: - warning C4701: potentially uninitialized local variable 'output_token_len' used - -Jay Satiro (26 Feb 2017) -- cyassl: get library version string at runtime + Assisted-by: Joel Depooter - wolfSSL >= 3.6.0 supports getting its library version string at runtime. - -Dan Fandrich (26 Feb 2017) -- test1139: allow for the possibility that the man page is not rebuilt + Closes #1495 + Closes #1479 - This is likely to be the case when building from a tar ball release - package which includes a prebuilt man page. In that case, test the - packaged man page instead. This only makes a difference when building - out-of-tree (in-tree, the location in both cases is identical). - -Jay Satiro (25 Feb 2017) -- [Isaac Boukris brought this change] + Bug: https://curl.haxx.se/mail/lib-2017-04/0024.html - url: fix unix-socket support for proxy-disabled builds - - Prior to this change if curl was built with Unix Socket support - (--enable-unix-sockets) and without Proxy support (--disable-proxy) then - unix socket options would erroneously be ignored. +- ghiper.c/hiperfifo.c: add comment about missing timer functionality - Regression introduced in: - 0b8d682f81ee9acb763dd4c9ad805fe08d1227c0 + It takes someone to read up on the APIs of these libraries to figure out + how to do this correctly. - Bug: https://github.com/curl/curl/issues/1274 - Reported-by: mccormickt12@users.noreply.github.com + Reported-by: Michael Kaufmann - Closes https://github.com/curl/curl/pull/1289 - -Dan Fandrich (26 Feb 2017) -- gopher: fixed detection of an error condition from Curl_urldecode - -- ftp: fixed a NULL pointer dereference on OOM - -Jay Satiro (25 Feb 2017) -- [Peter Wu brought this change] + Closes #1253 - docs: de-duplicate file lists in the Makefiles +- asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input - Make use of macro substitution of suffix patterns to remove duplication - of manual names. This approach is portable according to - http://pubs.opengroup.org/onlinepubs/009695399/utilities/make.html + That means delete the timer. - Closes https://github.com/curl/curl/pull/1287 - -Dan Fandrich (25 Feb 2017) -- ftp: removed an erroneous free in an OOM path - -- proxy: fixed a memory leak on OOM + Reported-by: Michael Kaufmann + Ref: #1253 -- tests: use consistent environment variables for setting charset - - The character set in POSIX is set by the locale defined by (in - decreasing order of precedence) the LC_ALL, LC_CTYPE and LANG - environment variables (CHARSET was used by libidn but not libidn2). - LC_ALL is cleared to ensure that LC_CTYPE takes effect, but LC_ALL is - not used to set the locale to ensure that other parts of the locale - aren't overridden. Since there doesn't seem to be a cross-platform way - of specifying a UTF-8 locale, and not all systems may support UTF-8, a - is used to skip the test if UTF-8 can't be verified to be - available. Test 1035 was also converted to UTF-8 for consistency, as - the actual character set used there is irrelevant to the test. +- cmdline-opts/write-out.d: s/-L/--location - This patch uses a different UTF-8 locale than the last attempt, namely - en_US.UTF-8. This one has been verified on 7 different Linux and BSD - distributions and is more complete and usable than the locale UTF-8 (on - at least some systems). - -- test557: explicitly use the C locale so the numeric output is as expected + Since the man page generator wants the long option name version to + generate the proper output. -Jay Satiro (25 Feb 2017) -- [Simon Warta brought this change] +- [Bernhard M. Wiedemann brought this change] - cmake: Replace invalid UTF-8 byte sequence + mkhelp.pl: do not add current time into curl binary - - Change the encoding of the regex temp placeholder token to UTF-8. + ... as part of hugehelpgz rodata to make build reproducible. - Prior to this change the file contained special chars in a different - encoding than ASCII or UTF-8 making text editors and Python complain - when reading the file. + See https://reproducible-builds.org/ for why this is good - Closes https://github.com/curl/curl/pull/1271 - Closes https://github.com/curl/curl/pull/1275 - -Daniel Stenberg (24 Feb 2017) -- bump: work on the next release - -Version 7.53.1 (24 Feb 2017) + Closes #1490 -Daniel Stenberg (24 Feb 2017) -- release: 7.53.1 +- oauth2-bearer.d: mention the argument -- Revert "tests: use consistent environment variables for setting charset" - - This reverts commit ecd1d020abdae3c3ce3643ddab3106501e62e7c0. +Nick Zitzmann (16 May 2017) +- darwinssl: Fix exception when processing a client-side certificate file + if no error was raised by the API but the SecIdentityRef was null - That commit caused test failures on my Debian Linux machine for all - changed test cases. We need to reconsider how that should get done. + Fixes #1450 -Dan Fandrich (23 Feb 2017) -- tests: use consistent environment variables for setting charset +Daniel Stenberg (16 May 2017) +- curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM - Character set in POSIX is set by the locale defined (in decreasing order - of precedence) by the LC_ALL, LC_CTYPE and LANG environment variables (I - believe CHARSET is only historic). LC_ALL is cleared to ensure that - LC_CTYPE takes effect, but LC_ALL is not used to set the locale to - ensure that other parts of the locale aren't overriden, if set. Since - there doesn't seem to be a cross-platform way of specifying a UTF-8 - locale, and not all systems may support UTF-8, a is used - (where relevant) to skip the test if UTF-8 isn't in use. Test 1035 was - also converted to UTF-8 for consistency, as the actual character set - used there is irrelevant to the test. + Reported-by: wyattoday at github + Fixes #1487 -Jay Satiro (23 Feb 2017) -- url: Default the CA proxy bundle location to CURL_CA_BUNDLE - - If the compile-time CURL_CA_BUNDLE location is defined use it as the - default value for the proxy CA bundle location, which is the same as - what we already do for the regular CA bundle location. - - Ref: https://github.com/curl/curl/pull/1257 +- docs/cmdline-opts/config.d: edit for language -Daniel Stenberg (23 Feb 2017) -- [Sergii Pylypenko brought this change] +- RELEASE-NOTES: synced with eb16305e6 - rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header - - Closes #1285 +- [moparisthebest brought this change] -- TODO: "OPTIONS *" + SecureTransport/DarwinSSL: Implement public key pinning - Closes #1280 + Closes #1400 -- RELEASE-NOTES: synced with 443e5b03a7d441 +- man pages: fix example syntax errors + + follow-up to 5ddad099b42b50 -- THANKS-filter: shachaf +- docs/libcurl/opts: added more examples in man pages -- [İsmail Dönmez brought this change] +- CURLOPT_HTTPPROXYTUNNEL: clarify, add example - tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047 +- curl: show the libcurl release date in --version output - Closes #1283 - Fixes #1277 - -- bump: 7.53.1 coming up + ... and support and additional "security patched" date for those who + enhance older versions that way. Pass on the define CURL_PATCHSTAMP with + a date for that. - synced with df665f4df0f7a352 - -- formdata: check for EOF when reading from stdin + Building with non-release headers shows the date as [unreleased]. + + Also: this changes the date format generated in the curlver.h file to be + "YYYY-MM-DD" (no name of the day or month, no time, no time zone) to + make it easier on the eye and easier to parse. Example (new) date + string: 2017-05-09 - Reported-by: shachaf@users.noreply.github.com + Suggested-by: Brian Childs - Fixes #1281 + Closes #1474 -Jay Satiro (22 Feb 2017) -- docs: gitignore curl.1 +Dan Fandrich (13 May 2017) +- url.c: add a compile-time check that CURL_MAX_WRITE_SIZE is large enough - curl.1 is generated by the cmdline-opts script since 4c49b83. - -Daniel Stenberg (22 Feb 2017) -- TODO: HTTP Digest using SHA-256 + Some code (e.g. Curl_fillreadbuffer) assumes that this buffer is not + exceedingly tiny and will break if it is. This same check is already + done at run time in the CURLOPT_BUFFERSIZE option. -- TODO: brotli is deployed widely now +- lib510: don't write past the end of the buffer if it's too small -Jay Satiro (21 Feb 2017) -- [Viktor Szakats brought this change] +- tests: added missing keywords "chunked Transfer-Encoding" - urldata: include curl_sspi.h when Windows SSPI is enabled - - f77dabe broke builds in Windows using Windows SSPI but not Windows SSL. +Daniel Stenberg (13 May 2017) +- THANKS: add a few missing names - Bug: https://github.com/curl/curl/issues/1276 - Reported-by: jveazey@users.noreply.github.com + ... I found them in the commit logs from the early years -- url: Improve CURLOPT_PROXY_CAPATH error handling - - - Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option - is not supported, which is the same as what we already do for - CURLOPT_CAPATH. +Dan Fandrich (13 May 2017) +- tests: made a couple of prechecks consistent with others - - Change the curl tool to handle CURLOPT_PROXY_CAPATH error - CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the - same as what we already do for CURLOPT_CAPATH. + Also removed a TODO suggesting caching the precheck results. Tests + showed this would save about 0.1 sec on the total test run time on a + relatively modern system, an unnoticeable gain at the cost of longer and + more complicated code. There would also be a danger that a cached test + result would be inappropriately returned, such as when other test + dependencies (like environment variables) are different or when the + precheck causes side effects (like filesystem changes). + +Daniel Stenberg (12 May 2017) +- FAQ: add 7.4 to toc - - Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the - respective CAPATH option is not supported by the SSL library. + ... and delete trailing whitespace - Ref: https://github.com/curl/curl/pull/1257 - -- cyassl: fix typo - -Version 7.53.0 (22 Feb 2017) - -Daniel Stenberg (22 Feb 2017) -- release: 7.53.0 + Fixes #1484 -- cookie: fix declaration of 'dup' shadows a global declaration +- multi: remove leftover debug infof() calls from e9fd794a6 -- TLS: make SSL_VERIFYSTATUS work again - - The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl - and thus even if the status couldn't be verified, the connection would - be allowed and the user would not be told about the failed verification. +- pipeline: fix mistakenly trying to pipeline POSTs - Regression since cb4e2be7c6d42ca + The function IsPipeliningPossible() would return TRUE if either + pipelining OR HTTP/2 were possible on a connection, which would lead to + it returning TRUE even for POSTs on HTTP/1 connections. - CVE-2017-2629 - Bug: https://curl.haxx.se/docs/adv_20170222.html + It now returns a bitmask so that the caller can differentiate which kind + the connection allows. - Reported-by: Marcus Hoffmann + Fixes #1481 + Closes #1483 + Reported-by: stootill at github -Jay Satiro (21 Feb 2017) -- digest_sspi: Handle 'stale=TRUE' directive in HTTP digest - - - If the server has provided another challenge use it as the replacement - input token if stale=TRUE. Otherwise previous credentials have failed - so return CURLE_LOGIN_DENIED. - - Prior to this change the stale directive was ignored and if another - challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING. +Jay Satiro (12 May 2017) +- [Ron Eldor brought this change] + + mbedtls: Support server renegotiation request - Ref: https://tools.ietf.org/html/rfc2617#page-10 + Tested with servers: IIS 7.5; OpenSSL 1.0.2. - Bug: https://github.com/curl/curl/issues/928 - Reported-by: tarek112@users.noreply.github.com + Closes https://github.com/curl/curl/pull/1475 -Daniel Stenberg (20 Feb 2017) -- smb: use getpid replacement for windows UWP builds +Marcel Raad (11 May 2017) +- cookie_interface: fix -Wcomma warning - Source: https://github.com/Microsoft/vcpkg/blob/7676b8780db1e1e591c4fc7eba4f96f73c428cb4/ports/curl/0002_fix_uwp.patch + clang 5.0 complains: + possible misuse of comma operator here [-Wcomma] -- TODO: CURLOPT_RESOLVE for any port number +- formdata: fix -Wcomma warning - Closes #1264 - -- RELEASE-NOTES: synced with af30f1152d43dcdb + clang 5.0 complains: + possible misuse of comma operator here [-Wcomma] + + Change the comma to a semicolon to fix that. -- [Jean Gressmann brought this change] +Daniel Stenberg (10 May 2017) +- multi: use a fixed array of timers instead of malloc + + ... since the total amount is low this is faster, easier and reduces + memory overhead. + + Also, Curl_expire_done() can now mark an expire timeout as done so that + it never times out. + + Closes #1472 - sftp: improved checks for create dir failures +- multi: assign IDs to all timers and make each timer singleton - Since negative values are errors and not only -1. This makes SFTP upload - with --create-dirs work (again). + A) reduces the timeout lists drastically - Closes #1269 + B) prevents a lot of superfluous loops for timers that expires "in vain" + when it has actually already been extended to fire later on -Jay Satiro (20 Feb 2017) -- [Max Khon brought this change] +- [Richard Hsu brought this change] - digest_sspi: Fix nonce-count generation in HTTP digest - - - on the first invocation: keep security context returned by - InitializeSecurityContext() + tests: remove superfluous test 1399 - - on subsequent invocations: use MakeSignature() instead of - InitializeSecurityContext() to generate HTTP digest response + @MarcelRaad noted that `test1399` causes infinite loop on MinGW. + Looking into this, seems like it is related to how Windows handles + CRLF. See https://github.com/curl/curl/commit/9e093f by @mback2k. + Removing `test1399` as it's identical to `test1326` then with such a + fix. - Bug: https://github.com/curl/curl/issues/870 - Reported-by: Andreas Roth + Test 1399 was broughy by commit 862b02f8947039e - Closes https://github.com/curl/curl/pull/1251 - -- examples/multi-uv: checksrc compliance - -Michael Kaufmann (19 Feb 2017) -- string formatting: fix 4 printf-style format strings + Closes #1478 -Dan Fandrich (18 Feb 2017) -- tests: removed the obsolete name parameter +Dan Fandrich (9 May 2017) +- tests: make test file names more unique + + Include the test number in the names of files written out by tests to + reduce the chance of accidental duplication and to make it more clear + which test is associated with which file. -Michael Kaufmann (18 Feb 2017) -- speed caps: update the timeouts if the speed is too low/high - - Follow-up to 4b86113 +- tests: removed redundant --trace-ascii arguments - Fixes https://github.com/curl/curl/issues/793 - Fixes https://github.com/curl/curl/issues/942 + This is already added by the test suite; it's not clear why all these + tests had it, unless it's cargo-culting. -- docs: fix timeout handling in multi-uv example +Marcel Raad (9 May 2017) +- tool: fix remaining -Wcast-qual warnings + + Avoid casting away low-level const. -- proxy: fix hostname resolution and IDN conversion +Daniel Stenberg (9 May 2017) +- formboundary: convert assert into run-time check - Properly resolve, convert and log the proxy host names. - Support the "--connect-to" feature for SOCKS proxies and for passive FTP - data transfers. + ... to really make sure the boundary fits in the target buffer. - Follow-up to cb4e2be + Fixes unused parameter 'buflen' warning. - Reported-by: Jay Satiro - Fixes https://github.com/curl/curl/issues/1248 + Reported-by: Michael Kaufmann + Bug: https://github.com/curl/curl/pull/1468#issuecomment-300078754 -Jay Satiro (17 Feb 2017) -- [Isaac Boukris brought this change] +Dan Fandrich (9 May 2017) +- tests: list the primary server first in the server section - http: fix missing 'Content-Length: 0' while negotiating auth - - - While negotiating auth during PUT/POST if a user-specified - Content-Length header is set send 'Content-Length: 0'. - - This is what we do already in HTTPREQ_POST_FORM and what we did in the - HTTPREQ_POST case (regression since afd288b). +Daniel Stenberg (8 May 2017) +- curl: generate the --help output - Prior to this change no Content-Length header would be sent in such a - case. + ... using the docs/cmdline-opts/gen.pl script, so that we get all the + command line option documentation from the same source. - Bug: https://curl.haxx.se/mail/lib-2017-02/0006.html - Reported-by: Dominik Hölzl + The generation of the list has to be done manually and pasted into the + source code. - Closes https://github.com/curl/curl/pull/1242 - -Daniel Stenberg (16 Feb 2017) -- [Simon Warta brought this change] + Closes #1465 - winbuild: add note on auto-detection of MACHINE in Makefile.vc - - Closes #1265 +- tests: updated for modified fake random -- RELEASE-PROCEDURE: update the upcoming release calendar +- [Jay Satiro brought this change] -- TODO: consider file name from the redirected URL with -O ? + rand: treat fake entropy the same regardless of endianness - It isn't easily solved, but with some thinking someone could probably - come up with a working approach? + When the random seed is purposely made predictable for testing purposes + by using the CURL_ENTROPY environment variable, process that data in an + endian agnostic way so the the initial random seed is the same + regardless of endianness. - Closes #1241 - -Jay Satiro (15 Feb 2017) -- tool_urlglob: Allow a glob range with the same start and stop + - Change Curl_rand to write to a char array instead of int array. - For example allow ranges like [1-1] and [a-a] etc. + - Add Curl_rand_hex to write random hex characters to a buffer. - Regression since 5ca96cb. + Fixes #1315 + Closes #1468 - Bug: https://github.com/curl/curl/issues/1238 - Reported-by: R. Dennis Steed + Co-authored-by: Daniel Stenberg + Reported-by: Michael Kaufmann -Daniel Stenberg (15 Feb 2017) -- axtls: adapt to API changes - - Builds with axTLS 2.1.2. This then also breaks compatibility with axTLS - < 2.1.0 (the older API) - - ... and fix the session_id mixup brought in 04b4ee549 +Dan Fandrich (8 May 2017) +- tests: give each stunnel.conf file a unique name - Fixes #1220 - -- RELEASE-NOTES: synced with 690935390c29c - -- [Nick Draffen brought this change] + Otherwise, subsequent uses of stunnel overwrite the configuration file + of previous invocations so they can no longer be inspected. - curl: fix typo in time condition warning message - - The warning message had a typo. The argument long form is --time-cond - not --timecond +Marcel Raad (8 May 2017) +- tool_msgs: remove wrong cast - Closes #1263 - -- smb: code indent + Commit 481e0de00a9003b9c5220b120e3fc302d9b0932d changed the variable + type from int to size_t, so don't cast the result of strlen to int + anymore. -Jay Satiro (14 Feb 2017) -- configure: Allow disabling pthreads, fall back on Win32 threads - - When the threaded resolver option is specified for configure the default - thread library is pthreads. This change makes it possible to - --disable-pthreads and then configure can fall back on Win32 threads for - native Windows builds. +- tftpd: fix signed/unsigned mismatch warnings - Closes https://github.com/curl/curl/pull/1260 + alarm's argument is unsigned. -Daniel Stenberg (13 Feb 2017) -- http2: fix memory-leak when denying push streams +- libtest: fix MinGW-w64 warnings - Reported-by: zelinchen@users.noreply.github.com - Fixes #1229 + long is 32 bits while size_t is 64 bits on MinGW-w64, so + typecheck-gcc.h complains when using size_t for a long option. + Also, curl_socket_t is unsigned long long rather than int. -Jay Satiro (11 Feb 2017) -- tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT - - When CURLE_SSL_CACERT occurs the tool shows a lengthy error message to - the user explaining possible solutions such as --cacert and --insecure. - - This change appends to that message similar options --proxy-cacert and - --proxy-insecure when there's a specified HTTPS proxy. +Daniel Stenberg (8 May 2017) +- curl.1: depend the build on the Makefile.inc too - Closes https://github.com/curl/curl/issues/1258 + ... to also make it update when we remove files, like we did for + --environment in commit a8e388dd1095. -Daniel Stenberg (10 Feb 2017) -- cmdline-opts/page-footer: ftp.sunet.se is no longer an FTP mirror +- RELEASE-NOTES: synced with e3f84efc32d6b01a -- URL: only accept ";options" in SMTP/POP3/IMAP URL schemes - - Fixes #1252 +- runtests: fix "use of undefined value" warning in -R handling -Jay Satiro (9 Feb 2017) -- cmdline-opts/socks*: Mention --preproxy in --socks* opts - - - Document in --socks* opts they're still mutually exclusive of --proxy. +Marcel Raad (8 May 2017) +- test537: use correct variable type - Partial revert of 423a93c; I had misinterpreted the SOCKS proxy + - HTTP/HTTPS proxy combination. + Avoids narrowing conversion warnings because rlim_t is usually + unsigned long. - - Document in --socks* opts that --preproxy can be used to specify a - SOCKS proxy at the same time --proxy is used with an HTTP/HTTPS proxy. - -Daniel Stenberg (9 Feb 2017) -- CURLOPT_SSL_VERIFYPEER.3: also the https proxy version + Closes https://github.com/curl/curl/pull/1469 -Kamil Dudka (9 Feb 2017) -- nss: make FTPS work with --proxytunnel - - If the NSS code was in the middle of a non-blocking handshake and it - was asked to finish the handshake in blocking mode, it unexpectedly - continued in the non-blocking mode, which caused a FTPS connection - over CONNECT to fail with "(81) Socket not ready for send/recv". +- sendrecv: fix MinGW-w64 warning - Bug: https://bugzilla.redhat.com/1420327 - -Daniel Stenberg (9 Feb 2017) -- examples/multithread.c: link to our multi-thread docs + The first argument to select is an int, while curl_socket_t is + unsigned long long when using WinSock. It's ignored anyway [1]. - ... instead of the OpenSSL mutex page. + [1] https://msdn.microsoft.com/en-us/library/windows/desktop/ms740141.aspx -- http_proxy: avoid freeing static memory +- tool_parsecfg: fix -Wcast-qual warning - Follow up to 7fe81ec298e0: make sure 'host' is either NULL or malloced. - -- [Cameron MacMinn brought this change] + Don't convert string literal to char * before assigning it to + const char *. - http_proxy: Fix tiny memory leak upon edge case connecting to proxy +- asyn-thread: fix unused macro warnings - Fixes #1255 + Don't do anything in this file if CURLRES_THREADED is not defined. -Michael Kaufmann (8 Feb 2017) -- polarssl, mbedtls: Fix detection of pending data +- tftp: silence bad-function-cast warning - Reported-by: Dan Fandrich - Bug: https://curl.haxx.se/mail/lib-2017-02/0032.html - -Dan Fandrich (7 Feb 2017) -- test1139: Added the --manual keyword since the manual is required - -Daniel Stenberg (7 Feb 2017) -- RELEASE-NOTES: synced with 102454459dd688c + The cases this warns about are handled elsewhere, so just use an + intermediate variable to silence the warning. -- THANKS-filter: polish some recent contributors +Daniel Stenberg (7 May 2017) +- [canavan at github brought this change] -- http2: reset push header counter fixes crash + buildconf: fix hang on IRIX - When removing an easy handler from a multi before it completed its - transfer, and it had pushed streams, it would segfault due to the pushed - counted not being cleared. + Apparently, /usr/bin/m4 ignores the --version parameter and waits for + input from stdin. - Fixed-by: zelinchen@users.noreply.github.com - Fixes #1249 - -- [Markus Westerlind brought this change] + Fixes #1471 - transfer: only retry nobody-requests for HTTP - - Using sftp to delete a file with CURLOPT_NOBODY set with a reused - connection would fail as curl expected to get some data. Thus it would - retry the command again which fails as the file has already been - deleted. +- opts: fix bad example formatting \n => \\n - Fixes #1243 + ...to render properly nroff. -Jay Satiro (7 Feb 2017) -- [Daniel Gustafsson brought this change] +- opts: examples added to 8 more libcurl option man pages - telnet: Fix typos +- curl: remove tool_writeenv.[ch] - Ref: https://github.com/curl/curl/pull/1245 - -- [Daniel Gustafsson brought this change] - - test552: Fix typos + ... and USE_ENVIRONMENT and --environment. It was once added for RISC OS + support and its platform specific behavior has been annoying ever + since. Added in commit c3c8bbd3b2688da8e, mostly unchanged since + then. Most probably not actually used for years. - Closes https://github.com/curl/curl/pull/1245 - -- [Daniel Gustafsson brought this change] + Closes #1463 - darwinssl: Avoid parsing certificates when not in verbose mode - - The information extracted from the server certificates in step 3 is only - used when in verbose mode, and there is no error handling or validation - performed as that has already been done. Only run the certificate - information extraction when in verbose mode and libcurl was built with - verbose strings. +Dan Fandrich (6 May 2017) +- runtests.pl: simplify the datacheck read section - Closes https://github.com/curl/curl/pull/1246 - -- [JDepooter brought this change] + Also, document that numbered datacheck sections are possible. - schannel: Remove incorrect SNI disabled message - - - Remove the SNI disabled when host verification disabled message - since that is incorrect. - - - Show a message for legacy versions of Windows <= XP that connections - may fail since those versions of WinSSL lack SNI, algorithms, etc. +Marcel Raad (5 May 2017) +- tests: fix -Wcast-qual warnings - Bug: https://github.com/curl/curl/pull/1240 + Avoid casting string literals to non-const char *. -Daniel Stenberg (7 Feb 2017) -- CHANGES: spell fix, use correct path to script +Daniel Stenberg (5 May 2017) +- docs/opts: 24 more man pages now have examples -- CHANGES.0: removed - - This is the previously manually edited changelog, not touched since Aug - 2015. Still present in git for those who wants it. +- docs/opts: 23 more man pages now have examples -Dan Fandrich (6 Feb 2017) -- cmdline-opts: Fixed build and test in out of source tree builds +- tests/server: run checksrc by default in debug-builds -Viktor Szakats (6 Feb 2017) -- use *.sourceforge.io and misc URL updates - - Ref: https://sourceforge.net/blog/introducing-https-for-project-websites/ - Closes: https://github.com/curl/curl/pull/1247 +- curl_slist_append.3: clarify a NULL input creates a new list -Jay Satiro (6 Feb 2017) -- docs: Add more HTTPS proxy documentation - - - Document HTTPS proxy type. - - - Document --write-out %{proxy_ssl_verify_result}. - - - Document SOCKS proxy + HTTP/HTTPS proxy combination. - - HTTPS proxy support was added in 7.52.0 for OpenSSL, GnuTLS and NSS. +Marcel Raad (5 May 2017) +- unit1305: fix compiler warning - Ref: https://github.com/curl/curl/commit/cb4e2be + calloc and ai_addrlen expect different (usually unsigned) types. -- OS400: Fix symbols - - - s/CURLOPT_SOCKS_PROXY/CURLOPT_PRE_PROXY - Follow-up to 7907a2b and 845522c. - - - Fix incorrect id for CURLOPT_PROXY_PINNEDPUBLICKEY. - - - Add id for CURLOPT_ABSTRACT_UNIX_SOCKET. +Daniel Stenberg (5 May 2017) +- runtests: use -R for random order - Bug: https://github.com/curl/curl/issues/1237 - Reported-by: jonrumsey@users.noreply.github.com - -- [Sean Burford brought this change] + Suggested-by: Dan Fandrich - cmake: Support curl --xattr when built with cmake +- runtests: add -o to run test cases in scrambled order - - Test for and set HAVE_FSETXATTR when support for extended file - attributes is present. + ... instead of numerical order. - Closes https://github.com/curl/curl/pull/1176 + Closes #1466 -- [Adam Langley brought this change] +Dan Fandrich (4 May 2017) +- sockfilt.c: shortened too long line - openssl: Don't use certificate after transferring ownership - - SSL_CTX_add_extra_chain_cert takes ownership of the given certificate - while, despite the similar name, SSL_CTX_add_client_CA does not. Thus - it's best to call SSL_CTX_add_client_CA before - SSL_CTX_add_extra_chain_cert, while the code still has ownership of the - argument. +Marcel Raad (4 May 2017) +- tests/server: make string literals const - Closes https://github.com/curl/curl/pull/1236 + assign string literals to const char * instead of char * in order to + avoid a lot of these warnings: + cast from 'const char *' to 'char *' drops const qualifier + [-Wcast-qual] -Daniel Stenberg (29 Jan 2017) -- [Antoine Aubert brought this change] +Dan Fandrich (4 May 2017) +- schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT - mbedtls: implement CTR-DRBG and HAVEGE random generators +- test557: set a known good numeric locale - closes #1227 + Windows does not allow setting the locale with environment variables (as + the test attempted to do), so the test failed when run with a user + locale that has a comma as radixchar. Changed the test to call + setlocale() explicitly to ensure that a known working locale is set even + on Windows. -- docs: we no longer ship HTML versions of man pages - - ... refer to the web site for the web versions. +Daniel Stenberg (4 May 2017) +- curl: fix warning "comma at end of enumerator list" -- [railsnewbie257 brought this change] +- test559: verify use of minimum CURLOPT_BUFFERSIZE - docs: proofread README.netware README.win32 +Marcel Raad (4 May 2017) +- curl_setup_once: use SEND_QUAL_ARG2 for swrite + + SEND_QUAL_ARG2 had to be set, but was never used. Use it in swrite to + avoid warnings about casting away low-level const. - Closes #1231 + Closes https://github.com/curl/curl/pull/1464 -- RELEASE-NOTES; synced with ab08d82648 +Daniel Stenberg (4 May 2017) +- CURLINFO_REDIRECT_URL.3: add example -Michael Kaufmann (28 Jan 2017) -- mbedtls: disable TLS session tickets - - SSL session reuse with TLS session tickets is not supported yet. - Use SSL session IDs instead. - - See https://github.com/curl/curl/issues/1109 +- CURLINFO_EFFECTIVE_URL.3: add example -- gnutls: disable TLS session tickets - - SSL session reuse with TLS session tickets is not supported yet. - Use SSL session IDs instead. +Marcel Raad (3 May 2017) +- lib: fix compiler warnings - Fixes https://github.com/curl/curl/issues/1109 + Fix the following warnings when building the tests by using the correct + types: + cast from 'const char *' to 'void *' drops const qualifier + [-Wcast-qual] + implicit conversion changes signedness [-Wsign-conversion] -- polarssl: fix hangs +- typecheck-gcc: add support for CURLINFO_SOCKET - This bugfix is similar to commit c111178bd4. + Closes https://github.com/curl/curl/pull/1452 -Daniel Stenberg (27 Jan 2017) -- cookies: do not assume a valid domain has a dot - - This repairs cookies for localhost. - - Non-PSL builds will now only accept "localhost" without dots, while PSL - builds okeys everything not listed as PSL. - - Added test 1258 to verify. +- typecheck-gcc: add missing string options - This was a regression brought in a76825a5efa6b4 + Closes https://github.com/curl/curl/pull/1452 -- TODO: remove "Support TLS v1.3" - - Support is trickling in already. +Daniel Stenberg (3 May 2017) +- abstract-unix-socket.d: shorten the help text to fit within 79 cols -- [railsnewbie257 brought this change] +- RELEASE-NOTES: synced with 862b02f89 - INTERNALS.md: language improvements - - Closes #1226 +- [Richard Hsu brought this change] -- telnet: fix windows compiler warnings + Telnet: Write full buffer instead of byte-by-byte - Thumbs-up-by: Jay Satiro + Previous TODO wanting to write in chunks. We should support writing more + at once since some TELNET servers may respond immediately upon first + byte written such as WHOIS servers. - Closes #1225 + Closes #1389 -- VC: remove the makefile.vc6 build infra +- curl: non-boolean command line args reject --no- prefixes - The winbuild/ build files is now the single MSVC makefile build choice. + ... and instead properly respond with an error message to the user + instead of silently ignoring. - Closes #1215 - -- [Jay Satiro brought this change] + Fixes #1453 + Closes #1458 - cmdline-opts/gen.pl: Open input files in CRLF mode - - On Windows it's possible to have input files with CRLF line endings and - a perl that defaults to LF line endings (eg msysgit). Currently that - results in generator output of mixed line endings of CR, LF and CRLF. +Marcel Raad (2 May 2017) +- testpart: remove _MPRINTF_REPLACE - This change fixes that issue in the most succinct way by opening the - files in :crlf text mode even when the perl being used does not default - to that mode. (On operating systems that don't have a separate text mode - it's essentially a no-op.) The output continues to be in the perl's - native line ending. + Support for _MPRINTF_REPLACE in mprintf.h was removed in + 55452ebdff47f98bf3cc383f1dfc3623fcaefefd, replaced with curl_printf.h. + +Dan Fandrich (2 May 2017) +- gtls: fixed a lingering BUFSIZE reference -- docs/curl.1: generate from the cmdline-opts script +Daniel Stenberg (2 May 2017) +- ssh: fix compiler warning from e40e9d7f0de -- vtls: source indentation fix +- url: let CURLOPT_BUFFERSIZE realloc to smaller sizes too + + Closes #1449 -- contri*.sh: cut off parentheses from names too +- BUFSIZE: rename to READBUFFER_*, make separate MASTERBUF_SIZE -- RELEASE-NOTES: synced with 01ab7c30bba6f +- openssl: use local stack for temp storage -- vtls: fix PolarSSL non-blocking handling +- sendf: remove use of BUFSIZE from debug data conversions - A regression brought in cb4e2be + The buffer can have other sizes. + +- buffer: use data->set.buffer_size instead of BUFSIZE - Reported-by: Michael Kaufmann - Bug: https://github.com/curl/curl/issues/1174#issuecomment-274018791 + ... to properly use the dynamically set buffer size! + +- krb5: use private buffer for temp string, not receive buffer -- [Antoine Aubert brought this change] +- upload: UPLOAD_BUFSIZE is now for the upload buffer - vtls: fix mbedtls multi non blocking handshake. +- unit1606: do not print/access buffer - When using multi, mbedtls handshake is in non blocking mode. vtls must - set wait for read/write flags for the socket. + It was a wrong assumption that it could do that! + +- http-proxy: use a dedicated CONNECT response buffer - Closes #1223 + To make it suitably independent of the receive buffer and its flexible + size. + +- transfer: fix minor buffer_size mistake -- [Richy Kim brought this change] +- failf: use private buffer, don't clobber receive buffer - CURLOPT_BUFFERSIZE: support enlarging receive buffer - - Replace use of fixed macro BUFSIZE to define the size of the receive - buffer. Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive - buffer size. Upon setting, resize buffer if larger than the current - default size up to a MAX_BUFSIZE (512KB). This can benefit protocols - like SFTP. - - Closes #1222 +- pingpong: use the set buffer size -- sws: use SOCKERRNO, not errno - - Reported-by: Gisle Vanem +- http2: use the correct set buffer size -Michael Kaufmann (19 Jan 2017) -- KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted - - This has been implemented with commit 9ad034e. +- http: don't clobber the receive buffer for timecond -Viktor Szakats (19 Jan 2017) -- *.rc: escape non-ASCII/non-UTF-8 character for clarity +- buffer_size: make sure it always has the correct size - Closes https://github.com/curl/curl/pull/1217 + Removes the need for CURL_BUFSIZE -Kamil Dudka (19 Jan 2017) -- docs: non-blocking SSL handshake is now supported with NSS - - Implemented since curl-7_36_0-130-g8868a22 +- file: use private buffer for C-L output - Reported-by: Fahim Chandurwala + ... instead of clobbering the download buffer. -Michael Kaufmann (18 Jan 2017) -- CURLOPT_CONNECT_TO: Fix compile warnings +- CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size - Fix compile warnings that appeared only when curl has been configured - with '--disable-verbose'. + The buffer is needed to receive FTP, HTTP CONNECT responses etc so + already at this size things risk breaking and smaller is certainly not + wise. -Daniel Stenberg (18 Jan 2017) -- usercertinmem.c: improve the short description +- ftp: use private buffer for temp storage, not receive buffer -- parseurl: move back buffer to function scope +- http: use private user:password output buffer - Regression since 1d4202ad, which moved the buffer into a more narrow - scope, but the data in that buffer was used outside of that more narrow - scope. + Don't clobber the receive buffer. + +Marcel Raad (1 May 2017) +- anyauthput: remove unused code - Reported-by: Dan Fandrich - Bug: https://curl.haxx.se/mail/lib-2017-01/0093.html + The definition of TRUE was introduced in + 4a728747e6f8845e500910e397dfc99aaf4a7984 and is not used anymore since + e664cd5826d43930fcc5b5dbaedbec94af33184b. + The usage of intptr_t was removed in + 32e38b8f42477cf5ce3c3fef2fcc9db82f7fb7be. -Jay Satiro (17 Jan 2017) -- openssl: Fix random generation +Jay Satiro (1 May 2017) +- tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS - - Fix logic error in Curl_ossl_random. + - Include tool_convert.h where needed. - Broken a few days ago in 807698d. + Bug: https://github.com/curl/curl/issues/1460 + Reported-by: Gisle Vanem -Daniel Stenberg (17 Jan 2017) -- TODO: share OpenSSL contexts +- curl_setup: Ensure no more than one IDN lib is enabled - By supporting this, subsequent connects would load a lot less data from - disk. + Prior to this change it was possible for libcurl to be built with both + Windows' native IDN lib (normaliz) and libidn2 enabled. It appears that + doesn't offer any benefit --and could cause a bug-- since libcurl's IDN + handling is written to use either one but not both. - Closes #1110 - -- bump: next release will be 7.53.0 - -Kamil Dudka (15 Jan 2017) -- nss: use the correct lock in nss_find_slot_by_name() + Bug: https://github.com/curl/curl/issues/1441#issuecomment-297689856 + Reported-by: Gisle Vanem -Alessandro Ghedini (15 Jan 2017) -- http2: disable server push if not requested +Marcel Raad (1 May 2017) +- getpart: use correct variable type - Ref: https://github.com/curl/curl/pull/1160 - -Daniel Stenberg (14 Jan 2017) -- [railsnewbie257 brought this change] + This fixes the following clang warning: + getpart.c:201:17: warning: cast from function call of type 'CURLcode' + to non-matching type 'int' [-Wbad-function-cast] - docs: improved language in README.md HISTORY.md CONTRIBUTE.md +- tests: declare TU-local variables static - Closes #1211 + This fixes missing-variable-declarations warnings when building with + clang. -Alessandro Ghedini (14 Jan 2017) -- http: print correct HTTP string in verbose output when using HTTP/2 - - Before: - ``` - % src/curl https://sigsegv.ninja/ -v --http2 - ... - > GET / HTTP/1.1 - > Host: sigsegv.ninja - > User-Agent: curl/7.52.2-DEV - > Accept: */* - > - ... - ``` +- tool_cb_prg: fix double-promotion warning - After: - ``` - % src/curl https://sigsegv.ninja/ -v --http2 - ... - > GET / HTTP/2 - > Host: sigsegv.ninja - > User-Agent: curl/7.52.2-DEV - > Accept: */* - > - ``` - -Daniel Stenberg (14 Jan 2017) -- TODO: send only part of --data + clang complains: + tool_cb_prg.c:86:22: error: implicit conversion increases + floating-point precision: 'float' to 'double' + [-Werror,-Wdouble-promotion] - Closes #1200 + Fix this by using a double instead of a float constant. -- TODO: implemened "--fail-fast to exit on first transfer fail" - - Even though it is called --fail-early +Dan Fandrich (1 May 2017) +- examples: fixed too long line and too long string warnings -- TODO: Chunked transfer multipart formpost +Marcel Raad (30 Apr 2017) +- examples: declare TU-local variables static - Closes #1139 - -- TODO: Improve formpost API, not just add an easy argument + This fixes missing-variable-declarations warnings when building with + clang. -- addrinfo: fix compiler warning on offsetof() use +- http2: declare TU-local variables static - curl_addrinfo.c:519:20: error: conversion to ‘curl_socklen_t {aka - unsigned int}’ from ‘long unsigned int’ may alter its value - [-Werror=conversion] + This fixes the following clang warnings: - Follow-up to 1d786faee1046f - -- THANKS-filter: Jiri Malak + http2.c:184:27: error: no previous extern declaration for non-static + variable 'Curl_handler_http2' [-Werror,-Wmissing-variable-declarations] + http2.c:204:27: error: no previous extern declaration for non-static + variable 'Curl_handler_http2_ssl' + [-Werror,-Wmissing-variable-declarations] -- RELEASE-NOTES: synced with a7c73ae309c +Dan Fandrich (30 Apr 2017) +- unit1604: fixed indentation -Peter Wu (13 Jan 2017) -- [Isaac Boukris brought this change] +- unit1604: fixed compilation under Windows, broken in the previous commit - unix_socket: add support for abstract unix domain socket - - In addition to unix domain sockets, Linux also supports an - abstract namespace which is independent of the filesystem. +- tests: fixed OOM handling of unit tests to abort test - In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET - option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH - internally, along with a flag to specify abstract socket. + It's dangerous to continue to run the test when a memory alloc fails. + +Marcel Raad (29 Apr 2017) +- curl_rtmp: fix missing-variable-declarations warnings - On non-supporting platforms, the abstract address will be - interpreted as an empty string and fail gracefully. + clang complains: - Also add new --abstract-unix-socket tool parameter. + curl_rtmp.c:61:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmp' [-Werror,-Wmissing-variable-declarations] + curl_rtmp.c:81:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpt' [-Werror,-Wmissing-variable-declarations] + curl_rtmp.c:101:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpe' [-Werror,-Wmissing-variable-declarations] + curl_rtmp.c:121:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpte' [-Werror,-Wmissing-variable-declarations] + curl_rtmp.c:141:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmps' [-Werror,-Wmissing-variable-declarations] + curl_rtmp.c:161:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpts' [-Werror,-Wmissing-variable-declarations] - Signed-off-by: Isaac Boukris - Reported-by: Chungtsun Li (typeless) - Reviewed-by: Daniel Stenberg - Reviewed-by: Peter Wu - Closes #1197 - Fixes #1061 + Fix this by including the header file. -Daniel Stenberg (13 Jan 2017) -- write-out.d: 'time_total' is not always shown with ms precision - - We have higher resolution since 7.52.0 +Dan Fandrich (29 Apr 2017) +- url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE -- next.d: --trace and --trace-ascii are also global +- tests: added --remote-time tests for remaining protocols that support it -- [Isaac Boukris brought this change] +- runtests.pl: support multiline commands - curl: reset the easy handle at --next - - So that only "global" options (verbose mostly) survive into the next - transfer, and the others have to be set again unless default is fine. +- tool_operate: use utimes instead of obsolescent utime when available -- [Frank Gevaerts brought this change] +- test1443: test --remote-time - docs: Add note about libcurl copying strings to CURLOPT_* manpages +- http-proxy: removed unused argument in CURL_DISABLE_PROXY case - Closes #1169 - -- [Frank Gevaerts brought this change] + Missed in commit 55c3c02e - CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char* +Daniel Stenberg (27 Apr 2017) +- cookie_interface.c: changed the other domain to example.com too -- IDN: Use TR46 non-transitional - - Assisted-by: Tim Rühsen +- cookie_interface.c: fix cookie domain so the example works -- IDN: revert use of the transitional option - - It made the german ß get converted to ss, IDNA2003 style, and we can't - have that for the .de TLD - a primary reason for our switch to IDNA2008. +Dan Fandrich (26 Apr 2017) +- Makefile: fix make dist - Test 165 verifies. - -- [Tim Rühsen brought this change] + Commit 80a87e8a broke 'make dist' as it can't handle installing from + absolute target names. Rearranged the dependencies so the absolute name + is used for building but the relative name is use for distributing. - IDN: Fix compile time detection of linidn2 TR46 +Marcel Raad (26 Apr 2017) +- lib: remove unused code - Follow-up to f30cbcac1 + This fixes the following clang warnings: + macro is not used [-Wunused-macros] + will never be executed [-Wunreachable-code] - Closes #1207 - -- [ERAMOTO Masaya brought this change] + Closes https://github.com/curl/curl/pull/1448 - url: --noproxy option overrides NO_PROXY environment variable - - Under condition using http_proxy env var, noproxy list was the - combination of --noproxy option and NO_PROXY env var previously. Since - this commit, --noproxy option overrides NO_PROXY environment variable - even if use http_proxy env var. - - Closes #1140 +Daniel Stenberg (26 Apr 2017) +- http-proxy: remove unused argument from Curl_proxyCONNECT() -- [ERAMOTO Masaya brought this change] +- [Martin Kepplinger brought this change] - url: Refactor detect_proxy() + url: declare get_protocol_family() static - If defined CURL_DISABLE_HTTP, detect_proxy() returned NULL. If not - defined CURL_DISABLE_HTTP, detect_proxy() checked noproxy list. + get_protocol_family() is not defined static even though there is a + static local forward declaration. Let's simply make the definition match + it's declaration. - Thus refactor to set proxy to NULL instead of calling detect_proxy() if - define CURL_DISABLE_HTTP, and refactor to call detect_proxy() if not - define CURL_DISABLE_HTTP and the host is not in the noproxy list. - -- [ERAMOTO Masaya brought this change] + Bug: https://curl.haxx.se/mail/lib-2017-04/0127.html - url: Fix NO_PROXY env var to work properly with --proxy option. - - The combination of --noproxy option and http_proxy env var works well - both for proxied hosts and non-proxied hosts. +- examples: ftpuploadfrommem.c - However, when combining NO_PROXY env var with --proxy option, - non-proxied hosts are not reachable while proxied host is OK. + Uploads data to an FTP site, directly from memory. - This patch allows us to access non-proxied hosts even if using NO_PROXY - env var with --proxy option. - -- [Tim Rühsen brought this change] + Closes #1451 - IDN: Use TR46 'transitional' for toASCII translations +Kamil Dudka (25 Apr 2017) +- nss: load libnssckbi.so if no other trust is specified - References: http://unicode.org/faq/idn.html - http://unicode.org/reports/tr46 + The module contains a more comprehensive set of trust information than + supported by nss-pem, because libnssckbi.so also includes information + about distrusted certificates. - Closes #1206 - -- [railsnewbie257 brought this change] + Reviewed-by: Kai Engert + Closes #1414 - docs: FAQ MAIL-ETIQUETTE language fixes +- nss: factorize out nss_{un,}load_module to separate fncs - Closes #1194 - -- [Marcus Hoffmann brought this change] + No change of behavior is intended by this commit. - gnutls: check for alpn and ocsp in configure - - Check for presence of gnutls_alpn_* and gnutls_ocsp_* functions during - configure instead of relying on the version number. GnuTLS has options - to turn these features off and we ca just work with with such builds - like we work with older versions. +- nss: do not leak PKCS #11 slot while loading a key - Signed-off-by: Marcus Hoffmann + It could prevent nss-pem from being unloaded later on. - Closes #1204 + Bug: https://bugzilla.redhat.com/1444860 -Jay Satiro (12 Jan 2017) -- url: Fix parsing for when 'file' is the default protocol - - Follow-up to 3463408. - - Prior to 3463408 file:// hostnames were silently stripped. - - Prior to this commit it did not work when a schemeless url was used with - file as the default protocol. - - Ref: https://curl.haxx.se/mail/lib-2016-11/0081.html - Closes https://github.com/curl/curl/pull/1124 - - Also fix for drive letters: +Marcel Raad (25 Apr 2017) +- typecheck-gcc: fix _curl_is_slist_info - - Support --proto-default file c:/foo/bar.txt + Info values starting with CURLINFO_SOCKET expect a curl_socket_t, not a + curl_slist argument. - - Support file://c:/foo/bar.txt + This fixes the following GCC warning when building the examples with + --enable-optimize: - - Fail when a file:// drive letter is detected and not MSDOS/Windows. + ../../include/curl/typecheck-gcc.h:126:42: warning: call to + ‘_curl_easy_getinfo_err_curl_slist’ declared with attribute warning: + curl_easy_getinfo expects a pointer to 'struct curl_slist *' for this + info [enabled by default] + sendrecv.c:90:11: note: in expansion of macro ‘curl_easy_getinfo’ + res = curl_easy_getinfo(curl, CURLINFO_ACTIVESOCKET, &sockfd); - Bug: https://github.com/curl/curl/issues/1187 - Reported-by: Anatol Belski - Assisted-by: Anatol Belski + Closes https://github.com/curl/curl/pull/1447 -Daniel Stenberg (12 Jan 2017) -- rand: make it work without TLS backing - - Regression introduced in commit f682156a4fc6c4 +Daniel Stenberg (25 Apr 2017) +- curl: set a 100K buffer size by default - Reported-by: John Kohl - Bug: https://curl.haxx.se/mail/lib-2017-01/0055.html - -Jay Satiro (12 Jan 2017) -- STARTTLS: Don't print response character in denied messages + Test command 'time curl http://localhost/80GB -so /dev/null' on a Debian + Linux. - Both IMAP and POP3 response characters are used internally, but when - appended to the STARTTLS denial message likely could confuse the user. + Before (middle performing run out 9): - Closes https://github.com/curl/curl/pull/1203 - -- smtp: Fix STARTTLS denied error message + real 0m28.078s + user 0m11.240s + sys 0m12.876s - - Format the numeric denial code as an integer instead of a character. - -Daniel Stenberg (11 Jan 2017) -- http2_send: avoid unsigned integer wrap around + After (middle performing run out 9) - ... when checking for a too large request. - -Jay Satiro (9 Jan 2017) -- [Jiri Malak brought this change] - - cmake: Fix passing _WINSOCKAPI_ macro to compiler + real 0m26.356s (93.9%) + user 0m5.324s (47.4%) + sys 0m8.368s (65.0%) - Define _WINSOCKAPI_ blank rather than to 1 in order to match the value - used by Microsoft's winsock header files. + Also, doing SFTP over a 200 millsecond latency link is now about 6 times + faster. - Closes https://github.com/curl/curl/pull/1195 + Closes #1446 -Daniel Stenberg (9 Jan 2017) -- sws: retry send() on EWOULDBLOCK - - Fixes spurious test 1060 and 1061 failures on OpenBSD, Solaris and more. +- transfer: remove 'uploadbuf' pointer and cleanup readwrite_upload() - Bug: https://curl.haxx.se/mail/lib-2017-01/0009.html - Reported-by: Christian Weisgerber - -- RELEASE-NOTES: synced with a41e8592d6b3e58 - -- examples: make the C++ examples follow our code style too + The data->req.uploadbuf struct member served no good purpose, instead we + use ->state.uploadbuffer directly. It makes it clearer in the code which + buffer that's being used. - At least mostly, not counting // comments. - -- [Aulddays brought this change] + Removed the 'SingleRequest *' argument from the readwrite_upload() proto + as it can be derived from the Curl_easy struct. Also made the code in + the readwrite_upload() function use the 'k->' shortcut to all references + to struct fields in 'data->req', which previously was made with a mix of + both. - asiohiper: improved socket handling +Jay Satiro (25 Apr 2017) +- configure: stop prepending to LDFLAGS, CPPFLAGS - libcurl requires CURLMOPT_SOCKETFUNCTION to KEEP watching socket events - and notify back. Modify event_cb() to continue watching events when - fired. + - Change prepends to appends because user's LDFLAGS and CPPFLAGS should + always come first so they're searched before ours. - Fixes #1191 - Closes #1192 - Fixed-by: Mingliang Zhu - -- [Jiří Malák brought this change] + Bug: https://github.com/curl/curl/issues/1420 + Reported-by: Helmut K. C. Tessarek - lib506: fix build for Open Watcom - - Rename symbol lock to locks to not clash with OW CRTL function name. +Marcel Raad (25 Apr 2017) +- if2ip: fix -Wcast-align warning - Closes #1196 + Follow-up to 119037325de02579f5c58256ca2ed2a0aa592c86, which fixed the + warning in the HAVE_GETIFADDRS block, but not in the + HAVE_IOCTL_SIOCGIFADDR block. -- ROADMAP: 2017 cleanup +Dan Fandrich (24 Apr 2017) +- Makefile: avoid use of GNU-specific form of $< - Removed items already fixed, clarified a few others. - -- COPYING: update the generic copyright year range + $< is only allowed in implicit rules in some non-GNU makes (e.g. BSD, + AIX) so avoid use elsewhere by referencing the dependent curl.1 file + directly instead. This is somewhat tricky because the file is supplied + in the packaged tar ball (but not in git) but must still be able to be + rebuilt when its dependencies change. The right thing must happen in + both tar ball and git source trees, as well as in both in-tree and + out-of-tree builds. -- docs/silent: mention --show-error in --silent description +Kamil Dudka (24 Apr 2017) +- nss: adapt to the new Curl_llist API - Reported in #1190 - Reported-by: Dan Jacobson + This commit fixes compilation failure caused by + cbae73e1dd95946597ea74ccb580c30f78e3fa73. -- docs/page-header: mention how to disable the progress meter +Marcel Raad (24 Apr 2017) +- curl-compilers.m4: accept -Og and -Ofast GCC flags - curl.1 is regenerated + -Og, introduced in GCC 4.8, optimizes for debugging experience. + -Ofast, introduced in GCC 4.7, builds on -O3 and enables further + optimizations breaking strict standards compliance. + When specified in CFLAGS, these were always overridden by -O0 or -O2. + Fix this by adding them to flags_opt_all. - Fixes #1190 - -Dan Fandrich (7 Jan 2017) -- wolfssl: display negotiated SSL version and cipher - -- wolfssl: support setting cipher list - -Patrick Monnerat (6 Jan 2017) -- CIPHERS.md: document GSKit ciphers - -Jay Satiro (5 Jan 2017) -- [peterpih brought this change] - - TheArtOfHttpScripting: grammar + Ref: https://gcc.gnu.org/onlinedocs/gcc-4.8.0/gcc/Optimize-Options.html + Ref: https://github.com/curl/curl/pull/1404#issuecomment-296401570 + Closes https://github.com/curl/curl/pull/1440 -Nick Zitzmann (3 Jan 2017) -- darwinssl: --insecure overrides --cacert if both settings are in use - - Fixes #1184 +Daniel Stenberg (24 Apr 2017) +- RELEASE-NOTES: synced with c68fed875 -Jay Satiro (2 Jan 2017) -- docs/libcurl: TCP_KEEPALIVE start and interval default to 60 +- configure: fix the -ldl check for openssl, add -lpthread check - Since the TCP keep-alive options were added in 705f0f7 the start and - interval default values have been 60, but that wasn't documented. + The check for if -ldl is needed to build with (a statically built) + openssl was broken. This repairs the check, and adds a check for + -lpthread as well since OpenSSL 1.1.0+ does in fact require -lpthread so + only adding -ldl for a static openssl build is no longer enough. - Bug: https://curl.haxx.se/mail/lib-2017-01/0000.html - Reported-by: Praveen Pvs + Reported-by: Jay Satiro + Ref: #1426 + Closes #1427 -Daniel Stenberg (29 Dec 2016) -- curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use +- llist: fix a comment after cbae73e1dd9 - This error code was once introduced when some library was dynamically - loaded and a funciton within said library couldn't be found. + Pointed-it-by: Kevin Ji + URL: https://github.com/curl/curl/commit/cbae73e1dd95946597ea74ccb580c30f78e3fa73#commitcomment-21872622 -- content_encoding: change return code on a failure +Jay Satiro (22 Apr 2017) +- schannel: Don't treat encrypted partial record as pending data - Failure to decompress is now a write error instead of the weird - "function not found". - -- page-footer: error 36 is protocol agnostic! - -Jay Satiro (28 Dec 2016) -- tool_operate: Fix --remote-time incorrect times on Windows + - Track when the cached encrypted data contains only a partial record + that can't be decrypted without more data (SEC_E_INCOMPLETE_MESSAGE). - - Use Windows API SetFileTime to set the file time instead of utime. + - Change Curl_schannel_data_pending to return false in such a case. - Avoid utime on Windows if possible because it may apply a daylight - saving time offset to our UTC file time. + Other SSL libraries have pending data functions that behave similarly. - Bug: https://curl.haxx.se/mail/archive-2016-11/0033.html - Reported-by: Tim + Ref: https://github.com/curl/curl/pull/1387 - Closes https://github.com/curl/curl/pull/1121 - -Daniel Stenberg (29 Dec 2016) -- [Max Khon brought this change] + Closes https://github.com/curl/curl/pull/1392 - digest_sspi: copy terminating NUL as well - - Curl_auth_decode_digest_http_message(): copy terminating NUL as later - Curl_override_sspi_http_realm() expects a NUL-terminated string. - - Fixes #1180 +Daniel Stenberg (22 Apr 2017) +- [Alan Jenkins brought this change] -- curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked + multi: clarify condition in curl_multi_wait - Mentioned in #1013 - -- [Kyselgov E.N brought this change] - - cmake: use crypt32.lib when building with OpenSSL on windows + `if(nfds || extra_nfds) {` is followed by `malloc(nfds * ...)`. - Reviewed-by: Peter Wu - Closes #1149 - Fixes #1147 - -- [Chris Araman brought this change] - - darwinssl: fix CFArrayRef leak + If `extra_fs` could be non-zero when `nfds` was zero, then we have + `malloc(0)` which is allowed to return `NULL`. But, malloc returning + NULL can be confusing. In this code, the next line would treat the NULL + as an allocation failure. - Reviewed-by: Nick Zitzmann - Closes #1173 - -- [Chris Araman brought this change] - - darwinssl: fix iOS build + It turns out, if `nfds` is zero then `extra_nfds` must also be zero. + The final value of `nfds` includes `extra_nfds`. So the test for + `extra_nfds` is redundant. It can only confuse the reader. - Reviewed-by: Nick Zitzmann - Fixes #1172 + Closes #1439 -- curl: remove superfluous include file - - The is a leftover from the past when TCP socket options - were set in this file. This include causes build issues on AIX 4.3. +Marcel Raad (22 Apr 2017) +- lib: fix maybe-uninitialized warnings - Reported-by: Kim Minjoong + With -Og, GCC complains: - Closes #1178 - -- RELEASE-NOTES: synced with a7b38c9dc98481e - -- vtls: s/SSLEAY/OPENSSL + easy.c:628:7: error: ‘mcode’ may be used uninitialized in this function [-Werror=maybe-uninitialized] - Fixed an old leftover use of the USE_SSLEAY define which would make a - socket get removed from the applications sockets to monitor when the - multi_socket API was used, leading to timeouts. + ../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized] + vauth/digest.c:208:9: note: ‘tok_buf’ was declared here - Bug: #1174 - -- docs/ciphers: link to our own new page about ciphers + ../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized] + vauth/digest.c:566:15: note: ‘tok_buf’ was declared here - ... as the former ones always go stale! + Fix this by initializing the variables. -- cmdline-opts/page-footer: add three more exit codes +Dan Fandrich (22 Apr 2017) +- gnutls: removed some code when --disable-verbose is configured - ... and regenerated curl.1 - -- formdata: use NULL, not 0, when returning pointers - -- ftp: failure to resolve proxy should return that error code + This reduces the binary size and fixes a compile warning. -- configure: accept --with-libidn2 instead +Daniel Stenberg (22 Apr 2017) +- llist: no longer uses malloc - ... which the help text already implied since we switched to libidn2 - from libidn in commit 9c91ec778104ae3b back in October 2016. + The 'list element' struct now has to be within the data that is being + added to the list. Removes 16.6% (tiny) mallocs from a simple HTTP + transfer. (96 => 80) - Reported-by: Christian Weisgerber - Bug: https://curl.haxx.se/mail/lib-2016-12/0110.html - -- test1282: verify the ftp-gss check - -- ftp-gss: check for init before use + Also removed return codes since the llist functions can't fail now. - To avoid dereferencing a NULL pointer. + Test 1300 updated accordingly. - Reported-by: Daniel Romero + Closes #1435 -Jay Satiro (24 Dec 2016) -- build-wolfssl: Sync config with wolfSSL 3.10 +Marcel Raad (21 Apr 2017) +- typecheck-gcc: handle function pointers properly - wolfSSL configure script relevant changes from 3.9 to 3.10: + All the callbacks passed to curl_easy_setopt are defined as function + pointers. The possibility to pass both functions and function pointers + was handled for the callbacks that typecheck-gcc.h defined as + compatible, but not for the public callback types themselves. - - DES3 no longer enabled by default - - Shamir no longer enabled by default - - Extended master secret enabled by default - - RSA and ECC timing protections enabled by default + This makes all compatible callback types defined in typecheck-gcc.h + function pointers too and checks all functions uniformly with + _curl_callback_compatible, which handles both functions and function + pointers. - For backwards compatibility I enabled DES3 and ECC shamir config options - (ie no change from 3.9), and the other changes are included. - -- cyassl: use time_t instead of long for timeout - -Daniel Stenberg (23 Dec 2016) -- bump: toward next release - -- http: remove "Curl_http_done: called premature" message + A symptom of the problem was a warning in tool_operate.c with + --disable-libcurl-option and without --enable-debug as that file + passes the callback functions to curl_easy_setopt directly. - ... it only confuses people. + Fixes https://github.com/curl/curl/issues/1403 + Closes https://github.com/curl/curl/pull/1404 -- openssl-random: check return code when asking for random +Dan Fandrich (21 Apr 2017) +- mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable - and fail appropriately if it returns error - -- gnutls-random: check return code for failed random - -Version 7.52.1 (22 Dec 2016) - -Daniel Stenberg (22 Dec 2016) -- RELEASE-NOTES: curl 7.52.1 + In that case, use libcurl's internal MD4 routine. This fixes tests 1013 + and 1014 which were failing due to configure assuming NTLM and SMB were + always available whenever mbed TLS was in use (which is now true). -- lib557.c: use a shorter MAXIMIZE representation - - Since several compilers had problems with the previous one - - Reported-by: Ray Satiro - Bug: https://curl.haxx.se/mail/lib-2016-12/0098.html +Daniel Stenberg (21 Apr 2017) +- tests: remove the html and PDF versions from the tarball -- runtests: remove the valgrind parser +- openssl: fix memory leak in servercert - Old legacy parsing that 1) hid problems for us and 2) probably isn't - needed anymore. - -- [Kamil Dudka brought this change] - - randit: store the value in the buffer + ... when failing to get the server certificate. -- tests/Makefile: run checksrc on debug builds +- Revert "src/Makefile.am: avoid explicit $<" - ... just like we already do in src/ and lib/ - -- lib557: move the "enable LONGLINE" to allow more long lines + This reverts commit 5b4cbcf11d5100ff793a8e9edbaa6fe1fc7495f5. - This file is riddled with them... + Since it broke out-of-tree builds from tarballs. See discussion in #1432 -- bump: toward next release +- bump: start working on next release -Marcel Raad (21 Dec 2016) -- lib: fix MSVC compiler warnings +- src/Makefile.am: avoid explicit $< - Visual C++ complained: - warning C4267: '=': conversion from 'size_t' to 'long', possible loss of data - warning C4701: potentially uninitialized local variable 'path' used - -Version 7.52.0 (20 Dec 2016) + ... since apparently "BSD make" doesn't support it. + + Reported-by: Thomas Klausner + Fixes #1432 -Daniel Stenberg (20 Dec 2016) -- THANKS: 13 new contributors from 7.52.0 +Version 7.54.0 (19 Apr 2017) -- RELEASE-NOTES: 7.52.0 +Daniel Stenberg (19 Apr 2017) +- THANKS: add contributors from 7.54.0 release notes -- ssh: inhibit coverity warning with (void) - - CID 1397391 (#1 of 1): Unchecked return value (CHECKED_RETURN) +- RELEASE-NOTES: curl 7.54.0 -- Curl_recv_has_postponed_data: silence compiler warnings +Marcel Raad (18 Apr 2017) +- nss: fix MinGW compiler warnings - Follow-up to d00f2a8f2 - -Jay Satiro (19 Dec 2016) -- tests: checksrc compliance - -- http_proxy: Fix proxy CONNECT hang on pending data + This fixes 3 warnings issued by MinGW: + 1. PR_ImportTCPSocket actually has a paramter of type PROsfd instead of + PRInt32, which is 64 bits on Windows. Fixed this by including the + corresponding header file instead of redeclaring the function, which is + supported even though it is in the private include folder. [1] + 2. In 64-bit mode, size_t is 64 bits while CK_ULONG is 32 bits, so an explicit + narrowing cast is needed. + 3. Curl_timeleft returns time_t instead of long since commit + 21aa32d30dbf319f2d336e0cb68d3a3235869fbb. - - Check for pending data before waiting on the socket. + [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PR_ImportTCPSocket - Bug: https://github.com/curl/curl/issues/1156 - Reported-by: Adam Langley - -Daniel Stenberg (19 Dec 2016) -- cmdline-opts/tlsv1.d: rephrased + Closes https://github.com/curl/curl/pull/1393 -- [Dan McNulty brought this change] +Daniel Stenberg (18 Apr 2017) +- [Jay Satiro brought this change] - schannel: fix wildcard cert name validation on Win CE + TLS: Fix switching off SSL session id when client cert is used - Fixes a few issues in manual wildcard cert name validation in - schannel support code for Win32 CE: - - when comparing the wildcard name to the hostname, the wildcard - character was removed from the cert name and the hostname - was checked to see if it ended with the modified cert name. - This allowed cert names like *.com to match the connection - hostname. This violates recommendations from RFC 6125. - - when the wildcard name in the certificate is longer than the - connection hostname, a buffer overread of the connection - hostname buffer would occur during the comparison of the - certificate name and the connection hostname. - -- printf: fix floating point buffer overflow issues + Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl + will each have their own sessionid flag. - ... and add a bunch of floating point printf tests - -- config-amigaos.h: (embarrassed) made the line shorter - -- config-amigaos.h: fix bug report email reference - -- RELEASE-NOTES: synced with 4517158abfeba - -- CIPHERS.md: backtick the names to show underscores fine - -- form-string.d: fix format mistake + Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that + this issue had been fixed in 247d890, CVE-2016-5419. - and regenerated curl.1 + Bug: https://github.com/curl/curl/issues/1341 + Reported-by: lijian996@users.noreply.github.com - Reported-by: Gisle Vanem + The new incarnation of this bug is called CVE-2017-7468 and is documented + here: https://curl.haxx.se/docs/adv_20170419.html -Michael Kaufmann (18 Dec 2016) -- openssl: simplify expression in Curl_ossl_version +- [David Benjamin brought this change] -- curl_easy_recv: Improve documentation and example program - - Follow-up to 82245ea: Fix the example program sendrecv.c (handle - CURLE_AGAIN, handle incomplete send). Improve the documentation - for curl_easy_recv() and curl_easy_send(). + openssl: don't try to print nonexistant peer private keys - Reviewed-by: Frank Meier - Assisted-by: Jay Satiro + X.509 certificates carry public keys, not private keys. Fields + corresponding to the private half of the key will always be NULL. - See https://github.com/curl/curl/pull/1134 + Closes #1425 -- [Isaac Boukris brought this change] +- [David Benjamin brought this change] - Curl_getconnectinfo: avoid checking if the connection is closed - - It doesn't benefit us much as the connection could get closed at - any time, and also by checking we lose the ability to determine - if the socket was closed by reading zero bytes. + openssl: fix thread-safety bugs in error-handling - Reported-by: Michael Kaufmann + ERR_error_string with NULL parameter is not thread-safe. The library + writes the string into some static buffer. Two threads doing this at + once may clobber each other and run into problems. Switch to + ERR_error_string_n which avoids this problem and is explicitly + bounds-checked. - Closes https://github.com/curl/curl/pull/1134 - -Daniel Stenberg (18 Dec 2016) -- CIPHERS.md: attempt to document TLS cipher names + Also clean up some remnants of OpenSSL 0.9.5 around here. A number of + comments (fixed buffer size, explaining that ERR_error_string_n was + added in a particular version) date to when ossl_strerror tried to + support pre-ERR_error_string_n OpenSSLs. - As the official docs seems really hard to keep track of and link to over - time - -- curl.1: generated after 6cce4dbf830 + Closes #1424 -- cmdline-opts/post30X.d: fix the RFC references +- [David Benjamin brought this change] -- curl.1: regenerated + openssl: make SSL_ERROR_to_str more future-proof - Fixed trailing whitespace and numerous formatting glitches - -- cmdline-opts: formatting fixes - -- curl_easy_setopt.3: removed CURLOPT_SOCKS_PROXYTYPE - -- tool_getparam.c: make comments use the up-to-date option names - -- manpage-scan.pl: allow deprecated options to get removed from curl.1 + Rather than making assumptions about the values, use a switch-case. - --krb4, --ftp-ssl and --ftp-ssl-reqd no longer need to be documented in the - man page - -- cmdline-opts/gen.pl: trim off trailing spaces - -- cmdline-opts/proxy-tlsuser.d: remove trailing .d - -- curl_easy_setopt.3: CURLOPT_PRE_PROXY instead of CURLOPT_SOCKS_PROXY - -- symbols: removed two, added one + Closes #1424 -- cmdline-opts: include the man page split up files in the dist +- [Daniel Gustafsson brought this change] -- curl.1: generated with gen.pl - - This is the first time we replace the manually edited curt.1 with the - generated one created by gen.pl and the individual option documentation - pages. - - Do not edit this file, edit the individual pages and regenerate this - output. + code: fix typos and style in comments - This file will be generated by the build system soon and then removed - from git. - -- cmdline-opts: added some missing info - -- CURLINFO_SSL_VERIFYRESULT.3: language - -- HTTPS-PROXY docs: update/polish - -- cmdline-opts/page-header: mention it is generated + A few random typos, and minor whitespace cleanups, found in comments + while reading code. - ... to avoid people from trying to edit the pending curl.1 version that - gets generated by gen.pl + Closes #1423 -- preproxy: renamed what was added as SOCKS_PROXY +Marcel Raad (17 Apr 2017) +- extern-scan.pl: strip trailing CR - CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY + This makes test 1135 pass with CRLF checkouts. - Added the corresponding --preroxy command line option. Sets a SOCKS - proxy to connect to _before_ connecting to a HTTP(S) proxy. + Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166 + Closes https://github.com/curl/curl/pull/1422 -- curl: normal socks proxies still use CURLOPT_PROXY - - ... the newly introduced CURLOPT_SOCKS_PROXY is special and should be - asked for specially. (Needs new code.) +- configure.ac: ignore CR after version numbers - Unified proxy type to a single variable in the config struct. - -- CURLOPT_SOCKS_PROXYTYPE: removed + Ignore everything after the version numbers in LIBCURL_VERSION and + LIBCURL_VERSION_NUM to ged rid of the extra CR character. + This makes tests 1022 and 1023 pass on Linux with a CRLF checkout. - This was added as part of the SOCKS+HTTPS proxy merge but there's no - need to support this as we prefer to have the protocol specified as a - prefix instead. - -- curl_multi_socket.3: fix typo + Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166 + Closes https://github.com/curl/curl/pull/1422 -- checksrc: warn for assignments within if() expressions +- .gitattributes: force shell scripts to LF - ... they're already frowned upon in our source code style guide, this - now enforces the rule harder. - -- checksrc: stricter no-space-before-paren enforcement + Bash on Linux errors out on CR characters. + This makes tests 1221 and 1222 pass on Linux with a CRLF checkout. - In order to make the code style more uniform everywhere - -- ISSUE_TEMPLATE: try mentioning known bugs/todo in new issue template - -- RELEASE-NOTES: synced with 71a55534fa6 - -- [Adam Langley brought this change] + Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166 + Closes https://github.com/curl/curl/pull/1422 - openssl: don't use OpenSSL's ERR_PACK. - - ERR_PACK is an internal detail of OpenSSL. Also, when using it, a - function name must be specified which is overly specific: the test will - break whenever OpenSSL internally change things so that a different - function creates the error. +- unit1303: fix compiler warning - Closes #1157 - -Dan Fandrich (5 Dec 2016) -- test2032: Mark test as flaky - -Jay Satiro (3 Dec 2016) -- [Jeremy Pearson brought this change] + MinGW-w64 complains: + warning: conversion to 'long int' from 'time_t {aka long long int}' may + alter its value [-Wconversion] + Fix this by using the correct type. - libcurl-multi.3: typo - - Closes https://github.com/curl/curl/pull/1153 +Daniel Stenberg (16 Apr 2017) +- RELEASE-NOTES: synced with 1451271e0 -Dan Fandrich (2 Dec 2016) -- test1281: added http as a required feature +- [Larry Stefani brought this change] -Daniel Stenberg (2 Dec 2016) -- curl: support zero-length argument strings in config files - - ... like 'user-agent = ""' + http2: fix handle leak in error path - Adjusted test 71 to verify. - -- http_proxy: simplify CONNECT response reading + Add missing newhandle free call in push_promise(). - Since it now reads responses one byte a time, a loop could be removed - and it is no longer limited to get the whole response within 16K, it is - now instead only limited to 16K maximum header line lengths. + Closes #1416 -- tests: fix CONNECT test cases to be more strict - - ... as they broke with the cleaned up CONNECT handling +- [Larry Stefani brought this change] -- CONNECT: read responses one byte at a time + mbedtls: fix memory leak in error path - ... so that it doesn't read data that is actually coming from the - remote. 2xx responses have no body from the proxy, that data is from the - peer. + Add missing our_ssl_sessionid free call in mbed_connect_step3(). - Fixes #1132 + Closes #1417 -- CONNECT: reject TE or CL in 2xx responses +Marcel Raad (15 Apr 2017) +- curl-compilers.m4: turn implicit function declarations into errors - A server MUST NOT send any Transfer-Encoding or Content-Length header - fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section - 4.3.6) + This adds -Werror-implicit-function-declaration for GCC 2.95+ so that + these errors are visible at the point where they occur instead of only + at link time. + Implicit function declarations are illegal in C99 and C++ anyway, and + the same warning has been turned into an error for ICC in commit + 3072c5b8a127057aa922b7c51051bbb4a630b091. - Also fixes the three test cases that did this. + Ref: https://gcc.gnu.org/onlinedocs/gcc-2.95.2/gcc_2.html#SEC8 + Ref: https://curl.haxx.se/mail/lib-2017-04/0001.html + Closes https://github.com/curl/curl/pull/1419 -- URL parser: reject non-numerical port numbers +- test1541: also test for CURL_PULL_WS2TCPIP_H - Test 1281 added to verify - -Dan Fandrich (30 Nov 2016) -- runtests: made Servers: output be more consistent by removing OFF - -- cyassl: fixed typo introduced in 4f8b1774 + Ref: https://github.com/curl/curl/issues/1408 + Closes https://github.com/curl/curl/pull/1412 -Michael Kaufmann (30 Nov 2016) -- CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries properly - - If a port number in a "connect-to" entry does not match, skip this - entry instead of connecting to port 0. - - If a port number in a "connect-to" entry matches, use this entry - and look no further. +- tests/server/util: prefer over - Reported-by: Jay Satiro - Assisted-by: Jay Satiro, Daniel Stenberg + Follow-up to aa573c3c55cda72ec5ef677d87f6f46a53385f0c - Closes #1148 - -Daniel Stenberg (29 Nov 2016) -- BUGS: describe bug handling process - -- RELEASE-NOTES: synced with 19613fb3 + Ref: https://github.com/curl/curl/pull/1406 -Jay Satiro (28 Nov 2016) -- http2: check nghttp2_session_set_local_window_size exists +Daniel Stenberg (11 Apr 2017) +- Curl_expire_latest: ignore already expired timers - The function only exists since nghttp2 1.12.0. + If the existing timer is still in there but has expired, the new timer + should be added. - Bug: https://github.com/curl/curl/commit/a4d8888#commitcomment-19985676 - Reported-by: Michael Kaufmann - -Daniel Stenberg (28 Nov 2016) -- [Anders Bakken brought this change] + Reported-by: Rainer Canavan + Bug: https://curl.haxx.se/mail/lib-2017-04/0030.html + Closes #1407 - http2: Fix crashes when parent stream gets aborted +- system.h: fix mingw section - Closes #1125 + Reported-by: Marcel Raad + Fixes #1408 + Closes #1409 -- cmdline-docs: more options converted and fixed +Marcel Raad (11 Apr 2017) +- polarssl: unbreak build with versions < 1.3.8 - Now all options are in the new system. - -- gen: include footer in mainpage output - -Jay Satiro (28 Nov 2016) -- lib1536: checksrc compliance - -Daniel Stenberg (28 Nov 2016) -- cmdline-opts: more command line options documented + ssl_session_init was only introduced in version 1.3.8, the penultimate + version. The function only contains a memset, so replace it with that. - Moved over to the new format + Suggested-by: Jay Satiro + Fixes https://github.com/curl/curl/issues/1401 -- curl: remove --proxy-ssl* options +- poll: prefer over - There's mostly likely no need to allow setting SSLv2/3 version for HTTPS - proxy. Those protocols are insecure by design and deprecated. - -- CURLOPT_PROXY_*.3: polished some proxy option man pages - -Patrick Monnerat (26 Nov 2016) -- os400: support CURLOPT_PROXY_PINNEDPUBLICKEY + The POSIX standard location is . Using results in + warning spam when using the musl standard library. - Also define it in ILE/RPG binding. + Closes https://github.com/curl/curl/pull/1406 -Daniel Stenberg (26 Nov 2016) -- [Okhin Vasilij brought this change] +Daniel Stenberg (10 Apr 2017) +- [Alexis La Goutte brought this change] - curl_version_info: add CURL_VERSION_HTTPS_PROXY + openssl: fix this statement may fall through [-Wimplicit-fallthrough=] - Closes #1142 - -- [Frank Gevaerts brought this change] + Closes #1402 - tests: Add some testcases for recent new features. +Kamil Dudka (10 Apr 2017) +- nss: load CA certificates even with --insecure - Add missing tests for CURLINFO_SCHEME, CURLINFO_PROTOCOL, %{scheme}, - and %{http_version} + ... because they may include an intermediate certificate for a client + certificate and the intermediate certificate needs to be presented to + the server, no matter if we verify the peer or not. - closes #1143 - -- [Frank Gevaerts brought this change] - - curl_easy_reset: clear info for CULRINFO_PROTOCOL and CURLINFO_SCHEME + Reported-by: thraidh + Closes #851 -- CURLOPT_PROXY_CAINFO.3: clarify proxy use +Daniel Stenberg (10 Apr 2017) +- RELEASE-NOTES: synced with f9d1e9a27f7e1 -- CURLOPT_PROXY_CRLFILE.3: clarify https proxy and availability +Dan Fandrich (10 Apr 2017) +- libcurl-thread.3: fixed a bad macro that caused test 1140 to fail -- curl_easy_setopt.3: add CURLOPT_PROXY_PINNEDPUBLICKEY +Daniel Stenberg (9 Apr 2017) +- libcurl-thread.3: also mention threaded-resolver - Follow-up to 4f8b17743d7c55a + Reported-by: Alex Bligh + Bug: https://curl.haxx.se/mail/lib-2017-04/0044.html -- docs: include all opts man pages in dist +- .github/stale.yml: enable the stale bot - Sorted the lists too. + Issues and PRs with no activity for 180 days will get marked as stale, + and if no further activity happens within 14 more days, the issue gets + closed. - ... and include the new ones in the PDF and HTML generation targets - -- [Thomas Glanzmann brought this change] - - HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY - -- [Thomas Glanzmann brought this change] - - url: proxy: Use 443 as default port for https proxies - -- TODO: removed "HTTPS proxy" - -- [Jan-E brought this change] - - winbuild: add config option ENABLE_NGHTTP2 + This follows our established policy of not letting stalled bugs "get in + the way": https://curl.haxx.se/docs/bugs.html#Closing_off_stalled_bugs - Closes #1141 + Closes #1398 -Jay Satiro (24 Nov 2016) -- tool_urlglob: Improve sanity check in glob_range +Jay Satiro (8 Apr 2017) +- CURLINFO_SCHEME.3: fix variable type - Prior to this change we depended on errno if strtol could not perform a - conversion. POSIX says EINVAL *may* be set. Some implementations like - Microsoft's will not set it if there's no conversion. + - Change documented param type to char ** from incorrect long *. + +Marcel Raad (8 Apr 2017) +- INSTALL.md: fix secure transport configure arguments - Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189 + --without-ssl is needed instead of --with-winssl. -- tool_help: Change description for --retry-connrefused +- vtls: fix unreferenced variable warnings - Ref: https://github.com/curl/curl/pull/1064#issuecomment-260052409 + ... by moving the variables into the correct #ifdef block. -Patrick Monnerat (25 Nov 2016) -- os400: sync ILE/RPG binding +Daniel Stenberg (7 Apr 2017) +- BUGS: "Bugs in old versions" -Jay Satiro (24 Nov 2016) -- test1135: Fix curl_easy_duphandle prototype for code style +- system.h: add section for tcc - Follow-up to dbadaeb which changed the style. + Closes #1397 -- x509asn1: Restore the parameter check in Curl_getASN1Element +Marcel Raad (7 Apr 2017) +- schannel: fix compiler warnings - - Restore the removed parts of the parameter check. + When UNICODE is not defined, the Curl_convert_UTF8_to_tchar macro maps + directly to its argument. As it is declared as a pointer to const and + InitializeSecurityContext expects a pointer to non-const, both MSVC and MinGW + issue a warning about implicitly casting away the const. Fix this by declaring + the variables as pointers to non-const. - Follow-up to 945f60e which altered the parameter check. - -Daniel Stenberg (25 Nov 2016) -- RELEASE-NOTES: update option counters + Closes https://github.com/curl/curl/pull/1394 -- [Frank Gevaerts brought this change] +- [Isaac Boukris brought this change] - add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme} - - Adds access to the effectively used protocol/scheme to both libcurl and - curl, both in string and numeric (CURLPROTO_*) form. - - Note that the string form will be uppercase, as it is just the internal - string. + sspi: print out InitializeSecurityContext() error message - As these strings are declared internally as const, and all other strings - returned by curl_easy_getinfo() are de-facto const as well, string - handling in getinfo.c got const-ified. + Reported-by: Carsten (talksinmath) - Closes #1137 - -- RELEASE-NOTES: synced with 63198a4750aeb - -- curl.1: the new --proxy options ship in 7.52.0 - -- checksrc: move open braces to comply with function declaration style - -- checksrc: detect wrongly placed open braces in func declarations - -- checksrc: white space edits to comply to stricter checksrc + Fixes #1384 + Closes #1395 -- checksrc: verify ASTERISKNOSPACE +- gtls: fix compiler warning - Detects (char*) and 'char*foo' uses. + Curl_timeleft returns time_t instead of long since commit + 21aa32d30dbf319f2d336e0cb68d3a3235869fbb. -- checksrc: code style: use 'char *name' style +Daniel Stenberg (6 Apr 2017) +- test1606: verify speedcheck -- checksrc: add ASTERISKSPACE +- low_speed_limit: improved function for longer time periods - Verifies a 'char *name' style, with no space after the asterisk. - -- openssl: remove dead code + Previously, periods of fast speed between periods of slow speed would + not count and could still erroneously trigger a timeout. - Coverity CID 1394666 - -- [Okhin Vasilij brought this change] - - HTTPS-proxy: fixed mbedtls and polishing + Reported-by: Paul Harris + Fixes #1345 + Closes #1390 -- darwinssl: adopted to the HTTPS proxy changes +- system.h: set sizeof long to 4 on "default 32 bit" systems - It builds and runs all test cases. No adaptations for actual HTTPS proxy - support has been made. + Triggered a test failure on test 1541 for the build known as + "Linux 4.4 i686 tcc 0.9.26 glibc 2.20" -- gtls: fix indent to silence compiler warning +Marcel Raad (6 Apr 2017) +- nss: fix build after e60fe20fdf94e829ba5fce33f7a9d6c281149f7d - vtls/gtls.c: In function ‘Curl_gtls_data_pending’: - vtls/gtls.c:1429:3: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] - if(conn->proxy_ssl[connindex].session && - ^~ - vtls/gtls.c:1433:5: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ - return res; - -- [Thomas Glanzmann brought this change] - - mbedtls: Fix compile errors + Curl_llist_alloc is now Curl_llist_init. + + Closes https://github.com/curl/curl/pull/1391 -- [Alex Rousskov brought this change] +Daniel Stenberg (6 Apr 2017) +- INSTALL.cmake: more problems + + and mention specific issues where they are discussed - proxy: Support HTTPS proxy and SOCKS+HTTP(s) +- test1541: ignore the curl_off_t variable type name comparison - * HTTPS proxies: + ... the sizes and the formatting strings are what's really important and + avoids problems with int64_t vs "long long". - An HTTPS proxy receives all transactions over an SSL/TLS connection. - Once a secure connection with the proxy is established, the user agent - uses the proxy as usual, including sending CONNECT requests to instruct - the proxy to establish a [usually secure] TCP tunnel with an origin - server. HTTPS proxies protect nearly all aspects of user-proxy - communications as opposed to HTTP proxies that receive all requests - (including CONNECT requests) in vulnerable clear text. + Bug: https://curl.haxx.se/mail/lib-2017-04/0019.html + +- Revert "configure: prefer 'long long' to int64_t for curl_off_t" - With HTTPS proxies, it is possible to have two concurrent _nested_ - SSL/TLS sessions: the "outer" one between the user agent and the proxy - and the "inner" one between the user agent and the origin server - (through the proxy). This change adds supports for such nested sessions - as well. + This reverts commit 81284374bf3c670d2050f8562edeb69f060b07cc. - A secure connection with a proxy requires its own set of the usual SSL - options (their actual descriptions differ and need polishing, see TODO): + Due to mingw32 brekage. + +Marcel Raad (5 Apr 2017) +- tool_operate: fix MinGW compiler warning - --proxy-cacert FILE CA certificate to verify peer against - --proxy-capath DIR CA directory to verify peer against - --proxy-cert CERT[:PASSWD] Client certificate file and password - --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) - --proxy-ciphers LIST SSL ciphers to use - --proxy-crlfile FILE Get a CRL list in PEM format from the file - --proxy-insecure Allow connections to proxies with bad certs - --proxy-key KEY Private key file name - --proxy-key-type TYPE Private key file type (DER/PEM/ENG) - --proxy-pass PASS Pass phrase for the private key - --proxy-ssl-allow-beast Allow security flaw to improve interop - --proxy-sslv2 Use SSLv2 - --proxy-sslv3 Use SSLv3 - --proxy-tlsv1 Use TLSv1 - --proxy-tlsuser USER TLS username - --proxy-tlspassword STRING TLS password - --proxy-tlsauthtype STRING TLS authentication type (default SRP) + MinGW complains: + tool_operate.c:197:15: error: comparison is always true due to limited range + of data type [-Werror=type-limits] - All --proxy-foo options are independent from their --foo counterparts, - except --proxy-crlfile which defaults to --crlfile and --proxy-capath - which defaults to --capath. + Fix this by only doing the comparison if 'long' is large enough to hold the + constant it is compared with. - Curl now also supports %{proxy_ssl_verify_result} --write-out variable, - similar to the existing %{ssl_verify_result} variable. + Closes https://github.com/curl/curl/pull/1378 + +- tool_operate: move filetime code to its own function - Supported backends: OpenSSL, GnuTLS, and NSS. + Ref: https://github.com/curl/curl/pull/1378 + +Daniel Stenberg (5 Apr 2017) +- configure: prefer 'long long' to int64_t for curl_off_t - * A SOCKS proxy + HTTP/HTTPS proxy combination: + Since it is a native type and it makes it less complicated to find a + matching one in system.h - If both --socks* and --proxy options are given, Curl first connects to - the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS - proxy. + Bug: https://curl.haxx.se/mail/lib-2017-04/0010.html + Reported-by: Dan Fandrich - TODO: Update documentation for the new APIs and --proxy-* options. - Look for "Added in 7.XXX" marks. - -Patrick Monnerat (24 Nov 2016) -- Declare endian read functions argument as a const pointer. - This is done for all functions of the form Curl_read[136][624]_[lb]e. + Closes #1388 -- Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows. - See CRL-01-006. +- [Dániel Bakai brought this change] -Jay Satiro (22 Nov 2016) -- url: Fix conn reuse for local ports and interfaces + tests: added test for Curl_splaygetbest to unit1309 - - Fix connection reuse for when the proposed new conn 'needle' has a - specified local port but does not have a specified device interface. + This checks the new behavior of Curl_splaygetbest, so that the smallest + node not larger than the key is removed, and FIFO behavior is kept even + when there are multiple nodes with the same key. - Bug: https://curl.haxx.se/mail/lib-2016-11/0137.html - Reported-by: bjt3[at]hotmail.com + Closes #1358 -Daniel Stenberg (21 Nov 2016) -- rand: pass in number of randoms as an unsigned argument +- [Dániel Bakai brought this change] -Jay Satiro (20 Nov 2016) -- rand: Fix potentially uninitialized result warning + multi: fix queueing of pending easy handles + + Multi handles repeatedly invert the queue of pending easy handles when + used with CURLMOPT_MAX_TOTAL_CONNECTIONS. This is caused by a multistep + process involving Curl_splaygetbest and violates the FIFO property of + the multi handle. + This patch fixes this issue by redefining the "best" node in the + context of timeouts as the "smallest not larger than now", and + implementing the necessary data structure modifications to do this + effectively, namely: + - splay nodes with the same key are now stored in a doubly-linked + circular list instead of a non-circular one to enable O(1) + insertion to the tail of the list + - Curl_splayinsert inserts nodes with the same key to the tail of + the same list + - in case of multiple nodes with the same key, the one on the head of + the list gets selected -Marcel Raad (19 Nov 2016) -- vtls: fix build warnings +Marcel Raad (4 Apr 2017) +- tool: fix Windows Unicode build - Fix warnings about conversions from long to time_t in openssl.c and - schannel.c. + ... by explicitly calling the ANSI versions of Windows API functions where + required. + +Daniel Stenberg (4 Apr 2017) +- [Martin Kepplinger brought this change] + + curl_sasl: declare mechtable static - Follow-up to de4de4e3c7c + struct mechtable is only used locally here. It can be declared static. -Daniel Stenberg (18 Nov 2016) -- [Marcel Raad brought this change] +Jay Satiro (4 Apr 2017) +- [Antti Hätälä brought this change] - lib: fix compiler warnings after de4de4e3c7c + url: don't free postponed data on connection reuse - Visual C++ now complains about implicitly casting time_t (64-bit) to - long (32-bit). Fix this by changing some variables from long to time_t, - or explicitly casting to long where the public interface would be - affected. + - Don't free postponed data on a connection that will be reused since + doing so can cause data loss when pipelining. + + Only Windows builds are affected by this. - Closes #1131 + Closes https://github.com/curl/curl/issues/1380 -Peter Wu (17 Nov 2016) -- [Isaac Boukris brought this change] +Daniel Stenberg (4 Apr 2017) +- RELEASE-NOTES: synced with 4f2e348f9b42c69c480 - Don't mix unix domain sockets with regular ones +- hash: move key into hash struct to reduce mallocs - When reusing a connection, make sure the unix domain - socket option matches. - -Jay Satiro (17 Nov 2016) -- tests: Fix HTTP2-Settings header for huge window size + This removes one tiny malloc for each hash struct allocated. In a simple + case like "curl localhost", this save three mallocs. - Follow-up to a4d8888. Changing the window size in that commit resulted - in a different HTTP2-Settings upgrade header, causing test 1800 to fail. + Closes #1376 -- http2: Use huge HTTP/2 windows +- llist: replace Curl_llist_alloc with Curl_llist_init - - Improve performance by using a huge HTTP/2 window size. + No longer allocate the curl_llist head struct for lists separately. - Bug: https://github.com/curl/curl/issues/1102 - Reported-by: afrind@users.noreply.github.com - Assisted-by: Tatsuhiro Tsujikawa - -Daniel Stenberg (16 Nov 2016) -- cmdline-docs: more conversion - -- gen: support 'protos' + Removes 17 (15%) tiny allocations in a normal "curl localhost" invoke. - and warn on unrecognized lines + closes #1381 -- gen: support 'single' to make an individual page man page +Jay Satiro (4 Apr 2017) +- easy: silence compiler warning + + Safe to silence warning adding time delta of poll, which can trigger on + Windows since sizeof time_t > sizeof long. + + warning C4244: '+=' : conversion from 'time_t' to 'long', possible loss + of data -- cmdline-docs: more options converted over +Daniel Stenberg (4 Apr 2017) +- [Richlv brought this change] -- gen: support 'redirect' + docs: minor typo in write-out.d - ... and warn for too long --help lines - -- cmdline/gen: replace options in texts better + Closes #1382 -Jay Satiro (16 Nov 2016) -- http2: Fix address sanitizer memcpy warning +- include: curl/system.h is a run-time version of curlbuild.h - - In Curl_http2_switched don't call memcpy when src is NULL. + system.h is aimed to replace curlbuild.h at a later point in time when + we feel confident system.h works sufficiently well. - Curl_http2_switched can be called like: + curl/system.h is currently used in parallel with curl/curlbuild.h - Curl_http2_switched(conn, NULL, 0); + curl/system.h determines a data sizes, data types and include file + status based on available preprocessor defines instead of getting + generated at build-time. This, in order to avoid relying on a build-time + generated file that makes it complicated to do 32 and 64 bit bields from + the same installed set of headers. - .. and prior to this change memcpy was then called like: + Test 1541 verifies that system.h comes to the same conclusion that + curlbuild.h offers. - memcpy(dest, NULL, 0) + Closes #1373 + +- multi: make curl_multi_wait avoid malloc in the typical case - .. causing address sanitizer to warn: + When only a few additional file descriptors are used, avoid the malloc. - http2.c:2057:3: runtime error: null pointer passed as argument 2, which - is declared to never be null + Closes #1377 diff -Nru curl-7.55.1/CMake/curl-config.cmake curl-7.57.0/CMake/curl-config.cmake --- curl-7.55.1/CMake/curl-config.cmake 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/CMake/curl-config.cmake 2017-11-26 13:19:01.000000000 +0000 @@ -0,0 +1,59 @@ + +get_filename_component(_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH) + +if(NOT CURL_FIND_COMPONENTS) + set(CURL_FIND_COMPONENTS curl libcurl) + if(CURL_FIND_REQUIRED) + set(CURL_FIND_REQUIRED_curl TRUE) + set(CURL_FIND_REQUIRED_libcurl TRUE) + endif() +endif() + +set(_curl_missing_components) +foreach(_comp ${CURL_FIND_COMPONENTS}) + if(EXISTS "${_DIR}/${_comp}-target.cmake") + include("${_DIR}/${_comp}-target.cmake") + set(CURL_${_comp}_FOUND TRUE) + else() + set(CURL_${_comp}_FOUND FALSE) + if(CURL_FIND_REQUIRED_${_comp}) + set(CURL_FOUND FALSE) + list(APPEND _curl_missing_components ${_comp}) + endif() + endif() +endforeach() + +if(_curl_missing_components) + set(CURL_NOT_FOUND_MESSAGE "Following required components not found: " ${_curl_missing_components}) +else() + if(TARGET CURL::libcurl) + string(TOUPPER "${CMAKE_BUILD_TYPE}" _curl_current_config) + if(NOT _curl_current_config) + set(_curl_current_config "NOCONFIG") + endif() + get_target_property(_curl_configurations CURL::libcurl IMPORTED_CONFIGURATIONS) + list(FIND _curl_configurations "${_curl_current_config}" _i) + if(_i LESS 0) + set(_curl_config "RELEASE") + list(FIND _curl_configurations "${_curl_current_config}" _i) + if(_i LESS 0) + set(_curl_config "NOCONFIG") + list(FIND _curl_configurations "${_curl_current_config}" _i) + endif() + endif() + + if(_i LESS 0) + set(_curl_current_config "") # let CMake pick config at random + else() + set(_curl_current_config "_${_curl_current_config}") + endif() + + get_target_property(CURL_INCLUDE_DIRS CURL::libcurl INTERFACE_INCLUDE_DIRECTORIES) + get_target_property(CURL_LIBRARIES CURL::libcurl "LOCATION${_curl_current_config}") + set(_curl_current_config) + set(_curl_configurations) + set(_i) + endif() +endif() + +unset(_curl_missing_components) diff -Nru curl-7.55.1/CMake/Macros.cmake curl-7.57.0/CMake/Macros.cmake --- curl-7.55.1/CMake/Macros.cmake 2017-07-31 22:16:04.000000000 +0000 +++ curl-7.57.0/CMake/Macros.cmake 2017-11-09 22:40:36.000000000 +0000 @@ -93,3 +93,32 @@ endif(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST}) endif() endmacro(CURL_INTERNAL_TEST_RUN) + +macro(CURL_NROFF_CHECK) + find_program(NROFF NAMES gnroff nroff) + if(NROFF) + # Need a way to write to stdin, this will do + file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" "test") + # Tests for a valid nroff option to generate a manpage + foreach(_MANOPT "-man" "-mandoc") + execute_process(COMMAND "${NROFF}" ${_MANOPT} + OUTPUT_VARIABLE NROFF_MANOPT_OUTPUT + INPUT_FILE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" + ERROR_QUIET) + # Save the option if it was valid + if(NROFF_MANOPT_OUTPUT) + message("Found *nroff option: -- ${_MANOPT}") + set(NROFF_MANOPT ${_MANOPT}) + set(NROFF_USEFUL ON) + break() + endif() + endforeach() + # No need for the temporary file + file(REMOVE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt") + if(NOT NROFF_USEFUL) + message(WARNING "Found no *nroff option to get plaintext from man pages") + endif() + else() + message(WARNING "Found no *nroff program") + endif() +endmacro(CURL_NROFF_CHECK) diff -Nru curl-7.55.1/CMakeLists.txt curl-7.57.0/CMakeLists.txt --- curl-7.55.1/CMakeLists.txt 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/CMakeLists.txt 2017-11-26 13:19:01.000000000 +0000 @@ -38,11 +38,12 @@ # To check: # (From Daniel Stenberg) The cmake build selected to run gcc with -fPIC on my box while the plain configure script did not. # (From Daniel Stenberg) The gcc command line use neither -g nor any -O options. As a developer, I also treasure our configure scripts's --enable-debug option that sets a long range of "picky" compiler options. -cmake_minimum_required(VERSION 2.8 FATAL_ERROR) +cmake_minimum_required(VERSION 2.8.12 FATAL_ERROR) set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}") include(Utilities) include(Macros) include(CMakeDependentOption) +include(CheckCCompilerFlag) project( CURL C ) @@ -73,6 +74,7 @@ include_directories( ${CURL_SOURCE_DIR}/include ) option(CURL_WERROR "Turn compiler warnings into errors" OFF) +option(PICKY_COMPILER "Enable picky compiler options" ON) option(BUILD_CURL_EXE "Set to ON to build curl executable." ON) option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF) option(ENABLE_ARES "Set to ON to enable c-ares support" OFF) @@ -88,6 +90,19 @@ option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF) option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF) +if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) + if (PICKY_COMPILER) + foreach (_CCOPT -pedantic -Wall -W -Wpointer-arith -Wwrite-strings -Wunused -Wshadow -Winline -Wnested-externs -Wmissing-declarations -Wmissing-prototypes -Wno-long-long -Wfloat-equal -Wno-multichar -Wsign-compare -Wundef -Wno-format-nonliteral -Wendif-labels -Wstrict-prototypes -Wdeclaration-after-statement -Wstrict-aliasing=3 -Wcast-align -Wtype-limits -Wold-style-declaration -Wmissing-parameter-type -Wempty-body -Wclobbered -Wignored-qualifiers -Wconversion -Wno-sign-conversion -Wvla -Wdouble-promotion -Wno-system-headers) + # surprisingly, CHECK_C_COMPILER_FLAG needs a new variable to store each new + # test result in. + CHECK_C_COMPILER_FLAG(${_CCOPT} OPT${_CCOPT}) + if(OPT${_CCOPT}) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${_CCOPT}") + endif() + endforeach() + endif(PICKY_COMPILER) +endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) + if (ENABLE_DEBUG) # DEBUGBUILD will be defined only for Debug builds if(NOT CMAKE_VERSION VERSION_LESS 3.0) @@ -172,8 +187,6 @@ mark_as_advanced(CURL_DISABLE_CRYPTO_AUTH) option(CURL_DISABLE_VERBOSE_STRINGS "to disable verbose strings" OFF) mark_as_advanced(CURL_DISABLE_VERBOSE_STRINGS) -option(DISABLED_THREADSAFE "Set to explicitly specify we don't want to use thread-safe functions" OFF) -mark_as_advanced(DISABLED_THREADSAFE) option(ENABLE_IPV6 "Define if you want to enable IPv6 support" ON) mark_as_advanced(ENABLE_IPV6) if(ENABLE_IPV6 AND NOT WIN32) @@ -190,38 +203,20 @@ endif() endif() -option(ENABLE_MANUAL "to provide the built-in manual" ON) -unset(USE_MANUAL CACHE) # TODO: cache NROFF/NROFF_MANOPT/USE_MANUAL vars? +CURL_NROFF_CHECK() +find_package(Perl) + +CMAKE_DEPENDENT_OPTION(ENABLE_MANUAL "to provide the built-in manual" + ON "NROFF_USEFUL;PERL_FOUND" + OFF) + +if(NOT PERL_FOUND) + message(STATUS "Perl not found, testing disabled.") + set(BUILD_TESTING OFF) +endif() if(ENABLE_MANUAL) - find_program(NROFF NAMES gnroff nroff) - if(NROFF) - # Need a way to write to stdin, this will do - file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" "test") - # Tests for a valid nroff option to generate a manpage - foreach(_MANOPT "-man" "-mandoc") - execute_process(COMMAND "${NROFF}" ${_MANOPT} - OUTPUT_VARIABLE NROFF_MANOPT_OUTPUT - INPUT_FILE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" - ERROR_QUIET) - # Save the option if it was valid - if(NROFF_MANOPT_OUTPUT) - message("Found *nroff option: -- ${_MANOPT}") - set(NROFF_MANOPT ${_MANOPT}) - set(USE_MANUAL 1) - break() - endif() - endforeach() - # No need for the temporary file - file(REMOVE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt") - if(NOT USE_MANUAL) - message(WARNING "Found no *nroff option to get plaintext from man pages") - endif() - else() - message(WARNING "Found no *nroff program") - endif() + set(USE_MANUAL ON) endif() -# Required for building manual, docs, tests -find_package(Perl REQUIRED) # We need ansi c-flags, especially on HP set(CMAKE_C_FLAGS "${CMAKE_ANSI_CFLAGS} ${CMAKE_C_FLAGS}") @@ -371,7 +366,6 @@ check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H) check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H) check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H) - check_include_file("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H) check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H) check_include_file("openssl/ssl.h" HAVE_OPENSSL_SSL_H) check_include_file("openssl/x509.h" HAVE_OPENSSL_X509_H) @@ -801,50 +795,6 @@ endif(NOT HAVE_SIZEOF_SSIZE_T) # off_t is sized later, after the HAVE_FILE_OFFSET_BITS test -# Different sizeofs, etc. - -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL - -set(CURL_SIZEOF_LONG ${SIZEOF_LONG}) - -if(SIZEOF_LONG EQUAL 8) - set(CURL_TYPEOF_CURL_OFF_T long) - set(CURL_SIZEOF_CURL_OFF_T 8) - set(CURL_FORMAT_CURL_OFF_T "ld") - set(CURL_FORMAT_CURL_OFF_TU "lu") - set(CURL_FORMAT_OFF_T "%ld") - set(CURL_SUFFIX_CURL_OFF_T L) - set(CURL_SUFFIX_CURL_OFF_TU UL) -endif(SIZEOF_LONG EQUAL 8) - -if(SIZEOF_LONG_LONG EQUAL 8) - set(CURL_TYPEOF_CURL_OFF_T "long long") - set(CURL_SIZEOF_CURL_OFF_T 8) - set(CURL_FORMAT_CURL_OFF_T "lld") - set(CURL_FORMAT_CURL_OFF_TU "llu") - set(CURL_FORMAT_OFF_T "%lld") - set(CURL_SUFFIX_CURL_OFF_T LL) - set(CURL_SUFFIX_CURL_OFF_TU ULL) -endif(SIZEOF_LONG_LONG EQUAL 8) - -if(NOT CURL_TYPEOF_CURL_OFF_T) - set(CURL_TYPEOF_CURL_OFF_T ${ssize_t}) - set(CURL_SIZEOF_CURL_OFF_T ${SIZEOF_SSIZE_T}) - # TODO: need adjustment here. - set(CURL_FORMAT_CURL_OFF_T "ld") - set(CURL_FORMAT_CURL_OFF_TU "lu") - set(CURL_FORMAT_OFF_T "%ld") - set(CURL_SUFFIX_CURL_OFF_T L) - set(CURL_SUFFIX_CURL_OFF_TU LU) -endif(NOT CURL_TYPEOF_CURL_OFF_T) - if(HAVE_SIZEOF_LONG_LONG) set(HAVE_LONGLONG 1) set(HAVE_LL 1) @@ -924,10 +874,12 @@ check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME) check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT) check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE) +check_symbol_exists(setmode "${CURL_INCLUDES}" HAVE_SETMODE) check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT) check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL) check_symbol_exists(ioctl "${CURL_INCLUDES}" HAVE_IOCTL) check_symbol_exists(setsockopt "${CURL_INCLUDES}" HAVE_SETSOCKOPT) +check_function_exists(mach_absolute_time HAVE_MACH_ABSOLUTE_TIME) # symbol exists in win32, but function does not. if(WIN32) @@ -1013,6 +965,13 @@ set(CMAKE_REQUIRED_FLAGS "-D_FILE_OFFSET_BITS=64") endif(HAVE_FILE_OFFSET_BITS) check_type_size("off_t" SIZEOF_OFF_T) + +# include this header to get the type +set(CMAKE_REQUIRED_INCLUDES "${CURL_SOURCE_DIR}/include") +set(CMAKE_EXTRA_INCLUDE_FILES "curl/system.h") +check_type_size("curl_off_t" SIZEOF_CURL_OFF_T) +set(CMAKE_EXTRA_INCLUDE_FILES "") + set(CMAKE_REQUIRED_FLAGS) foreach(CURL_TEST @@ -1173,8 +1132,18 @@ endfunction() -add_subdirectory(docs) +if(WIN32 AND NOT CYGWIN) + set(CURL_INSTALL_CMAKE_DIR CMake) +else() + set(CURL_INSTALL_CMAKE_DIR lib/cmake/curl) +endif() + +if(USE_MANUAL) + add_subdirectory(docs) +endif() + add_subdirectory(lib) + if(BUILD_CURL_EXE) add_subdirectory(src) endif() @@ -1319,6 +1288,25 @@ DESTINATION include FILES_MATCHING PATTERN "*.h") + +include(CMakePackageConfigHelpers) +write_basic_package_version_file( + "${PROJECT_BINARY_DIR}/curl-config-version.cmake" + VERSION ${CURL_VERSION} + COMPATIBILITY SameMajorVersion +) + +configure_file(CMake/curl-config.cmake + "${PROJECT_BINARY_DIR}/curl-config.cmake" + COPYONLY +) + +install( + FILES ${PROJECT_BINARY_DIR}/curl-config.cmake + ${PROJECT_BINARY_DIR}/curl-config-version.cmake + DESTINATION ${CURL_INSTALL_CMAKE_DIR} +) + # Workaround for MSVS10 to avoid the Dialog Hell # FIXME: This could be removed with future version of CMake. if(MSVC_VERSION EQUAL 1600) diff -Nru curl-7.55.1/configure curl-7.57.0/configure --- curl-7.55.1/configure 2017-08-13 16:22:16.000000000 +0000 +++ curl-7.57.0/configure 2017-11-28 15:13:57.000000000 +0000 @@ -885,8 +885,6 @@ CURL_NETWORK_AND_TIME_LIBS CURL_NETWORK_LIBS LIBCURL_LIBS -SONAME_BUMP_FALSE -SONAME_BUMP_TRUE CFLAG_CURL_SYMBOL_HIDING DOING_CURL_SYMBOL_HIDING_FALSE DOING_CURL_SYMBOL_HIDING_TRUE @@ -917,6 +915,7 @@ USE_LIBPSL_FALSE USE_LIBPSL_TRUE CURL_CA_BUNDLE +CURL_WITH_MULTI_SSL SSL_ENABLED USE_AXTLS NSS_LIBS @@ -933,7 +932,11 @@ USE_DARWINSSL USE_WINDOWS_SSPI USE_SCHANNEL +DEFAULT_SSL_BACKEND +BUILD_STUB_GSS_FALSE +BUILD_STUB_GSS_TRUE USE_OPENLDAP +HAVE_BROTLI ZLIB_LIBS HAVE_LIBZ_FALSE HAVE_LIBZ_TRUE @@ -1156,12 +1159,14 @@ enable_libcurl_option enable_libgcc with_zlib +with_brotli with_ldap_lib with_lber_lib enable_ipv6 with_gssapi_includes with_gssapi_libs with_gssapi +with_default_ssl_backend with_winssl with_darwinssl with_ssl @@ -1194,7 +1199,6 @@ enable_tls_srp enable_unix_sockets enable_cookies -enable_soname_bump ' ac_precious_vars='build_alias host_alias @@ -1934,8 +1938,6 @@ --disable-unix-sockets Disable Unix domain sockets --enable-cookies Enable cookies support --disable-cookies Disable cookies support - --enable-soname-bump Enable enforced SONAME bump - --disable-soname-bump Disable enforced SONAME bump Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1951,12 +1953,20 @@ compiler's sysroot if not specified). --with-zlib=PATH search for zlib in PATH --without-zlib disable use of zlib + --with-brotli=PATH Where to look for brotli, PATH points to the BROTLI + installation; when possible, set the PKG_CONFIG_PATH + environment variable instead of using this option + --without-brotli disable BROTLI --with-ldap-lib=libname Specify name of ldap lib file --with-lber-lib=libname Specify name of lber lib file --with-gssapi-includes=DIR Specify location of GSS-API headers --with-gssapi-libs=DIR Specify location of GSS-API libs --with-gssapi=DIR Where to look for GSS-API + --with-default-ssl-backend=NAME + Use NAME as default SSL backend + --without-default-ssl-backend + Use implicit default SSL backend --with-winssl enable Windows native SSL/TLS --without-winssl disable Windows native SSL/TLS --with-darwinssl enable Apple OS native SSL/TLS @@ -2195,6 +2205,52 @@ } # ac_fn_c_try_cpp +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in @@ -2268,6 +2324,148 @@ } # ac_fn_c_try_run +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#define $2 innocuous_$2 +#ifdef __STDC__ +# include +#else +# include +#endif +#undef $2 +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int main (void) +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} +( $as_echo "## ----------------------------------------------------------------------- ## +## Report this to a suitable curl mailing list: https://curl.haxx.se/mail/ ## +## ----------------------------------------------------------------------- ##" + ) | sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_mongrel + # ac_fn_c_compute_int LINENO EXPR VAR INCLUDES # -------------------------------------------- # Tries to find the compile-time value of EXPR in a program that includes @@ -2445,194 +2643,6 @@ } # ac_fn_c_compute_int -# ac_fn_c_try_link LINENO -# ----------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_link () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext conftest$ac_exeext - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - test -x conftest$ac_exeext - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information - # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would - # interfere with the next link command; also delete a directory that is - # left behind by Apple's compiler. We do this before executing the actions. - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_link - -# ac_fn_c_check_func LINENO FUNC VAR -# ---------------------------------- -# Tests whether FUNC exists, setting the cache variable VAR accordingly -ac_fn_c_check_func () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#define $2 innocuous_$2 -#ifdef __STDC__ -# include -#else -# include -#endif -#undef $2 -#ifdef __cplusplus -extern "C" -#endif -char $2 (); -#if defined __stub_$2 || defined __stub___$2 -choke me -#endif - -int main (void) -{ -return $2 (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_func - -# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists, giving a warning if it cannot be compiled using -# the include files in INCLUDES and setting the cache variable VAR -# accordingly. -ac_fn_c_check_header_mongrel () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if eval \${$3+:} false; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 -$as_echo_n "checking $2 usability... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_header_compiler=yes -else - ac_header_compiler=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 -$as_echo_n "checking $2 presence... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <$2> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - ac_header_preproc=yes -else - ac_header_preproc=no -fi -rm -f conftest.err conftest.i conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( - yes:no: ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} - ;; - no:yes:* ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} -( $as_echo "## ----------------------------------------------------------------------- ## -## Report this to a suitable curl mailing list: https://curl.haxx.se/mail/ ## -## ----------------------------------------------------------------------- ##" - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - eval "$3=\$ac_header_compiler" -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_mongrel - # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache @@ -6087,6 +6097,7 @@ curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )" curl_ssh_msg="no (--with-libssh2)" curl_zlib_msg="no (--with-zlib)" + curl_brotli_msg="no (--with-brotli)" curl_gss_msg="no (--with-gssapi)" curl_tls_srp_msg="no (--enable-tls-srp)" curl_res_msg="default (--enable-ares / --enable-threaded-resolver)" @@ -6104,7 +6115,7 @@ curl_mtlnk_msg="no (--with-libmetalink)" curl_psl_msg="no (--with-libpsl)" - init_ssl_msg=${curl_ssl_msg} + ssl_backends= INITIAL_LDFLAGS=$LDFLAGS INITIAL_LIBS=$LIBS @@ -6190,39 +6201,6 @@ -curl_includes_inttypes="\ -/* includes start */ -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_STDINT_H -# include -#endif -#ifdef HAVE_INTTYPES_H -# include -#endif -/* includes end */" - case $host_os in - irix*) - ac_cv_header_stdint_h="no" - ;; - esac - for ac_header in sys/types.h stdint.h inttypes.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$curl_includes_inttypes -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : @@ -6353,742 +6331,6 @@ EGREP="$ac_cv_path_EGREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -#include - -int main (void) -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes -else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif - -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - -else - ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then - -$as_echo "#define STDC_HEADERS 1" >>confdefs.h - -fi - -# On IRIX 5.3, sys/types and inttypes.h are conflicting. -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if cpp -P is needed" >&5 -$as_echo_n "checking if cpp -P is needed... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include -TEST EINVAL TEST - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "TEST.*TEST" >/dev/null 2>&1; then : - cpp=no -else - cpp=yes -fi -rm -f conftest* - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cpp" >&5 -$as_echo "$cpp" >&6; } - - if test "x$cpp" = "xyes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if cpp -P works" >&5 -$as_echo_n "checking if cpp -P works... " >&6; } - OLDCPPFLAGS=$CPPFLAGS - CPPFLAGS="$CPPFLAGS -P" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include -TEST EINVAL TEST - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "TEST.*TEST" >/dev/null 2>&1; then : - cpp_p=yes -else - cpp_p=no -fi -rm -f conftest* - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cpp_p" >&5 -$as_echo "$cpp_p" >&6; } - - if test "x$cpp_p" = "xno"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: failed to figure out cpp -P alternative" >&5 -$as_echo "$as_me: WARNING: failed to figure out cpp -P alternative" >&2;} - # without -P - CPPPFLAG="" - else - # with -P - CPPPFLAG="-P" - fi - CPPFLAGS=$OLDCPPFLAGS - else - # without -P - CPPPFLAG="" - fi - - - # - # - if test -z "$SED"; then - as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 - fi - # - # The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long" >&5 -$as_echo_n "checking size of long... " >&6; } -if ${ac_cv_sizeof_long+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long" "$ac_includes_default"; then : - -else - if test "$ac_cv_type_long" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (long) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_long=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5 -$as_echo "$ac_cv_sizeof_long" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_LONG $ac_cv_sizeof_long -_ACEOF - - - # The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of void*" >&5 -$as_echo_n "checking size of void*... " >&6; } -if ${ac_cv_sizeof_voidp+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (void*))" "ac_cv_sizeof_voidp" "$ac_includes_default"; then : - -else - if test "$ac_cv_type_voidp" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (void*) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_voidp=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_voidp" >&5 -$as_echo "$ac_cv_sizeof_voidp" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_VOIDP $ac_cv_sizeof_voidp -_ACEOF - - - # - if test -z "$ac_cv_sizeof_long" || - test "$ac_cv_sizeof_long" -eq "0"; then - as_fn_error $? "cannot find out size of long." "$LINENO" 5 - fi - if test -z "$ac_cv_sizeof_voidp" || - test "$ac_cv_sizeof_voidp" -eq "0"; then - as_fn_error $? "cannot find out size of void*." "$LINENO" 5 - fi - # - x_LP64_long="" - x_LP32_long="" - # - if test "$ac_cv_sizeof_long" -eq "8" && - test "$ac_cv_sizeof_voidp" -ge "8"; then - x_LP64_long="long" - elif test "$ac_cv_sizeof_long" -eq "4" && - test "$ac_cv_sizeof_voidp" -ge "4"; then - x_LP32_long="long" - fi - # - # - curl_typeof_curl_off_t="unknown" - curl_sizeof_curl_off_t="unknown" - curl_format_curl_off_t="unknown" - curl_format_curl_off_tu="unknown" - # - if test "$curl_typeof_curl_off_t" = "unknown"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64-bit curl_off_t data type" >&5 -$as_echo_n "checking for 64-bit curl_off_t data type... " >&6; } - for t8 in \ - "$x_LP64_long" \ - 'int64_t' \ - '__int64' \ - 'long long' \ - '__longlong' \ - '__longlong_t' ; do - - if test "$curl_typeof_curl_off_t" = "unknown" && test ! -z "$t8"; then - tmp_includes="" - tmp_source="" - tmp_fmt="" - case `echo "$t8" | sed 's/[^a-zA-Z0-9_]/_/g'` in - int64_t) - tmp_includes="$curl_includes_inttypes" - tmp_source="char f[] = PRId64;" - tmp_fmt="PRId64" - ;; - int32_t) - tmp_includes="$curl_includes_inttypes" - tmp_source="char f[] = PRId32;" - tmp_fmt="PRId32" - ;; - int16_t) - tmp_includes="$curl_includes_inttypes" - tmp_source="char f[] = PRId16;" - tmp_fmt="PRId16" - ;; - esac - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - - $tmp_includes - typedef $t8 curl_off_t; - typedef char dummy_arr[sizeof(curl_off_t) == 8 ? 1 : -1]; - -int main (void) -{ - - $tmp_source - curl_off_t dummy; - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - if test -z "$tmp_fmt"; then - curl_typeof_curl_off_t="$t8" - curl_sizeof_curl_off_t="8" - else - - OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAG comes from CURL_CPP_P - CPPFLAGS="$CPPFLAGS $CPPPFLAG" - as_ac_HaveDef=`$as_echo "curl_cv_have_def_$tmp_fmt" | $as_tr_sh` - as_ac_Def=`$as_echo "curl_cv_def_$tmp_fmt" | $as_tr_sh` - if test -z "$SED"; then - as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 - fi - if test -z "$GREP"; then - as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5 - fi - - tmp_exp="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - $curl_includes_inttypes -#ifdef $tmp_fmt -CURL_DEF_TOKEN $tmp_fmt -#endif - - -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - - tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \ - "$GREP" CURL_DEF_TOKEN 2>/dev/null | \ - "$SED" 's/.*CURL_DEF_TOKEN[ ][ ]*//' 2>/dev/null | \ - "$SED" 's/["][ ]*["]//g' 2>/dev/null` - if test -z "$tmp_exp" || test "$tmp_exp" = "$tmp_fmt"; then - tmp_exp="" - fi - -fi -rm -f conftest.err conftest.i conftest.$ac_ext - if test -z "$tmp_exp"; then - eval "$as_ac_HaveDef=no" - - else - eval "$as_ac_HaveDef=yes" - eval "$as_ac_Def=\$tmp_exp" - - fi - CPPFLAGS=$OLDCPPFLAGS - - as_tmp_HaveFmtDef=`$as_echo "curl_cv_have_def_$tmp_fmt" | $as_tr_sh` - as_tmp_FmtDef=`$as_echo "curl_cv_def_$tmp_fmt" | $as_tr_sh` - if test `eval 'as_val=${'$as_tmp_HaveFmtDef'};$as_echo "$as_val"'` = "yes"; then - curl_format_curl_off_t=`eval 'as_val=${'$as_tmp_FmtDef'};$as_echo "$as_val"'` - curl_typeof_curl_off_t="$t8" - curl_sizeof_curl_off_t="8" - fi - fi - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - - done - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_typeof_curl_off_t" >&5 -$as_echo "$curl_typeof_curl_off_t" >&6; } - fi - if test "$curl_typeof_curl_off_t" = "unknown"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 32-bit curl_off_t data type" >&5 -$as_echo_n "checking for 32-bit curl_off_t data type... " >&6; } - for t4 in \ - "$x_LP32_long" \ - 'int32_t' \ - '__int32' \ - 'int' ; do - - if test "$curl_typeof_curl_off_t" = "unknown" && test ! -z "$t4"; then - tmp_includes="" - tmp_source="" - tmp_fmt="" - case `echo "$t4" | sed 's/[^a-zA-Z0-9_]/_/g'` in - int64_t) - tmp_includes="$curl_includes_inttypes" - tmp_source="char f[] = PRId64;" - tmp_fmt="PRId64" - ;; - int32_t) - tmp_includes="$curl_includes_inttypes" - tmp_source="char f[] = PRId32;" - tmp_fmt="PRId32" - ;; - int16_t) - tmp_includes="$curl_includes_inttypes" - tmp_source="char f[] = PRId16;" - tmp_fmt="PRId16" - ;; - esac - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - - $tmp_includes - typedef $t4 curl_off_t; - typedef char dummy_arr[sizeof(curl_off_t) == 4 ? 1 : -1]; - -int main (void) -{ - - $tmp_source - curl_off_t dummy; - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - if test -z "$tmp_fmt"; then - curl_typeof_curl_off_t="$t4" - curl_sizeof_curl_off_t="4" - else - - OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAG comes from CURL_CPP_P - CPPFLAGS="$CPPFLAGS $CPPPFLAG" - as_ac_HaveDef=`$as_echo "curl_cv_have_def_$tmp_fmt" | $as_tr_sh` - as_ac_Def=`$as_echo "curl_cv_def_$tmp_fmt" | $as_tr_sh` - if test -z "$SED"; then - as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 - fi - if test -z "$GREP"; then - as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5 - fi - - tmp_exp="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - $curl_includes_inttypes -#ifdef $tmp_fmt -CURL_DEF_TOKEN $tmp_fmt -#endif - - -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - - tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \ - "$GREP" CURL_DEF_TOKEN 2>/dev/null | \ - "$SED" 's/.*CURL_DEF_TOKEN[ ][ ]*//' 2>/dev/null | \ - "$SED" 's/["][ ]*["]//g' 2>/dev/null` - if test -z "$tmp_exp" || test "$tmp_exp" = "$tmp_fmt"; then - tmp_exp="" - fi - -fi -rm -f conftest.err conftest.i conftest.$ac_ext - if test -z "$tmp_exp"; then - eval "$as_ac_HaveDef=no" - - else - eval "$as_ac_HaveDef=yes" - eval "$as_ac_Def=\$tmp_exp" - - fi - CPPFLAGS=$OLDCPPFLAGS - - as_tmp_HaveFmtDef=`$as_echo "curl_cv_have_def_$tmp_fmt" | $as_tr_sh` - as_tmp_FmtDef=`$as_echo "curl_cv_def_$tmp_fmt" | $as_tr_sh` - if test `eval 'as_val=${'$as_tmp_HaveFmtDef'};$as_echo "$as_val"'` = "yes"; then - curl_format_curl_off_t=`eval 'as_val=${'$as_tmp_FmtDef'};$as_echo "$as_val"'` - curl_typeof_curl_off_t="$t4" - curl_sizeof_curl_off_t="4" - fi - fi - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - - done - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_typeof_curl_off_t" >&5 -$as_echo "$curl_typeof_curl_off_t" >&6; } - fi - if test "$curl_typeof_curl_off_t" = "unknown"; then - as_fn_error $? "cannot find data type for curl_off_t." "$LINENO" 5 - fi - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of curl_off_t" >&5 -$as_echo_n "checking size of curl_off_t... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_sizeof_curl_off_t" >&5 -$as_echo "$curl_sizeof_curl_off_t" >&6; } - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking formatting string directive for curl_off_t" >&5 -$as_echo_n "checking formatting string directive for curl_off_t... " >&6; } - if test "$curl_format_curl_off_t" != "unknown"; then - x_pull_headers="yes" - curl_format_curl_off_t=`echo "$curl_format_curl_off_t" | "$SED" 's/["]//g'` - curl_format_curl_off_tu=`echo "$curl_format_curl_off_t" | "$SED" 's/i$/u/'` - curl_format_curl_off_tu=`echo "$curl_format_curl_off_tu" | "$SED" 's/d$/u/'` - curl_format_curl_off_tu=`echo "$curl_format_curl_off_tu" | "$SED" 's/D$/U/'` - else - x_pull_headers="no" - case `echo "$curl_typeof_curl_off_t" | sed 's/[^a-zA-Z0-9_]/_/g'` in - long_long | __longlong | __longlong_t) - curl_format_curl_off_t="lld" - curl_format_curl_off_tu="llu" - ;; - long) - curl_format_curl_off_t="ld" - curl_format_curl_off_tu="lu" - ;; - int) - curl_format_curl_off_t="d" - curl_format_curl_off_tu="u" - ;; - __int64) - curl_format_curl_off_t="I64d" - curl_format_curl_off_tu="I64u" - ;; - __int32) - curl_format_curl_off_t="I32d" - curl_format_curl_off_tu="I32u" - ;; - __int16) - curl_format_curl_off_t="I16d" - curl_format_curl_off_tu="I16u" - ;; - *) - as_fn_error $? "cannot find print format string for curl_off_t." "$LINENO" 5 - ;; - esac - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$curl_format_curl_off_t\"" >&5 -$as_echo "\"$curl_format_curl_off_t\"" >&6; } - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking formatting string directive for unsigned curl_off_t" >&5 -$as_echo_n "checking formatting string directive for unsigned curl_off_t... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$curl_format_curl_off_tu\"" >&5 -$as_echo "\"$curl_format_curl_off_tu\"" >&6; } - # - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking constant suffix string for curl_off_t" >&5 -$as_echo_n "checking constant suffix string for curl_off_t... " >&6; } - # - curl_suffix_curl_off_t="unknown" - curl_suffix_curl_off_tu="unknown" - # - case `echo "$curl_typeof_curl_off_t" | sed 's/[^a-zA-Z0-9_]/_/g'` in - long_long | __longlong | __longlong_t) - tst_suffixes="LL::" - ;; - long) - tst_suffixes="L::" - ;; - int) - tst_suffixes="::" - ;; - __int64 | int64_t) - tst_suffixes="LL:i64::" - ;; - __int32 | int32_t) - tst_suffixes="L:i32::" - ;; - __int16 | int16_t) - tst_suffixes="L:i16::" - ;; - *) - as_fn_error $? "unexpected data type $curl_typeof_curl_off_t" "$LINENO" 5 - ;; - esac - # - old_IFS=$IFS; IFS=':' - for tmp_ssuf in $tst_suffixes ; do - IFS=$old_IFS - if test "x$curl_suffix_curl_off_t" = "xunknown"; then - case $tmp_ssuf in - i64 | i32 | i16) - tmp_usuf="u$tmp_ssuf" - ;; - LL | L) - tmp_usuf="U$tmp_ssuf" - ;; - *) - tmp_usuf="" - ;; - esac - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - - $curl_includes_inttypes - typedef $curl_typeof_curl_off_t new_t; - -int main (void) -{ - - new_t s1; - new_t s2; - s1 = -10$tmp_ssuf ; - s2 = 20$tmp_ssuf ; - if(s1 > s2) - return 1; - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - curl_suffix_curl_off_t="$tmp_ssuf" - curl_suffix_curl_off_tu="$tmp_usuf" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - done - IFS=$old_IFS - # - if test "x$curl_suffix_curl_off_t" = "xunknown"; then - as_fn_error $? "cannot find constant suffix string for curl_off_t." "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_suffix_curl_off_t" >&5 -$as_echo "$curl_suffix_curl_off_t" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking constant suffix string for unsigned curl_off_t" >&5 -$as_echo_n "checking constant suffix string for unsigned curl_off_t... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_suffix_curl_off_tu" >&5 -$as_echo "$curl_suffix_curl_off_tu" >&6; } - fi - # - - # - if test "$x_pull_headers" = "yes"; then - if test "x$ac_cv_header_sys_types_h" = "xyes"; then - -cat >>confdefs.h <<_EOF -#define CURL_PULL_SYS_TYPES_H 1 -_EOF - - fi - if test "x$ac_cv_header_stdint_h" = "xyes"; then - -cat >>confdefs.h <<_EOF -#define CURL_PULL_STDINT_H 1 -_EOF - - fi - if test "x$ac_cv_header_inttypes_h" = "xyes"; then - -cat >>confdefs.h <<_EOF -#define CURL_PULL_INTTYPES_H 1 -_EOF - - fi - fi - # - -cat >>confdefs.h <<_EOF -#define CURL_TYPEOF_CURL_OFF_T $curl_typeof_curl_off_t -_EOF - - -cat >>confdefs.h <<_EOF -#define CURL_FORMAT_CURL_OFF_T "$curl_format_curl_off_t" -_EOF - - -cat >>confdefs.h <<_EOF -#define CURL_FORMAT_CURL_OFF_TU "$curl_format_curl_off_tu" -_EOF - - -cat >>confdefs.h <<_EOF -#define CURL_FORMAT_OFF_T "%$curl_format_curl_off_t" -_EOF - - -cat >>confdefs.h <<_EOF -#define CURL_SIZEOF_CURL_OFF_T $curl_sizeof_curl_off_t -_EOF - - -cat >>confdefs.h <<_EOF -#define CURL_SUFFIX_CURL_OFF_T $curl_suffix_curl_off_t -_EOF - - -cat >>confdefs.h <<_EOF -#define CURL_SUFFIX_CURL_OFF_TU $curl_suffix_curl_off_tu -_EOF - - # - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if OS is AIX (to define _ALL_SOURCE)" >&5 @@ -11535,40 +10777,168 @@ ;; esac -# func_munge_path_list VARIABLE PATH -# ----------------------------------- -# VARIABLE is name of variable containing _space_ separated list of -# directories to be munged by the contents of PATH, which is string -# having a format: -# "DIR[:DIR]:" -# string "DIR[ DIR]" will be prepended to VARIABLE -# ":DIR[:DIR]" -# string "DIR[ DIR]" will be appended to VARIABLE -# "DIRP[:DIRP]::[DIRA:]DIRA" -# string "DIRP[ DIRP]" will be prepended to VARIABLE and string -# "DIRA[ DIRA]" will be appended to VARIABLE -# "DIR[:DIR]" -# VARIABLE will be replaced by "DIR[ DIR]" -func_munge_path_list () +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () { - case x$2 in - x) - ;; - *:) - eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" - ;; - x:*) - eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" - ;; - *::*) - eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" - eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" - ;; - *) - eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" - ;; - esac + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; } +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + for ac_header in dlfcn.h do : @@ -16566,6 +15936,65 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if cpp -P is needed" >&5 +$as_echo_n "checking if cpp -P is needed... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include +TEST EINVAL TEST + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "TEST.*TEST" >/dev/null 2>&1; then : + cpp=no +else + cpp=yes +fi +rm -f conftest* + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cpp" >&5 +$as_echo "$cpp" >&6; } + + if test "x$cpp" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if cpp -P works" >&5 +$as_echo_n "checking if cpp -P works... " >&6; } + OLDCPPFLAGS=$CPPFLAGS + CPPFLAGS="$CPPFLAGS -P" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include +TEST EINVAL TEST + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "TEST.*TEST" >/dev/null 2>&1; then : + cpp_p=yes +else + cpp_p=no +fi +rm -f conftest* + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cpp_p" >&5 +$as_echo "$cpp_p" >&6; } + + if test "x$cpp_p" = "xno"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: failed to figure out cpp -P alternative" >&5 +$as_echo "$as_me: WARNING: failed to figure out cpp -P alternative" >&2;} + # without -P + CPPPFLAG="" + else + # with -P + CPPPFLAG="-P" + fi + CPPFLAGS=$OLDCPPFLAGS + else + # without -P + CPPPFLAG="" + fi + + # compiler_id="unknown" compiler_num="0" @@ -16997,7 +16426,7 @@ clangver=`echo $fullclangver | grep "based on LLVM " | "$SED" 's/.*(based on LLVM \([0-9]*\.[0-9]*\).*)/\1/'` if test -z "$clangver"; then if echo $fullclangver | grep "Apple LLVM version " >/dev/null; then - clangver=`3.7` + clangver="3.7" else clangver=`echo $fullclangver | "$SED" 's/.*version \([0-9]*\.[0-9]*\).*/\1/'` fi @@ -18503,6 +17932,11 @@ # if test "$compiler_num" -ge "309"; then tmp_CFLAGS="$tmp_CFLAGS -Wcomma" + # avoid the varargs warning, fixed in 4.0 + # https://bugs.llvm.org/show_bug.cgi?id=29140 + if test "$compiler_num" -lt "400"; then + tmp_CFLAGS="$tmp_CFLAGS -Wno-varargs" + fi fi fi ;; @@ -19747,6 +19181,43 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking to see if the compiler supports __builtin_available()" >&5 +$as_echo_n "checking to see if the compiler supports __builtin_available()... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +#include + +int main (void) +{ + + if (__builtin_available(macOS 10.8, iOS 5.0, *)) {} + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +cat >>confdefs.h <<_ACEOF +#define HAVE_BUILTIN_AVAILABLE 1 +_ACEOF + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to support http" >&5 $as_echo_n "checking whether to support http... " >&6; } # Check whether --enable-http was given. @@ -21499,6 +20970,262 @@ + +OPT_BROTLI=off + +# Check whether --with-brotli was given. +if test "${with_brotli+set}" = set; then : + withval=$with_brotli; OPT_BROTLI=$withval +fi + + +if test X"$OPT_BROTLI" != Xno; then + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + case "$OPT_BROTLI" in + yes) + + if test -n "$PKG_CONFIG"; then + PKGCONFIG="$PKG_CONFIG" + else + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKGCONFIG=$ac_cv_path_PKGCONFIG +if test -n "$PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 +$as_echo "$PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKGCONFIG"; then + ac_pt_PKGCONFIG=$PKGCONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG +if test -n "$ac_pt_PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 +$as_echo "$ac_pt_PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKGCONFIG" = x; then + PKGCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKGCONFIG=$ac_pt_PKGCONFIG + fi +else + PKGCONFIG="$ac_cv_path_PKGCONFIG" +fi + + fi + + if test "x$PKGCONFIG" != "xno"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libbrotlidec options with pkg-config" >&5 +$as_echo_n "checking for libbrotlidec options with pkg-config... " >&6; } + itexists=` + if test -n ""; then + PKG_CONFIG_LIBDIR="" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --exists libbrotlidec >/dev/null 2>&1 && echo 1` + + if test -z "$itexists"; then + PKGCONFIG="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 +$as_echo "found" >&6; } + fi + fi + + + if test "$PKGCONFIG" != "no" ; then + LIB_BROTLI=`$PKGCONFIG --libs-only-l libbrotlidec` + LD_BROTLI=`$PKGCONFIG --libs-only-L libbrotlidec` + CPP_BROTLI=`$PKGCONFIG --cflags-only-I libbrotlidec` + version=`$PKGCONFIG --modversion libbrotlidec` + DIR_BROTLI=`echo $LD_BROTLI | $SED -e 's/-L//'` + fi + + ;; + off) + ;; + *) + PREFIX_BROTLI=$OPT_BROTLI + ;; + esac + + if test -n "$PREFIX_BROTLI"; then + LIB_BROTLI="-lbrotlidec" + LD_BROTLI=-L${PREFIX_BROTLI}/lib$libsuff + CPP_BROTLI=-I${PREFIX_BROTLI}/include + DIR_BROTLI=${PREFIX_BROTLI}/lib$libsuff + fi + + LDFLAGS="$LDFLAGS $LD_BROTLI" + CPPFLAGS="$CPPFLAGS $CPP_BROTLI" + LIBS="$LIB_BROTLI $LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BrotliDecoderDecompress in -lbrotlidec" >&5 +$as_echo_n "checking for BrotliDecoderDecompress in -lbrotlidec... " >&6; } +if ${ac_cv_lib_brotlidec_BrotliDecoderDecompress+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lbrotlidec $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +#ifdef __cplusplus +extern "C" +#endif +char BrotliDecoderDecompress (); +int main (void) +{ +return BrotliDecoderDecompress (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_brotlidec_BrotliDecoderDecompress=yes +else + ac_cv_lib_brotlidec_BrotliDecoderDecompress=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_brotlidec_BrotliDecoderDecompress" >&5 +$as_echo "$ac_cv_lib_brotlidec_BrotliDecoderDecompress" >&6; } +if test "x$ac_cv_lib_brotlidec_BrotliDecoderDecompress" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBBROTLIDEC 1 +_ACEOF + + LIBS="-lbrotlidec $LIBS" + +fi + + + for ac_header in brotli/decode.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "brotli/decode.h" "ac_cv_header_brotli_decode_h" "$ac_includes_default" +if test "x$ac_cv_header_brotli_decode_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_BROTLI_DECODE_H 1 +_ACEOF + curl_brotli_msg="enabled (libbrotlidec)" + HAVE_BROTLI=1 + +$as_echo "#define HAVE_BROTLI 1" >>confdefs.h + + HAVE_BROTLI=1 + + +fi + +done + + + if test X"$OPT_BROTLI" != Xoff && + test "$HAVE_BROTLI" != "1"; then + as_fn_error $? "BROTLI libs and/or directories were not found where specified!" "$LINENO" 5 + fi + + if test "$HAVE_BROTLI" = "1"; then + if test -n "$DIR_BROTLI"; then + + if test "x$cross_compiling" != "xyes"; then + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_BROTLI" + export LD_LIBRARY_PATH + { $as_echo "$as_me:${as_lineno-$LINENO}: Added $DIR_BROTLI to LD_LIBRARY_PATH" >&5 +$as_echo "$as_me: Added $DIR_BROTLI to LD_LIBRARY_PATH" >&6;} + fi + fi + else + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + fi +fi + + LDAPLIBNAME="" # Check whether --with-ldap-lib was given. @@ -22505,6 +22232,42 @@ CPPFLAGS="$save_CPPFLAGS" fi +build_libstubgss=no +if test x"$want_gss" = "xyes"; then + build_libstubgss=yes +fi + + if test "x$build_libstubgss" = "xyes"; then + BUILD_STUB_GSS_TRUE= + BUILD_STUB_GSS_FALSE='#' +else + BUILD_STUB_GSS_TRUE='#' + BUILD_STUB_GSS_FALSE= +fi + + + +DEFAULT_SSL_BACKEND=no +VALID_DEFAULT_SSL_BACKEND= + +# Check whether --with-default-ssl-backend was given. +if test "${with_default_ssl_backend+set}" = set; then : + withval=$with_default_ssl_backend; DEFAULT_SSL_BACKEND=$withval +fi + +case "$DEFAULT_SSL_BACKEND" in + no) + ;; + default|yes) + as_fn_error $? "The name of the default SSL backend is required." "$LINENO" 5 + ;; + *) + + VALID_DEFAULT_SSL_BACKEND=no + ;; +esac + + OPT_WINSSL=no @@ -22516,7 +22279,8 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable Windows native SSL/TLS (Windows native builds only)" >&5 $as_echo_n "checking whether to enable Windows native SSL/TLS (Windows native builds only)... " >&6; } -if test "$curl_ssl_msg" = "$init_ssl_msg"; then +if test -z "$ssl_backends" -o "x$OPT_WINSSL" != xno; then + ssl_msg= if test "x$OPT_WINSSL" != "xno" && test "x$curl_cv_native_windows" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -22526,7 +22290,8 @@ USE_SCHANNEL=1 - curl_ssl_msg="enabled (Windows-native)" + ssl_msg="Windows-native" + test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes WINSSL_ENABLED=1 # --with-winssl implies --enable-sspi @@ -22540,6 +22305,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -22555,7 +22321,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable Apple OS native SSL/TLS" >&5 $as_echo_n "checking whether to enable Apple OS native SSL/TLS... " >&6; } -if test "$curl_ssl_msg" = "$init_ssl_msg"; then +if test -z "$ssl_backends" -o "x$OPT_DARWINSSL" != xno; then if test "x$OPT_DARWINSSL" != "xno" && test -d "/System/Library/Frameworks/Security.framework"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -22565,13 +22331,15 @@ USE_DARWINSSL=1 - curl_ssl_msg="enabled (Apple OS-native)" + ssl_msg="Apple OS-native" + test darwinssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes DARWINSSL_ENABLED=1 LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -22587,7 +22355,10 @@ fi -if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then +if test -z "$ssl_backends" -o "x$OPT_SSL" != xno && + test X"$OPT_SSL" != Xno; then + ssl_msg= + CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" @@ -23095,7 +22866,8 @@ cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF - curl_ssl_msg="enabled (OpenSSL)" + ssl_msg="OpenSSL" + test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes OPENSSL_ENABLED=1 $as_echo "#define USE_OPENSSL 1" >>confdefs.h @@ -23123,26 +22895,13 @@ if test $ac_cv_header_x509_h = yes && test $ac_cv_header_crypto_h = yes && test $ac_cv_header_ssl_h = yes; then - curl_ssl_msg="enabled (OpenSSL)" + ssl_msg="OpenSSL" OPENSSL_ENABLED=1 fi fi fi - if test X"$OPENSSL_ENABLED" = X"1"; then - for ac_header in openssl/pkcs12.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "openssl/pkcs12.h" "ac_cv_header_openssl_pkcs12_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_pkcs12_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_PKCS12_H 1 -_ACEOF - -fi - -done - - else + if test X"$OPENSSL_ENABLED" != X"1"; then LIBS="$CLEANLIBS" fi @@ -23230,7 +22989,7 @@ #define HAVE_BORINGSSL 1 _ACEOF - curl_ssl_msg="enabled (BoringSSL)" + ssl_msg="BoringSSL" else @@ -23267,7 +23026,7 @@ #define HAVE_LIBRESSL 1 _ACEOF - curl_ssl_msg="enabled (libressl)" + ssl_msg="libressl" else @@ -23910,6 +23669,7 @@ fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi @@ -24031,7 +23791,8 @@ fi -if test "$curl_ssl_msg" = "$init_ssl_msg"; then +if test -z "$ssl_backends" -o "x$OPT_GNUTLS" != xno; then + ssl_msg= if test X"$OPT_GNUTLS" != Xno; then @@ -24259,7 +24020,8 @@ GNUTLS_ENABLED=1 USE_GNUTLS="yes" - curl_ssl_msg="enabled (GnuTLS)" + ssl_msg="GnuTLS" + test gnutls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes else @@ -24298,6 +24060,7 @@ fi fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi @@ -24532,7 +24295,8 @@ fi -if test "$curl_ssl_msg" = "$init_ssl_msg"; then +if test -z "$ssl_backends" -o "x$OPT_POLARSSL" != xno; then + ssl_msg= if test X"$OPT_POLARSSL" != Xno; then @@ -24584,7 +24348,8 @@ POLARSSL_ENABLED=1 USE_POLARSSL="yes" - curl_ssl_msg="enabled (PolarSSL)" + ssl_msg="PolarSSL" + test polarssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes fi @@ -24647,7 +24412,8 @@ POLARSSL_ENABLED=1 USE_POLARSSL="yes" - curl_ssl_msg="enabled (PolarSSL)" + ssl_msg="PolarSSL" + test polarssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes else @@ -24675,6 +24441,7 @@ fi fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi @@ -24689,7 +24456,8 @@ fi -if test "$curl_ssl_msg" = "$init_ssl_msg"; then +if test -z "$ssl_backends" -o "x$OPT_MBEDTLS" != xno; then + ssl_msg= if test X"$OPT_MBEDTLS" != Xno; then @@ -24741,7 +24509,8 @@ MBEDTLS_ENABLED=1 USE_MBEDTLS="yes" - curl_ssl_msg="enabled (mbedTLS)" + ssl_msg="mbedTLS" + test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes fi @@ -24804,7 +24573,8 @@ MBEDTLS_ENABLED=1 USE_MBEDTLS="yes" - curl_ssl_msg="enabled (mbedTLS)" + ssl_msg="mbedTLS" + test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes else @@ -24832,6 +24602,7 @@ fi fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi @@ -24846,7 +24617,8 @@ fi -if test "$curl_ssl_msg" = "$init_ssl_msg"; then +if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then + ssl_msg= if test X"$OPT_CYASSL" != Xno; then @@ -24901,7 +24673,8 @@ CYASSL_ENABLED=1 USE_CYASSL="yes" - curl_ssl_msg="enabled (CyaSSL)" + ssl_msg="CyaSSL" + test cyassl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes fi @@ -24964,7 +24737,8 @@ CYASSL_ENABLED=1 USE_CYASSL="yes" - curl_ssl_msg="enabled (CyaSSL)" + ssl_msg="CyaSSL" + test cyassl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes else @@ -25027,7 +24801,8 @@ CYASSL_ENABLED=1 USE_CYASSL="yes" - curl_ssl_msg="enabled (WolfSSL)" + ssl_msg="WolfSSL" + test cyassl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes else @@ -25153,6 +24928,7 @@ fi fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi @@ -25165,7 +24941,8 @@ fi -if test "$curl_ssl_msg" = "$init_ssl_msg"; then +if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then + ssl_msg= if test X"$OPT_NSS" != Xno; then @@ -25550,7 +25327,8 @@ USE_NSS="yes" NSS_ENABLED=1 - curl_ssl_msg="enabled (NSS)" + ssl_msg="NSS" + test nss != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes else @@ -25577,7 +25355,9 @@ fi fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi + OPT_AXTLS=off @@ -25587,7 +25367,8 @@ fi -if test "$curl_ssl_msg" = "$init_ssl_msg"; then +if test -z "$ssl_backends" -o "x$OPT_AXTLS" != xno; then + ssl_msg= if test X"$OPT_AXTLS" != Xno; then CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" @@ -25654,7 +25435,8 @@ AXTLS_ENABLED=1 USE_AXTLS="yes" - curl_ssl_msg="enabled (axTLS)" + ssl_msg="axTLS" + test axtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes if test "x$cross_compiling" != "xyes"; then LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_AXTLS" @@ -25672,17 +25454,56 @@ fi fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi -if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then +case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" in +x) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more." >&5 $as_echo "$as_me: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more." >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this." >&5 $as_echo "$as_me: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this." >&2;} -else - # SSL is enabled, genericly + ;; +x1) + # one SSL backend is enabled + + SSL_ENABLED="1" + { $as_echo "$as_me:${as_lineno-$LINENO}: built with one SSL backend" >&5 +$as_echo "$as_me: built with one SSL backend" >&6;} + ;; +*) + # more than one SSL backend is enabled SSL_ENABLED="1" + + CURL_WITH_MULTI_SSL="1" + +$as_echo "#define CURL_WITH_MULTI_SSL 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: built with multiple SSL backends" >&5 +$as_echo "$as_me: built with multiple SSL backends" >&6;} + ;; +esac + +if test -n "$ssl_backends"; then + curl_ssl_msg="enabled ($ssl_backends)" +fi + +if test no = "$VALID_DEFAULT_SSL_BACKEND" +then + if test -n "$SSL_ENABLED" + then + as_fn_error $? "Default SSL backend $DEFAULT_SSL_BACKEND not enabled!" "$LINENO" 5 + else + as_fn_error $? "Default SSL backend requires SSL!" "$LINENO" 5 + fi +elif test yes = "$VALID_DEFAULT_SSL_BACKEND" +then + +cat >>confdefs.h <<_ACEOF +#define CURL_DEFAULT_SSL_BACKEND "$DEFAULT_SSL_BACKEND" +_ACEOF + fi @@ -26820,7 +26641,9 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - if test "x$OPENSSL_ENABLED" = "x1"; then + if test "x$CURL_WITH_MULTI_SSL" = "x1"; then + versioned_symbols_flavour="MULTISSL_" + elif test "x$OPENSSL_ENABLED" = "x1"; then versioned_symbols_flavour="OPENSSL_" elif test "x$GNUTLS_ENABLED" = "x1"; then versioned_symbols_flavour="GNUTLS_" @@ -28003,6 +27826,7 @@ net/if.h \ netinet/in.h \ sys/un.h \ + linux/tcp.h \ netinet/tcp.h \ netdb.h \ sys/sockio.h \ @@ -28558,17 +28382,6 @@ _ACEOF - - if test -z "$ac_cv_sizeof_long" || - test "$ac_cv_sizeof_long" -eq "0"; then - as_fn_error $? "cannot find out size of long." "$LINENO" 5 - fi - -cat >>confdefs.h <<_EOF -#define CURL_SIZEOF_LONG $ac_cv_sizeof_long -_EOF - - # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. @@ -28636,16 +28449,45 @@ -soname_bump=no -if test x"$curl_cv_native_windows" != "xyes" && - test $ac_cv_sizeof_off_t -ne $curl_sizeof_curl_off_t; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: This libcurl built is probably not ABI compatible with previous" >&5 -$as_echo "$as_me: WARNING: This libcurl built is probably not ABI compatible with previous" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: builds! You MUST read lib/README.curl_off_t to figure it out." >&5 -$as_echo "$as_me: WARNING: builds! You MUST read lib/README.curl_off_t to figure it out." >&2;} - soname_bump=yes +o=$CPPFLAGS +CPPFLAGS="-I$srcdir/include $CPPFLAGS" +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of curl_off_t" >&5 +$as_echo_n "checking size of curl_off_t... " >&6; } +if ${ac_cv_sizeof_curl_off_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (curl_off_t))" "ac_cv_sizeof_curl_off_t" " +#include + +"; then : + +else + if test "$ac_cv_type_curl_off_t" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (curl_off_t) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_curl_off_t=0 + fi +fi + fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_curl_off_t" >&5 +$as_echo "$ac_cv_sizeof_curl_off_t" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_CURL_OFF_T $ac_cv_sizeof_curl_off_t +_ACEOF + +CPPFLAGS=$o ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default" if test "x$ac_cv_type_long_long" = xyes; then : @@ -39829,6 +39671,7 @@ getrlimit \ gettimeofday \ if_nametoindex \ + mach_absolute_time \ pipe \ setlocale \ setmode \ @@ -40660,12 +40503,12 @@ fi case "$OPT_THRES" in - *) - want_thres="yes" - ;; no) want_thres="no" ;; + *) + want_thres="yes" + ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $want_thres" >&5 $as_echo "$want_thres" >&6; } @@ -41076,36 +40919,6 @@ - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enforce SONAME bump" >&5 -$as_echo_n "checking whether to enforce SONAME bump... " >&6; } -# Check whether --enable-soname-bump was given. -if test "${enable_soname_bump+set}" = set; then : - enableval=$enable_soname_bump; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - soname_bump=yes - ;; - *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $soname_bump" >&5 -$as_echo "$soname_bump" >&6; } - -fi - - if test x$soname_bump = xyes; then - SONAME_BUMP_TRUE= - SONAME_BUMP_FALSE='#' -else - SONAME_BUMP_TRUE='#' - SONAME_BUMP_FALSE= -fi - - LIBCURL_LIBS=$LIBS @@ -41146,6 +40959,9 @@ if test "x$HAVE_LIBZ" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES libz" fi +if test "x$HAVE_BROTLI" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES brotli" +fi if test "x$USE_ARES" = "x1" -o "x$USE_THREADS_POSIX" = "x1" \ -o "x$USE_THREADS_WIN32" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES AsynchDNS" @@ -41196,6 +41012,10 @@ SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2" fi +if test "x$CURL_WITH_MULTI_SSL" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES MultiSSL" +fi + if test "x$OPENSSL_ENABLED" = "x1" -o "x$GNUTLS_ENABLED" = "x1" \ -o "x$NSS_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" @@ -41469,7 +41289,7 @@ ac_configure_args="$ac_configure_args --enable-curldebug" fi -ac_config_files="$ac_config_files Makefile docs/Makefile docs/examples/Makefile docs/libcurl/Makefile docs/libcurl/opts/Makefile docs/cmdline-opts/Makefile include/Makefile include/curl/Makefile src/Makefile lib/Makefile scripts/Makefile lib/libcurl.vers tests/Makefile tests/certs/Makefile tests/certs/scripts/Makefile tests/data/Makefile tests/server/Makefile tests/libtest/Makefile tests/unit/Makefile tests/fuzz/Makefile packages/Makefile packages/Win32/Makefile packages/Win32/cygwin/Makefile packages/Linux/Makefile packages/Linux/RPM/Makefile packages/Linux/RPM/curl.spec packages/Linux/RPM/curl-ssl.spec packages/Solaris/Makefile packages/EPM/curl.list packages/EPM/Makefile packages/vms/Makefile packages/AIX/Makefile packages/AIX/RPM/Makefile packages/AIX/RPM/curl.spec curl-config libcurl.pc" +ac_config_files="$ac_config_files Makefile docs/Makefile docs/examples/Makefile docs/libcurl/Makefile docs/libcurl/opts/Makefile docs/cmdline-opts/Makefile include/Makefile include/curl/Makefile src/Makefile lib/Makefile scripts/Makefile lib/libcurl.vers tests/Makefile tests/certs/Makefile tests/certs/scripts/Makefile tests/data/Makefile tests/server/Makefile tests/libtest/Makefile tests/unit/Makefile packages/Makefile packages/Win32/Makefile packages/Win32/cygwin/Makefile packages/Linux/Makefile packages/Linux/RPM/Makefile packages/Linux/RPM/curl.spec packages/Linux/RPM/curl-ssl.spec packages/Solaris/Makefile packages/EPM/curl.list packages/EPM/Makefile packages/vms/Makefile packages/AIX/Makefile packages/AIX/RPM/Makefile packages/AIX/RPM/curl.spec curl-config libcurl.pc" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -41648,6 +41468,10 @@ as_fn_error $? "conditional \"HAVE_LIBZ\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${BUILD_STUB_GSS_TRUE}" && test -z "${BUILD_STUB_GSS_FALSE}"; then + as_fn_error $? "conditional \"BUILD_STUB_GSS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_LIBPSL_TRUE}" && test -z "${USE_LIBPSL_FALSE}"; then as_fn_error $? "conditional \"USE_LIBPSL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -41672,10 +41496,6 @@ as_fn_error $? "conditional \"DOING_CURL_SYMBOL_HIDING\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${SONAME_BUMP_TRUE}" && test -z "${SONAME_BUMP_FALSE}"; then - as_fn_error $? "conditional \"SONAME_BUMP\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${CROSSCOMPILING_TRUE}" && test -z "${CROSSCOMPILING_FALSE}"; then as_fn_error $? "conditional \"CROSSCOMPILING\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -42571,7 +42391,6 @@ "tests/server/Makefile") CONFIG_FILES="$CONFIG_FILES tests/server/Makefile" ;; "tests/libtest/Makefile") CONFIG_FILES="$CONFIG_FILES tests/libtest/Makefile" ;; "tests/unit/Makefile") CONFIG_FILES="$CONFIG_FILES tests/unit/Makefile" ;; - "tests/fuzz/Makefile") CONFIG_FILES="$CONFIG_FILES tests/fuzz/Makefile" ;; "packages/Makefile") CONFIG_FILES="$CONFIG_FILES packages/Makefile" ;; "packages/Win32/Makefile") CONFIG_FILES="$CONFIG_FILES packages/Win32/Makefile" ;; "packages/Win32/cygwin/Makefile") CONFIG_FILES="$CONFIG_FILES packages/Win32/cygwin/Makefile" ;; @@ -44151,6 +43970,7 @@ SSL support: ${curl_ssl_msg} SSH support: ${curl_ssh_msg} zlib support: ${curl_zlib_msg} + brotli support: ${curl_brotli_msg} GSS-API support: ${curl_gss_msg} TLS-SRP support: ${curl_tls_srp_msg} resolver: ${curl_res_msg} @@ -44183,6 +44003,7 @@ SSL support: ${curl_ssl_msg} SSH support: ${curl_ssh_msg} zlib support: ${curl_zlib_msg} + brotli support: ${curl_brotli_msg} GSS-API support: ${curl_gss_msg} TLS-SRP support: ${curl_tls_srp_msg} resolver: ${curl_res_msg} @@ -44206,14 +44027,3 @@ HTTP2 support: ${curl_h2_msg} Protocols: ${SUPPORT_PROTOCOLS} " >&6;} - -if test "x$soname_bump" = "xyes"; then - -cat < +]) +CPPFLAGS=$o AC_CHECK_TYPE(long long, [AC_DEFINE(HAVE_LONGLONG, 1, @@ -3294,6 +3475,7 @@ getrlimit \ gettimeofday \ if_nametoindex \ + mach_absolute_time \ pipe \ setlocale \ setmode \ @@ -3648,26 +3830,6 @@ dnl CURL_CONFIGURE_SYMBOL_HIDING -dnl ************************************************************ -dnl enforce SONAME bump -dnl - -AC_MSG_CHECKING([whether to enforce SONAME bump]) -AC_ARG_ENABLE(soname-bump, -AC_HELP_STRING([--enable-soname-bump],[Enable enforced SONAME bump]) -AC_HELP_STRING([--disable-soname-bump],[Disable enforced SONAME bump]), -[ case "$enableval" in - yes) AC_MSG_RESULT(yes) - soname_bump=yes - ;; - *) - AC_MSG_RESULT(no) - ;; - esac ], - AC_MSG_RESULT($soname_bump) -) -AM_CONDITIONAL(SONAME_BUMP, test x$soname_bump = xyes) - dnl dnl All the library dependencies put into $LIB apply to libcurl only. dnl @@ -3714,6 +3876,9 @@ if test "x$HAVE_LIBZ" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES libz" fi +if test "x$HAVE_BROTLI" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES brotli" +fi if test "x$USE_ARES" = "x1" -o "x$USE_THREADS_POSIX" = "x1" \ -o "x$USE_THREADS_WIN32" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES AsynchDNS" @@ -3764,6 +3929,10 @@ SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2" fi +if test "x$CURL_WITH_MULTI_SSL" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES MultiSSL" +fi + if test "x$OPENSSL_ENABLED" = "x1" -o "x$GNUTLS_ENABLED" = "x1" \ -o "x$NSS_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" @@ -3895,7 +4064,6 @@ tests/server/Makefile \ tests/libtest/Makefile \ tests/unit/Makefile \ - tests/fuzz/Makefile \ packages/Makefile \ packages/Win32/Makefile \ packages/Win32/cygwin/Makefile \ @@ -3928,6 +4096,7 @@ SSL support: ${curl_ssl_msg} SSH support: ${curl_ssh_msg} zlib support: ${curl_zlib_msg} + brotli support: ${curl_brotli_msg} GSS-API support: ${curl_gss_msg} TLS-SRP support: ${curl_tls_srp_msg} resolver: ${curl_res_msg} @@ -3951,14 +4120,3 @@ HTTP2 support: ${curl_h2_msg} Protocols: ${SUPPORT_PROTOCOLS} ]) - -if test "x$soname_bump" = "xyes"; then - -cat < Wed, 06 Dec 2017 18:11:20 +0100 + +curl (7.57.0-1) unstable; urgency=medium + + * New upstream release + - Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816 + https://curl.haxx.se/docs/adv_2017-11e7.html + - Fix FTP wildcard out of bounds read as per CVE-2017-8817 + https://curl.haxx.se/docs/adv_2017-ae72.html + - Fix SSL out of buffer access as per CVE-2017-8818 + https://curl.haxx.se/docs/adv_2017-af0a.html + * Remove -fdebug-prefix-map from curl-config. + Thanks to Timo Weingärtner for the patch (Closes: #861974, #874223, #874238) + * Don't install zsh completion when cross compiling. + Thanks to Wookey for the patch (Closes: #812965) + + -- Alessandro Ghedini Thu, 30 Nov 2017 10:16:03 +0000 + +curl (7.56.1-1) unstable; urgency=medium + + * New upstream release + - Fix IMAP FETCH response out of bounds read as per CVE-2017-1000257 + https://curl.haxx.se/docs/adv_20171023.html + * Bump Standards-Version to 4.1.1 (no changes needed) + * Drop 01_runtests_gdb.patch + * Drop 12_dont-wait-on-CONNECT.patch + * Refresh patches + * Update *.symbols files + * Use https:// URL in watch file + + -- Alessandro Ghedini Tue, 24 Oct 2017 11:05:48 +0100 + curl (7.55.1-1ubuntu2.1) artful-security; urgency=medium * SECURITY UPDATE: IMAP FETCH response out of bounds read @@ -2677,4 +2715,3 @@ * Initial Release. -- Leon Breedt Sun, 9 May 1999 18:55:48 +0200 - diff -Nru curl-7.55.1/debian/control curl-7.57.0/debian/control --- curl-7.55.1/debian/control 2017-09-02 22:47:03.000000000 +0000 +++ curl-7.57.0/debian/control 2017-12-06 17:10:32.000000000 +0000 @@ -8,12 +8,14 @@ autoconf, automake, ca-certificates, + dh-exec, dpkg-dev (>= 1.17.14~), groff-base, libgnutls28-dev, libidn2-0-dev, libkrb5-dev, libldap2-dev, + libnghttp2-dev, libnss3-dev, libpsl-dev, librtmp-dev (>= 2.4+20131018.git79459a2-3~), @@ -25,7 +27,7 @@ stunnel4 , zlib1g-dev Build-Conflicts: autoconf2.13, automake1.4 -Standards-Version: 4.1.0 +Standards-Version: 4.1.1 Vcs-Git: https://anonscm.debian.org/git/collab-maint/curl.git Vcs-Browser: https://anonscm.debian.org/gitweb/?p=collab-maint/curl.git Homepage: http://curl.haxx.se diff -Nru curl-7.55.1/debian/curl.install curl-7.57.0/debian/curl.install --- curl-7.55.1/debian/curl.install 2017-09-02 22:47:03.000000000 +0000 +++ curl-7.57.0/debian/curl.install 2017-11-30 22:17:17.000000000 +0000 @@ -1,2 +1,3 @@ +#!/usr/bin/dh-exec usr/bin/curl -usr/share/zsh/* + usr/share/zsh/* diff -Nru curl-7.55.1/debian/libcurl3-gnutls.symbols curl-7.57.0/debian/libcurl3-gnutls.symbols --- curl-7.55.1/debian/libcurl3-gnutls.symbols 2017-09-02 22:47:03.000000000 +0000 +++ curl-7.57.0/debian/libcurl3-gnutls.symbols 2017-11-30 22:17:17.000000000 +0000 @@ -24,9 +24,22 @@ curl_global_cleanup@CURL_GNUTLS_3 7.16.2 curl_global_init@CURL_GNUTLS_3 7.16.2 curl_global_init_mem@CURL_GNUTLS_3 7.16.2 + curl_global_sslset@CURL_GNUTLS_3 7.56.1 curl_jmpenv@CURL_GNUTLS_3 7.16.2 curl_maprintf@CURL_GNUTLS_3 7.16.2 curl_mfprintf@CURL_GNUTLS_3 7.16.2 + curl_mime_addpart@CURL_GNUTLS_3 7.56.1 + curl_mime_data@CURL_GNUTLS_3 7.56.1 + curl_mime_data_cb@CURL_GNUTLS_3 7.56.1 + curl_mime_encoder@CURL_GNUTLS_3 7.56.1 + curl_mime_filedata@CURL_GNUTLS_3 7.56.1 + curl_mime_filename@CURL_GNUTLS_3 7.56.1 + curl_mime_free@CURL_GNUTLS_3 7.56.1 + curl_mime_headers@CURL_GNUTLS_3 7.56.1 + curl_mime_init@CURL_GNUTLS_3 7.56.1 + curl_mime_name@CURL_GNUTLS_3 7.56.1 + curl_mime_subparts@CURL_GNUTLS_3 7.56.1 + curl_mime_type@CURL_GNUTLS_3 7.56.1 curl_mprintf@CURL_GNUTLS_3 7.16.2 curl_msnprintf@CURL_GNUTLS_3 7.16.2 curl_msprintf@CURL_GNUTLS_3 7.16.2 diff -Nru curl-7.55.1/debian/libcurl3-nss.symbols curl-7.57.0/debian/libcurl3-nss.symbols --- curl-7.55.1/debian/libcurl3-nss.symbols 2017-09-02 22:47:03.000000000 +0000 +++ curl-7.57.0/debian/libcurl3-nss.symbols 2017-11-30 22:17:17.000000000 +0000 @@ -24,9 +24,22 @@ curl_global_cleanup@CURL_NSS_3 7.23.1 curl_global_init@CURL_NSS_3 7.23.1 curl_global_init_mem@CURL_NSS_3 7.23.1 + curl_global_sslset@CURL_NSS_3 7.56.1 curl_jmpenv@CURL_NSS_3 7.23.1 curl_maprintf@CURL_NSS_3 7.23.1 curl_mfprintf@CURL_NSS_3 7.23.1 + curl_mime_addpart@CURL_NSS_3 7.56.1 + curl_mime_data@CURL_NSS_3 7.56.1 + curl_mime_data_cb@CURL_NSS_3 7.56.1 + curl_mime_encoder@CURL_NSS_3 7.56.1 + curl_mime_filedata@CURL_NSS_3 7.56.1 + curl_mime_filename@CURL_NSS_3 7.56.1 + curl_mime_free@CURL_NSS_3 7.56.1 + curl_mime_headers@CURL_NSS_3 7.56.1 + curl_mime_init@CURL_NSS_3 7.56.1 + curl_mime_name@CURL_NSS_3 7.56.1 + curl_mime_subparts@CURL_NSS_3 7.56.1 + curl_mime_type@CURL_NSS_3 7.56.1 curl_mprintf@CURL_NSS_3 7.23.1 curl_msnprintf@CURL_NSS_3 7.23.1 curl_msprintf@CURL_NSS_3 7.23.1 diff -Nru curl-7.55.1/debian/libcurl3.symbols curl-7.57.0/debian/libcurl3.symbols --- curl-7.55.1/debian/libcurl3.symbols 2017-09-02 22:47:03.000000000 +0000 +++ curl-7.57.0/debian/libcurl3.symbols 2017-11-30 22:17:17.000000000 +0000 @@ -24,9 +24,22 @@ curl_global_cleanup@CURL_OPENSSL_3 7.16.2 curl_global_init@CURL_OPENSSL_3 7.16.2 curl_global_init_mem@CURL_OPENSSL_3 7.16.2 + curl_global_sslset@CURL_OPENSSL_3 7.56.1 curl_jmpenv@CURL_OPENSSL_3 7.16.2 curl_maprintf@CURL_OPENSSL_3 7.16.2 curl_mfprintf@CURL_OPENSSL_3 7.16.2 + curl_mime_addpart@CURL_OPENSSL_3 7.56.1 + curl_mime_data@CURL_OPENSSL_3 7.56.1 + curl_mime_data_cb@CURL_OPENSSL_3 7.56.1 + curl_mime_encoder@CURL_OPENSSL_3 7.56.1 + curl_mime_filedata@CURL_OPENSSL_3 7.56.1 + curl_mime_filename@CURL_OPENSSL_3 7.56.1 + curl_mime_free@CURL_OPENSSL_3 7.56.1 + curl_mime_headers@CURL_OPENSSL_3 7.56.1 + curl_mime_init@CURL_OPENSSL_3 7.56.1 + curl_mime_name@CURL_OPENSSL_3 7.56.1 + curl_mime_subparts@CURL_OPENSSL_3 7.56.1 + curl_mime_type@CURL_OPENSSL_3 7.56.1 curl_mprintf@CURL_OPENSSL_3 7.16.2 curl_msnprintf@CURL_OPENSSL_3 7.16.2 curl_msprintf@CURL_OPENSSL_3 7.16.2 diff -Nru curl-7.55.1/debian/patches/01_runtests_gdb.patch curl-7.57.0/debian/patches/01_runtests_gdb.patch --- curl-7.55.1/debian/patches/01_runtests_gdb.patch 2017-09-02 22:47:03.000000000 +0000 +++ curl-7.57.0/debian/patches/01_runtests_gdb.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -Description: runtests_gdb. -Origin: vendor -Forwarded: no -Author: Ramakrishnan Muthukrishnan -Reviewed-by: Alessandro Ghedini -Last-Update: 2011-11-01 - ---- a/tests/runtests.pl -+++ b/tests/runtests.pl -@@ -3985,11 +3985,11 @@ - # run the command line we built - if ($torture) { - $cmdres = torture($CMDLINE, -- "$gdb --directory libtest $DBGCURL -x $LOGDIR/gdbcmd"); -+ "libtool --mode=execute gdb --directory libtest $DBGCURL -x $LOGDIR/gdbcmd"); - } - elsif($gdbthis) { - my $GDBW = ($gdbxwin) ? "-w" : ""; -- runclient("$gdb --directory libtest $DBGCURL $GDBW -x $LOGDIR/gdbcmd"); -+ runclient("libtool --mode=execute gdb --directory libtest $DBGCURL -x $LOGDIR/gdbcmd"); - $cmdres=0; # makes it always continue after a debugged run - } - else { -@@ -4023,7 +4023,7 @@ - open(GDBCMD, ">$LOGDIR/gdbcmd2"); - print GDBCMD "bt\n"; - close(GDBCMD); -- runclient("$gdb --directory libtest -x $LOGDIR/gdbcmd2 -batch $DBGCURL core "); -+ runclient("libtool --mode=execute gdb --directory libtest -x $LOGDIR/gdbcmd2 -batch $DBGCURL core "); - # unlink("$LOGDIR/gdbcmd2"); - } - } diff -Nru curl-7.55.1/debian/patches/12_dont-wait-on-CONNECT.patch curl-7.57.0/debian/patches/12_dont-wait-on-CONNECT.patch --- curl-7.55.1/debian/patches/12_dont-wait-on-CONNECT.patch 2017-09-02 11:10:22.000000000 +0000 +++ curl-7.57.0/debian/patches/12_dont-wait-on-CONNECT.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -From 74dac344b2feb2e0f4baddb70532dc8e45d2d817 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" -Date: Fri, 18 Aug 2017 10:43:02 +0200 -Subject: [PATCH] http: Don't wait on CONNECT when there is no proxy - -Since curl 7.55.0, NetworkManager almost always failed its connectivity -check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP -CONNECT process entirely non-blocking). - -This patch replaces !Curl_connect_complete with Curl_connect_ongoing, -which returns false if the CONNECT state was left uninitialized and lets -the connection continue. - -Closes #1803 -Fixes #1804 - -Also-fixed-by: Gergely Nagy ---- - lib/http.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/lib/http.c -+++ b/lib/http.c -@@ -1371,7 +1371,7 @@ - if(CONNECT_FIRSTSOCKET_PROXY_SSL()) - return CURLE_OK; /* wait for HTTPS proxy SSL initialization to complete */ - -- if(!Curl_connect_complete(conn)) -+ if(Curl_connect_ongoing(conn)) - /* nothing else to do except wait right now - we're not done here. */ - return CURLE_OK; - diff -Nru curl-7.55.1/debian/patches/90_gnutls.patch curl-7.57.0/debian/patches/90_gnutls.patch --- curl-7.55.1/debian/patches/90_gnutls.patch 2017-09-02 22:47:03.000000000 +0000 +++ curl-7.57.0/debian/patches/90_gnutls.patch 2017-11-30 22:17:17.000000000 +0000 @@ -30,7 +30,7 @@ if BUILD_UNITTESTS noinst_LTLIBRARIES = libcurlu.la -@@ -98,42 +98,42 @@ +@@ -84,42 +84,42 @@ AM_LDFLAGS = AM_CFLAGS = @@ -88,7 +88,7 @@ libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS) -@@ -142,7 +142,7 @@ +@@ -128,7 +128,7 @@ # Makefile.inc provides the CSOURCES and HHEADERS defines include Makefile.inc diff -Nru curl-7.55.1/debian/patches/99_nss.patch curl-7.57.0/debian/patches/99_nss.patch --- curl-7.55.1/debian/patches/99_nss.patch 2017-09-02 22:47:03.000000000 +0000 +++ curl-7.57.0/debian/patches/99_nss.patch 2017-11-30 22:17:17.000000000 +0000 @@ -30,7 +30,7 @@ if BUILD_UNITTESTS noinst_LTLIBRARIES = libcurlu.la -@@ -98,42 +98,42 @@ +@@ -84,42 +84,42 @@ AM_LDFLAGS = AM_CFLAGS = @@ -88,7 +88,7 @@ libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS) -@@ -142,7 +142,7 @@ +@@ -128,7 +128,7 @@ # Makefile.inc provides the CSOURCES and HHEADERS defines include Makefile.inc diff -Nru curl-7.55.1/debian/patches/CVE-2017-1000254.patch curl-7.57.0/debian/patches/CVE-2017-1000254.patch --- curl-7.55.1/debian/patches/CVE-2017-1000254.patch 2017-10-04 12:35:10.000000000 +0000 +++ curl-7.57.0/debian/patches/CVE-2017-1000254.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,131 +0,0 @@ -Backport of: - -From 5ff2c5ff25750aba1a8f64fbcad8e5b891512584 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 25 Sep 2017 00:35:22 +0200 -Subject: [PATCH] FTP: zero terminate the entry path even on bad input - -... a single double quote could leave the entry path buffer without a zero -terminating byte. CVE-2017-1000254 - -Test 1152 added to verify. - -Reported-by: Max Dymond -Bug: https://curl.haxx.se/docs/adv_20171004.html ---- - lib/ftp.c | 7 ++++-- - tests/data/Makefile.inc | 1 + - tests/data/test1152 | 61 +++++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 67 insertions(+), 2 deletions(-) - create mode 100644 tests/data/test1152 - -Index: curl-7.55.1/lib/ftp.c -=================================================================== ---- curl-7.55.1.orig/lib/ftp.c 2017-10-04 08:34:23.128983530 -0400 -+++ curl-7.55.1/lib/ftp.c 2017-10-04 08:34:23.128983530 -0400 -@@ -2777,6 +2777,7 @@ static CURLcode ftp_statemach_act(struct - const size_t buf_size = data->set.buffer_size; - char *dir; - char *store; -+ bool entry_extracted = FALSE; - - dir = malloc(nread + 1); - if(!dir) -@@ -2808,7 +2809,7 @@ static CURLcode ftp_statemach_act(struct - } - else { - /* end of path */ -- *store = '\0'; /* zero terminate */ -+ entry_extracted = TRUE; - break; /* get out of this loop */ - } - } -@@ -2817,7 +2818,9 @@ static CURLcode ftp_statemach_act(struct - store++; - ptr++; - } -- -+ *store = '\0'; /* zero terminate */ -+ } -+ if(entry_extracted) { - /* If the path name does not look like an absolute path (i.e.: it - does not start with a '/'), we probably need some server-dependent - adjustments. For example, this is the case when connecting to -Index: curl-7.55.1/tests/data/Makefile.inc -=================================================================== ---- curl-7.55.1.orig/tests/data/Makefile.inc 2017-10-04 08:34:17.496915422 -0400 -+++ curl-7.55.1/tests/data/Makefile.inc 2017-10-04 08:34:52.353336883 -0400 -@@ -121,6 +121,7 @@ test1120 test1121 test1122 test1123 test - test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \ - test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ - test1144 test1145 test1146 test1147 test1148 \ -+test1152 \ - test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ - test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \ - test1216 test1217 test1218 test1219 \ -Index: curl-7.55.1/tests/data/test1152 -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ curl-7.55.1/tests/data/test1152 2017-10-04 08:34:23.128983530 -0400 -@@ -0,0 +1,61 @@ -+ -+ -+ -+FTP -+PASV -+LIST -+ -+ -+# -+# Server-side -+ -+ -+REPLY PWD 257 "just one -+ -+ -+# When doing LIST, we get the default list output hard-coded in the test -+# FTP server -+ -+total 20 -+drwxr-xr-x 8 98 98 512 Oct 22 13:06 . -+drwxr-xr-x 8 98 98 512 Oct 22 13:06 .. -+drwxr-xr-x 2 98 98 512 May 2 1996 curl-releases -+-r--r--r-- 1 0 1 35 Jul 16 1996 README -+lrwxrwxrwx 1 0 1 7 Dec 9 1999 bin -> usr/bin -+dr-xr-xr-x 2 0 1 512 Oct 1 1997 dev -+drwxrwxrwx 2 98 98 512 May 29 16:04 download.html -+dr-xr-xr-x 2 0 1 512 Nov 30 1995 etc -+drwxrwxrwx 2 98 1 512 Oct 30 14:33 pub -+dr-xr-xr-x 5 0 1 512 Oct 1 1997 usr -+ -+ -+ -+# -+# Client-side -+ -+ -+ftp -+ -+ -+FTP with uneven quote in PWD response -+ -+ -+ftp://%HOSTIP:%FTPPORT/test-1152/ -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+ -+USER anonymous -+PASS ftp@example.com -+PWD -+CWD test-1152 -+EPSV -+TYPE A -+LIST -+QUIT -+ -+ -+ diff -Nru curl-7.55.1/debian/patches/CVE-2017-1000257.patch curl-7.57.0/debian/patches/CVE-2017-1000257.patch --- curl-7.55.1/debian/patches/CVE-2017-1000257.patch 2017-10-20 15:06:11.000000000 +0000 +++ curl-7.57.0/debian/patches/CVE-2017-1000257.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -From 2d119e90f8669e3c358468298941f48c15253f97 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sat, 7 Oct 2017 00:11:31 +0200 -Subject: [PATCH] imap: if a FETCH response has no size, don't call write - callback - ---- - lib/imap.c | 5 +++++ - 1 file changed, 5 insertions(+) - -Index: curl-7.55.1/lib/imap.c -=================================================================== ---- curl-7.55.1.orig/lib/imap.c 2017-10-20 11:06:09.604895070 -0400 -+++ curl-7.55.1/lib/imap.c 2017-10-20 11:06:09.600895027 -0400 -@@ -1091,6 +1091,11 @@ static CURLcode imap_state_fetch_resp(st - /* The conversion from curl_off_t to size_t is always fine here */ - chunk = (size_t)size; - -+ if(!chunk) { -+ /* no size, we're done with the data */ -+ state(conn, IMAP_STOP); -+ return CURLE_OK; -+ } - result = Curl_client_write(conn, CLIENTWRITE_BODY, pp->cache, chunk); - if(result) - return result; diff -Nru curl-7.55.1/debian/patches/series curl-7.57.0/debian/patches/series --- curl-7.55.1/debian/patches/series 2017-10-20 15:06:14.000000000 +0000 +++ curl-7.57.0/debian/patches/series 2017-12-06 17:01:41.000000000 +0000 @@ -1,14 +1,10 @@ -01_runtests_gdb.patch 03_keep_symbols_compat.patch 04_workaround_as_needed_bug.patch 06_always-disable-valgrind.patch 07_do-not-disable-debug-symbols.patch 08_enable-zsh.patch 11_omit-directories-from-config.patch -12_dont-wait-on-CONNECT.patch -CVE-2017-1000257.patch # do not add patches below -CVE-2017-1000254.patch 90_gnutls.patch 99_nss.patch diff -Nru curl-7.55.1/debian/rules curl-7.57.0/debian/rules --- curl-7.55.1/debian/rules 2017-09-02 22:47:03.000000000 +0000 +++ curl-7.57.0/debian/rules 2017-12-06 17:11:20.000000000 +0000 @@ -15,7 +15,7 @@ CONFIGURE_ARGS = -- --disable-dependency-tracking \ --disable-symbol-hiding --enable-versioned-symbols \ --enable-threaded-resolver --with-lber-lib=lber \ - --with-gssapi=/usr \ + --with-gssapi=/usr --with-nghttp2 \ --includedir=/usr/include/$(DEB_HOST_MULTIARCH) \ --with-zsh-functions-dir=/usr/share/zsh/vendor-completions @@ -97,9 +97,12 @@ # package. # 3. Likewise, replace the architecture name used for --build (and # build_alias) with a literal backquoted call to dpkg-architecture. +# 4. In --configure output, remove +# -fdebug-prefix-map=/buildd/specific/random/path=. sed -e "/-lcurl /s|`krb5-config --libs gssapi`|\`krb5-config --libs gssapi\`|" \ -e "/--prefix/s|/$(DEB_HOST_MULTIARCH)'|/'\\\\\`dpkg-architecture -qDEB_HOST_MULTIARCH\\\\\`|g" \ -e "/--prefix/s|=$(DEB_BUILD_GNU_TYPE)'|='\\\\\`dpkg-architecture -qDEB_BUILD_GNU_TYPE\\\\\`|g" \ + -e "/-fdebug-prefix-map=/s|\(-fdebug-prefix-map=\)/[^ ]*=.||" \ -i `find . -name curl-config` override_dh_installchangelogs: diff -Nru curl-7.55.1/debian/watch curl-7.57.0/debian/watch --- curl-7.55.1/debian/watch 2017-09-02 22:47:03.000000000 +0000 +++ curl-7.57.0/debian/watch 2017-11-30 22:17:17.000000000 +0000 @@ -1,2 +1,2 @@ version=3 -http://curl.haxx.se/download/curl-([\d\.]*).tar.gz +https://curl.haxx.se/download/curl-([\d\.]*).tar.gz diff -Nru curl-7.55.1/docs/BUGS curl-7.57.0/docs/BUGS --- curl-7.55.1/docs/BUGS 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/docs/BUGS 2017-11-26 13:19:01.000000000 +0000 @@ -63,7 +63,7 @@ Security related bugs or bugs that are suspected to have a security impact, should be reported by email to curl-security@haxx.se so that they first can be dealt with away from the public to minimize the harm and impact it will - have on existing users out there who might be using the vulernable versions. + have on existing users out there who might be using the vulnerable versions. The curl project's process for handling security related issues is documented here: @@ -186,7 +186,7 @@ include the version number of the curl you're using when you experience the issue. If that version number shows us that you're using an out-of-date curl, you should also try out a modern curl version to see if the problem - persists or how/if it has changed in apperance. + persists or how/if it has changed in appearance. Even if you cannot immediately upgrade your application/system to run the latest curl version, you can most often at least run a test version or @@ -290,8 +290,8 @@ The issue and pull request trackers on https://github.com/curl/curl will only hold "active" entries (using a non-precise definition of what active actually is, but they're at least not completely dead). Those that are - abandonded or in other ways dormant will be closed and sometimes added to + abandoned or in other ways dormant will be closed and sometimes added to TODO and KNOWN_BUGS instead. This way, we only have "active" issues open on github. Irrelevant issues and - pull requests will not distract developes or casual visitors. + pull requests will not distract developers or casual visitors. diff -Nru curl-7.55.1/docs/cmdline-opts/cacert.d curl-7.57.0/docs/cmdline-opts/cacert.d --- curl-7.55.1/docs/cmdline-opts/cacert.d 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/cmdline-opts/cacert.d 2017-11-09 22:40:36.000000000 +0000 @@ -1,5 +1,5 @@ Long: cacert -Arg: +Arg: Help: CA certificate to verify peer against Protocols: TLS --- diff -Nru curl-7.55.1/docs/cmdline-opts/compressed-ssh.d curl-7.57.0/docs/cmdline-opts/compressed-ssh.d --- curl-7.55.1/docs/cmdline-opts/compressed-ssh.d 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/cmdline-opts/compressed-ssh.d 2017-11-09 22:40:36.000000000 +0000 @@ -0,0 +1,7 @@ +Long: compressed-ssh +Help: Enable SSH compression +Protocols: SCP SFTP +Added: 7.56.0 +--- +Enables built-in SSH compression. +This is a request, not an order; the server may or may not do it. diff -Nru curl-7.55.1/docs/cmdline-opts/form.d curl-7.57.0/docs/cmdline-opts/form.d --- curl-7.55.1/docs/cmdline-opts/form.d 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/cmdline-opts/form.d 2017-11-26 13:19:01.000000000 +0000 @@ -1,28 +1,36 @@ Long: form Short: F Arg: -Help: Specify HTTP multipart POST data -Protocols: HTTP +Help: Specify multipart MIME data +Protocols: HTTP SMTP IMAP Mutexed: data head upload --- -This lets curl emulate a filled-in form in which a user has pressed the submit -button. This causes curl to POST data using the Content-Type -multipart/form-data according to RFC 2388. This enables uploading of binary +For HTTP protocol family, this lets curl emulate a filled-in form in which a +user has pressed the submit button. This causes curl to POST data using the +Content-Type multipart/form-data according to RFC 2388. + +For SMTP and IMAP protocols, this is the mean to compose a multipart mail +message to transmit. + +This enables uploading of binary files etc. To force the 'content' part to be a file, prefix the file name with an @ sign. To just get the content part from a file, prefix the file name with the symbol <. The difference between @ and < is then that @ makes a file get attached in the post as a file upload, while the < makes a text field and just get the contents for that text field from a file. -Example: to send an image to a server, where \&'profile' is the name of the -form-field to which portrait.jpg will be the input: +Example: to send an image to an HTTP server, where \&'profile' is the name of +the form-field to which portrait.jpg will be the input: curl -F profile=@portrait.jpg https://example.com/upload.cgi To read content from stdin instead of a file, use - as the filename. This goes -for both @ and < constructs. Unfortunately it does not support reading the -file from a named pipe or similar, as it needs the full size before the -transfer starts. +for both @ and < constructs. If stdin is not attached to a regular file, it is +buffered first to determine its size and allow a possible resend. Defining a +part's data from a named non-regular file (such as a named pipe or similar) is +unfortunately not subject to buffering and will be effectively read at +transmission time; since the full size is unknown before the transfer starts, +data is sent as chunks by HTTP and rejected by IMAP. You can also tell curl what Content-Type to use by using 'type=', in a manner similar to: @@ -49,6 +57,72 @@ Note that if a filename/path is quoted by double-quotes, any double-quote or backslash within the filename must be escaped by backslash. +Quoting must also be applied to non-file data if it contains semicolons, +leading/trailing spaces or leading double quotes: + + curl -F 'colors="red; green; blue";type=text/x-myapp' example.com + +You can add custom headers to the field by setting headers=, like + + curl -F "submit=OK;headers=\\"X-submit-type: OK\\"" example.com + +or + + curl -F "submit=OK;headers=@headerfile" example.com + +The headers= keyword may appear more that once and above notes about quoting +apply. When headers are read from a file, Empty lines and lines starting +with '#' are comments and ignored; each header can be folded by splitting +between two words and starting the continuation line with a space; embedded +carriage-returns and trailing spaces are stripped. +Here is an example of a header file contents: + + # This file contain two headers. +.br + X-header-1: this is a header + + # The following header is folded. +.br + X-header-2: this is +.br + another header + + +To support sending multipart mail messages, the syntax is extended as follows: +.br +- name can be omitted: the equal sign is the first character of the argument, +.br +- if data starts with '(', this signals to start a new multipart: it can be +followed by a content type specification. +.br +- a multipart can be terminated with a '=)' argument. + +Example: the following command sends an SMTP mime e-mail consisting in an +inline part in two alternative formats: plain text and HTML. It attaches a +text file: + + curl -F '=(;type=multipart/alternative' \\ +.br + -F '=plain text message' \\ +.br + -F '= HTML message;type=text/html' \\ +.br + -F '=)' -F '=@textfile.txt' ... smtp://example.com + +Data can be encoded for transfer using encoder=. Available encodings are +\fIbinary\fP and \fI8bit\fP that do nothing else than adding the corresponding +Content-Transfer-Encoding header, \fI7bit\fP that only rejects 8-bit characters +with a transfer error, \fIquoted-printable\fP and \fIbase64\fP that encodes +data according to the corresponding schemes, limiting lines length to +76 characters. + +Example: send multipart mail with a quoted-printable text message and a +base64 attached file: + + curl -F '=text message;encoder=quoted-printable' \\ +.br + -F '=@localfile;encoder=base64' ... smtp://example.com + See further examples and details in the MANUAL. This option can be used multiple times. diff -Nru curl-7.55.1/docs/cmdline-opts/form-string.d curl-7.57.0/docs/cmdline-opts/form-string.d --- curl-7.55.1/docs/cmdline-opts/form-string.d 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/cmdline-opts/form-string.d 2017-11-09 22:40:36.000000000 +0000 @@ -1,6 +1,6 @@ Long: form-string -Help: Specify HTTP multipart POST data -Protocols: HTTP +Help: Specify multipart MIME data +Protocols: HTTP SMTP IMAP Arg: See-also: form --- diff -Nru curl-7.55.1/docs/cmdline-opts/interface.d curl-7.57.0/docs/cmdline-opts/interface.d --- curl-7.55.1/docs/cmdline-opts/interface.d 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/cmdline-opts/interface.d 2017-11-26 13:19:01.000000000 +0000 @@ -10,3 +10,7 @@ curl --interface eth0:1 https://www.example.com/ If this option is used several times, the last one will be used. + +On Linux it can be used to specify a VRF, but the binary needs to either +have CAP_NET_RAW or to be ran as root. More information about Linux VRF: +https://www.kernel.org/doc/Documentation/networking/vrf.txt diff -Nru curl-7.55.1/docs/cmdline-opts/Makefile.in curl-7.57.0/docs/cmdline-opts/Makefile.in --- curl-7.55.1/docs/cmdline-opts/Makefile.in 2017-08-13 16:22:16.000000000 +0000 +++ curl-7.57.0/docs/cmdline-opts/Makefile.in 2017-11-28 15:13:57.000000000 +0000 @@ -207,7 +207,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -224,6 +226,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -364,7 +367,8 @@ AUTOMAKE_OPTIONS = foreign no-dependencies MANPAGE = $(top_builddir)/docs/curl.1 DPAGES = abstract-unix-socket.d anyauth.d append.d basic.d cacert.d capath.d cert.d \ - cert-status.d cert-type.d ciphers.d compressed.d config.d \ + cert-status.d cert-type.d ciphers.d compressed.d compressed-ssh.d \ + config.d \ connect-timeout.d connect-to.d continue-at.d cookie.d cookie-jar.d \ create-dirs.d crlf.d crlfile.d data-ascii.d data-binary.d data.d \ data-raw.d data-urlencode.d delegation.d digest.d disable.d \ diff -Nru curl-7.55.1/docs/cmdline-opts/Makefile.inc curl-7.57.0/docs/cmdline-opts/Makefile.inc --- curl-7.55.1/docs/cmdline-opts/Makefile.inc 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/cmdline-opts/Makefile.inc 2017-11-09 22:40:36.000000000 +0000 @@ -1,7 +1,8 @@ # Shared between Makefile.am and CMakeLists.txt DPAGES = abstract-unix-socket.d anyauth.d append.d basic.d cacert.d capath.d cert.d \ - cert-status.d cert-type.d ciphers.d compressed.d config.d \ + cert-status.d cert-type.d ciphers.d compressed.d compressed-ssh.d \ + config.d \ connect-timeout.d connect-to.d continue-at.d cookie.d cookie-jar.d \ create-dirs.d crlf.d crlfile.d data-ascii.d data-binary.d data.d \ data-raw.d data-urlencode.d delegation.d digest.d disable.d \ diff -Nru curl-7.55.1/docs/cmdline-opts/request-target.d curl-7.57.0/docs/cmdline-opts/request-target.d --- curl-7.55.1/docs/cmdline-opts/request-target.d 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/cmdline-opts/request-target.d 2017-11-09 22:40:36.000000000 +0000 @@ -1,6 +1,7 @@ Long: request-target Help: Specify the target for this request Protocols: HTTP +Added: 7.55.0 --- Tells curl to use an alternative "target" (path) instead of using the path as provided in the URL. Particularly useful when wanting to issue HTTP requests diff -Nru curl-7.55.1/docs/cmdline-opts/resolve.d curl-7.57.0/docs/cmdline-opts/resolve.d --- curl-7.55.1/docs/cmdline-opts/resolve.d 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/cmdline-opts/resolve.d 2017-11-26 13:19:01.000000000 +0000 @@ -14,4 +14,6 @@ The provided address set by this option will be used even if --ipv4 or --ipv6 is set to make curl use another IP version. +Support for providing the IP address within [brackets] was added in 7.57.0. + This option can be used many times to add many host names to resolve. diff -Nru curl-7.55.1/docs/cmdline-opts/tlsv1.3.d curl-7.57.0/docs/cmdline-opts/tlsv1.3.d --- curl-7.55.1/docs/cmdline-opts/tlsv1.3.d 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/cmdline-opts/tlsv1.3.d 2017-11-10 16:47:30.000000000 +0000 @@ -6,4 +6,5 @@ Forces curl to use TLS version 1.3 when connecting to a remote TLS server. Note that TLS 1.3 is only supported by a subset of TLS backends. At the time -of writing this, those are BoringSSL and NSS only. +of this writing, they are BoringSSL, NSS, and Secure Transport (on iOS 11 or +later, and macOS 10.13 or later). diff -Nru curl-7.55.1/docs/CODE_OF_CONDUCT.md curl-7.57.0/docs/CODE_OF_CONDUCT.md --- curl-7.55.1/docs/CODE_OF_CONDUCT.md 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/CODE_OF_CONDUCT.md 2017-11-09 22:40:36.000000000 +0000 @@ -28,5 +28,5 @@ maintainers. This Code of Conduct is adapted from the [Contributor -Covenant](http://contributor-covenant.org), version 1.1.0, available at -[http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/) +Covenant](https://contributor-covenant.org/), version 1.1.0, available at +[https://contributor-covenant.org/version/1/1/0/](https://contributor-covenant.org/version/1/1/0/) diff -Nru curl-7.55.1/docs/curl.1 curl-7.57.0/docs/curl.1 --- curl-7.55.1/docs/curl.1 2017-08-14 06:05:07.000000000 +0000 +++ curl-7.57.0/docs/curl.1 2017-11-29 09:29:11.000000000 +0000 @@ -22,7 +22,7 @@ .\" .\" DO NOT EDIT. Generated by the curl project gen.pl man page generator. .\" -.TH curl 1 "November 16, 2016" "Curl 7.55.1" "Curl Manual" +.TH curl 1 "November 16, 2016" "Curl 7.57.0" "Curl Manual" .SH NAME curl \- transfer a URL @@ -174,7 +174,7 @@ Used together with \fI-u, --user\fP. See also \fI--proxy-basic\fP. -.IP "--cacert " +.IP "--cacert " (TLS) Tells curl to use the specified certificate file to verify the peer. The file may contain multiple CA certificates. The certificate(s) must be in PEM format. Normally curl is built to use a default file for this, so this option @@ -262,6 +262,11 @@ https://curl.haxx.se/docs/ssl-ciphers.html If this option is used several times, the last one will be used. +.IP "--compressed-ssh" +(SCP SFTP) Enables built-in SSH compression. +This is a request, not an order; the server may or may not do it. + +Added in 7.56.0. .IP "--compressed" (HTTP) Request a compressed response using one of the algorithms curl supports, and save the uncompressed document. If this option is used and the server sends @@ -649,7 +654,7 @@ Added in 7.42.0. .IP "--form-string " -(HTTP) Similar to \fI-F, --form\fP except that the value string for the named parameter is used +(HTTP SMTP IMAP) Similar to \fI-F, --form\fP except that the value string for the named parameter is used literally. Leading \&'@' and \&'<' characters, and the \&';type=' string in the value have no special meaning. Use this in preference to \fI-F, --form\fP if there's any possibility that the string value may accidentally trigger the @@ -657,24 +662,32 @@ See also \fI-F, --form\fP. .IP "-F, --form " -(HTTP) This lets curl emulate a filled-in form in which a user has pressed the submit -button. This causes curl to POST data using the Content-Type -multipart/form-data according to RFC 2388. This enables uploading of binary +(HTTP SMTP IMAP) For HTTP protocol family, this lets curl emulate a filled-in form in which a +user has pressed the submit button. This causes curl to POST data using the +Content-Type multipart/form-data according to RFC 2388. + +For SMTP and IMAP protocols, this is the mean to compose a multipart mail +message to transmit. + +This enables uploading of binary files etc. To force the 'content' part to be a file, prefix the file name with an @ sign. To just get the content part from a file, prefix the file name with the symbol <. The difference between @ and < is then that @ makes a file get attached in the post as a file upload, while the < makes a text field and just get the contents for that text field from a file. -Example: to send an image to a server, where \&'profile' is the name of the -form-field to which portrait.jpg will be the input: +Example: to send an image to an HTTP server, where \&'profile' is the name of +the form-field to which portrait.jpg will be the input: curl -F profile=@portrait.jpg https://example.com/upload.cgi To read content from stdin instead of a file, use - as the filename. This goes -for both @ and < constructs. Unfortunately it does not support reading the -file from a named pipe or similar, as it needs the full size before the -transfer starts. +for both @ and < constructs. If stdin is not attached to a regular file, it is +buffered first to determine its size and allow a possible resend. Defining a +part's data from a named non-regular file (such as a named pipe or similar) is +unfortunately not subject to buffering and will be effectively read at +transmission time; since the full size is unknown before the transfer starts, +data is sent as chunks by HTTP and rejected by IMAP. You can also tell curl what Content-Type to use by using 'type=', in a manner similar to: @@ -701,6 +714,72 @@ Note that if a filename/path is quoted by double-quotes, any double-quote or backslash within the filename must be escaped by backslash. +Quoting must also be applied to non-file data if it contains semicolons, +leading/trailing spaces or leading double quotes: + + curl -F 'colors="red; green; blue";type=text/x-myapp' example.com + +You can add custom headers to the field by setting headers=, like + + curl -F "submit=OK;headers=\\"X-submit-type: OK\\"" example.com + +or + + curl -F "submit=OK;headers=@headerfile" example.com + +The headers= keyword may appear more that once and above notes about quoting +apply. When headers are read from a file, Empty lines and lines starting +with '#' are comments and ignored; each header can be folded by splitting +between two words and starting the continuation line with a space; embedded +carriage-returns and trailing spaces are stripped. +Here is an example of a header file contents: + + # This file contain two headers. +.br + X-header-1: this is a header + + # The following header is folded. +.br + X-header-2: this is +.br + another header + + +To support sending multipart mail messages, the syntax is extended as follows: +.br +- name can be omitted: the equal sign is the first character of the argument, +.br +- if data starts with '(', this signals to start a new multipart: it can be +followed by a content type specification. +.br +- a multipart can be terminated with a '=)' argument. + +Example: the following command sends an SMTP mime e-mail consisting in an +inline part in two alternative formats: plain text and HTML. It attaches a +text file: + + curl -F '=(;type=multipart/alternative' \\ +.br + -F '=plain text message' \\ +.br + -F '= HTML message;type=text/html' \\ +.br + -F '=)' -F '=@textfile.txt' ... smtp://example.com + +Data can be encoded for transfer using encoder=. Available encodings are +\fIbinary\fP and \fI8bit\fP that do nothing else than adding the corresponding +Content-Transfer-Encoding header, \fI7bit\fP that only rejects 8-bit characters +with a transfer error, \fIquoted-printable\fP and \fIbase64\fP that encodes +data according to the corresponding schemes, limiting lines length to +76 characters. + +Example: send multipart mail with a quoted-printable text message and a +base64 attached file: + + curl -F '=text message;encoder=quoted-printable' \\ +.br + -F '=@localfile;encoder=base64' ... smtp://example.com + See further examples and details in the MANUAL. This option can be used multiple times. @@ -943,6 +1022,10 @@ If this option is used several times, the last one will be used. +On Linux it can be used to specify a VRF, but the binary needs to either +have CAP_NET_RAW or to be ran as root. More information about Linux VRF: +https://www.kernel.org/doc/Documentation/networking/vrf.txt + See also \fI--dns-interface\fP. .IP "-4, --ipv4" This option tells curl to resolve names to IPv4 addresses only, and not for @@ -1820,6 +1903,8 @@ provided in the URL. Particularly useful when wanting to issue HTTP requests without leading slash or other data that doesn't follow the regular URL pattern, like "OPTIONS *". + +Added in 7.55.0. .IP "-X, --request " (HTTP) Specifies a custom request method to use when communicating with the HTTP server. The specified request method will be used instead of the method @@ -1867,6 +1952,8 @@ The provided address set by this option will be used even if \fI-4, --ipv4\fP or \fI-6, --ipv6\fP is set to make curl use another IP version. +Support for providing the IP address within [brackets] was added in 7.57.0. + This option can be used many times to add many host names to resolve. Added in 7.21.3. @@ -2201,7 +2288,8 @@ (TLS) Forces curl to use TLS version 1.3 when connecting to a remote TLS server. Note that TLS 1.3 is only supported by a subset of TLS backends. At the time -of writing this, those are BoringSSL and NSS only. +of this writing, they are BoringSSL, NSS, and Secure Transport (on iOS 11 or +later, and macOS 10.13 or later). Added in 7.52.0. .IP "-1, --tlsv1" diff -Nru curl-7.55.1/docs/curl-config.1 curl-7.57.0/docs/curl-config.1 --- curl-7.55.1/docs/curl-config.1 2017-08-14 06:05:07.000000000 +0000 +++ curl-7.57.0/docs/curl-config.1 2017-11-29 09:29:11.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH curl-config 1 "February 03, 2016" "Curl 7.55.1" "curl-config manual" +.TH curl-config 1 "February 03, 2016" "Curl 7.57.0" "curl-config manual" .SH NAME curl-config \- Get information about a libcurl installation diff -Nru curl-7.55.1/docs/examples/10-at-a-time.c curl-7.57.0/docs/examples/10-at-a-time.c --- curl-7.55.1/docs/examples/10-at-a-time.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/10-at-a-time.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -114,7 +114,7 @@ CURLM *cm; CURLMsg *msg; long L; - unsigned int C=0; + unsigned int C = 0; int M, Q, U = -1; fd_set R, W, E; struct timeval T; @@ -162,9 +162,9 @@ T.tv_sec = L/1000; T.tv_usec = (L%1000)*1000; - if(0 > select(M+1, &R, &W, &E, &T)) { + if(0 > select(M + 1, &R, &W, &E, &T)) { fprintf(stderr, "E: select(%i,,,,%li): %i: %s\n", - M+1, L, errno, strerror(errno)); + M + 1, L, errno, strerror(errno)); return EXIT_FAILURE; } } diff -Nru curl-7.55.1/docs/examples/anyauthput.c curl-7.57.0/docs/examples/anyauthput.c --- curl-7.55.1/docs/examples/anyauthput.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/anyauthput.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -106,7 +106,7 @@ if(argc < 3) return 1; - file= argv[1]; + file = argv[1]; url = argv[2]; /* get the file size of the local file */ diff -Nru curl-7.55.1/docs/examples/cacertinmem.c curl-7.57.0/docs/examples/cacertinmem.c --- curl-7.55.1/docs/examples/cacertinmem.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/cacertinmem.c 2017-11-09 22:40:36.000000000 +0000 @@ -37,7 +37,7 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) { X509_STORE *store; - X509 *cert=NULL; + X509 *cert = NULL; BIO *bio; char *mypem = /* www.cacert.org */ "-----BEGIN CERTIFICATE-----\n"\ @@ -82,7 +82,7 @@ "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"\ "-----END CERTIFICATE-----\n"; /* get a BIO */ - bio=BIO_new_mem_buf(mypem, -1); + bio = BIO_new_mem_buf(mypem, -1); /* use it to read the PEM formatted certificate from memory into an X509 * structure that SSL can use */ @@ -91,10 +91,10 @@ printf("PEM_read_bio_X509 failed...\n"); /* get a pointer to the X509 certificate store (which may be empty!) */ - store=SSL_CTX_get_cert_store((SSL_CTX *)sslctx); + store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx); /* add our certificate to this store */ - if(X509_STORE_add_cert(store, cert)==0) + if(X509_STORE_add_cert(store, cert) == 0) printf("error adding certificate\n"); /* decrease reference counts */ @@ -110,24 +110,24 @@ CURL *ch; CURLcode rv; - rv=curl_global_init(CURL_GLOBAL_ALL); - ch=curl_easy_init(); - rv=curl_easy_setopt(ch, CURLOPT_VERBOSE, 0L); - rv=curl_easy_setopt(ch, CURLOPT_HEADER, 0L); - rv=curl_easy_setopt(ch, CURLOPT_NOPROGRESS, 1L); - rv=curl_easy_setopt(ch, CURLOPT_NOSIGNAL, 1L); - rv=curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, *writefunction); - rv=curl_easy_setopt(ch, CURLOPT_WRITEDATA, stdout); - rv=curl_easy_setopt(ch, CURLOPT_HEADERFUNCTION, *writefunction); - rv=curl_easy_setopt(ch, CURLOPT_HEADERDATA, stderr); - rv=curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); - rv=curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L); - rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/"); + rv = curl_global_init(CURL_GLOBAL_ALL); + ch = curl_easy_init(); + rv = curl_easy_setopt(ch, CURLOPT_VERBOSE, 0L); + rv = curl_easy_setopt(ch, CURLOPT_HEADER, 0L); + rv = curl_easy_setopt(ch, CURLOPT_NOPROGRESS, 1L); + rv = curl_easy_setopt(ch, CURLOPT_NOSIGNAL, 1L); + rv = curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, *writefunction); + rv = curl_easy_setopt(ch, CURLOPT_WRITEDATA, stdout); + rv = curl_easy_setopt(ch, CURLOPT_HEADERFUNCTION, *writefunction); + rv = curl_easy_setopt(ch, CURLOPT_HEADERDATA, stderr); + rv = curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); + rv = curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L); + rv = curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/"); /* first try: retrieve page without cacerts' certificate -> will fail */ - rv=curl_easy_perform(ch); - if(rv==CURLE_OK) + rv = curl_easy_perform(ch); + if(rv == CURLE_OK) printf("*** transfer succeeded ***\n"); else printf("*** transfer failed ***\n"); @@ -136,9 +136,9 @@ * load the certificate by installing a function doing the necessary * "modifications" to the SSL CONTEXT just before link init */ - rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); - rv=curl_easy_perform(ch); - if(rv==CURLE_OK) + rv = curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); + rv = curl_easy_perform(ch); + if(rv == CURLE_OK) printf("*** transfer succeeded ***\n"); else printf("*** transfer failed ***\n"); diff -Nru curl-7.55.1/docs/examples/chkspeed.c curl-7.57.0/docs/examples/chkspeed.c --- curl-7.55.1/docs/examples/chkspeed.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/chkspeed.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -93,7 +93,7 @@ prttime = 1; } else if(strncasecmp(*argv, "-M=", 3) == 0) { - long m = strtol((*argv)+3, NULL, 10); + long m = strtol((*argv) + 3, NULL, 10); switch(m) { case 1: url = URL_1M; diff -Nru curl-7.55.1/docs/examples/curlx.c curl-7.57.0/docs/examples/curlx.c --- curl-7.55.1/docs/examples/curlx.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/curlx.c 2017-11-26 13:19:01.000000000 +0000 @@ -195,7 +195,8 @@ if(p->verbose > 2) BIO_printf(p->errorbio, "entering ssl_app_verify_callback\n"); - if((ok= X509_verify_cert(ctx)) && ctx->cert) { + ok = X509_verify_cert(ctx); + if(ok && ctx->cert) { unsigned char *accessinfo; if(p->verbose > 1) X509_print_ex(p->errorbio, ctx->cert, 0, 0); @@ -268,16 +269,16 @@ int main(int argc, char **argv) { - BIO* in=NULL; - BIO* out=NULL; + BIO* in = NULL; + BIO* out = NULL; char *outfile = NULL; char *infile = NULL; - int tabLength=100; + int tabLength = 100; char *binaryptr; char *mimetype; - char *mimetypeaccept=NULL; + char *mimetypeaccept = NULL; char *contenttype; const char **pp; unsigned char *hostporturl = NULL; @@ -288,8 +289,8 @@ char *response; CURLcode res; - struct curl_slist *headers=NULL; - int badarg=0; + struct curl_slist *headers = NULL; + int badarg = 0; binaryptr = malloc(tabLength); @@ -307,75 +308,75 @@ while(*args && *args[0] == '-') { if(!strcmp (*args, "-in")) { if(args[1]) { - infile=*(++args); + infile = *(++args); } else - badarg=1; + badarg = 1; } else if(!strcmp (*args, "-out")) { if(args[1]) { - outfile=*(++args); + outfile = *(++args); } else - badarg=1; + badarg = 1; } else if(!strcmp (*args, "-p12")) { if(args[1]) { p.p12file = *(++args); } else - badarg=1; + badarg = 1; } else if(strcmp(*args, "-envpass") == 0) { if(args[1]) { p.pst = getenv(*(++args)); } else - badarg=1; + badarg = 1; } else if(strcmp(*args, "-connect") == 0) { if(args[1]) { hostporturl = *(++args); } else - badarg=1; + badarg = 1; } else if(strcmp(*args, "-mimetype") == 0) { if(args[1]) { mimetype = *(++args); } else - badarg=1; + badarg = 1; } else if(strcmp(*args, "-acceptmime") == 0) { if(args[1]) { mimetypeaccept = *(++args); } else - badarg=1; + badarg = 1; } else if(strcmp(*args, "-accesstype") == 0) { if(args[1]) { p.accesstype = OBJ_obj2nid(OBJ_txt2obj(*++args, 0)); if(p.accesstype == 0) - badarg=1; + badarg = 1; } else - badarg=1; + badarg = 1; } else if(strcmp(*args, "-verbose") == 0) { p.verbose++; } else - badarg=1; + badarg = 1; args++; } - if(mimetype==NULL || mimetypeaccept == NULL) + if(mimetype == NULL || mimetypeaccept == NULL) badarg = 1; if(badarg) { - for(pp=curlx_usage; (*pp != NULL); pp++) + for(pp = curlx_usage; (*pp != NULL); pp++) BIO_printf(p.errorbio, "%s\n", *pp); BIO_printf(p.errorbio, "\n"); goto err; @@ -383,7 +384,8 @@ /* set input */ - if((in=BIO_new(BIO_s_file())) == NULL) { + in = BIO_new(BIO_s_file()); + if(in == NULL) { BIO_printf(p.errorbio, "Error setting input bio\n"); goto err; } @@ -397,7 +399,8 @@ /* set output */ - if((out=BIO_new(BIO_s_file())) == NULL) { + out = BIO_new(BIO_s_file()); + if(out == NULL) { BIO_printf(p.errorbio, "Error setting output bio.\n"); goto err; } @@ -429,7 +432,7 @@ goto err; } - p.ca= NULL; + p.ca = NULL; if(!(PKCS12_parse (p.p12, p.pst, &(p.pkey), &(p.usercert), &(p.ca) ) )) { BIO_printf(p.errorbio, "Invalid P12 structure in %s\n", p.p12file); goto err; @@ -454,10 +457,10 @@ given access type */ serverurl = my_get_ext(p.usercert, p.accesstype, NID_info_access); if(!serverurl) { - int j=0; + int j = 0; BIO_printf(p.errorbio, "no service URL in user cert " "cherching in others certificats\n"); - for(j=0; j0) { - i+=lu; - if(i== tabLength) { - tabLength+=100; - binaryptr=realloc(binaryptr, tabLength); /* should be more careful */ + i += lu; + if(i == tabLength) { + tabLength += 100; + binaryptr = realloc(binaryptr, tabLength); /* should be more careful */ } } tabLength = i; @@ -533,8 +536,8 @@ BIO_printf(p.errorbio, "%d %s %d\n", __LINE__, "curl_easy_perform", res = curl_easy_perform(p.curl)); { - int result =curl_easy_getinfo(p.curl, CURLINFO_CONTENT_TYPE, &response); - if(mimetypeaccept && p.verbose) + int result = curl_easy_getinfo(p.curl, CURLINFO_CONTENT_TYPE, &response); + if(mimetypeaccept && p.verbose) { if(!strcmp(mimetypeaccept, response)) BIO_printf(p.errorbio, "the response has a correct mimetype : %s\n", response); @@ -542,6 +545,7 @@ BIO_printf(p.errorbio, "the response doesn\'t have an acceptable " "mime type, it is %s instead of %s\n", response, mimetypeaccept); + } } /*** code d'erreur si accept mime ***, egalement code return HTTP != 200 ***/ diff -Nru curl-7.55.1/docs/examples/debug.c curl-7.57.0/docs/examples/debug.c --- curl-7.55.1/docs/examples/debug.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/debug.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -38,7 +38,7 @@ size_t i; size_t c; - unsigned int width=0x10; + unsigned int width = 0x10; if(nohex) /* without the hex output, we can fit more on screen */ @@ -47,30 +47,32 @@ fprintf(stream, "%s, %10.10ld bytes (0x%8.8lx)\n", text, (long)size, (long)size); - for(i=0; i=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.'); + (ptr[i + c] >= 0x20) && (ptr[i + c]<0x80)?ptr[i + c]:'.'); /* check again for 0D0A, to avoid an extra \n if it's at width */ - if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) { - i+=(c+3-width); + if(nohex && (i + c + 2 < size) && ptr[i + c + 1] == 0x0D && + ptr[i + c + 2] == 0x0A) { + i += (c + 3 - width); break; } } diff -Nru curl-7.55.1/docs/examples/evhiperfifo.c curl-7.57.0/docs/examples/evhiperfifo.c --- curl-7.55.1/docs/examples/evhiperfifo.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/evhiperfifo.c 2017-11-09 22:40:36.000000000 +0000 @@ -136,28 +136,28 @@ const char *s; switch(code) { case CURLM_BAD_HANDLE: - s="CURLM_BAD_HANDLE"; + s = "CURLM_BAD_HANDLE"; break; case CURLM_BAD_EASY_HANDLE: - s="CURLM_BAD_EASY_HANDLE"; + s = "CURLM_BAD_EASY_HANDLE"; break; case CURLM_OUT_OF_MEMORY: - s="CURLM_OUT_OF_MEMORY"; + s = "CURLM_OUT_OF_MEMORY"; break; case CURLM_INTERNAL_ERROR: - s="CURLM_INTERNAL_ERROR"; + s = "CURLM_INTERNAL_ERROR"; break; case CURLM_UNKNOWN_OPTION: - s="CURLM_UNKNOWN_OPTION"; + s = "CURLM_UNKNOWN_OPTION"; break; case CURLM_LAST: - s="CURLM_LAST"; + s = "CURLM_LAST"; break; default: - s="CURLM_unknown"; + s = "CURLM_unknown"; break; case CURLM_BAD_SOCKET: - s="CURLM_BAD_SOCKET"; + s = "CURLM_BAD_SOCKET"; fprintf(MSG_OUT, "ERROR: %s returns %s\n", where, s); /* ignore this error */ return; @@ -257,7 +257,7 @@ ev_io_stop(g->loop, &f->ev); ev_io_init(&f->ev, event_cb, f->sockfd, kind); f->ev.data = g; - f->evset=1; + f->evset = 1; ev_io_start(g->loop, &f->ev); } @@ -371,13 +371,13 @@ static void fifo_cb(EV_P_ struct ev_io *w, int revents) { char s[1024]; - long int rv=0; - int n=0; + long int rv = 0; + int n = 0; GlobalInfo *g = (GlobalInfo *)w->data; do { s[0]='\0'; - rv=fscanf(g->input, "%1023s%n", s, &n); + rv = fscanf(g->input, "%1023s%n", s, &n); s[n]='\0'; if(n && s[0]) { new_conn(s, g); /* if we read a URL, go get it! */ diff -Nru curl-7.55.1/docs/examples/fopen.c curl-7.57.0/docs/examples/fopen.c --- curl-7.55.1/docs/examples/fopen.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/fopen.c 2017-11-09 22:40:36.000000000 +0000 @@ -13,7 +13,7 @@ * See the main() function at the bottom that shows an app that retrieves from * a specified url using fgets() and fread() and saves as two output files. * - * Copyright (c) 2003 Simtec Electronics + * Copyright (c) 2003, 2017 Simtec Electronics * * Re-implemented by Vincent Sanders with extensive * reference to original curl example code @@ -58,9 +58,9 @@ #include enum fcurl_type_e { - CFTYPE_NONE=0, - CFTYPE_FILE=1, - CFTYPE_CURL=2 + CFTYPE_NONE = 0, + CFTYPE_FILE = 1, + CFTYPE_CURL = 2 }; struct fcurl_data @@ -102,19 +102,19 @@ URL_FILE *url = (URL_FILE *)userp; size *= nitems; - rembuff=url->buffer_len - url->buffer_pos; /* remaining space in buffer */ + rembuff = url->buffer_len - url->buffer_pos; /* remaining space in buffer */ if(size > rembuff) { /* not enough space in buffer */ - newbuff=realloc(url->buffer, url->buffer_len + (size - rembuff)); - if(newbuff==NULL) { + newbuff = realloc(url->buffer, url->buffer_len + (size - rembuff)); + if(newbuff == NULL) { fprintf(stderr, "callback buffer grow failed\n"); - size=rembuff; + size = rembuff; } else { /* realloc succeeded increase buffer size*/ - url->buffer_len+=size - rembuff; - url->buffer=newbuff; + url->buffer_len += size - rembuff; + url->buffer = newbuff; } } @@ -189,7 +189,7 @@ else { /* Note that on some platforms 'timeout' may be modified by select(). If you need access to the original value save a copy beforehand. */ - rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout); + rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout); } switch(rc) { @@ -211,12 +211,12 @@ static int use_buffer(URL_FILE *file, size_t want) { /* sort out buffer */ - if((file->buffer_pos - want) <=0) { + if((file->buffer_pos - want) <= 0) { /* ditch buffer - write will recreate */ free(file->buffer); - file->buffer=NULL; - file->buffer_pos=0; - file->buffer_len=0; + file->buffer = NULL; + file->buffer_pos = 0; + file->buffer_len = 0; } else { /* move rest down make it available for later */ @@ -243,7 +243,8 @@ memset(file, 0, sizeof(URL_FILE)); - if((file->handle.file=fopen(url, operation))) + file->handle.file = fopen(url, operation); + if(file->handle.file) file->type = CFTYPE_FILE; /* marked as URL */ else { @@ -282,11 +283,11 @@ int url_fclose(URL_FILE *file) { - int ret=0;/* default is good return */ + int ret = 0;/* default is good return */ switch(file->type) { case CFTYPE_FILE: - ret=fclose(file->handle.file); /* passthrough */ + ret = fclose(file->handle.file); /* passthrough */ break; case CFTYPE_CURL: @@ -298,8 +299,8 @@ break; default: /* unknown or supported type - oh dear */ - ret=EOF; - errno=EBADF; + ret = EOF; + errno = EBADF; break; } @@ -311,11 +312,11 @@ int url_feof(URL_FILE *file) { - int ret=0; + int ret = 0; switch(file->type) { case CFTYPE_FILE: - ret=feof(file->handle.file); + ret = feof(file->handle.file); break; case CFTYPE_CURL: @@ -324,8 +325,8 @@ break; default: /* unknown or supported type - oh dear */ - ret=-1; - errno=EBADF; + ret = -1; + errno = EBADF; break; } return ret; @@ -337,7 +338,7 @@ switch(file->type) { case CFTYPE_FILE: - want=fread(ptr, size, nmemb, file->handle.file); + want = fread(ptr, size, nmemb, file->handle.file); break; case CFTYPE_CURL: @@ -363,8 +364,8 @@ break; default: /* unknown or supported type - oh dear */ - want=0; - errno=EBADF; + want = 0; + errno = EBADF; break; } @@ -395,24 +396,24 @@ /*buffer contains data */ /* look for newline or eof */ - for(loop=0;loop < want;loop++) { + for(loop = 0; loop < want; loop++) { if(file->buffer[loop] == '\n') { - want=loop+1;/* include newline */ + want = loop + 1;/* include newline */ break; } } /* xfer data to caller */ memcpy(ptr, file->buffer, want); - ptr[want]=0;/* always null terminate */ + ptr[want] = 0;/* always null terminate */ use_buffer(file, want); break; default: /* unknown or supported type - oh dear */ - ptr=NULL; - errno=EBADF; + ptr = NULL; + errno = EBADF; break; } @@ -435,9 +436,9 @@ /* ditch buffer - write will recreate - resets stream pos*/ free(file->buffer); - file->buffer=NULL; - file->buffer_pos=0; - file->buffer_len=0; + file->buffer = NULL; + file->buffer_pos = 0; + file->buffer_len = 0; break; @@ -463,12 +464,12 @@ const char *url; if(argc < 2) - url="http://192.168.7.3/testfile";/* default to testurl */ + url = "http://192.168.7.3/testfile";/* default to testurl */ else - url=argv[1];/* use passed url */ + url = argv[1];/* use passed url */ /* copy from url line by line with fgets */ - outf=fopen(FGETSFILE, "wb+"); + outf = fopen(FGETSFILE, "wb+"); if(!outf) { perror("couldn't open fgets output file\n"); return 1; @@ -492,7 +493,7 @@ /* Copy from url with fread */ - outf=fopen(FREADFILE, "wb+"); + outf = fopen(FREADFILE, "wb+"); if(!outf) { perror("couldn't open fread output file\n"); return 1; @@ -516,7 +517,7 @@ /* Test rewind */ - outf=fopen(REWINDFILE, "wb+"); + outf = fopen(REWINDFILE, "wb+"); if(!outf) { perror("couldn't open fread output file\n"); return 1; diff -Nru curl-7.55.1/docs/examples/ftpget.c curl-7.57.0/docs/examples/ftpget.c --- curl-7.55.1/docs/examples/ftpget.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/ftpget.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -35,10 +35,10 @@ static size_t my_fwrite(void *buffer, size_t size, size_t nmemb, void *stream) { - struct FtpFile *out=(struct FtpFile *)stream; + struct FtpFile *out = (struct FtpFile *)stream; if(out && !out->stream) { /* open file for writing */ - out->stream=fopen(out->filename, "wb"); + out->stream = fopen(out->filename, "wb"); if(!out->stream) return -1; /* failure, can't open file to write */ } @@ -50,7 +50,7 @@ { CURL *curl; CURLcode res; - struct FtpFile ftpfile={ + struct FtpFile ftpfile = { "curl.tar.gz", /* name to store the file as if successful */ NULL }; diff -Nru curl-7.55.1/docs/examples/ftpsget.c curl-7.57.0/docs/examples/ftpsget.c --- curl-7.55.1/docs/examples/ftpsget.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/ftpsget.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2015, 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -37,10 +37,10 @@ static size_t my_fwrite(void *buffer, size_t size, size_t nmemb, void *stream) { - struct FtpFile *out=(struct FtpFile *)stream; + struct FtpFile *out = (struct FtpFile *)stream; if(out && !out->stream) { /* open file for writing */ - out->stream=fopen(out->filename, "wb"); + out->stream = fopen(out->filename, "wb"); if(!out->stream) return -1; /* failure, can't open file to write */ } @@ -52,7 +52,7 @@ { CURL *curl; CURLcode res; - struct FtpFile ftpfile={ + struct FtpFile ftpfile = { "yourfile.bin", /* name to store the file as if successful */ NULL }; diff -Nru curl-7.55.1/docs/examples/ftpupload.c curl-7.57.0/docs/examples/ftpupload.c --- curl-7.55.1/docs/examples/ftpupload.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/ftpupload.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -71,7 +71,7 @@ struct stat file_info; curl_off_t fsize; - struct curl_slist *headerlist=NULL; + struct curl_slist *headerlist = NULL; static const char buf_1 [] = "RNFR " UPLOAD_FILE_AS; static const char buf_2 [] = "RNTO " RENAME_FILE_TO; diff -Nru curl-7.55.1/docs/examples/ftpuploadresume.c curl-7.57.0/docs/examples/ftpuploadresume.c --- curl-7.55.1/docs/examples/ftpuploadresume.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/ftpuploadresume.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,44 +26,32 @@ #include #include - #include -#if defined(_MSC_VER) && (_MSC_VER < 1300) -# error _snscanf requires MSVC 7.0 or later. -#endif - -/* The MinGW headers are missing a few Win32 function definitions, - you shouldn't need this if you use VC++ */ -#if defined(__MINGW32__) && !defined(__MINGW64__) -int __cdecl _snscanf(const char *input, size_t length, - const char *format, ...); -#endif - - /* parse headers for Content-Length */ -size_t getcontentlengthfunc(void *ptr, size_t size, size_t nmemb, void *stream) +static size_t getcontentlengthfunc(void *ptr, size_t size, size_t nmemb, + void *stream) { int r; long len = 0; - /* _snscanf() is Win32 specific */ - r = _snscanf(ptr, size * nmemb, "Content-Length: %ld\n", &len); - - if(r) /* Microsoft: we don't read the specs */ + r = sscanf(ptr, "Content-Length: %ld\n", &len); + if(r) *((long *) stream) = len; return size * nmemb; } /* discard downloaded data */ -size_t discardfunc(void *ptr, size_t size, size_t nmemb, void *stream) +static size_t discardfunc(void *ptr, size_t size, size_t nmemb, void *stream) { + (void)ptr; + (void)stream; return size * nmemb; } /* read data to upload */ -size_t readfunc(void *ptr, size_t size, size_t nmemb, void *stream) +static size_t readfunc(void *ptr, size_t size, size_t nmemb, void *stream) { FILE *f = stream; size_t n; @@ -77,8 +65,8 @@ } -int upload(CURL *curlhandle, const char *remotepath, const char *localpath, - long timeout, long tries) +static int upload(CURL *curlhandle, const char *remotepath, + const char *localpath, long timeout, long tries) { FILE *f; long uploaded_len = 0; @@ -156,7 +144,7 @@ } } -int main(int c, char **argv) +int main(void) { CURL *curlhandle = NULL; diff -Nru curl-7.55.1/docs/examples/ghiper.c curl-7.57.0/docs/examples/ghiper.c --- curl-7.55.1/docs/examples/ghiper.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/ghiper.c 2017-11-09 22:40:36.000000000 +0000 @@ -99,14 +99,14 @@ if(CURLM_OK != code) { const char *s; switch(code) { - case CURLM_BAD_HANDLE: s="CURLM_BAD_HANDLE"; break; - case CURLM_BAD_EASY_HANDLE: s="CURLM_BAD_EASY_HANDLE"; break; - case CURLM_OUT_OF_MEMORY: s="CURLM_OUT_OF_MEMORY"; break; - case CURLM_INTERNAL_ERROR: s="CURLM_INTERNAL_ERROR"; break; - case CURLM_BAD_SOCKET: s="CURLM_BAD_SOCKET"; break; - case CURLM_UNKNOWN_OPTION: s="CURLM_UNKNOWN_OPTION"; break; - case CURLM_LAST: s="CURLM_LAST"; break; - default: s="CURLM_unknown"; + case CURLM_BAD_HANDLE: s = "CURLM_BAD_HANDLE"; break; + case CURLM_BAD_EASY_HANDLE: s = "CURLM_BAD_EASY_HANDLE"; break; + case CURLM_OUT_OF_MEMORY: s = "CURLM_OUT_OF_MEMORY"; break; + case CURLM_INTERNAL_ERROR: s = "CURLM_INTERNAL_ERROR"; break; + case CURLM_BAD_SOCKET: s = "CURLM_BAD_SOCKET"; break; + case CURLM_UNKNOWN_OPTION: s = "CURLM_UNKNOWN_OPTION"; break; + case CURLM_LAST: s = "CURLM_LAST"; break; + default: s = "CURLM_unknown"; } MSG_OUT("ERROR: %s returns %s\n", where, s); exit(code); @@ -156,7 +156,7 @@ static int update_timeout_cb(CURLM *multi, long timeout_ms, void *userp) { struct timeval timeout; - GlobalInfo *g=(GlobalInfo *)userp; + GlobalInfo *g = (GlobalInfo *)userp; timeout.tv_sec = timeout_ms/1000; timeout.tv_usec = (timeout_ms%1000)*1000; @@ -181,7 +181,7 @@ { GlobalInfo *g = (GlobalInfo*) data; CURLMcode rc; - int fd=g_io_channel_unix_get_fd(ch); + int fd = g_io_channel_unix_get_fd(ch); int action = (condition & G_IO_IN ? CURL_CSELECT_IN : 0) | @@ -228,7 +228,7 @@ if(f->ev) { g_source_remove(f->ev); } - f->ev=g_io_add_watch(f->ch, kind, event_cb, g); + f->ev = g_io_add_watch(f->ch, kind, event_cb, g); } /* Initialize a new SockInfo structure */ @@ -237,7 +237,7 @@ SockInfo *fdp = g_malloc0(sizeof(SockInfo)); fdp->global = g; - fdp->ch=g_io_channel_unix_new(s); + fdp->ch = g_io_channel_unix_new(s); setsock(fdp, s, easy, action, g); curl_multi_assign(g->multi, s, fdp); } @@ -319,7 +319,7 @@ curl_easy_setopt(conn->easy, CURLOPT_LOW_SPEED_TIME, 30L); MSG_OUT("Adding easy %p to multi %p (%s)\n", conn->easy, g->multi, url); - rc =curl_multi_add_handle(g->multi, conn->easy); + rc = curl_multi_add_handle(g->multi, conn->easy); mcode_or_die("new_conn: curl_multi_add_handle", rc); /* note that the add_handle() will set a time-out to trigger very soon so @@ -331,11 +331,11 @@ { #define BUF_SIZE 1024 gsize len, tp; - gchar *buf, *tmp, *all=NULL; + gchar *buf, *tmp, *all = NULL; GIOStatus rv; do { - GError *err=NULL; + GError *err = NULL; rv = g_io_channel_read_line(ch, &buf, &len, &tp, &err); if(buf) { if(tp) { @@ -345,15 +345,15 @@ g_free(buf); } else { - buf = g_malloc(BUF_SIZE+1); + buf = g_malloc(BUF_SIZE + 1); while(TRUE) { buf[BUF_SIZE]='\0'; g_io_channel_read_chars(ch, buf, BUF_SIZE, &len, &err); if(len) { buf[len]='\0'; if(all) { - tmp=all; - all=g_strdup_printf("%s%s", tmp, buf); + tmp = all; + all = g_strdup_printf("%s%s", tmp, buf); g_free(tmp); } else { @@ -417,12 +417,12 @@ GMainLoop*gmain; int fd; GIOChannel* ch; - g=g_malloc0(sizeof(GlobalInfo)); + g = g_malloc0(sizeof(GlobalInfo)); - fd=init_fifo(); - ch=g_io_channel_unix_new(fd); + fd = init_fifo(); + ch = g_io_channel_unix_new(fd); g_io_add_watch(ch, G_IO_IN, fifo_cb, g); - gmain=g_main_loop_new(NULL, FALSE); + gmain = g_main_loop_new(NULL, FALSE); g->multi = curl_multi_init(); curl_multi_setopt(g->multi, CURLMOPT_SOCKETFUNCTION, sock_cb); curl_multi_setopt(g->multi, CURLMOPT_SOCKETDATA, g); diff -Nru curl-7.55.1/docs/examples/hiperfifo.c curl-7.57.0/docs/examples/hiperfifo.c --- curl-7.55.1/docs/examples/hiperfifo.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/hiperfifo.c 2017-11-09 22:40:36.000000000 +0000 @@ -137,15 +137,15 @@ if(CURLM_OK != code) { const char *s; switch(code) { - case CURLM_BAD_HANDLE: s="CURLM_BAD_HANDLE"; break; - case CURLM_BAD_EASY_HANDLE: s="CURLM_BAD_EASY_HANDLE"; break; - case CURLM_OUT_OF_MEMORY: s="CURLM_OUT_OF_MEMORY"; break; - case CURLM_INTERNAL_ERROR: s="CURLM_INTERNAL_ERROR"; break; - case CURLM_UNKNOWN_OPTION: s="CURLM_UNKNOWN_OPTION"; break; - case CURLM_LAST: s="CURLM_LAST"; break; - default: s="CURLM_unknown"; + case CURLM_BAD_HANDLE: s = "CURLM_BAD_HANDLE"; break; + case CURLM_BAD_EASY_HANDLE: s = "CURLM_BAD_EASY_HANDLE"; break; + case CURLM_OUT_OF_MEMORY: s = "CURLM_OUT_OF_MEMORY"; break; + case CURLM_INTERNAL_ERROR: s = "CURLM_INTERNAL_ERROR"; break; + case CURLM_UNKNOWN_OPTION: s = "CURLM_UNKNOWN_OPTION"; break; + case CURLM_LAST: s = "CURLM_LAST"; break; + default: s = "CURLM_unknown"; break; - case CURLM_BAD_SOCKET: s="CURLM_BAD_SOCKET"; + case CURLM_BAD_SOCKET: s = "CURLM_BAD_SOCKET"; fprintf(MSG_OUT, "ERROR: %s returns %s\n", where, s); /* ignore this error */ return; @@ -359,15 +359,15 @@ static void fifo_cb(int fd, short event, void *arg) { char s[1024]; - long int rv=0; - int n=0; + long int rv = 0; + int n = 0; GlobalInfo *g = (GlobalInfo *)arg; (void)fd; /* unused */ (void)event; /* unused */ do { s[0]='\0'; - rv=fscanf(g->input, "%1023s%n", s, &n); + rv = fscanf(g->input, "%1023s%n", s, &n); s[n]='\0'; if(n && s[0]) { new_conn(s, arg); /* if we read a URL, go get it! */ diff -Nru curl-7.55.1/docs/examples/htmltidy.c curl-7.57.0/docs/examples/htmltidy.c --- curl-7.55.1/docs/examples/htmltidy.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/htmltidy.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -52,7 +52,7 @@ TidyAttr attr; printf("%*.*s%s ", indent, indent, "<", name); /* walk the attribute list */ - for(attr=tidyAttrFirst(child); attr; attr=tidyAttrNext(attr) ) { + for(attr = tidyAttrFirst(child); attr; attr = tidyAttrNext(attr) ) { printf(tidyAttrName(attr)); tidyAttrValue(attr)?printf("=\"%s\" ", tidyAttrValue(attr)):printf(" "); @@ -95,7 +95,7 @@ tidyBufInit(&docbuf); curl_easy_setopt(curl, CURLOPT_WRITEDATA, &docbuf); - err=curl_easy_perform(curl); + err = curl_easy_perform(curl); if(!err) { err = tidyParseBuffer(tdoc, &docbuf); /* parse the input */ if(err >= 0) { diff -Nru curl-7.55.1/docs/examples/http2-download.c curl-7.57.0/docs/examples/http2-download.c --- curl-7.55.1/docs/examples/http2-download.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/http2-download.c 2017-11-09 22:40:36.000000000 +0000 @@ -51,7 +51,7 @@ static int hnd2num(CURL *hnd) { int i; - for(i=0; i< num_transfers; i++) { + for(i = 0; i< num_transfers; i++) { if(curl_hnd[i] == hnd) return i; } @@ -65,7 +65,7 @@ size_t i; size_t c; - unsigned int width=0x10; + unsigned int width = 0x10; if(nohex) /* without the hex output, we can fit more on screen */ @@ -74,30 +74,32 @@ fprintf(stderr, "%d %s, %ld bytes (0x%lx)\n", num, text, (long)size, (long)size); - for(i=0; i=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.'); + (ptr[i + c] >= 0x20) && (ptr[i + c]<0x80)?ptr[i + c]:'.'); /* check again for 0D0A, to avoid an extra \n if it's at width */ - if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) { - i+=(c+3-width); + if(nohex && (i + c + 2 < size) && ptr[i + c + 1] == 0x0D && + ptr[i + c + 2] == 0x0A) { + i += (c + 3 - width); break; } } @@ -199,7 +201,7 @@ /* init a multi stack */ multi_handle = curl_multi_init(); - for(i=0; i=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.'); + (ptr[i + c] >= 0x20) && (ptr[i + c]<0x80)?ptr[i + c]:'.'); /* check again for 0D0A, to avoid an extra \n if it's at width */ - if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) { - i+=(c+3-width); + if(nohex && (i + c + 2 < size) && ptr[i + c + 1] == 0x0D && + ptr[i + c + 2] == 0x0A) { + i += (c + 3 - width); break; } } @@ -181,7 +183,7 @@ fprintf(stderr, "**** push callback approves stream %u, got %d headers!\n", count, (int)num_headers); - for(i=0; i=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.'); + (ptr[i + c] >= 0x20) && (ptr[i + c]<0x80)?ptr[i + c]:'.'); /* check again for 0D0A, to avoid an extra \n if it's at width */ - if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) { - i+=(c+3-width); + if(nohex && (i + c + 2 < size) && ptr[i + c + 1] == 0x0D && + ptr[i + c + 2] == 0x0A) { + i += (c + 3 - width); break; } } @@ -260,7 +262,7 @@ /* init a multi stack */ multi_handle = curl_multi_init(); - for(i=0; i, et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -69,7 +69,7 @@ if(argc < 3) return 1; - file= argv[1]; + file = argv[1]; url = argv[2]; /* get the file size of the local file */ diff -Nru curl-7.55.1/docs/examples/imap-multi.c curl-7.57.0/docs/examples/imap-multi.c --- curl-7.55.1/docs/examples/imap-multi.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/imap-multi.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -144,7 +144,7 @@ else { /* Note that on some platforms 'timeout' may be modified by select(). If you need access to the original value save a copy beforehand. */ - rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout); + rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout); } if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) { diff -Nru curl-7.55.1/docs/examples/Makefile.in curl-7.57.0/docs/examples/Makefile.in --- curl-7.55.1/docs/examples/Makefile.in 2017-08-13 16:22:16.000000000 +0000 +++ curl-7.57.0/docs/examples/Makefile.in 2017-11-28 15:13:57.000000000 +0000 @@ -144,22 +144,24 @@ simple$(EXEEXT) simplepost$(EXEEXT) simplessl$(EXEEXT) \ sendrecv$(EXEEXT) httpcustomheader$(EXEEXT) certinfo$(EXEEXT) \ chkspeed$(EXEEXT) ftpgetinfo$(EXEEXT) ftp-wildcard$(EXEEXT) \ - smtp-mail$(EXEEXT) smtp-multi$(EXEEXT) smtp-ssl$(EXEEXT) \ - smtp-tls$(EXEEXT) smtp-vrfy$(EXEEXT) smtp-expn$(EXEEXT) \ - rtsp$(EXEEXT) externalsocket$(EXEEXT) resolve$(EXEEXT) \ - progressfunc$(EXEEXT) pop3-retr$(EXEEXT) pop3-list$(EXEEXT) \ - pop3-uidl$(EXEEXT) pop3-dele$(EXEEXT) pop3-top$(EXEEXT) \ - pop3-stat$(EXEEXT) pop3-noop$(EXEEXT) pop3-ssl$(EXEEXT) \ - pop3-tls$(EXEEXT) pop3-multi$(EXEEXT) imap-list$(EXEEXT) \ - imap-lsub$(EXEEXT) imap-fetch$(EXEEXT) imap-store$(EXEEXT) \ - imap-append$(EXEEXT) imap-examine$(EXEEXT) \ + smtp-mail$(EXEEXT) smtp-mime$(EXEEXT) smtp-multi$(EXEEXT) \ + smtp-ssl$(EXEEXT) smtp-tls$(EXEEXT) smtp-vrfy$(EXEEXT) \ + smtp-expn$(EXEEXT) rtsp$(EXEEXT) externalsocket$(EXEEXT) \ + resolve$(EXEEXT) progressfunc$(EXEEXT) pop3-retr$(EXEEXT) \ + pop3-list$(EXEEXT) pop3-uidl$(EXEEXT) pop3-dele$(EXEEXT) \ + pop3-top$(EXEEXT) pop3-stat$(EXEEXT) pop3-noop$(EXEEXT) \ + pop3-ssl$(EXEEXT) pop3-tls$(EXEEXT) pop3-multi$(EXEEXT) \ + imap-list$(EXEEXT) imap-lsub$(EXEEXT) imap-fetch$(EXEEXT) \ + imap-store$(EXEEXT) imap-append$(EXEEXT) imap-examine$(EXEEXT) \ imap-search$(EXEEXT) imap-create$(EXEEXT) imap-delete$(EXEEXT) \ imap-copy$(EXEEXT) imap-noop$(EXEEXT) imap-ssl$(EXEEXT) \ imap-tls$(EXEEXT) imap-multi$(EXEEXT) url2file$(EXEEXT) \ sftpget$(EXEEXT) ftpsget$(EXEEXT) postinmemory$(EXEEXT) \ http2-download$(EXEEXT) http2-upload$(EXEEXT) \ http2-serverpush$(EXEEXT) getredirect$(EXEEXT) \ - ftpuploadfrommem$(EXEEXT) + ftpuploadfrommem$(EXEEXT) ftpuploadresume$(EXEEXT) \ + sslbackend$(EXEEXT) postit2-formadd$(EXEEXT) \ + multi-formadd$(EXEEXT) shared-connection-cache$(EXEEXT) subdir = docs/examples ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \ @@ -301,6 +303,13 @@ @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@ftpuploadfrommem_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +ftpuploadresume_SOURCES = ftpuploadresume.c +ftpuploadresume_OBJECTS = ftpuploadresume.$(OBJEXT) +ftpuploadresume_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@ftpuploadresume_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@ftpuploadresume_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la getinfo_SOURCES = getinfo.c getinfo_OBJECTS = getinfo.$(OBJEXT) getinfo_LDADD = $(LDADD) @@ -489,6 +498,13 @@ @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@multi_double_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +multi_formadd_SOURCES = multi-formadd.c +multi_formadd_OBJECTS = multi-formadd.$(OBJEXT) +multi_formadd_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@multi_formadd_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@multi_formadd_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la multi_post_SOURCES = multi-post.c multi_post_OBJECTS = multi-post.$(OBJEXT) multi_post_LDADD = $(LDADD) @@ -601,6 +617,13 @@ @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@postit2_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +postit2_formadd_SOURCES = postit2-formadd.c +postit2_formadd_OBJECTS = postit2-formadd.$(OBJEXT) +postit2_formadd_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@postit2_formadd_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@postit2_formadd_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la progressfunc_SOURCES = progressfunc.c progressfunc_OBJECTS = progressfunc.$(OBJEXT) progressfunc_LDADD = $(LDADD) @@ -641,6 +664,13 @@ @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@sftpget_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +shared_connection_cache_SOURCES = shared-connection-cache.c +shared_connection_cache_OBJECTS = shared-connection-cache.$(OBJEXT) +shared_connection_cache_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@shared_connection_cache_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@shared_connection_cache_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la simple_SOURCES = simple.c simple_OBJECTS = simple.$(OBJEXT) simple_LDADD = $(LDADD) @@ -676,6 +706,13 @@ @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@smtp_mail_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +smtp_mime_SOURCES = smtp-mime.c +smtp_mime_OBJECTS = smtp-mime.$(OBJEXT) +smtp_mime_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@smtp_mime_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@smtp_mime_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la smtp_multi_SOURCES = smtp-multi.c smtp_multi_OBJECTS = smtp-multi.$(OBJEXT) smtp_multi_LDADD = $(LDADD) @@ -704,6 +741,13 @@ @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@smtp_vrfy_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +sslbackend_SOURCES = sslbackend.c +sslbackend_OBJECTS = sslbackend.$(OBJEXT) +sslbackend_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@sslbackend_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@sslbackend_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la url2file_SOURCES = url2file.c url2file_OBJECTS = url2file.$(OBJEXT) url2file_LDADD = $(LDADD) @@ -748,37 +792,41 @@ SOURCES = 10-at-a-time.c anyauthput.c certinfo.c chkspeed.c \ cookie_interface.c debug.c externalsocket.c fileupload.c \ fopen.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c \ - ftpsget.c ftpupload.c ftpuploadfrommem.c getinfo.c \ - getinmemory.c getredirect.c http-post.c http2-download.c \ - http2-serverpush.c http2-upload.c httpcustomheader.c httpput.c \ - https.c imap-append.c imap-copy.c imap-create.c imap-delete.c \ - imap-examine.c imap-fetch.c imap-list.c imap-lsub.c \ - imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c \ - imap-tls.c multi-app.c multi-debugcallback.c multi-double.c \ + ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c \ + getinfo.c getinmemory.c getredirect.c http-post.c \ + http2-download.c http2-serverpush.c http2-upload.c \ + httpcustomheader.c httpput.c https.c imap-append.c imap-copy.c \ + imap-create.c imap-delete.c imap-examine.c imap-fetch.c \ + imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c \ + imap-ssl.c imap-store.c imap-tls.c multi-app.c \ + multi-debugcallback.c multi-double.c multi-formadd.c \ multi-post.c multi-single.c persistant.c pop3-dele.c \ pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c \ pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c \ - postinmemory.c postit2.c progressfunc.c resolve.c rtsp.c \ - sendrecv.c sepheaders.c sftpget.c simple.c simplepost.c \ - simplessl.c smtp-expn.c smtp-mail.c smtp-multi.c smtp-ssl.c \ - smtp-tls.c smtp-vrfy.c url2file.c + postinmemory.c postit2.c postit2-formadd.c progressfunc.c \ + resolve.c rtsp.c sendrecv.c sepheaders.c sftpget.c \ + shared-connection-cache.c simple.c simplepost.c simplessl.c \ + smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c \ + smtp-tls.c smtp-vrfy.c sslbackend.c url2file.c DIST_SOURCES = 10-at-a-time.c anyauthput.c certinfo.c chkspeed.c \ cookie_interface.c debug.c externalsocket.c fileupload.c \ fopen.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c \ - ftpsget.c ftpupload.c ftpuploadfrommem.c getinfo.c \ - getinmemory.c getredirect.c http-post.c http2-download.c \ - http2-serverpush.c http2-upload.c httpcustomheader.c httpput.c \ - https.c imap-append.c imap-copy.c imap-create.c imap-delete.c \ - imap-examine.c imap-fetch.c imap-list.c imap-lsub.c \ - imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c \ - imap-tls.c multi-app.c multi-debugcallback.c multi-double.c \ + ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c \ + getinfo.c getinmemory.c getredirect.c http-post.c \ + http2-download.c http2-serverpush.c http2-upload.c \ + httpcustomheader.c httpput.c https.c imap-append.c imap-copy.c \ + imap-create.c imap-delete.c imap-examine.c imap-fetch.c \ + imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c \ + imap-ssl.c imap-store.c imap-tls.c multi-app.c \ + multi-debugcallback.c multi-double.c multi-formadd.c \ multi-post.c multi-single.c persistant.c pop3-dele.c \ pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c \ pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c \ - postinmemory.c postit2.c progressfunc.c resolve.c rtsp.c \ - sendrecv.c sepheaders.c sftpget.c simple.c simplepost.c \ - simplessl.c smtp-expn.c smtp-mail.c smtp-multi.c smtp-ssl.c \ - smtp-tls.c smtp-vrfy.c url2file.c + postinmemory.c postit2.c postit2-formadd.c progressfunc.c \ + resolve.c rtsp.c sendrecv.c sepheaders.c sftpget.c \ + shared-connection-cache.c simple.c simplepost.c simplessl.c \ + smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c \ + smtp-tls.c smtp-vrfy.c sslbackend.c url2file.c am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -851,7 +899,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -868,6 +918,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -1030,7 +1081,7 @@ # These examples require external dependencies that may not be commonly # available on POSIX systems, so don't bother attempting to compile them here. COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c \ - ftpuploadresume.c ghiper.c hiperfifo.c htmltidy.c multithread.c \ + ghiper.c hiperfifo.c htmltidy.c multithread.c \ opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c \ smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp \ multi-uv.c xmlstream.c usercertinmem.c sessioninfo.c @@ -1143,6 +1194,10 @@ @rm -f ftpuploadfrommem$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ftpuploadfrommem_OBJECTS) $(ftpuploadfrommem_LDADD) $(LIBS) +ftpuploadresume$(EXEEXT): $(ftpuploadresume_OBJECTS) $(ftpuploadresume_DEPENDENCIES) $(EXTRA_ftpuploadresume_DEPENDENCIES) + @rm -f ftpuploadresume$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ftpuploadresume_OBJECTS) $(ftpuploadresume_LDADD) $(LIBS) + getinfo$(EXEEXT): $(getinfo_OBJECTS) $(getinfo_DEPENDENCIES) $(EXTRA_getinfo_DEPENDENCIES) @rm -f getinfo$(EXEEXT) $(AM_V_CCLD)$(LINK) $(getinfo_OBJECTS) $(getinfo_LDADD) $(LIBS) @@ -1251,6 +1306,10 @@ @rm -f multi-double$(EXEEXT) $(AM_V_CCLD)$(LINK) $(multi_double_OBJECTS) $(multi_double_LDADD) $(LIBS) +multi-formadd$(EXEEXT): $(multi_formadd_OBJECTS) $(multi_formadd_DEPENDENCIES) $(EXTRA_multi_formadd_DEPENDENCIES) + @rm -f multi-formadd$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(multi_formadd_OBJECTS) $(multi_formadd_LDADD) $(LIBS) + multi-post$(EXEEXT): $(multi_post_OBJECTS) $(multi_post_DEPENDENCIES) $(EXTRA_multi_post_DEPENDENCIES) @rm -f multi-post$(EXEEXT) $(AM_V_CCLD)$(LINK) $(multi_post_OBJECTS) $(multi_post_LDADD) $(LIBS) @@ -1315,6 +1374,10 @@ @rm -f postit2$(EXEEXT) $(AM_V_CCLD)$(LINK) $(postit2_OBJECTS) $(postit2_LDADD) $(LIBS) +postit2-formadd$(EXEEXT): $(postit2_formadd_OBJECTS) $(postit2_formadd_DEPENDENCIES) $(EXTRA_postit2_formadd_DEPENDENCIES) + @rm -f postit2-formadd$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(postit2_formadd_OBJECTS) $(postit2_formadd_LDADD) $(LIBS) + progressfunc$(EXEEXT): $(progressfunc_OBJECTS) $(progressfunc_DEPENDENCIES) $(EXTRA_progressfunc_DEPENDENCIES) @rm -f progressfunc$(EXEEXT) $(AM_V_CCLD)$(LINK) $(progressfunc_OBJECTS) $(progressfunc_LDADD) $(LIBS) @@ -1339,6 +1402,10 @@ @rm -f sftpget$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sftpget_OBJECTS) $(sftpget_LDADD) $(LIBS) +shared-connection-cache$(EXEEXT): $(shared_connection_cache_OBJECTS) $(shared_connection_cache_DEPENDENCIES) $(EXTRA_shared_connection_cache_DEPENDENCIES) + @rm -f shared-connection-cache$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(shared_connection_cache_OBJECTS) $(shared_connection_cache_LDADD) $(LIBS) + simple$(EXEEXT): $(simple_OBJECTS) $(simple_DEPENDENCIES) $(EXTRA_simple_DEPENDENCIES) @rm -f simple$(EXEEXT) $(AM_V_CCLD)$(LINK) $(simple_OBJECTS) $(simple_LDADD) $(LIBS) @@ -1359,6 +1426,10 @@ @rm -f smtp-mail$(EXEEXT) $(AM_V_CCLD)$(LINK) $(smtp_mail_OBJECTS) $(smtp_mail_LDADD) $(LIBS) +smtp-mime$(EXEEXT): $(smtp_mime_OBJECTS) $(smtp_mime_DEPENDENCIES) $(EXTRA_smtp_mime_DEPENDENCIES) + @rm -f smtp-mime$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(smtp_mime_OBJECTS) $(smtp_mime_LDADD) $(LIBS) + smtp-multi$(EXEEXT): $(smtp_multi_OBJECTS) $(smtp_multi_DEPENDENCIES) $(EXTRA_smtp_multi_DEPENDENCIES) @rm -f smtp-multi$(EXEEXT) $(AM_V_CCLD)$(LINK) $(smtp_multi_OBJECTS) $(smtp_multi_LDADD) $(LIBS) @@ -1375,6 +1446,10 @@ @rm -f smtp-vrfy$(EXEEXT) $(AM_V_CCLD)$(LINK) $(smtp_vrfy_OBJECTS) $(smtp_vrfy_LDADD) $(LIBS) +sslbackend$(EXEEXT): $(sslbackend_OBJECTS) $(sslbackend_DEPENDENCIES) $(EXTRA_sslbackend_DEPENDENCIES) + @rm -f sslbackend$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sslbackend_OBJECTS) $(sslbackend_LDADD) $(LIBS) + url2file$(EXEEXT): $(url2file_OBJECTS) $(url2file_DEPENDENCIES) $(EXTRA_url2file_DEPENDENCIES) @rm -f url2file$(EXEEXT) $(AM_V_CCLD)$(LINK) $(url2file_OBJECTS) $(url2file_LDADD) $(LIBS) @@ -1401,6 +1476,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ftpsget.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ftpupload.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ftpuploadfrommem.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ftpuploadresume.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getinfo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getinmemory.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getredirect.Po@am__quote@ @@ -1428,6 +1504,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-app.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-debugcallback.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-double.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-formadd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-post.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-single.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/persistant.Po@am__quote@ @@ -1443,6 +1520,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pop3-uidl.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/post-callback.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/postinmemory.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/postit2-formadd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/postit2.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/progressfunc.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve.Po@am__quote@ @@ -1450,15 +1528,18 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendrecv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sepheaders.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sftpget.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shared-connection-cache.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/simple.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/simplepost.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/simplessl.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp-expn.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp-mail.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp-mime.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp-multi.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp-ssl.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp-tls.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp-vrfy.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sslbackend.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/url2file.Po@am__quote@ .c.o: diff -Nru curl-7.55.1/docs/examples/Makefile.inc curl-7.57.0/docs/examples/Makefile.inc --- curl-7.55.1/docs/examples/Makefile.inc 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/Makefile.inc 2017-11-26 13:19:01.000000000 +0000 @@ -26,18 +26,20 @@ https multi-app multi-debugcallback multi-double multi-post multi-single \ persistant post-callback postit2 sepheaders simple simplepost simplessl \ sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard \ - smtp-mail smtp-multi smtp-ssl smtp-tls smtp-vrfy smtp-expn rtsp \ - externalsocket resolve progressfunc pop3-retr pop3-list pop3-uidl \ + smtp-mail smtp-mime smtp-multi smtp-ssl smtp-tls smtp-vrfy smtp-expn \ + rtsp externalsocket resolve progressfunc pop3-retr pop3-list pop3-uidl \ pop3-dele pop3-top pop3-stat pop3-noop pop3-ssl pop3-tls pop3-multi \ imap-list imap-lsub imap-fetch imap-store imap-append imap-examine \ imap-search imap-create imap-delete imap-copy imap-noop imap-ssl \ imap-tls imap-multi url2file sftpget ftpsget postinmemory http2-download \ - http2-upload http2-serverpush getredirect ftpuploadfrommem + http2-upload http2-serverpush getredirect ftpuploadfrommem \ + ftpuploadresume sslbackend postit2-formadd multi-formadd \ + shared-connection-cache # These examples require external dependencies that may not be commonly # available on POSIX systems, so don't bother attempting to compile them here. COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c \ - ftpuploadresume.c ghiper.c hiperfifo.c htmltidy.c multithread.c \ + ghiper.c hiperfifo.c htmltidy.c multithread.c \ opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c \ smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp \ multi-uv.c xmlstream.c usercertinmem.c sessioninfo.c diff -Nru curl-7.55.1/docs/examples/multi-app.c curl-7.57.0/docs/examples/multi-app.c --- curl-7.55.1/docs/examples/multi-app.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/multi-app.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -55,7 +55,7 @@ int msgs_left; /* how many messages are left */ /* Allocate one CURL handle per transfer */ - for(i=0; ieasy_handle == handles[idx]); if(found) break; @@ -170,7 +170,7 @@ curl_multi_cleanup(multi_handle); /* Free the CURL handles */ - for(i=0; i, et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -45,7 +45,7 @@ size_t i; size_t c; - unsigned int width=0x10; + unsigned int width = 0x10; if(nohex) /* without the hex output, we can fit more on screen */ @@ -54,30 +54,32 @@ fprintf(stream, "%s, %10.10ld bytes (0x%8.8lx)\n", text, (long)size, (long)size); - for(i=0; i=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.'); + (ptr[i + c] >= 0x20) && (ptr[i + c]<0x80)?ptr[i + c]:'.'); /* check again for 0D0A, to avoid an extra \n if it's at width */ - if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) { - i+=(c+3-width); + if(nohex && (i + c + 2 < size) && ptr[i + c + 1] == 0x0D && + ptr[i + c + 2] == 0x0A) { + i += (c + 3 - width); break; } } @@ -204,7 +206,7 @@ else { /* Note that on some platforms 'timeout' may be modified by select(). If you need access to the original value save a copy beforehand. */ - rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout); + rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout); } switch(rc) { diff -Nru curl-7.55.1/docs/examples/multi-double.c curl-7.57.0/docs/examples/multi-double.c --- curl-7.55.1/docs/examples/multi-double.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/multi-double.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -119,7 +119,7 @@ else { /* Note that on some platforms 'timeout' may be modified by select(). If you need access to the original value save a copy beforehand. */ - rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout); + rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout); } switch(rc) { diff -Nru curl-7.55.1/docs/examples/multi-formadd.c curl-7.57.0/docs/examples/multi-formadd.c --- curl-7.55.1/docs/examples/multi-formadd.c 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/examples/multi-formadd.c 2017-11-09 22:40:36.000000000 +0000 @@ -0,0 +1,171 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +/* + * using the multi interface to do a multipart formpost without blocking + * + */ + +#include +#include +#include + +#include + +int main(void) +{ + CURL *curl; + + CURLM *multi_handle; + int still_running; + + struct curl_httppost *formpost = NULL; + struct curl_httppost *lastptr = NULL; + struct curl_slist *headerlist = NULL; + static const char buf[] = "Expect:"; + + /* Fill in the file upload field. This makes libcurl load data from + the given file name when curl_easy_perform() is called. */ + curl_formadd(&formpost, + &lastptr, + CURLFORM_COPYNAME, "sendfile", + CURLFORM_FILE, "postit2.c", + CURLFORM_END); + + /* Fill in the filename field */ + curl_formadd(&formpost, + &lastptr, + CURLFORM_COPYNAME, "filename", + CURLFORM_COPYCONTENTS, "postit2.c", + CURLFORM_END); + + /* Fill in the submit field too, even if this is rarely needed */ + curl_formadd(&formpost, + &lastptr, + CURLFORM_COPYNAME, "submit", + CURLFORM_COPYCONTENTS, "send", + CURLFORM_END); + + curl = curl_easy_init(); + multi_handle = curl_multi_init(); + + /* initialize custom header list (stating that Expect: 100-continue is not + wanted */ + headerlist = curl_slist_append(headerlist, buf); + if(curl && multi_handle) { + + /* what URL that receives this POST */ + curl_easy_setopt(curl, CURLOPT_URL, "http://www.example.com/upload.cgi"); + curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); + + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist); + curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost); + + curl_multi_add_handle(multi_handle, curl); + + curl_multi_perform(multi_handle, &still_running); + + do { + struct timeval timeout; + int rc; /* select() return code */ + CURLMcode mc; /* curl_multi_fdset() return code */ + + fd_set fdread; + fd_set fdwrite; + fd_set fdexcep; + int maxfd = -1; + + long curl_timeo = -1; + + FD_ZERO(&fdread); + FD_ZERO(&fdwrite); + FD_ZERO(&fdexcep); + + /* set a suitable timeout to play around with */ + timeout.tv_sec = 1; + timeout.tv_usec = 0; + + curl_multi_timeout(multi_handle, &curl_timeo); + if(curl_timeo >= 0) { + timeout.tv_sec = curl_timeo / 1000; + if(timeout.tv_sec > 1) + timeout.tv_sec = 1; + else + timeout.tv_usec = (curl_timeo % 1000) * 1000; + } + + /* get file descriptors from the transfers */ + mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd); + + if(mc != CURLM_OK) { + fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc); + break; + } + + /* On success the value of maxfd is guaranteed to be >= -1. We call + select(maxfd + 1, ...); specially in case of (maxfd == -1) there are + no fds ready yet so we call select(0, ...) --or Sleep() on Windows-- + to sleep 100ms, which is the minimum suggested value in the + curl_multi_fdset() doc. */ + + if(maxfd == -1) { +#ifdef _WIN32 + Sleep(100); + rc = 0; +#else + /* Portable sleep for platforms other than Windows. */ + struct timeval wait = { 0, 100 * 1000 }; /* 100ms */ + rc = select(0, NULL, NULL, NULL, &wait); +#endif + } + else { + /* Note that on some platforms 'timeout' may be modified by select(). + If you need access to the original value save a copy beforehand. */ + rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout); + } + + switch(rc) { + case -1: + /* select error */ + break; + case 0: + default: + /* timeout or readable/writable sockets */ + printf("perform!\n"); + curl_multi_perform(multi_handle, &still_running); + printf("running: %d!\n", still_running); + break; + } + } while(still_running); + + curl_multi_cleanup(multi_handle); + + /* always cleanup */ + curl_easy_cleanup(curl); + + /* then cleanup the formpost chain */ + curl_formfree(formpost); + + /* free slist */ + curl_slist_free_all(headerlist); + } + return 0; +} diff -Nru curl-7.55.1/docs/examples/multi-post.c curl-7.57.0/docs/examples/multi-post.c --- curl-7.55.1/docs/examples/multi-post.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/multi-post.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -37,47 +37,43 @@ CURLM *multi_handle; int still_running; - struct curl_httppost *formpost=NULL; - struct curl_httppost *lastptr=NULL; - struct curl_slist *headerlist=NULL; + curl_mime *form = NULL; + curl_mimepart *field = NULL; + struct curl_slist *headerlist = NULL; static const char buf[] = "Expect:"; - /* Fill in the file upload field. This makes libcurl load data from - the given file name when curl_easy_perform() is called. */ - curl_formadd(&formpost, - &lastptr, - CURLFORM_COPYNAME, "sendfile", - CURLFORM_FILE, "postit2.c", - CURLFORM_END); - - /* Fill in the filename field */ - curl_formadd(&formpost, - &lastptr, - CURLFORM_COPYNAME, "filename", - CURLFORM_COPYCONTENTS, "postit2.c", - CURLFORM_END); - - /* Fill in the submit field too, even if this is rarely needed */ - curl_formadd(&formpost, - &lastptr, - CURLFORM_COPYNAME, "submit", - CURLFORM_COPYCONTENTS, "send", - CURLFORM_END); - curl = curl_easy_init(); multi_handle = curl_multi_init(); - /* initialize custom header list (stating that Expect: 100-continue is not - wanted */ - headerlist = curl_slist_append(headerlist, buf); if(curl && multi_handle) { + /* Create the form */ + form = curl_mime_init(curl); + + /* Fill in the file upload field */ + field = curl_mime_addpart(form); + curl_mime_name(field, "sendfile"); + curl_mime_filedata(field, "multi-post.c"); + + /* Fill in the filename field */ + field = curl_mime_addpart(form); + curl_mime_name(field, "filename"); + curl_mime_data(field, "multi-post.c", CURL_ZERO_TERMINATED); + + /* Fill in the submit field too, even if this is rarely needed */ + field = curl_mime_addpart(form); + curl_mime_name(field, "submit"); + curl_mime_data(field, "send", CURL_ZERO_TERMINATED); + + /* initialize custom header list (stating that Expect: 100-continue is not + wanted */ + headerlist = curl_slist_append(headerlist, buf); /* what URL that receives this POST */ curl_easy_setopt(curl, CURLOPT_URL, "http://www.example.com/upload.cgi"); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist); - curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost); + curl_easy_setopt(curl, CURLOPT_MIMEPOST, form); curl_multi_add_handle(multi_handle, curl); @@ -139,7 +135,7 @@ else { /* Note that on some platforms 'timeout' may be modified by select(). If you need access to the original value save a copy beforehand. */ - rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout); + rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout); } switch(rc) { @@ -161,8 +157,8 @@ /* always cleanup */ curl_easy_cleanup(curl); - /* then cleanup the formpost chain */ - curl_formfree(formpost); + /* then cleanup the form */ + curl_mime_free(form); /* free slist */ curl_slist_free_all(headerlist); diff -Nru curl-7.55.1/docs/examples/multithread.c curl-7.57.0/docs/examples/multithread.c --- curl-7.55.1/docs/examples/multithread.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/multithread.c 2017-11-09 22:40:36.000000000 +0000 @@ -74,7 +74,7 @@ /* Must initialize libcurl before any threads are started */ curl_global_init(CURL_GLOBAL_ALL); - for(i=0; i< NUMT; i++) { + for(i = 0; i< NUMT; i++) { error = pthread_create(&tid[i], NULL, /* default attributes please */ pull_one_url, @@ -86,7 +86,7 @@ } /* now wait for all threads to terminate */ - for(i=0; i< NUMT; i++) { + for(i = 0; i< NUMT; i++) { error = pthread_join(tid[i], NULL); fprintf(stderr, "Thread %d terminated\n", i); } diff -Nru curl-7.55.1/docs/examples/opensslthreadlock.c curl-7.57.0/docs/examples/opensslthreadlock.c --- curl-7.55.1/docs/examples/opensslthreadlock.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/opensslthreadlock.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -50,7 +50,7 @@ } /* This array will store all of the mutexes available to OpenSSL. */ -static MUTEX_TYPE *mutex_buf= NULL; +static MUTEX_TYPE *mutex_buf = NULL; static void locking_function(int mode, int n, const char *file, int line) { diff -Nru curl-7.55.1/docs/examples/pop3-multi.c curl-7.57.0/docs/examples/pop3-multi.c --- curl-7.55.1/docs/examples/pop3-multi.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/pop3-multi.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -144,7 +144,7 @@ else { /* Note that on some platforms 'timeout' may be modified by select(). If you need access to the original value save a copy beforehand. */ - rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout); + rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout); } if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) { diff -Nru curl-7.55.1/docs/examples/post-callback.c curl-7.57.0/docs/examples/post-callback.c --- curl-7.55.1/docs/examples/post-callback.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/post-callback.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -20,36 +20,45 @@ * ***************************************************************************/ /* - * An example source code that issues a HTTP POST and we provide the actual - * data through a read callback. + * Issue an HTTP POST and provide the data through the read callback. * */ #include #include #include -static const char data[]="this is what we post to the silly web server"; +/* silly test data to POST */ +static const char data[]="Lorem ipsum dolor sit amet, consectetur adipiscing " + "elit. Sed vel urna neque. Ut quis leo metus. Quisque eleifend, ex at " + "laoreet rhoncus, odio ipsum semper metus, at tempus ante urna in mauris. " + "Suspendisse ornare tempor venenatis. Ut dui neque, pellentesque a varius " + "eget, mattis vitae ligula. Fusce ut pharetra est. Ut ullamcorper mi ac " + "sollicitudin semper. Praesent sit amet tellus varius, posuere nulla non, " + "rhoncus ipsum."; struct WriteThis { const char *readptr; - long sizeleft; + size_t sizeleft; }; -static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp) +static size_t read_callback(void *dest, size_t size, size_t nmemb, void *userp) { - struct WriteThis *pooh = (struct WriteThis *)userp; + struct WriteThis *wt = (struct WriteThis *)userp; + size_t buffer_size = size*nmemb; - if(size*nmemb < 1) - return 0; - - if(pooh->sizeleft) { - *(char *)ptr = pooh->readptr[0]; /* copy one single byte */ - pooh->readptr++; /* advance pointer */ - pooh->sizeleft--; /* less data left */ - return 1; /* we return 1 byte at a time! */ + if(wt->sizeleft) { + /* copy as much as possible from the source to the destination */ + size_t copy_this_much = wt->sizeleft; + if(copy_this_much > buffer_size) + copy_this_much = buffer_size; + memcpy(dest, wt->readptr, copy_this_much); + + wt->readptr += copy_this_much; + wt->sizeleft -= copy_this_much; + return copy_this_much; /* we copied this many bytes */ } - return 0; /* no more data left to deliver */ + return 0; /* no more data left to deliver */ } int main(void) @@ -57,10 +66,10 @@ CURL *curl; CURLcode res; - struct WriteThis pooh; + struct WriteThis wt; - pooh.readptr = data; - pooh.sizeleft = (long)strlen(data); + wt.readptr = data; + wt.sizeleft = strlen(data); /* In windows, this will init the winsock stuff */ res = curl_global_init(CURL_GLOBAL_DEFAULT); @@ -75,7 +84,7 @@ curl = curl_easy_init(); if(curl) { /* First set the URL that is about to receive our POST. */ - curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/index.cgi"); + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/index.cgi"); /* Now specify we want to POST data */ curl_easy_setopt(curl, CURLOPT_POST, 1L); @@ -84,7 +93,7 @@ curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback); /* pointer to pass to our read function */ - curl_easy_setopt(curl, CURLOPT_READDATA, &pooh); + curl_easy_setopt(curl, CURLOPT_READDATA, &wt); /* get verbose debug output please */ curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); @@ -108,7 +117,7 @@ #else /* Set the expected POST size. If you want to POST large amounts of data, consider CURLOPT_POSTFIELDSIZE_LARGE */ - curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, pooh.sizeleft); + curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)wt.sizeleft); #endif #ifdef DISABLE_EXPECT diff -Nru curl-7.55.1/docs/examples/postinmemory.c curl-7.57.0/docs/examples/postinmemory.c --- curl-7.55.1/docs/examples/postinmemory.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/postinmemory.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -58,7 +58,7 @@ CURL *curl; CURLcode res; struct MemoryStruct chunk; - static const char *postthis="Field=1&Field=2&Field=3"; + static const char *postthis = "Field=1&Field=2&Field=3"; chunk.memory = malloc(1); /* will be grown as needed by realloc above */ chunk.size = 0; /* no data at this point */ diff -Nru curl-7.55.1/docs/examples/postit2.c curl-7.57.0/docs/examples/postit2.c --- curl-7.55.1/docs/examples/postit2.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/postit2.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -47,46 +47,42 @@ CURL *curl; CURLcode res; - struct curl_httppost *formpost=NULL; - struct curl_httppost *lastptr=NULL; - struct curl_slist *headerlist=NULL; + curl_mime *form = NULL; + curl_mimepart *field = NULL; + struct curl_slist *headerlist = NULL; static const char buf[] = "Expect:"; curl_global_init(CURL_GLOBAL_ALL); - /* Fill in the file upload field */ - curl_formadd(&formpost, - &lastptr, - CURLFORM_COPYNAME, "sendfile", - CURLFORM_FILE, "postit2.c", - CURLFORM_END); - - /* Fill in the filename field */ - curl_formadd(&formpost, - &lastptr, - CURLFORM_COPYNAME, "filename", - CURLFORM_COPYCONTENTS, "postit2.c", - CURLFORM_END); - - - /* Fill in the submit field too, even if this is rarely needed */ - curl_formadd(&formpost, - &lastptr, - CURLFORM_COPYNAME, "submit", - CURLFORM_COPYCONTENTS, "send", - CURLFORM_END); - curl = curl_easy_init(); - /* initialize custom header list (stating that Expect: 100-continue is not - wanted */ - headerlist = curl_slist_append(headerlist, buf); if(curl) { + /* Create the form */ + form = curl_mime_init(curl); + + /* Fill in the file upload field */ + field = curl_mime_addpart(form); + curl_mime_name(field, "sendfile"); + curl_mime_filedata(field, "postit2.c"); + + /* Fill in the filename field */ + field = curl_mime_addpart(form); + curl_mime_name(field, "filename"); + curl_mime_data(field, "postit2.c", CURL_ZERO_TERMINATED); + + /* Fill in the submit field too, even if this is rarely needed */ + field = curl_mime_addpart(form); + curl_mime_name(field, "submit"); + curl_mime_data(field, "send", CURL_ZERO_TERMINATED); + + /* initialize custom header list (stating that Expect: 100-continue is not + wanted */ + headerlist = curl_slist_append(headerlist, buf); /* what URL that receives this POST */ curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/examplepost.cgi"); if((argc == 2) && (!strcmp(argv[1], "noexpectheader"))) /* only disable 100-continue header if explicitly requested */ curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist); - curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost); + curl_easy_setopt(curl, CURLOPT_MIMEPOST, form); /* Perform the request, res will get the return code */ res = curl_easy_perform(curl); @@ -98,8 +94,8 @@ /* always cleanup */ curl_easy_cleanup(curl); - /* then cleanup the formpost chain */ - curl_formfree(formpost); + /* then cleanup the form */ + curl_mime_free(form); /* free slist */ curl_slist_free_all(headerlist); } diff -Nru curl-7.55.1/docs/examples/postit2-formadd.c curl-7.57.0/docs/examples/postit2-formadd.c --- curl-7.55.1/docs/examples/postit2-formadd.c 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/examples/postit2-formadd.c 2017-11-09 22:40:36.000000000 +0000 @@ -0,0 +1,107 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +/* + * HTTP Multipart formpost with file upload and two additional parts. + * + */ +/* Example code that uploads a file name 'foo' to a remote script that accepts + * "HTML form based" (as described in RFC1738) uploads using HTTP POST. + * + * The imaginary form we'll fill in looks like: + * + *
+ * Enter file: + * Enter file name: + * + *
+ * + * This exact source code has not been verified to work. + */ + +#include +#include + +#include + +int main(int argc, char *argv[]) +{ + CURL *curl; + CURLcode res; + + struct curl_httppost *formpost = NULL; + struct curl_httppost *lastptr = NULL; + struct curl_slist *headerlist = NULL; + static const char buf[] = "Expect:"; + + curl_global_init(CURL_GLOBAL_ALL); + + /* Fill in the file upload field */ + curl_formadd(&formpost, + &lastptr, + CURLFORM_COPYNAME, "sendfile", + CURLFORM_FILE, "postit2.c", + CURLFORM_END); + + /* Fill in the filename field */ + curl_formadd(&formpost, + &lastptr, + CURLFORM_COPYNAME, "filename", + CURLFORM_COPYCONTENTS, "postit2.c", + CURLFORM_END); + + + /* Fill in the submit field too, even if this is rarely needed */ + curl_formadd(&formpost, + &lastptr, + CURLFORM_COPYNAME, "submit", + CURLFORM_COPYCONTENTS, "send", + CURLFORM_END); + + curl = curl_easy_init(); + /* initialize custom header list (stating that Expect: 100-continue is not + wanted */ + headerlist = curl_slist_append(headerlist, buf); + if(curl) { + /* what URL that receives this POST */ + curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/examplepost.cgi"); + if((argc == 2) && (!strcmp(argv[1], "noexpectheader"))) + /* only disable 100-continue header if explicitly requested */ + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist); + curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost); + + /* Perform the request, res will get the return code */ + res = curl_easy_perform(curl); + /* Check for errors */ + if(res != CURLE_OK) + fprintf(stderr, "curl_easy_perform() failed: %s\n", + curl_easy_strerror(res)); + + /* always cleanup */ + curl_easy_cleanup(curl); + + /* then cleanup the formpost chain */ + curl_formfree(formpost); + /* free slist */ + curl_slist_free_all(headerlist); + } + return 0; +} diff -Nru curl-7.55.1/docs/examples/rtsp.c curl-7.57.0/docs/examples/rtsp.c --- curl-7.55.1/docs/examples/rtsp.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/rtsp.c 2017-11-26 13:19:01.000000000 +0000 @@ -129,6 +129,9 @@ my_curl_easy_setopt(curl, CURLOPT_RANGE, range); my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_PLAY); my_curl_easy_perform(curl); + + /* switch off using range again */ + my_curl_easy_setopt(curl, CURLOPT_RANGE, NULL); } diff -Nru curl-7.55.1/docs/examples/sendrecv.c curl-7.57.0/docs/examples/sendrecv.c --- curl-7.55.1/docs/examples/sendrecv.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/sendrecv.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -36,7 +36,7 @@ int res; tv.tv_sec = timeout_ms / 1000; - tv.tv_usec= (timeout_ms % 1000) * 1000; + tv.tv_usec = (timeout_ms % 1000) * 1000; FD_ZERO(&infd); FD_ZERO(&outfd); diff -Nru curl-7.55.1/docs/examples/sftpget.c curl-7.57.0/docs/examples/sftpget.c --- curl-7.55.1/docs/examples/sftpget.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/sftpget.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -46,10 +46,10 @@ static size_t my_fwrite(void *buffer, size_t size, size_t nmemb, void *stream) { - struct FtpFile *out=(struct FtpFile *)stream; + struct FtpFile *out = (struct FtpFile *)stream; if(out && !out->stream) { /* open file for writing */ - out->stream=fopen(out->filename, "wb"); + out->stream = fopen(out->filename, "wb"); if(!out->stream) return -1; /* failure, can't open file to write */ } @@ -61,7 +61,7 @@ { CURL *curl; CURLcode res; - struct FtpFile ftpfile={ + struct FtpFile ftpfile = { "yourfile.bin", /* name to store the file as if successful */ NULL }; diff -Nru curl-7.55.1/docs/examples/shared-connection-cache.c curl-7.57.0/docs/examples/shared-connection-cache.c --- curl-7.55.1/docs/examples/shared-connection-cache.c 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/examples/shared-connection-cache.c 2017-11-26 13:19:01.000000000 +0000 @@ -0,0 +1,85 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +/* + * Connection cache shared between easy handles with the share inteface + * + */ +#include +#include + +static void my_lock(CURL *handle, curl_lock_data data, + curl_lock_access laccess, void *useptr) +{ + (void)handle; + (void)data; + (void)laccess; + (void)useptr; + fprintf(stderr, "-> Mutex lock\n"); +} + +static void my_unlock(CURL *handle, curl_lock_data data, void *useptr) +{ + (void)handle; + (void)data; + (void)useptr; + fprintf(stderr, "<- Mutex unlock\n"); +} + +int main(void) +{ + CURL *curl; + CURLcode res; + CURLSH *share; + int i; + + share = curl_share_init(); + curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_CONNECT); + + curl_share_setopt(share, CURLSHOPT_LOCKFUNC, my_lock); + curl_share_setopt(share, CURLSHOPT_UNLOCKFUNC, my_unlock); + + /* Loop the transfer and cleanup the handle properly every lap. This will + still reuse connections since the pool is in the shared object! */ + + for(i = 0; i < 3; i++) { + curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://curl.haxx.se/"); + + /* use the share object */ + curl_easy_setopt(curl, CURLOPT_SHARE, share); + + /* Perform the request, res will get the return code */ + res = curl_easy_perform(curl); + /* Check for errors */ + if(res != CURLE_OK) + fprintf(stderr, "curl_easy_perform() failed: %s\n", + curl_easy_strerror(res)); + + /* always cleanup */ + curl_easy_cleanup(curl); + } + } + + curl_share_cleanup(share); + return 0; +} diff -Nru curl-7.55.1/docs/examples/simplepost.c curl-7.57.0/docs/examples/simplepost.c --- curl-7.55.1/docs/examples/simplepost.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/simplepost.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,7 +32,7 @@ CURL *curl; CURLcode res; - static const char *postthis="moo mooo moo moo"; + static const char *postthis = "moo mooo moo moo"; curl = curl_easy_init(); if(curl) { diff -Nru curl-7.55.1/docs/examples/simplessl.c curl-7.57.0/docs/examples/simplessl.c --- curl-7.55.1/docs/examples/simplessl.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/simplessl.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -53,7 +53,7 @@ const char *pPassphrase = NULL; static const char *pCertFile = "testcert.pem"; - static const char *pCACertFile="cacert.pem"; + static const char *pCACertFile = "cacert.pem"; static const char *pHeaderFile = "dumpit"; const char *pKeyName; diff -Nru curl-7.55.1/docs/examples/smooth-gtk-thread.c curl-7.57.0/docs/examples/smooth-gtk-thread.c --- curl-7.55.1/docs/examples/smooth-gtk-thread.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/smooth-gtk-thread.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -134,7 +134,7 @@ int error; /* Make sure I don't create more threads than urls. */ - for(i=0; i < NUMT && i < num_urls ; i++) { + for(i = 0; i < NUMT && i < num_urls ; i++) { error = pthread_create(&tid[i], NULL, /* default attributes please */ pull_one_url, @@ -146,7 +146,7 @@ } /* Wait for all threads to terminate. */ - for(i=0; i < NUMT && i < num_urls; i++) { + for(i = 0; i < NUMT && i < num_urls; i++) { error = pthread_join(tid[i], NULL); fprintf(stderr, "Thread %d terminated\n", i); } diff -Nru curl-7.55.1/docs/examples/smtp-mail.c curl-7.57.0/docs/examples/smtp-mail.c --- curl-7.55.1/docs/examples/smtp-mail.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/smtp-mail.c 2017-11-09 22:40:36.000000000 +0000 @@ -43,8 +43,8 @@ static const char *payload_text[] = { "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n", "To: " TO "\r\n", - "From: " FROM "(Example User)\r\n", - "Cc: " CC "(Another example User)\r\n", + "From: " FROM " (Example User)\r\n", + "Cc: " CC " (Another example User)\r\n", "Message-ID: \r\n", "Subject: SMTP example message\r\n", diff -Nru curl-7.55.1/docs/examples/smtp-mime.c curl-7.57.0/docs/examples/smtp-mime.c --- curl-7.55.1/docs/examples/smtp-mime.c 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/examples/smtp-mime.c 2017-11-09 22:40:36.000000000 +0000 @@ -0,0 +1,162 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* + * SMTP example showing how to send mime e-mails + * + */ + +#include +#include +#include + +/* This is a simple example showing how to send mime mail using libcurl's SMTP + * capabilities. For an example of using the multi interface please see + * smtp-multi.c. + * + * Note that this example requires libcurl 7.56.0 or above. + */ + +#define FROM "" +#define TO "" +#define CC "" + +static const char *headers_text[] = { + "Date: Tue, 22 Aug 2017 14:08:43 +0100", + "To: " TO, + "From: " FROM " (Example User)", + "Cc: " CC " (Another example User)", + "Message-ID: ", + "Subject: example sending a MIME-formatted message", + NULL +}; + +static const char inline_text[] = + "This is the inline text message of the e-mail.\r\n" + "\r\n" + " It could be a lot of lines that would be displayed in an e-mail\r\n" + "viewer that is not able to handle HTML.\r\n"; + +static const char inline_html[] = + "\r\n" + "

This is the inline HTML message of the e-mail.

" + "
\r\n" + "

It could be a lot of HTML data that would be displayed by " + "e-mail viewers able to handle HTML.

" + "\r\n"; + + +int main(void) +{ + CURL *curl; + CURLcode res = CURLE_OK; + struct curl_slist *headers = NULL; + struct curl_slist *recipients = NULL; + struct curl_slist *slist = NULL; + curl_mime *mime; + curl_mime *alt; + curl_mimepart *part; + const char **cpp; + + curl = curl_easy_init(); + if(curl) { + /* This is the URL for your mailserver */ + curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com"); + + /* Note that this option isn't strictly required, omitting it will result + * in libcurl sending the MAIL FROM command with empty sender data. All + * autoresponses should have an empty reverse-path, and should be directed + * to the address in the reverse-path which triggered them. Otherwise, + * they could cause an endless loop. See RFC 5321 Section 4.5.5 for more + * details. + */ + curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM); + + /* Add two recipients, in this particular case they correspond to the + * To: and Cc: addressees in the header, but they could be any kind of + * recipient. */ + recipients = curl_slist_append(recipients, TO); + recipients = curl_slist_append(recipients, CC); + curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients); + + /* Build and set the message header list. */ + for(cpp = headers_text; *cpp; cpp++) + headers = curl_slist_append(headers, *cpp); + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); + + /* Build the mime message. */ + mime = curl_mime_init(curl); + + /* The inline part is an alterative proposing the html and the text + versions of the e-mail. */ + alt = curl_mime_init(curl); + + /* HTML message. */ + part = curl_mime_addpart(alt); + curl_mime_data(part, inline_html, CURL_ZERO_TERMINATED); + curl_mime_type(part, "text/html"); + + /* Text message. */ + part = curl_mime_addpart(alt); + curl_mime_data(part, inline_text, CURL_ZERO_TERMINATED); + + /* Create the inline part. */ + part = curl_mime_addpart(mime); + curl_mime_subparts(part, alt); + curl_mime_type(part, "multipart/alternative"); + slist = curl_slist_append(NULL, "Content-Disposition: inline"); + curl_mime_headers(part, slist, 1); + + /* Add the current source program as an attachment. */ + part = curl_mime_addpart(mime); + curl_mime_filedata(part, "smtp-mime.c"); + curl_easy_setopt(curl, CURLOPT_MIMEPOST, mime); + + /* Send the message */ + res = curl_easy_perform(curl); + + /* Check for errors */ + if(res != CURLE_OK) + fprintf(stderr, "curl_easy_perform() failed: %s\n", + curl_easy_strerror(res)); + + /* Free lists. */ + curl_slist_free_all(recipients); + curl_slist_free_all(headers); + + /* curl won't send the QUIT command until you call cleanup, so you should + * be able to re-use this connection for additional messages (setting + * CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT as required, and calling + * curl_easy_perform() again. It may not be a good idea to keep the + * connection open for a very long time though (more than a few minutes + * may result in the server timing out the connection), and you do want to + * clean up in the end. + */ + curl_easy_cleanup(curl); + + /* Free multipart message. */ + curl_mime_free(mime); + } + + return (int)res; +} diff -Nru curl-7.55.1/docs/examples/smtp-multi.c curl-7.57.0/docs/examples/smtp-multi.c --- curl-7.55.1/docs/examples/smtp-multi.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/smtp-multi.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -44,8 +44,8 @@ static const char *payload_text[] = { "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n", "To: " TO "\r\n", - "From: " FROM "(Example User)\r\n", - "Cc: " CC "(Another example User)\r\n", + "From: " FROM " (Example User)\r\n", + "Cc: " CC " (Another example User)\r\n", "Message-ID: \r\n", "Subject: SMTP multi example message\r\n", @@ -211,7 +211,7 @@ else { /* Note that on some platforms 'timeout' may be modified by select(). If you need access to the original value save a copy beforehand. */ - rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout); + rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout); } if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) { diff -Nru curl-7.55.1/docs/examples/smtp-ssl.c curl-7.57.0/docs/examples/smtp-ssl.c --- curl-7.55.1/docs/examples/smtp-ssl.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/smtp-ssl.c 2017-11-09 22:40:36.000000000 +0000 @@ -44,8 +44,8 @@ static const char *payload_text[] = { "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n", "To: " TO "\r\n", - "From: " FROM "(Example User)\r\n", - "Cc: " CC "(Another example User)\r\n", + "From: " FROM " (Example User)\r\n", + "Cc: " CC " (Another example User)\r\n", "Message-ID: \r\n", "Subject: SMTP SSL example message\r\n", diff -Nru curl-7.55.1/docs/examples/smtp-tls.c curl-7.57.0/docs/examples/smtp-tls.c --- curl-7.55.1/docs/examples/smtp-tls.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/smtp-tls.c 2017-11-09 22:40:36.000000000 +0000 @@ -44,8 +44,8 @@ static const char *payload_text[] = { "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n", "To: " TO "\r\n", - "From: " FROM "(Example User)\r\n", - "Cc: " CC "(Another example User)\r\n", + "From: " FROM " (Example User)\r\n", + "Cc: " CC " (Another example User)\r\n", "Message-ID: \r\n", "Subject: SMTP TLS example message\r\n", diff -Nru curl-7.55.1/docs/examples/sslbackend.c curl-7.57.0/docs/examples/sslbackend.c --- curl-7.55.1/docs/examples/sslbackend.c 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/examples/sslbackend.c 2017-11-09 22:40:36.000000000 +0000 @@ -0,0 +1,77 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +/* + * Shows HTTPS usage with client certs and optional ssl engine use. + * + */ +#include +#include +#include +#include +#include + +#include + +/* + * An SSL-enabled libcurl is required for this sample to work (at least one + * SSL backend has to be configured). + * + * **** This example only works with libcurl 7.56.0 and later! **** +*/ + +int main(int argc, char **argv) +{ + const char *name = argc > 1 ? argv[1] : "openssl"; + CURLsslset result; + + if(!strcmp("list", name)) { + const curl_ssl_backend **list; + int i; + + result = curl_global_sslset(-1, NULL, &list); + assert(result == CURLSSLSET_UNKNOWN_BACKEND); + + for(i = 0; list[i]; i++) + printf("SSL backend #%d: '%s' (ID: %d)\n", + i, list[i]->name, list[i]->id); + + return 0; + } + else if(isdigit(*name)) { + curl_sslbackend id = (curl_sslbackend)atoi(name); + + result = curl_global_sslset(id, NULL, NULL); + } + else + result = curl_global_sslset(-1, name, NULL); + + if(result == CURLSSLSET_UNKNOWN_BACKEND) { + fprintf(stderr, "Unknown SSL backend id: %s\n", name); + return 1; + } + + assert(result == CURLSSLSET_OK); + + printf("Version with SSL backend '%s':\n\n\t%s\n", name, curl_version()); + + return 0; +} diff -Nru curl-7.55.1/docs/examples/synctime.c curl-7.57.0/docs/examples/synctime.c --- curl-7.55.1/docs/examples/synctime.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/synctime.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -94,7 +94,7 @@ #define MAX_STRING 256 -#define MAX_STRING1 MAX_STRING+1 +#define MAX_STRING1 MAX_STRING + 1 #define SYNCTIME_UA "synctime/1.0" @@ -158,9 +158,9 @@ if(RetVal == 7) { SYSTime.wMilliseconds = 500; /* adjust to midpoint, 0.5 sec */ - for(i=0; i<12; i++) { + for(i = 0; i<12; i++) { if(strcmp(MthStr[i], TmpStr2) == 0) { - SYSTime.wMonth = i+1; + SYSTime.wMonth = i + 1; break; } } @@ -243,7 +243,7 @@ int i; *conf->http_proxy = 0; - for(i=0; iproxy_user[i] = 0; /* Clean up password from memory */ *conf->timeserver = 0; return 1; diff -Nru curl-7.55.1/docs/examples/threaded-ssl.c curl-7.57.0/docs/examples/threaded-ssl.c --- curl-7.55.1/docs/examples/threaded-ssl.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/examples/threaded-ssl.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,7 +25,7 @@ * */ /* A multi-threaded example that uses pthreads and fetches 4 remote files at - * once over HTTPS. The lock callbacks and stuff assume OpenSSL or GnuTLS + * once over HTTPS. The lock callbacks and stuff assume OpenSSL <1.1 or GnuTLS * (libgcrypt) so far. * * OpenSSL docs for this: @@ -63,7 +63,7 @@ { unsigned long ret; - ret=(unsigned long)pthread_self(); + ret = (unsigned long)pthread_self(); return ret; } @@ -71,9 +71,9 @@ { int i; - lockarray=(pthread_mutex_t *)OPENSSL_malloc(CRYPTO_num_locks() * - sizeof(pthread_mutex_t)); - for(i=0; i will fail */ rv = curl_easy_perform(ch); - if(rv==CURLE_OK) { + if(rv == CURLE_OK) { printf("*** transfer succeeded ***\n"); } else { @@ -213,7 +213,7 @@ */ rv = curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); rv = curl_easy_perform(ch); - if(rv==CURLE_OK) { + if(rv == CURLE_OK) { printf("*** transfer succeeded ***\n"); } else { diff -Nru curl-7.55.1/docs/FAQ curl-7.57.0/docs/FAQ --- curl-7.55.1/docs/FAQ 2017-08-12 13:00:31.000000000 +0000 +++ curl-7.57.0/docs/FAQ 2017-11-10 16:47:30.000000000 +0000 @@ -1418,7 +1418,7 @@ timed out. The most flexible way is by writing your own time-out logic and using - CURLOPT_PROGRESSFUNCTION (perhaps in combination with other callbacks) and + CURLOPT_XFERINFOFUNCTION (perhaps in combination with other callbacks) and use that to figure out exactly when the right condition is met when the transfer should get stopped. diff -Nru curl-7.55.1/docs/HELP-US.md curl-7.57.0/docs/HELP-US.md --- curl-7.55.1/docs/HELP-US.md 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/HELP-US.md 2017-11-26 13:19:01.000000000 +0000 @@ -0,0 +1,70 @@ +# How to get started helping out in the curl project + +We are always in need of more help. If you are new to the project and are +looking for ways to contribute and help out, this document aims to give a few +good starting points. + +A good idea is to start by subscribing to the [curl-library mailing +list](https://cool.haxx.se/mailman/listinfo/curl-library) to keep track of the +current discussion topics. + +## Scratch your own itch + +One of the best ways is to start working on any problems or issues you have +found yourself or perhaps got annoyed at in the past. It can be a spelling +error in an error text or a weirdly phrased section in a man page. Hunt it +down and report the bug. Or make your first pull request with a fix for that. + +## Help wanted + +In the issue tracker we occasionally mark bugs with [help +wanted](https://github.com/curl/curl/labels/help%20wanted), as a sign that the +bug is acknowledged to exist and that there's nobody known to work on this +issue for the moment. Those are bugs that are fine to "grab" and provide a +pull request for. The complexity level of these will of course vary, so pick +one that piques your interest. + +## Work on known bugs + +Some bugs are known and haven't yet received attention and work enough to get +fixed. We collect such known existing flaws in the +[KNOWN_BUGS](https://curl.haxx.se/docs/knownbugs.html) page. Many of them link +to the original bug report with some additional details, but some may also +have aged a bit and may require some verification that the bug still exists in +the same way and that what was said about it in the past is still valid. + +## Fix autobuild problems + +On the [autobuilds page](https://curl.haxx.se/dev/builds.html) we show a +collection of test results from the automatic curl build and tests that are +performed by volunteers. Fixing compiler warnings and errors shown there is +something we value greatly. Also, if you own or run systems or architectures +that aren't already tested in the autobuilds, we also appreciate more +volunteers running builds automatically to help us keep curl portable. + +## TODO items + +Ideas for features and functions that we have considered worthwhile to +implement and provide are kept in the +[TODO](https://curl.haxx.se/docs/todo.html) file. Some of the ideas are +rough. Some are well thought out. Some probably aren't really suitable +anymore. + +Before you invest a lot of time on a TODO item, do bring it up for discussion +on the mailing list. For discussion on applicability but also for ideas and +brainstorming on specific ways to do the implementation etc. + +## You decide + +You can also come up with a completely new thing you think we should do. Or +not do. Or fix. Or add to the project. You then either bring it to the mailing +list first to see if people will shoot down the idea at once, or you bring a +first draft of the idea as a pull request and take the discussion there around +the specific implementation. Either way is fine. + +## CONTRIBUTE + +We offer [guidelines](https://curl.haxx.se/dev/contribute.html) that are +suitable to be familiar with before you decide to contribute to curl. If +you're used to open source development, you'll probably not find many +surprises in there. diff -Nru curl-7.55.1/docs/HISTORY.md curl-7.57.0/docs/HISTORY.md --- curl-7.55.1/docs/HISTORY.md 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/HISTORY.md 2017-11-09 22:40:36.000000000 +0000 @@ -275,3 +275,21 @@ March: first real release supporting HTTP/2 September: Web site had 245,000 unique visitors and served 236GB data + +2016 +---- + + December: curl 7.52.0 introduced support for HTTPS-proxy! + +2017 +---- + + September: Added Multi-SSL support + + The web site serves 3100 GB/month + + Public curl releases: 169 + Command line options: 211 + curl_easy_setopt() options: 249 + Public functions in libcurl: 74 + Contributors: 1609 diff -Nru curl-7.55.1/docs/INSTALL.md curl-7.57.0/docs/INSTALL.md --- curl-7.55.1/docs/INSTALL.md 2017-08-12 13:00:31.000000000 +0000 +++ curl-7.57.0/docs/INSTALL.md 2017-11-09 22:40:36.000000000 +0000 @@ -222,6 +222,9 @@ In order to build sample program simplessl.c an SSL enabled libcurl is required, as well as the OpenSSL libeay32.lib and ssleay32.lib libraries. +In order to build sample program `sslbackend.c`, an SSL enabled libcurl +is required. + ## Disabling Specific Protocols in Windows builds The configure utility, unfortunately, is not available for the Windows diff -Nru curl-7.55.1/docs/INTERNALS.md curl-7.57.0/docs/INTERNALS.md --- curl-7.55.1/docs/INTERNALS.md 2017-08-12 13:00:31.000000000 +0000 +++ curl-7.57.0/docs/INTERNALS.md 2017-11-26 13:19:01.000000000 +0000 @@ -82,7 +82,7 @@ - zlib 1.1.4 - libssh2 0.16 - c-ares 1.6.0 - - libidn 0.4.1 + - libidn2 2.0.0 - cyassl 2.0.0 - openldap 2.0 - MIT Kerberos 1.2.4 @@ -612,20 +612,6 @@ strtoll() (or equivalent) function exist on your platform. If `curl_off_t` is only a 32 bit number on your platform, this macro uses strtol(). -`curlx_tvnow()` ---------------- - returns a struct timeval for the current time. - -`curlx_tvdiff()` --------------- - returns the difference between two timeval structs, in number of - milliseconds. - -`curlx_tvdiff_secs()` ---------------------- - returns the same as `curlx_tvdiff` but with full usec resolution (as a - double) - Future ------ @@ -656,29 +642,29 @@ ## About content encodings [HTTP/1.1][4] specifies that a client may request that a server encode its - response. This is usually used to compress a response using one of a set of - commonly available compression techniques. These schemes are 'deflate' (the - zlib algorithm), 'gzip' and 'compress'. A client requests that the server - perform an encoding by including an Accept-Encoding header in the request - document. The value of the header should be one of the recognized tokens - 'deflate', ... (there's a way to register new schemes/tokens, see sec 3.5 of - the spec). A server MAY honor the client's encoding request. When a response - is encoded, the server includes a Content-Encoding header in the - response. The value of the Content-Encoding header indicates which scheme was - used to encode the data. - - A client may tell a server that it can understand several different encoding - schemes. In this case the server may choose any one of those and use it to - encode the response (indicating which one using the Content-Encoding header). + response. This is usually used to compress a response using one (or more) + encodings from a set of commonly available compression techniques. These + schemes include 'deflate' (the zlib algorithm), 'gzip' 'br' (brotli) and + 'compress'. A client requests that the server perform an encoding by including + an Accept-Encoding header in the request document. The value of the header + should be one of the recognized tokens 'deflate', ... (there's a way to + register new schemes/tokens, see sec 3.5 of the spec). A server MAY honor + the client's encoding request. When a response is encoded, the server + includes a Content-Encoding header in the response. The value of the + Content-Encoding header indicates which encodings were used to encode the + data, in the order in which they were applied. + It's also possible for a client to attach priorities to different schemes so that the server knows which it prefers. See sec 14.3 of RFC 2616 for more - information on the Accept-Encoding header. + information on the Accept-Encoding header. See sec [3.1.2.2 of RFC 7231][15] + for more information on the Content-Encoding header. ## Supported content encodings - The 'deflate' and 'gzip' content encoding are supported by libcurl. Both - regular and chunked transfers work fine. The zlib library is required for - this feature. + The 'deflate', 'gzip' and 'br' content encodings are supported by libcurl. + Both regular and chunked transfers work fine. The zlib library is required + for the 'deflate' and 'gzip' encodings, while the brotli decoding library is + for the 'br' encoding. ## The libcurl interface @@ -688,14 +674,15 @@ where string is the intended value of the Accept-Encoding header. - Currently, libcurl only understands how to process responses that use the - "deflate" or "gzip" Content-Encoding, so the only values for - [`CURLOPT_ACCEPT_ENCODING`][5] that will work (besides "identity," which does - nothing) are "deflate" and "gzip" If a response is encoded using the - "compress" or methods, libcurl will return an error indicating that the - response could not be decoded. If is NULL no Accept-Encoding header - is generated. If is a zero-length string, then an Accept-Encoding - header containing all supported encodings will be generated. + Currently, libcurl does support multiple encodings but only + understands how to process responses that use the "deflate", "gzip" and/or + "br" content encodings, so the only values for [`CURLOPT_ACCEPT_ENCODING`][5] + that will work (besides "identity," which does nothing) are "deflate", + "gzip" and "br". If a response is encoded using the "compress" or methods, + libcurl will return an error indicating that the response could + not be decoded. If is NULL no Accept-Encoding header is generated. + If is a zero-length string, then an Accept-Encoding header + containing all supported encodings will be generated. The [`CURLOPT_ACCEPT_ENCODING`][5] must be set to any non-NULL value for content to be automatically decoded. If it is not set and the server still @@ -1091,3 +1078,4 @@ [12]: https://curl.haxx.se/libcurl/c/curl_multi_fdset.html [13]: https://curl.haxx.se/libcurl/c/curl_multi_add_handle.html [14]: https://curl.haxx.se/libcurl/c/curl_multi_info_read.html +[15]: https://tools.ietf.org/html/rfc7231#section-3.1.2.2 diff -Nru curl-7.55.1/docs/KNOWN_BUGS curl-7.57.0/docs/KNOWN_BUGS --- curl-7.55.1/docs/KNOWN_BUGS 2017-08-12 13:00:31.000000000 +0000 +++ curl-7.57.0/docs/KNOWN_BUGS 2017-11-09 22:40:36.000000000 +0000 @@ -18,7 +18,6 @@ 1.4 multipart formposts file name encoding 1.5 Expect-100 meets 417 1.6 Unnecessary close when 401 received waiting for 100 - 1.8 DNS timing is wrong for HTTP redirects 1.9 HTTP/2 frames while in the connection pool kill reuse 1.10 Strips trailing dot from host name 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM @@ -83,6 +82,7 @@ 11.1 Curl leaks .onion hostnames in DNS 11.2 error buffer not set if connection to multiple addresses fails 11.3 c-ares deviates from stock resolver on http://1346569778 + 11.4 HTTP test server 'connection-monitor' problems 12. LDAP and OpenLDAP 12.1 OpenLDAP hangs after returning results @@ -140,12 +140,6 @@ waiting for the the 100-continue response. https://curl.haxx.se/mail/lib-2008-08/0462.html -1.8 DNS timing is wrong for HTTP redirects - - When extracting timing information after HTTP redirects, only the last - transfer's results are returned and not the totals: - https://github.com/curl/curl/issues/522 - 1.9 HTTP/2 frames while in the connection pool kill reuse If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to @@ -322,7 +316,6 @@ The cmake build setup lacks several features that the autoconf build offers. This includes: - - symbol hiding when the shared library is built - use of correct soname for the shared library build - support for several TLS backends are missing - the unit tests cause link failures in regular non-static builds @@ -559,6 +552,13 @@ See https://github.com/curl/curl/issues/893 +11.4 HTTP test server 'connection-monitor' problems + + The 'connection-monitor' feature of the sws HTTP test server doesn't work + properly if some tests are run in unexpected order. Like 1509 and then 1525. + + See https://github.com/curl/curl/issues/868 + 12. LDAP and OpenLDAP diff -Nru curl-7.55.1/docs/libcurl/curl_easy_cleanup.3 curl-7.57.0/docs/libcurl/curl_easy_cleanup.3 --- curl-7.55.1/docs/libcurl/curl_easy_cleanup.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_cleanup.3 2017-11-29 09:29:12.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH curl_easy_cleanup 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_cleanup 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_cleanup - End a libcurl easy handle diff -Nru curl-7.55.1/docs/libcurl/curl_easy_duphandle.3 curl-7.57.0/docs/libcurl/curl_easy_duphandle.3 --- curl-7.55.1/docs/libcurl/curl_easy_duphandle.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_duphandle.3 2017-11-29 09:29:14.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_easy_duphandle 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_duphandle 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_duphandle - Clone a libcurl session handle diff -Nru curl-7.55.1/docs/libcurl/curl_easy_escape.3 curl-7.57.0/docs/libcurl/curl_easy_escape.3 --- curl-7.55.1/docs/libcurl/curl_easy_escape.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_escape.3 2017-11-29 09:29:13.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH curl_easy_escape 3 "August 12, 2017" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_escape 3 "August 12, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_escape - URL encodes the given string diff -Nru curl-7.55.1/docs/libcurl/curl_easy_getinfo.3 curl-7.57.0/docs/libcurl/curl_easy_getinfo.3 --- curl-7.55.1/docs/libcurl/curl_easy_getinfo.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_getinfo.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH curl_easy_getinfo 3 "June 15, 2017" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_getinfo 3 "June 15, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_getinfo - extract information from a curl handle diff -Nru curl-7.55.1/docs/libcurl/curl_easy_init.3 curl-7.57.0/docs/libcurl/curl_easy_init.3 --- curl-7.55.1/docs/libcurl/curl_easy_init.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_init.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_easy_init 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_init 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_init - Start a libcurl easy session diff -Nru curl-7.55.1/docs/libcurl/curl_easy_pause.3 curl-7.57.0/docs/libcurl/curl_easy_pause.3 --- curl-7.55.1/docs/libcurl/curl_easy_pause.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_pause.3 2017-11-29 09:29:14.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_easy_pause 3 "May 01, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_pause 3 "May 01, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_pause - pause and unpause a connection diff -Nru curl-7.55.1/docs/libcurl/curl_easy_perform.3 curl-7.57.0/docs/libcurl/curl_easy_perform.3 --- curl-7.55.1/docs/libcurl/curl_easy_perform.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_perform.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_easy_perform 3 "May 02, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_perform 3 "May 02, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_perform - perform a blocking file transfer diff -Nru curl-7.55.1/docs/libcurl/curl_easy_recv.3 curl-7.57.0/docs/libcurl/curl_easy_recv.3 --- curl-7.55.1/docs/libcurl/curl_easy_recv.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_recv.3 2017-11-29 09:29:12.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH curl_easy_recv 3 "December 18, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_recv 3 "December 18, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_recv - receives raw data on an "easy" connection diff -Nru curl-7.55.1/docs/libcurl/curl_easy_reset.3 curl-7.57.0/docs/libcurl/curl_easy_reset.3 --- curl-7.55.1/docs/libcurl/curl_easy_reset.3 2017-08-14 06:05:07.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_reset.3 2017-11-29 09:29:11.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_easy_reset 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_reset 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_reset - reset all options of a libcurl session handle diff -Nru curl-7.55.1/docs/libcurl/curl_easy_send.3 curl-7.57.0/docs/libcurl/curl_easy_send.3 --- curl-7.55.1/docs/libcurl/curl_easy_send.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_send.3 2017-11-29 09:29:12.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH curl_easy_send 3 "December 18, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_send 3 "December 18, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_send - sends raw data over an "easy" connection diff -Nru curl-7.55.1/docs/libcurl/curl_easy_setopt.3 curl-7.57.0/docs/libcurl/curl_easy_setopt.3 --- curl-7.55.1/docs/libcurl/curl_easy_setopt.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_setopt.3 2017-11-29 09:29:13.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH curl_easy_setopt 3 "April 27, 2017" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_setopt 3 "September 02, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_setopt \- set options for a curl easy handle @@ -412,6 +412,8 @@ Size of file to send. \fICURLOPT_INFILESIZE_LARGE(3)\fP .IP CURLOPT_UPLOAD Upload data. See \fICURLOPT_UPLOAD(3)\fP +.IP CURLOPT_MIMEPOST +Post/send MIME data. See \fICURLOPT_MIMEPOST(3)\fP .IP CURLOPT_MAXFILESIZE Maximum file size to get. See \fICURLOPT_MAXFILESIZE(3)\fP .IP CURLOPT_MAXFILESIZE_LARGE @@ -548,6 +550,8 @@ .SH SSH OPTIONS .IP CURLOPT_SSH_AUTH_TYPES SSH authentication types. See \fICURLOPT_SSH_AUTH_TYPES(3)\fP +.IP CURLOPT_SSH_COMPRESSION +Enable SSH compression. See \fICURLOPT_SSH_COMPRESSION(3)\fP .IP CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 MD5 of host's public key. See \fICURLOPT_SSH_HOST_PUBLIC_KEY_MD5(3)\fP .IP CURLOPT_SSH_PUBLIC_KEYFILE diff -Nru curl-7.55.1/docs/libcurl/curl_easy_strerror.3 curl-7.57.0/docs/libcurl/curl_easy_strerror.3 --- curl-7.55.1/docs/libcurl/curl_easy_strerror.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_strerror.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_easy_strerror 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_strerror 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_strerror - return string describing error code diff -Nru curl-7.55.1/docs/libcurl/curl_easy_unescape.3 curl-7.57.0/docs/libcurl/curl_easy_unescape.3 --- curl-7.55.1/docs/libcurl/curl_easy_unescape.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_easy_unescape.3 2017-11-29 09:29:12.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH curl_easy_unescape 3 "October 04, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_easy_unescape 3 "October 04, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_easy_unescape - URL decodes the given string diff -Nru curl-7.55.1/docs/libcurl/curl_escape.3 curl-7.57.0/docs/libcurl/curl_escape.3 --- curl-7.55.1/docs/libcurl/curl_escape.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_escape.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_escape 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_escape 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_escape - URL encodes the given string diff -Nru curl-7.55.1/docs/libcurl/curl_formadd.3 curl-7.57.0/docs/libcurl/curl_formadd.3 --- curl-7.55.1/docs/libcurl/curl_formadd.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_formadd.3 2017-11-29 09:29:12.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_formadd 3 "December 28, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_formadd 3 "October 08, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_formadd - add a section to a multipart/formdata HTTP POST @@ -30,6 +30,8 @@ .BI "struct curl_httppost ** " lastitem, " ...);" .ad .SH DESCRIPTION +This function is deprecated. Do not use! See \fIcurl_mime_init(3)\fP instead! + curl_formadd() is used to append sections when building a multipart/formdata HTTP POST (sometimes referred to as RFC2388-style posts). Append one section at a time until you've added all the sections you want included and then you @@ -61,16 +63,15 @@ .IP CURLFORM_COPYNAME followed by a string which provides the \fIname\fP of this part. libcurl copies the string so your application doesn't need to keep it around after -this function call. If the name isn't NUL-terminated, or if you'd -like it to contain zero bytes, you must set its length with -\fBCURLFORM_NAMELENGTH\fP. The copied data will be freed by -\fIcurl_formfree(3)\fP. +this function call. If the name isn't NUL-terminated, you must set its length +with \fBCURLFORM_NAMELENGTH\fP. The \fIname\fP is not allowed to contain +zero-valued bytes. The copied data will be freed by \fIcurl_formfree(3)\fP. .IP CURLFORM_PTRNAME followed by a string which provides the \fIname\fP of this part. libcurl will use the pointer and refer to the data in your application, so you must make sure it remains until curl no longer needs it. If the name -isn't NUL-terminated, or if you'd like it to contain zero -bytes, you must set its length with \fBCURLFORM_NAMELENGTH\fP. +isn't NUL-terminated, you must set its length with \fBCURLFORM_NAMELENGTH\fP. +The \fIname\fP is not allowed to contain zero-valued bytes. .IP CURLFORM_COPYCONTENTS followed by a pointer to the contents of this part, the actual data to send away. libcurl copies the provided data, so your application doesn't @@ -170,6 +171,12 @@ you've called \fIcurl_easy_cleanup(3)\fP for the curl handle. See example below. +.SH AVAILABILITY +Deprecated in 7.56.0. Before this release, field names were allowed to +contain zero-valued bytes. The pseudo-filename "-" to read stdin is +discouraged although still supported, but data is not read before being +actually sent: the effective data size can then not be automatically +determined, resulting in a chunked encoding transfer. .SH RETURN VALUE 0 means everything was ok, non-zero means an error occurred corresponding to a CURL_FORMADD_* constant defined in @@ -255,5 +262,6 @@ curl_easy_setopt(curl, CURLOPT_HTTPPOST, post); .SH "SEE ALSO" -.BR curl_easy_setopt "(3), " -.BR curl_formfree "(3)" +.BR curl_easy_setopt "(3)," +.BR curl_formfree "(3)," +.BR curl_mime_init "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_formfree.3 curl-7.57.0/docs/libcurl/curl_formfree.3 --- curl-7.55.1/docs/libcurl/curl_formfree.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_formfree.3 2017-11-29 09:29:13.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_formfree 3 "May 02, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_formfree 3 "September 02, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_formfree - free a previously build multipart/formdata HTTP POST chain @@ -29,6 +29,8 @@ .BI "void curl_formfree(struct curl_httppost *" form); .ad .SH DESCRIPTION +This function is deprecated. Do not use! See \fIcurl_mime_init(3)\fP instead! + curl_formfree() is used to clean up data previously built/appended with \fIcurl_formadd(3)\fP. This must be called when the data has been used, which typically means after \fIcurl_easy_perform(3)\fP has been called. @@ -39,7 +41,9 @@ \fBform\fP is the pointer as returned from a previous call to \fIcurl_formadd(3)\fP and may be NULL. +.SH AVAILABILITY +Deprecated in 7.56.0. .SH RETURN VALUE None .SH "SEE ALSO" -.BR curl_formadd "(3) " +.BR curl_formadd "(3), " curl_mime_init "(3), " curl_mime_free "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_formget.3 curl-7.57.0/docs/libcurl/curl_formget.3 --- curl-7.55.1/docs/libcurl/curl_formget.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_formget.3 2017-11-29 09:29:13.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_formget 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_formget 3 "September 02, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_formget - serialize a previously built multipart/formdata HTTP POST chain @@ -66,6 +66,7 @@ return total_size; } .SH AVAILABILITY -This function was added in libcurl 7.15.5 +This function was added in libcurl 7.15.5. The form API is deprecated in +libcurl 7.56.0. .SH "SEE ALSO" -.BR curl_formadd "(3) " +.BR curl_formadd "(3), " curl_mime_init "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_free.3 curl-7.57.0/docs/libcurl/curl_free.3 --- curl-7.55.1/docs/libcurl/curl_free.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_free.3 2017-11-29 09:29:11.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_free 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_free 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_free - reclaim memory that has been obtained through a libcurl call diff -Nru curl-7.55.1/docs/libcurl/curl_getdate.3 curl-7.57.0/docs/libcurl/curl_getdate.3 --- curl-7.55.1/docs/libcurl/curl_getdate.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_getdate.3 2017-11-29 09:29:14.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_getdate 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_getdate 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_getdate - Convert a date string to number of seconds diff -Nru curl-7.55.1/docs/libcurl/curl_getenv.3 curl-7.57.0/docs/libcurl/curl_getenv.3 --- curl-7.55.1/docs/libcurl/curl_getenv.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_getenv.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_getenv 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_getenv 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_getenv - return value for environment name diff -Nru curl-7.55.1/docs/libcurl/curl_global_cleanup.3 curl-7.57.0/docs/libcurl/curl_global_cleanup.3 --- curl-7.55.1/docs/libcurl/curl_global_cleanup.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_global_cleanup.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_global_cleanup 3 "September 20, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_global_cleanup 3 "September 20, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_global_cleanup - global libcurl cleanup diff -Nru curl-7.55.1/docs/libcurl/curl_global_init.3 curl-7.57.0/docs/libcurl/curl_global_init.3 --- curl-7.55.1/docs/libcurl/curl_global_init.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_global_init.3 2017-11-29 09:29:12.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_global_init 3 "June 29, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_global_init 3 "November 23, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_global_init - Global libcurl initialisation @@ -63,6 +63,9 @@ \fBCURL_GLOBAL_ACK_EINTR\fP. .IP CURL_GLOBAL_SSL +(This flag's presence or absense serves no meaning since 7.57.0. The +description below is for older libcurl versions.) + Initialize SSL. The implication here is that if this bit is not set, the initialization of the @@ -94,5 +97,6 @@ .SH "SEE ALSO" .BR curl_global_init_mem "(3), " .BR curl_global_cleanup "(3), " +.BR curl_global_sslset "(3), " .BR curl_easy_init "(3) " .BR libcurl "(3) " diff -Nru curl-7.55.1/docs/libcurl/curl_global_init_mem.3 curl-7.57.0/docs/libcurl/curl_global_init_mem.3 --- curl-7.55.1/docs/libcurl/curl_global_init_mem.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_global_init_mem.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_global_init_mem 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_global_init_mem 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_global_init_mem - Global libcurl initialisation with memory callbacks diff -Nru curl-7.55.1/docs/libcurl/curl_global_sslset.3 curl-7.57.0/docs/libcurl/curl_global_sslset.3 --- curl-7.55.1/docs/libcurl/curl_global_sslset.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_global_sslset.3 2017-11-29 09:29:14.000000000 +0000 @@ -0,0 +1,98 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_global_sslset 3 "September 21, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_global_sslset - Select SSL backend to use with libcurl +.SH SYNOPSIS +.B #include +.nf + +typedef struct { + curl_sslbackend id; + const char *name; +} curl_ssl_backend; + +typedef enum { + CURLSSLBACKEND_NONE = 0, + CURLSSLBACKEND_OPENSSL = 1, + CURLSSLBACKEND_GNUTLS = 2, + CURLSSLBACKEND_NSS = 3, + CURLSSLBACKEND_GSKIT = 5, + CURLSSLBACKEND_POLARSSL = 6, + CURLSSLBACKEND_WOLFSSL = 7, + CURLSSLBACKEND_SCHANNEL = 8, + CURLSSLBACKEND_DARWINSSL = 9, + CURLSSLBACKEND_AXTLS = 10, + CURLSSLBACKEND_MBEDTLS = 11 +} curl_sslbackend; + +.B "CURLsslset curl_global_sslset(curl_sslbackend " id, +.B " const char *" name, +.B " curl_ssl_backend ***" avail ");" +.fi +.SH DESCRIPTION +This function configures at runtime which SSL backend to use with +libcurl. This function can only be used to select an SSL backend once, and it +must be called \fBbefore\fP \fIcurl_global_init(3)\fP. + +The backend can be identified by the \fIid\fP +(e.g. \fBCURLSSLBACKEND_OPENSSL\fP). The backend can also be specified via the +\fIname\fP parameter for a case insensitive match (passing -1 as \fIid\fP). If +both \fIid\fP and \fIname\fP are specified, the \fIname\fP will be ignored. + +If neither \fIid\fP nor \fPname\fP are specified, the function will fail with +CURLSSLSET_UNKNOWN_BACKEND and set the \fIavail\fP pointer to the +NULL-terminated list of available backends. The available backends are those +that this particular build of libcurl supports. + +Upon success, the function returns CURLSSLSET_OK. + +If the specified SSL backend is not available, the function returns +CURLSSLSET_UNKNOWN_BACKEND and sets the \fIavail\fP pointer to a +NULL-terminated list of available SSL backends. In this case, you may call the +function again to try to select a different backend. + +The SSL backend can be set only once. If it has already been set, a subsequent +attempt to change it will result in a \fBCURLSSLSET_TOO_LATE\fP. + +\fBThis function is not thread safe.\fP You must not call it when any other +thread in the program (i.e. a thread sharing the same memory) is running. +This doesn't just mean no other thread that is using libcurl. + +.SH AVAILABILITY +This function was added in libcurl 7.56.0. Before this version, there was no +support for choosing SSL backends at runtime. +.SH RETURN VALUE +If this function returns CURLSSLSET_OK, the backend was successfully selected. + +If the chosen backend is unknown (or support for the chosed backend has not +been compiled into libcurl), the function returns \fICURLSSLSET_UNKNOWN_BACKEND\fP. + +If the backend had been configured previously, or if \fIcurl_global_init(3)\fP +has already been called, the function returns \fICURLSSLSET_TOO_LATE\fP. + +If this libcurl was built completely without SSL support, with no backends at +all, this function returns \fICURLSSLSET_NO_BACKENDS\fP. +.SH "SEE ALSO" +.BR curl_global_init "(3), " +.BR libcurl "(3) " diff -Nru curl-7.55.1/docs/libcurl/curl_mime_addpart.3 curl-7.57.0/docs/libcurl/curl_mime_addpart.3 --- curl-7.55.1/docs/libcurl/curl_mime_addpart.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_addpart.3 2017-11-29 09:29:13.000000000 +0000 @@ -0,0 +1,67 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_addpart 3 "September 22, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_addpart - append a new empty part to a mime structure +.SH SYNOPSIS +.B #include +.sp +.BI "curl_mimepart * curl_mime_addpart(curl_mime * " mime ");" +.ad +.SH DESCRIPTION +\fIcurl_mime_addpart(3)\fP creates and appends a new empty part to the given +mime structure and returns a handle to it. The returned part handle can +subsequently be populated using functions from the mime API. + +\fImime\fP is the handle of the mime structure in which the new part must be +appended. +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +A mime part structure handle, or NULL upon failure. +.SH EXAMPLE +.nf + curl_mime *mime; + curl_mimepart *part; + + /* create a mime handle */ + mime = curl_mime_init(easy); + + /* add a part */ + part = curl_mime_addpart(mime); + + /* continue and set name + data to the part */ + curl_mime_data(part, "This is the field data", CURL_ZERO_TERMINATED); + curl_mime_name(part, "data"); +.fi +.SH "SEE ALSO" +.BR curl_mime_init "(3)," +.BR curl_mime_name "(3)," +.BR curl_mime_data "(3)," +.BR curl_mime_data_cb "(3)," +.BR curl_mime_filedata "(3)," +.BR curl_mime_filename "(3)," +.BR curl_mime_subparts "(3)," +.BR curl_mime_type "(3)," +.BR curl_mime_headers "(3)," +.BR curl_mime_encoder "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_data.3 curl-7.57.0/docs/libcurl/curl_mime_data.3 --- curl-7.55.1/docs/libcurl/curl_mime_data.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_data.3 2017-11-29 09:29:13.000000000 +0000 @@ -0,0 +1,70 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_data 3 "September 22, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_data - set a mime part's body data from memory +.SH SYNOPSIS +.B #include +.sp +.BI "CURLcode curl_mime_data(curl_mimepart * " part ", const char * " data +.BI ", size_t " datasize ");" +.ad +.SH DESCRIPTION +\fIcurl_mime_data(3)\fP sets a mime part's body content from memory data. + +\fIdata\fP points to the data bytes: those are copied to the part and their +storage may safely be reused after call. +\fIdatasize\fP is the number of data bytes: it can be set to +\fICURL_ZERO_TERMINATED\fP to indicate \fIdata\fP is a nul-terminated +character string. +\fIpart\fP is the part's to assign contents to. + +Setting a part's contents twice is valid: only the value set by the last call +is retained. It is possible to unassign part's contents by setting +\fIdata\fP to NULL. + +Setting very large data is memory consuming: one might consider using +\fIcurl_mime_data_cb(3)\fP in such a case. +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +CURLE_OK or a CURL error code upon failure. +.SH EXAMPLE +.nf + curl_mime *mime; + curl_mimepart *part; + + /* create a mime handle */ + mime = curl_mime_init(easy); + + /* add a part */ + part = curl_mime_addpart(mime); + + /* add data to the part */ + curl_mime_data(part, "raw contents to send", CURL_ZERO_TERMINATED); +.fi +.SH "SEE ALSO" +.BR curl_mime_addpart "(3)," +.BR curl_mime_data_cb "(3)," +.BR curl_mime_name "(3)," +.BR curl_mime_type "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_data_cb.3 curl-7.57.0/docs/libcurl/curl_mime_data_cb.3 --- curl-7.55.1/docs/libcurl/curl_mime_data_cb.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_data_cb.3 2017-11-29 09:29:14.000000000 +0000 @@ -0,0 +1,161 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_data_cb 3 "October 04, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_data_cb - set a callback-based data source for a mime part's body +.SH SYNOPSIS +.B #include +.sp +size_t readfunc(char *buffer, size_t size, size_t nitems, void *arg); +.br +int seekfunc(void *arg, curl_off_t offset, int origin); +.br +void freefunc(void *arg); +.sp +.BI "CURLcode curl_mime_data_cb(curl_mimepart * " part ", curl_off_t " datasize , +.br +.BI " curl_read_callback " readfunc ", curl_seek_callback " seekfunc , +.br +.BI " curl_free_callback " freefunc ", void * " arg ");" +.ad +.SH DESCRIPTION +\fIcurl_mime_data_cb(3)\fP sets the data source of a mime part's body content +from a data read callback function. + +\fIpart\fP is the part's to assign contents to. + +\fIreadfunc\fP is a pointer to a data read callback function, with a signature +as shown by the above prototype. It may not be set to NULL. + +\fIseekfunc\fP is a pointer to a seek callback function, with a signature as +shown by the above prototype. This function will be used upon resending data +(i.e.: after a redirect); this pointer may be set to NULL, in which case a +resend is not possible. + +\fIfreefunc\fP is a pointer to a user resource freeing callback function, with +a signature as shown by the above prototype. If no resource is to be freed, it +may safely be set to NULL. This function will be called upon mime structure +freeing. + +\fIarg\fP is a user defined argument to callback functions. + +The read callback function gets called by libcurl as soon as it needs to +read data in order to send it to the peer - like if you ask it to upload or +post data to the server. The data area pointed at by the pointer \fIbuffer\fP +should be filled up with at most \fIsize\fP multiplied with \fInmemb\fP number +of bytes by your function. + +Your read function must then return the actual number of bytes that it stored +in that memory area. Returning 0 will signal end-of-file to the library and +cause it to stop the current transfer. + +If you stop the current transfer by returning 0 "pre-maturely" (i.e before the +server expected it, like when you've said you will upload N bytes and you +upload less than N bytes), you may experience that the server "hangs" waiting +for the rest of the data that won't come. + +The read callback may return \fICURL_READFUNC_ABORT\fP to stop the current +operation immediately, resulting in a \fICURLE_ABORTED_BY_CALLBACK\fP error +code from the transfer. + +The callback can return \fICURL_READFUNC_PAUSE\fP to cause reading from this +connection to pause. See \fIcurl_easy_pause(3)\fP for further details. + +The seek function gets called by libcurl to rewind input stream data or to +seek to a certain position. The function shall work like fseek(3) or lseek(3) +and it gets SEEK_SET, SEEK_CUR or SEEK_END as argument for \fIorigin\fP, +although libcurl currently only passes SEEK_SET. + +The callback function must return \fICURL_SEEKFUNC_OK\fP on success, +\fICURL_SEEKFUNC_FAIL\fP to cause the upload operation to fail or +\fICURL_SEEKFUNC_CANTSEEK\fP to indicate that while the seek failed, libcurl +is free to work around the problem if possible. The latter can sometimes be +done by instead reading from the input or similar. + +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +CURLE_OK or a CURL error code upon failure. +.SH EXAMPLE +Sending a huge data string will cause the same amount of memory to be +allocated: to avoid overhead resources consumption, one might want to use a +callback source to avoid data duplication. In this case, original data +must be retained until after the transfer terminates. +.nf + +char hugedata[512000]; + +struct ctl { + char *buffer; + curl_off_t size; + curl_off_t position; +}; + +size_t read_callback(char *buffer, size_t size, size_t nitems, void *arg) +{ + struct ctl *p = (struct ctl *) arg; + curl_off_t sz = p->size - p->position; + + nitems *= size; + if(sz > nitems) + sz = nitems; + if(sz) + memcpy(buffer, p->buffer + p->position, sz); + p->position += sz; + return sz; +} + +int seek_callback(void *arg, curl_off_t offset, int origin) +{ + struct ctl *p = (struct ctl *) arg; + + switch(origin) { + case SEEK_END: + offset += p->size; + break; + case SEEK_CUR: + offset += p->position; + break; + } + + if(offset < 0) + return CURL_SEEKFUNC_FAIL; + p->position = offset; + return CURL_SEEKFUNC_OK; +} + + CURL *easy = curl_easy_init(); + curl_mime *mime = curl_mime_init(easy); + curl_mimepart *part = curl_mime_addpart(mime); + struct ctl hugectl; + + hugectl.buffer = hugedata; + hugectl.size = sizeof hugedata; + hugectl.position = 0; + curl_mime_data_cb(part, hugectl.size, read_callback, seek_callback, NULL, + &hugectl); + +.SH "SEE ALSO" +.BR curl_mime_addpart "(3)," +.BR curl_mime_data "(3)," +.BR curl_mime_name "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_encoder.3 curl-7.57.0/docs/libcurl/curl_mime_encoder.3 --- curl-7.55.1/docs/libcurl/curl_mime_encoder.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_encoder.3 2017-11-29 09:29:13.000000000 +0000 @@ -0,0 +1,98 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_encoder 3 "September 05, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_encoder - set a mime part's encoder and content transfer encoding +.SH SYNOPSIS +.B #include +.sp +.BI "CURLcode curl_mime_encoder(curl_mimepart * " part , +.BI "const char * " encoding ");" +.ad +.SH DESCRIPTION +curl_mime_encoder() requests a mime part's content to be encoded before being +transmitted. + +\fIpart\fP is the part's handle to assign an encoder. +\fIencoding\fP is a pointer to a zero-terminated encoding scheme. It may be +set to NULL to disable an encoder previously attached to the part. The encoding +scheme storage may safely be reused after this function returns. + +Setting a part's encoder twice is valid: only the value set by the last call is +retained. + +Upon multipart rendering, the part's content is encoded according to the +pertaining scheme and a corresponding \fIContent-Transfer-Encoding"\fP header +is added to the part. + +Supported encoding schemes are: +.br +"\fIbinary\fP": the data is left unchanged, the header is added. +.br +"\fI8bit\fP": header added, no data change. +.br +"\fI7bit\fP": the data is unchanged, but is each byte is checked +to be a 7-bit value; if not, a read error occurs. +.br +"\fIbase64\fP": Data is converted to base64 encoding, then split in +CRLF-terminated lines of at most 76 characters. +.br +"\fIquoted-printable\fP": data is encoded in quoted printable lines of +at most 76 characters. Since the resulting size of the final data cannot be +determined prior to reading the original data, it is left as unknown, causing +chunked transfer in HTTP. For the same reason, this encoder may not be used +with IMAP. This encoder targets text data that is mostly ASCII and should +not be used with other types of data. + +If the original data is already encoded in such a scheme, a custom +\fIContent-Transfer-Encoding\fP header should be added with +\FIcurl_mime_headers\fP() instead of setting a part encoder. + +Encoding should not be applied to multiparts, thus the use of this +function on a part with content set with \fIcurl_mime_subparts\fP() is +strongly discouraged. +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +CURLE_OK or a CURL error code upon failure. +.SH EXAMPLE +.nf + curl_mime *mime; + curl_mimepart *part; + + /* create a mime handle */ + mime = curl_mime_init(easy); + + /* add a part */ + part = curl_mime_addpart(mime); + + /* send a file */ + curl_mime_filedata(part, "image.png"); + + /* encode file data in base64 for transfer */ + curl_mime_encoder(part, "base64"); +.fi +.SH "SEE ALSO" +.BR curl_mime_addpart "(3)," +.BR curl_mime_headers "(3)," +.BR curl_mime_subparts "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_filedata.3 curl-7.57.0/docs/libcurl/curl_mime_filedata.3 --- curl-7.55.1/docs/libcurl/curl_mime_filedata.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_filedata.3 2017-11-29 09:29:14.000000000 +0000 @@ -0,0 +1,82 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_filedata 3 "October 23, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_filedata - set a mime part's body data from a file contents +.SH SYNOPSIS +.B #include +.sp +.BI "CURLcode curl_mime_filedata(curl_mimepart * " part , +.BI " const char * " filename ");" +.ad +.SH DESCRIPTION +\fIcurl_mime_filedata(3)\fP sets a mime part's body content from the named +file's contents. This is an alernative to \fIcurl_mime_data(3)\fP for setting +data to a mime part. + +\fIpart\fP is the part's to assign contents to. + +\fIfilename\fP points to the nul-terminated file's path name. The pointer can +be NULL to detach the previous part contents settings. Filename storage can be +safely be reused after this call. + +As a side effect, the part's remote file name is set to the base name of the +given \fIfilename\fP if it is a valid named file. This can be undone or +overridden by a subsequent call to \fIcurl_mime_filename(3)\fP. + +The contents of the file is read during the file transfer in a streaming +manner to allow huge files to get transferred without using much memory. It +therefore requires that the file is kept intact during the entire request. + +If the file size cannot be determined before actually reading it (such as for +a device or named pipe), the whole mime structure containing the part +will be transferred as chunks by HTTP and rejected by IMAP. + +Setting a part's contents twice is valid: only the value set by the last call +is retained. +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +CURLE_OK or a CURL error code upon failure. +.SH EXAMPLE +.nf + curl_mime *mime; + curl_mimepart *part; + + /* create a mime handle */ + mime = curl_mime_init(easy); + + /* add a part */ + part = curl_mime_addpart(mime); + + /* send data from this file */ + curl_mime_filedata(part, "image.png"); + + /* set name */ + curl_mime_name(part, "data"); +.fi +.SH "SEE ALSO" +.BR curl_mime_addpart "(3)," +.BR curl_mime_data "(3)," +.BR curl_mime_filename "(3)," +.BR curl_mime_name "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_filename.3 curl-7.57.0/docs/libcurl/curl_mime_filename.3 --- curl-7.55.1/docs/libcurl/curl_mime_filename.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_filename.3 2017-11-29 09:29:13.000000000 +0000 @@ -0,0 +1,73 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_filename 3 "September 22, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_filename - set a mime part's remote file name +.SH SYNOPSIS +.B #include +.sp +.BI "CURLcode curl_mime_filename(curl_mimepart * " part , +.BI "const char * " filename ");" +.ad +.SH DESCRIPTION +\fIcurl_mime_filename(3)\fP sets a mime part's remote file name. When remote +file name is set, content data is processed as a file, whatever is the part's +content source. A part's remote file name is transmitted to the server in the +associated Content-Disposition generated header. + +\fIpart\fP is the part's handle to assign the remote file name to. + +\fIfilename\fP points to the nul-terminated file name string; it may be set to +NULL to remove a previously attached remote file name. + +The remote file name string is copied into the part, thus the associated +storage may safely be released or reused after call. Setting a part's file +name twice is valid: only the value set by the last call is retained. +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +CURLE_OK or a CURL error code upon failure. +.SH EXAMPLE +.nf + curl_mime *mime; + curl_mimepart *part; + + /* create a mime handle */ + mime = curl_mime_init(easy); + + /* add a part */ + part = curl_mime_addpart(mime); + + /* send image data from memory */ + curl_mime_data(part, imagebuf, imagebuf_len); + + /* set a file name to make it look like a file upload */ + curl_mime_filename(part, "image.png"); + + /* set name */ + curl_mime_name(part, "data"); +.fi +.SH "SEE ALSO" +.BR curl_mime_addpart "(3)," +.BR curl_mime_filedata "(3)," +.BR curl_mime_data "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_free.3 curl-7.57.0/docs/libcurl/curl_mime_free.3 --- curl-7.55.1/docs/libcurl/curl_mime_free.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_free.3 2017-11-29 09:29:13.000000000 +0000 @@ -0,0 +1,49 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_free 3 "September 04, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_free - free a previously built mime structure +.SH SYNOPSIS +.B #include +.sp +.BI "void curl_mime_free(curl_mime *" mime); +.ad +.SH DESCRIPTION +\fIcurl_mime_free(3)\fP is used to clean up data previously built/appended +with \fIcurl_mime_addpart(3)\fP and other mime-handling functions. This must +be called when the data has been used, which typically means after +\fIcurl_easy_perform(3)\fP has been called. + +The handle to free is the one you passed to +the \fICURLOPT_MIMEPOST(3)\fP option: attached subparts mime structures must +not be explicitly freed as they are by the top structure freeing. + +\fBmime\fP is the handle as returned from a previous call to +\fIcurl_mime_init(3)\fP and may be NULL. + +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +None +.SH "SEE ALSO" +.BR curl_mime_init "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_headers.3 curl-7.57.0/docs/libcurl/curl_mime_headers.3 --- curl-7.55.1/docs/libcurl/curl_mime_headers.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_headers.3 2017-11-29 09:29:13.000000000 +0000 @@ -0,0 +1,66 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_headers 3 "September 22, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_headers - set a mime part's custom headers +.SH SYNOPSIS +.B #include +.sp +.BI "CURLcode curl_mime_headers(curl_mimepart * " part , +.BI "struct curl_slist * " headers ", int " take_ownership ");" +.ad +.SH DESCRIPTION +\fIcurl_mime_headers(3)\fP sets a mime part's custom headers. + +\fIpart\fP is the part's handle to assign the custom headers list to. + +\fIheaders\fP is the head of a list of custom headers; it may be set to NULL +to remove a previously attached custom header list. + +\fItake_ownership\fP: when non-zero, causes the list to be freed upon +replacement or mime structure deletion; in this case the list must not be +freed explicitly. + +Setting a part's custom headers list twice is valid: only the value set by +the last call is retained. +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +CURLE_OK or a CURL error code upon failure. +.SH EXAMPLE +.nf + struct curl_slist *headers = NULL; + + headers = curl_slist_append("Custom-Header: mooo", headers); + + /* use these headers, please take ownership */ + curl_mime_headers(part, headers, TRUE); + + /* pass on this data */ + curl_mime_data(part, "12345679", CURL_ZERO_TERMINATED); + + /* set name */ + curl_mime_name(part, "numbers"); +.fi +.SH "SEE ALSO" +.BR curl_mime_addpart "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_init.3 curl-7.57.0/docs/libcurl/curl_mime_init.3 --- curl-7.55.1/docs/libcurl/curl_mime_init.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_init.3 2017-11-29 09:29:13.000000000 +0000 @@ -0,0 +1,70 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_init 3 "September 22, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_init - create a mime handle +.SH SYNOPSIS +.B #include +.sp +.BI "curl_mime * curl_mime_init(CURL * " easy_handle ");" +.ad +.SH DESCRIPTION +\fIcurl_mime_init(3)\fP creates a handle to a new empty mime structure +intended to be used with \fIeasy_handle\fP. This mime structure can be +subsequently filled using the mime API, then attached to \fIeasy_handle\fP +using option \fICURLOPT_MIMEPOST(3)\fP within a \fIcurl_easy_setopt(3)\fP +call. + +Using a mime handle is the recommended way to post an HTTP form, format and +send a multi-part e-mail with SMTP or upload such an e-mail to an IMAP server. + +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +A mime struct handle, or NULL upon failure. +.SH EXAMPLE +.nf + + CURL *easy = curl_easy_init(); + curl_mime *mime; + curl_mimepart *part; + + /* Build an HTTP form with a single field named "data", */ + mime = curl_mime_init(easy); + part = curl_mime_addpart(mime); + curl_mime_data(part, "This is the field data", CURL_ZERO_TERMINATED); + curl_mime_name(part, "data"); + + /* Post and send it. */ + curl_easy_setopt(easy, CURLOPT_MIMEPOST, mime); + curl_easy_setopt(easy, CURLOPT_URL, "http://example.com"); + curl_easy_perform(easy); + + /* Clean-up. */ + curl_easy_cleanup(easy); + curl_mime_free(mime); + +.SH "SEE ALSO" +.BR curl_mime_addpart "(3)," +.BR curl_mime_free "(3)," +.BR CURLOPT_MIMEPOST "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_name.3 curl-7.57.0/docs/libcurl/curl_mime_name.3 --- curl-7.55.1/docs/libcurl/curl_mime_name.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_name.3 2017-11-29 09:29:13.000000000 +0000 @@ -0,0 +1,64 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_name 3 "September 22, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_name - set a mime part's name +.SH SYNOPSIS +.B #include +.sp +.BI "CURLcode curl_mime_name(curl_mimepart * " part ", const char * " name ");" +.ad +.SH DESCRIPTION +\fIcurl_mime_name(3)\fP sets a mime part's name. This is the way HTTP form +fields are named. + +\fIpart\fP is the part's handle to assign a name to. + +\fIname\fP points to the zero-terminated name string. + +The name string is copied into the part, thus the associated storage may +safely be released or reused after call. Setting a part's name twice is valid: +only the value set by the last call is retained. It is possible to "unname" a +part by setting \fIname\fP to NULL. +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +CURLE_OK or a CURL error code upon failure. +.SH EXAMPLE +.nf + curl_mime *mime; + curl_mimepart *part; + + /* create a mime handle */ + mime = curl_mime_init(easy); + + /* add a part */ + part = curl_mime_addpart(mime); + + /* give the part a name */ + curl_mime_name(part, "shoe_size"); +.fi +.SH "SEE ALSO" +.BR curl_mime_addpart "(3)," +.BR curl_mime_data "(3)," +.BR curl_mime_type "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_subparts.3 curl-7.57.0/docs/libcurl/curl_mime_subparts.3 --- curl-7.55.1/docs/libcurl/curl_mime_subparts.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_subparts.3 2017-11-29 09:29:12.000000000 +0000 @@ -0,0 +1,54 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_subparts 3 "September 05, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_subparts - set subparts of a multipart mime part +.SH SYNOPSIS +.B #include +.sp +.BI "CURLcode curl_mime_subparts(curl_mimepart * " part , +.BI "curl_mime * " subparts ");" +.ad +.SH DESCRIPTION +\fIcurl_mime_subparts(3)\fP sets a multipart mime part's content from a mime +structure. + +\fIpart\fP is a handle to the multipart part. + +\fIsubparts\fP is a mime structure handle holding the subparts. After +\fIcurl_mime_subparts\fP succeeds, the mime structure handle belongs to the +multipart part and must not be freed explicitly. It may however be updated by +subsequent calls to mime API functions. + +Setting a part's contents twice is valid: only the value set by the last call +is retained. It is possible to unassign previous part's contents by setting +\fIsubparts\fP to NULL. +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +CURLE_OK or a CURL error code upon failure. +.SH EXAMPLE +TODO +.SH "SEE ALSO" +.BR curl_mime_addpart "(3)," +.BR curl_mime_init "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mime_type.3 curl-7.57.0/docs/libcurl/curl_mime_type.3 --- curl-7.55.1/docs/libcurl/curl_mime_type.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mime_type.3 2017-11-29 09:29:12.000000000 +0000 @@ -0,0 +1,84 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.TH curl_mime_type 3 "September 22, 2017" "libcurl 7.57.0" "libcurl Manual" + +.SH NAME +curl_mime_type - set a mime part's content type +.SH SYNOPSIS +.B #include +.sp +.BI "CURLcode curl_mime_type(curl_mimepart * " part , +.BI "const char * " mimetype ");" +.ad +.SH DESCRIPTION +\fIcurl_mime_type(3)\fP sets a mime part's content type. + +\fIpart\fP is the part's handle to assign the content type to. + +\fImimetype\fP points to the nul-terminated file mime type string; it may be +set to NULL to remove a previously attached mime type. + +The mime type string is copied into the part, thus the associated storage may +safely be released or reused after call. Setting a part's type twice is valid: +only the value set by the last call is retained. + +In the absence of a mime type and if needed by the protocol specifications, +a default mime type is determined by the context: +.br +- If set as a custom header, use this value. +.br +- application/form-data for a HTTP form post. +.br +- If a remote file name is set, the mime type is taken from the file name +extension, or application/octet-stream by default. +.br +- For a multipart part, multipart/mixed. +.br +- text/plain in other cases. +.SH AVAILABILITY +As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0. +.SH RETURN VALUE +CURLE_OK or a CURL error code upon failure. +.SH EXAMPLE +.nf + curl_mime *mime; + curl_mimepart *part; + + /* create a mime handle */ + mime = curl_mime_init(easy); + + /* add a part */ + part = curl_mime_addpart(mime); + + /* get data from this file */ + curl_mime_filedata(part, "image.png"); + + /* content-type for this part */ + curl_mime_type(part, "image/png"); + + /* set name */ + curl_mime_name(part, "image"); +.fi +.SH "SEE ALSO" +.BR curl_mime_addpart "(3)," +.BR curl_mime_name "(3)," +.BR curl_mime_data "(3)" diff -Nru curl-7.55.1/docs/libcurl/curl_mprintf.3 curl-7.57.0/docs/libcurl/curl_mprintf.3 --- curl-7.55.1/docs/libcurl/curl_mprintf.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_mprintf.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_printf 3 "April 01, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_printf 3 "April 01, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_maprintf, curl_mfprintf, curl_mprintf, curl_msnprintf, curl_msprintf diff -Nru curl-7.55.1/docs/libcurl/curl_multi_add_handle.3 curl-7.57.0/docs/libcurl/curl_multi_add_handle.3 --- curl-7.55.1/docs/libcurl/curl_multi_add_handle.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_add_handle.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_add_handle 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_add_handle 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_add_handle - add an easy handle to a multi session diff -Nru curl-7.55.1/docs/libcurl/curl_multi_assign.3 curl-7.57.0/docs/libcurl/curl_multi_assign.3 --- curl-7.55.1/docs/libcurl/curl_multi_assign.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_assign.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_assign 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_assign 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_assign \- set data to associate with an internal socket diff -Nru curl-7.55.1/docs/libcurl/curl_multi_cleanup.3 curl-7.57.0/docs/libcurl/curl_multi_cleanup.3 --- curl-7.55.1/docs/libcurl/curl_multi_cleanup.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_cleanup.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_cleanup 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_cleanup 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_cleanup - close down a multi session diff -Nru curl-7.55.1/docs/libcurl/curl_multi_fdset.3 curl-7.57.0/docs/libcurl/curl_multi_fdset.3 --- curl-7.55.1/docs/libcurl/curl_multi_fdset.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_fdset.3 2017-11-29 09:29:13.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_fdset 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_fdset 3 "November 09, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_fdset - extracts file descriptor information from a multi handle @@ -59,9 +59,10 @@ currently does something that isn't possible for your application to monitor with a socket and unfortunately you can then not know exactly when the current action is completed using select(). You then need to wait a while before you -proceed and call \fIcurl_multi_perform(3)\fP anyway. How long to wait? We -suggest 100 milliseconds at least, but you may want to test it out in your own -particular conditions to find a suitable value. +proceed and call \fIcurl_multi_perform(3)\fP anyway. How long to wait? Unless +\fIcurl_multi_timeout(3)\fP gives you a lower number, we suggest 100 +milliseconds or so, but you may want to test it out in your own particular +conditions to find a suitable value. When doing select(), you should use \fIcurl_multi_timeout(3)\fP to figure out how long to wait for action. Call \fIcurl_multi_perform(3)\fP even if no diff -Nru curl-7.55.1/docs/libcurl/curl_multi_info_read.3 curl-7.57.0/docs/libcurl/curl_multi_info_read.3 --- curl-7.55.1/docs/libcurl/curl_multi_info_read.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_info_read.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_info_read 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_info_read 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_info_read - read multi stack informationals diff -Nru curl-7.55.1/docs/libcurl/curl_multi_init.3 curl-7.57.0/docs/libcurl/curl_multi_init.3 --- curl-7.55.1/docs/libcurl/curl_multi_init.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_init.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_init 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_init 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_init - create a multi handle diff -Nru curl-7.55.1/docs/libcurl/curl_multi_perform.3 curl-7.57.0/docs/libcurl/curl_multi_perform.3 --- curl-7.55.1/docs/libcurl/curl_multi_perform.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_perform.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_perform 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_perform 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_perform - reads/writes available data from each easy handle diff -Nru curl-7.55.1/docs/libcurl/curl_multi_remove_handle.3 curl-7.57.0/docs/libcurl/curl_multi_remove_handle.3 --- curl-7.55.1/docs/libcurl/curl_multi_remove_handle.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_remove_handle.3 2017-11-29 09:29:14.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_remove_handle 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_remove_handle 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_remove_handle - remove an easy handle from a multi session diff -Nru curl-7.55.1/docs/libcurl/curl_multi_setopt.3 curl-7.57.0/docs/libcurl/curl_multi_setopt.3 --- curl-7.55.1/docs/libcurl/curl_multi_setopt.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_setopt.3 2017-11-29 09:29:14.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_setopt 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_setopt 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_setopt \- set options for a curl multi handle diff -Nru curl-7.55.1/docs/libcurl/curl_multi_socket.3 curl-7.57.0/docs/libcurl/curl_multi_socket.3 --- curl-7.55.1/docs/libcurl/curl_multi_socket.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_socket.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_socket 3 "December 15, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_socket 3 "December 15, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_socket \- reads/writes available data diff -Nru curl-7.55.1/docs/libcurl/curl_multi_socket_action.3 curl-7.57.0/docs/libcurl/curl_multi_socket_action.3 --- curl-7.55.1/docs/libcurl/curl_multi_socket_action.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_socket_action.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_socket_action 3 "June 07, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_socket_action 3 "June 07, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_socket_action \- reads/writes available data given an action diff -Nru curl-7.55.1/docs/libcurl/curl_multi_strerror.3 curl-7.57.0/docs/libcurl/curl_multi_strerror.3 --- curl-7.55.1/docs/libcurl/curl_multi_strerror.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_strerror.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_strerror 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_strerror 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_strerror - return string describing error code diff -Nru curl-7.55.1/docs/libcurl/curl_multi_timeout.3 curl-7.57.0/docs/libcurl/curl_multi_timeout.3 --- curl-7.55.1/docs/libcurl/curl_multi_timeout.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_timeout.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_timeout 3 "May 02, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_timeout 3 "May 02, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_timeout \- how long to wait for action before proceeding diff -Nru curl-7.55.1/docs/libcurl/curl_multi_wait.3 curl-7.57.0/docs/libcurl/curl_multi_wait.3 --- curl-7.55.1/docs/libcurl/curl_multi_wait.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_multi_wait.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_multi_wait 3 "March 09, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_multi_wait 3 "March 09, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_multi_wait - polls on all easy handles in a multi handle diff -Nru curl-7.55.1/docs/libcurl/curl_share_cleanup.3 curl-7.57.0/docs/libcurl/curl_share_cleanup.3 --- curl-7.55.1/docs/libcurl/curl_share_cleanup.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_share_cleanup.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_share_cleanup 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_share_cleanup 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_share_cleanup - Clean up a shared object diff -Nru curl-7.55.1/docs/libcurl/curl_share_init.3 curl-7.57.0/docs/libcurl/curl_share_init.3 --- curl-7.55.1/docs/libcurl/curl_share_init.3 2017-08-14 06:05:07.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_share_init.3 2017-11-29 09:29:11.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_share_init 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_share_init 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_share_init - Create a shared object diff -Nru curl-7.55.1/docs/libcurl/curl_share_setopt.3 curl-7.57.0/docs/libcurl/curl_share_setopt.3 --- curl-7.55.1/docs/libcurl/curl_share_setopt.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_share_setopt.3 2017-11-29 09:29:13.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_share_setopt 3 "May 29, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_share_setopt 3 "November 09, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_share_setopt - Set options for a shared object @@ -71,6 +71,13 @@ to the same server. Note SSL session IDs are reused within the same easy handle by default. Note this symbol was added in 7.10.3 but was not implemented until 7.23.0. +.IP CURL_LOCK_DATA_CONNECT +Put the connection cache in the share object and make all easy handles using +this share object share the connection cache. Using this, you can for example +do multi-threaded libcurl use with one handle in each thread, and yet have a +shared pool of unused connections and this way get way better connection +re-use than if you use one separate pool in each thread. Support for this was +added in 7.57.0, but the symbol existed long before this. .RE .IP CURLSHOPT_UNSHARE This option does the opposite of \fICURLSHOPT_SHARE\fP. It specifies that diff -Nru curl-7.55.1/docs/libcurl/curl_share_strerror.3 curl-7.57.0/docs/libcurl/curl_share_strerror.3 --- curl-7.55.1/docs/libcurl/curl_share_strerror.3 2017-08-14 06:05:07.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_share_strerror.3 2017-11-29 09:29:11.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_share_strerror 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_share_strerror 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_share_strerror - return string describing error code diff -Nru curl-7.55.1/docs/libcurl/curl_slist_append.3 curl-7.57.0/docs/libcurl/curl_slist_append.3 --- curl-7.55.1/docs/libcurl/curl_slist_append.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_slist_append.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_slist_append 3 "May 05, 2017" "libcurl 7.55.1" "libcurl Manual" +.TH curl_slist_append 3 "May 05, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_slist_append - add a string to an slist diff -Nru curl-7.55.1/docs/libcurl/curl_slist_free_all.3 curl-7.57.0/docs/libcurl/curl_slist_free_all.3 --- curl-7.55.1/docs/libcurl/curl_slist_free_all.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_slist_free_all.3 2017-11-29 09:29:12.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_slist_free_all 3 "May 05, 2017" "libcurl 7.55.1" "libcurl Manual" +.TH curl_slist_free_all 3 "May 05, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_slist_free_all - free an entire curl_slist list diff -Nru curl-7.55.1/docs/libcurl/curl_strequal.3 curl-7.57.0/docs/libcurl/curl_strequal.3 --- curl-7.55.1/docs/libcurl/curl_strequal.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_strequal.3 2017-11-29 09:29:14.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_strequal 3 "June 29, 2017" "libcurl 7.55.1" "libcurl Manual" +.TH curl_strequal 3 "June 29, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_strequal, curl_strnequal - case insensitive string comparisons diff -Nru curl-7.55.1/docs/libcurl/curl_unescape.3 curl-7.57.0/docs/libcurl/curl_unescape.3 --- curl-7.55.1/docs/libcurl/curl_unescape.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_unescape.3 2017-11-29 09:29:14.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_unescape 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_unescape 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_unescape - URL decodes the given string diff -Nru curl-7.55.1/docs/libcurl/curl_version.3 curl-7.57.0/docs/libcurl/curl_version.3 --- curl-7.55.1/docs/libcurl/curl_version.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_version.3 2017-11-29 09:29:14.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH curl_version 3 "February 03, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_version 3 "February 03, 2016" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_version - returns the libcurl version string diff -Nru curl-7.55.1/docs/libcurl/curl_version_info.3 curl-7.57.0/docs/libcurl/curl_version_info.3 --- curl-7.55.1/docs/libcurl/curl_version_info.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/curl_version_info.3 2017-11-29 09:29:14.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH curl_version_info 3 "November 25, 2016" "libcurl 7.55.1" "libcurl Manual" +.TH curl_version_info 3 "November 05, 2017" "libcurl 7.57.0" "libcurl Manual" .SH NAME curl_version_info - returns run-time libcurl version info @@ -73,6 +73,12 @@ const char *libssh_version; /* human readable string */ + /* when 'age' is 4 or higher (7.57.0 or later), the members below also + exist */ + unsigned int brotli_ver_num; /* Numeric Brotli version + (MAJOR << 24) | (MINOR << 12) | PATCH */ + const char *brotli_version; /* human readable string. */ + } curl_version_info_data; .fi @@ -157,6 +163,12 @@ .IP CURL_VERSION_HTTPS_PROXY libcurl was built with support for HTTPS-proxy. (Added in 7.52.0) +.IP CURL_VERSION_MULTI_SSL +libcurl was built with multiple SSL backends. For details, see +\fIcurl_global_sslset(3)\fP. +(Added in 7.56.0) +.IP CURL_VERSION_BROTLI +supports HTTP Brotli content encoding using libbrotlidec (Added in 7.57.0) .RE \fIssl_version\fP is an ASCII string for the OpenSSL version used. If libcurl has no SSL support, this is NULL. diff -Nru curl-7.55.1/docs/libcurl/libcurl.3 curl-7.57.0/docs/libcurl/libcurl.3 --- curl-7.55.1/docs/libcurl/libcurl.3 2017-08-14 06:05:07.000000000 +0000 +++ curl-7.57.0/docs/libcurl/libcurl.3 2017-11-29 09:29:11.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH libcurl 3 "February 03, 2016" "libcurl 7.55.1" "libcurl overview" +.TH libcurl 3 "July 15, 2017" "libcurl 7.57.0" "libcurl overview" .SH NAME libcurl \- client-side URL transfers @@ -39,6 +39,10 @@ \fIcurl_global_cleanup(3)\fP at the end. See \fBGLOBAL CONSTANTS\fP below for details. +If libcurl was compiled with support for multiple SSL backends, the function +\fIcurl_global_sslset(3)\fP can be called before \fIcurl_global_init(3)\fP +to select the active SSL backend. + To transfer files, you create an "easy handle" using \fIcurl_easy_init(3)\fP for a single individual transfer (in either direction). You then set your desired set of options in that handle with \fIcurl_easy_setopt(3)\fP. Options diff -Nru curl-7.55.1/docs/libcurl/libcurl-easy.3 curl-7.57.0/docs/libcurl/libcurl-easy.3 --- curl-7.55.1/docs/libcurl/libcurl-easy.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/libcurl-easy.3 2017-11-29 09:29:13.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH libcurl 3 "February 03, 2016" "libcurl 7.55.1" "libcurl easy interface" +.TH libcurl 3 "February 03, 2016" "libcurl 7.57.0" "libcurl easy interface" .SH NAME libcurl-easy \- easy interface overview diff -Nru curl-7.55.1/docs/libcurl/libcurl-errors.3 curl-7.57.0/docs/libcurl/libcurl-errors.3 --- curl-7.55.1/docs/libcurl/libcurl-errors.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/libcurl-errors.3 2017-11-29 09:29:13.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH libcurl-errors 3 "August 22, 2016" "libcurl 7.55.1" "libcurl errors" +.TH libcurl-errors 3 "August 22, 2016" "libcurl 7.57.0" "libcurl errors" .SH NAME libcurl-errors \- error codes in libcurl diff -Nru curl-7.55.1/docs/libcurl/libcurl-multi.3 curl-7.57.0/docs/libcurl/libcurl-multi.3 --- curl-7.55.1/docs/libcurl/libcurl-multi.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/libcurl-multi.3 2017-11-29 09:29:12.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH libcurl-multi 3 "June 07, 2017" "libcurl 7.55.1" "libcurl multi interface" +.TH libcurl-multi 3 "June 07, 2017" "libcurl 7.57.0" "libcurl multi interface" .SH NAME libcurl-multi \- how to use the multi interface diff -Nru curl-7.55.1/docs/libcurl/libcurl-share.3 curl-7.57.0/docs/libcurl/libcurl-share.3 --- curl-7.55.1/docs/libcurl/libcurl-share.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/libcurl-share.3 2017-11-29 09:29:12.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH libcurl-share 3 "February 03, 2016" "libcurl 7.55.1" "libcurl share interface" +.TH libcurl-share 3 "November 27, 2017" "libcurl 7.57.0" "libcurl share interface" .SH NAME libcurl-share \- how to use the share interface @@ -35,10 +35,9 @@ \&"handles". .SH "ONE SET OF DATA - MANY TRANSFERS" You can have multiple easy handles share data between them. Have them update -and use the \fBsame\fP cookie database, DNS cache, TLS session cache! This -way, each single transfer will take advantage from data updates made by the -other transfer(s). The sharing interface, however, does not share active or -persistent connections between different easy handles. +and use the \fBsame\fP cookie database, DNS cache, TLS session cache and/or +connection cache! This way, each single transfer will take advantage from data +updates made by the other transfer(s). .SH "SHARE OBJECT" You create a shared object with \fIcurl_share_init(3)\fP. It returns a handle for a newly created one. diff -Nru curl-7.55.1/docs/libcurl/libcurl-symbols.3 curl-7.57.0/docs/libcurl/libcurl-symbols.3 --- curl-7.55.1/docs/libcurl/libcurl-symbols.3 2017-08-09 05:52:16.000000000 +0000 +++ curl-7.57.0/docs/libcurl/libcurl-symbols.3 2017-11-29 09:29:30.000000000 +0000 @@ -19,7 +19,7 @@ .\" * KIND, either express or implied. .\" * .\" ************************************************************************** -.TH libcurl-symbols 3 "aug 9, 2017" "libcurl 7.41.0" "libcurl symbols" +.TH libcurl-symbols 3 "nov 29, 2017" "libcurl 7.41.0" "libcurl symbols" .SH NAME libcurl-symbols \- libcurl symbol version information .SH "libcurl symbols" @@ -357,6 +357,7 @@ Introduced in 7.21.0 .IP CURLFORM_ARRAY Introduced in 7.9.1 +Deprecated since 7.56.0 .IP CURLFORM_ARRAY_END Introduced in 7.9.1 Deprecated since 7.9.5 @@ -367,40 +368,58 @@ Last used in 7.9.5 .IP CURLFORM_BUFFER Introduced in 7.9.8 +Deprecated since 7.56.0 .IP CURLFORM_BUFFERLENGTH Introduced in 7.9.8 +Deprecated since 7.56.0 .IP CURLFORM_BUFFERPTR Introduced in 7.9.8 +Deprecated since 7.56.0 .IP CURLFORM_CONTENTHEADER Introduced in 7.9.3 +Deprecated since 7.56.0 .IP CURLFORM_CONTENTLEN Introduced in 7.46.0 +Deprecated since 7.56.0 .IP CURLFORM_CONTENTSLENGTH Introduced in 7.9 +Deprecated since 7.56.0 .IP CURLFORM_CONTENTTYPE Introduced in 7.9 +Deprecated since 7.56.0 .IP CURLFORM_COPYCONTENTS Introduced in 7.9 +Deprecated since 7.56.0 .IP CURLFORM_COPYNAME Introduced in 7.9 +Deprecated since 7.56.0 .IP CURLFORM_END Introduced in 7.9 +Deprecated since 7.56.0 .IP CURLFORM_FILE Introduced in 7.9 +Deprecated since 7.56.0 .IP CURLFORM_FILECONTENT Introduced in 7.9.1 +Deprecated since 7.56.0 .IP CURLFORM_FILENAME Introduced in 7.9.6 +Deprecated since 7.56.0 .IP CURLFORM_NAMELENGTH Introduced in 7.9 +Deprecated since 7.56.0 .IP CURLFORM_NOTHING Introduced in 7.9 +Deprecated since 7.56.0 .IP CURLFORM_PTRCONTENTS Introduced in 7.9 +Deprecated since 7.56.0 .IP CURLFORM_PTRNAME Introduced in 7.9 +Deprecated since 7.56.0 .IP CURLFORM_STREAM Introduced in 7.18.2 +Deprecated since 7.56.0 .IP CURLFTPAUTH_DEFAULT Introduced in 7.12.2 .IP CURLFTPAUTH_SSL @@ -869,6 +888,7 @@ Introduced in 7.1 .IP CURLOPT_HTTPPOST Introduced in 7.1 +Deprecated since 7.56.0 .IP CURLOPT_HTTPPROXYTUNNEL Introduced in 7.3 .IP CURLOPT_HTTPREQUEST @@ -939,6 +959,8 @@ Introduced in 7.15.5 .IP CURLOPT_MAX_SEND_SPEED_LARGE Introduced in 7.15.5 +.IP CURLOPT_MIMEPOST +Introduced in 7.56.0 .IP CURLOPT_MUTE Introduced in 7.1 Deprecated since 7.8 @@ -1150,6 +1172,8 @@ Introduced in 7.12.1 .IP CURLOPT_SSH_AUTH_TYPES Introduced in 7.16.1 +.IP CURLOPT_SSH_COMPRESSION +Introduced in 7.56.0 .IP CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 Introduced in 7.17.1 .IP CURLOPT_SSH_KEYDATA @@ -1450,6 +1474,14 @@ Introduced in 7.25.0 .IP CURLSSLOPT_NO_REVOKE Introduced in 7.44.0 +.IP CURLSSLSET_NO_BACKENDS +Introduced in 7.56.0 +.IP CURLSSLSET_OK +Introduced in 7.56.0 +.IP CURLSSLSET_TOO_LATE +Introduced in 7.56.0 +.IP CURLSSLSET_UNKNOWN_BACKEND +Introduced in 7.56.0 .IP CURLUSESSL_ALL Introduced in 7.17.0 .IP CURLUSESSL_CONTROL @@ -1458,6 +1490,8 @@ Introduced in 7.17.0 .IP CURLUSESSL_TRY Introduced in 7.17.0 +.IP CURLVERSION_FIFTH +Introduced in 7.57.0 .IP CURLVERSION_FIRST Introduced in 7.10 .IP CURLVERSION_FOURTH @@ -1500,20 +1534,28 @@ Introduced in 7.21.0 .IP CURL_FORMADD_DISABLED Introduced in 7.12.1 +Deprecated since 7.56.0 .IP CURL_FORMADD_ILLEGAL_ARRAY Introduced in 7.9.8 +Deprecated since 7.56.0 .IP CURL_FORMADD_INCOMPLETE Introduced in 7.9.8 +Deprecated since 7.56.0 .IP CURL_FORMADD_MEMORY Introduced in 7.9.8 +Deprecated since 7.56.0 .IP CURL_FORMADD_NULL Introduced in 7.9.8 +Deprecated since 7.56.0 .IP CURL_FORMADD_OK Introduced in 7.9.8 +Deprecated since 7.56.0 .IP CURL_FORMADD_OPTION_TWICE Introduced in 7.9.8 +Deprecated since 7.56.0 .IP CURL_FORMADD_UNKNOWN_OPTION Introduced in 7.9.8 +Deprecated since 7.56.0 .IP CURL_GLOBAL_ACK_EINTR Introduced in 7.30.0 .IP CURL_GLOBAL_ALL @@ -1718,6 +1760,8 @@ Introduced in 7.21.4 .IP CURL_VERSION_ASYNCHDNS Introduced in 7.10.7 +.IP CURL_VERSION_BROTLI +Introduced in 7.57.0 .IP CURL_VERSION_CONV Introduced in 7.15.4 .IP CURL_VERSION_CURLDEBUG @@ -1746,6 +1790,8 @@ Introduced in 7.11.1 .IP CURL_VERSION_LIBZ Introduced in 7.10 +.IP CURL_VERSION_MULTI_SSL +Introduced in 7.56.0 .IP CURL_VERSION_NTLM Introduced in 7.10.6 .IP CURL_VERSION_NTLM_WB @@ -1770,3 +1816,5 @@ Introduced in 7.28.0 .IP CURL_WRITEFUNC_PAUSE Introduced in 7.18.0 +.IP CURL_ZERO_TERMINATED +Introduced in 7.56.0 diff -Nru curl-7.55.1/docs/libcurl/libcurl-thread.3 curl-7.57.0/docs/libcurl/libcurl-thread.3 --- curl-7.55.1/docs/libcurl/libcurl-thread.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/libcurl-thread.3 2017-11-29 09:29:12.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH libcurl-thread 3 "August 08, 2017" "libcurl 7.55.1" "libcurl thread safety" +.TH libcurl-thread 3 "August 08, 2017" "libcurl 7.57.0" "libcurl thread safety" .SH NAME libcurl-thread \- libcurl thread safety diff -Nru curl-7.55.1/docs/libcurl/libcurl-tutorial.3 curl-7.57.0/docs/libcurl/libcurl-tutorial.3 --- curl-7.55.1/docs/libcurl/libcurl-tutorial.3 2017-08-14 06:05:08.000000000 +0000 +++ curl-7.57.0/docs/libcurl/libcurl-tutorial.3 2017-11-29 09:29:12.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH libcurl-tutorial 3 "March 04, 2017" "libcurl 7.55.1" "libcurl programming" +.TH libcurl-tutorial 3 "October 23, 2017" "libcurl 7.57.0" "libcurl programming" .SH NAME libcurl-tutorial \- libcurl programming tutorial @@ -478,14 +478,67 @@ unit of data. Each part has its own name and contents. You can in fact create and post a multi-part formpost with the regular libcurl POST support described above, but that would require that you build a formpost yourself and provide -to libcurl. To make that easier, libcurl provides \fIcurl_formadd(3)\fP. Using -this function, you add parts to the form. When you're done adding parts, you -post the whole form. +to libcurl. To make that easier, libcurl provides a MIME API consisting in +several functions: using those, you can create and fill a multi-part form. +Function \fIcurl_mime_init(3)\fP creates a multi-part body; you can then +append new parts to a multi-part body using \fIcurl_mime_addpart(3)\fP. +There are three possible data sources for a part: memory using +\fIcurl_mime_data(3)\fP, file using \fIcurl_mime_filedata(3)\fP and +user-defined data read callback using \fIcurl_mime_data_cb(3)\fP. +\fIcurl_mime_name(3)\fP sets a part's (i.e.: form field) name, while +\fIcurl_mime_filename(3)\fP fills in the remote file name. With +\fIcurl_mime_type(3)\fP, you can tell the MIME type of a part, +\fIcurl_mime_headers(3)\fP allows defining the part's headers. When a +multi-part body is no longer needed, you can destroy it using +\fIcurl_mime_free(3)\fP. The following example sets two simple text parts with plain textual contents, and then a file with binary contents and uploads the whole thing. .nf + curl_mime *multipart = curl_mime_init(easyhandle); + curl_mimepart *part = curl_mime_addpart(mutipart); + curl_mime_name(part, "name"); + curl_mime_data(part, "daniel", CURL_ZERO_TERMINATED); + part = curl_mime_addpart(mutipart); + curl_mime_name(part, "project"); + curl_mime_data(part, "curl", CURL_ZERO_TERMINATED); + part = curl_mime_addpart(mutipart); + curl_mime_name(part, "logotype-image"); + curl_mime_filedata(part, "curl.png"); + + /* Set the form info */ + curl_easy_setopt(easyhandle, CURLOPT_MIMEPOST, multipart); + + curl_easy_perform(easyhandle); /* post away! */ + + /* free the post data again */ + curl_mime_free(multipart); +.fi + +To post multiple files for a single form field, you must supply each file in +a separate part, all with the same field name. Although function +\fIcurl_mime_subparts(3)\fP implements nested muti-parts, this way of +multiple files posting is deprecated by RFC 7578, chapter 4.3. + +To set the data source from an already opened FILE pointer, use: + +.nf + curl_mime_data_cb(part, filesize, (curl_read_callback) fread, + (curl_seek_callback) fseek, NULL, filepointer); +.fi + +A deprecated \fIcurl_formadd(3)\fP function is still supported in libcurl. +It should however not be used anymore for new designs and programs using it +ought to be converted to the MIME API. It is however described here as an +aid to conversion. + +Using \fIcurl_formadd\fP, you add parts to the form. When you're done adding +parts, you post the whole form. + +The MIME API example above is expressed as follows using this function: + +.nf struct curl_httppost *post=NULL; struct curl_httppost *last=NULL; curl_formadd(&post, &last, @@ -543,6 +596,136 @@ Just setting \fICURLOPT_POSTFIELDS(3)\fP to "" or NULL will *not* stop libcurl from doing a POST. It will just make it POST without any data to send! +.SH "Converting from deprecated form API to MIME API" +Four rules have to be respected in building the multi-part: +.br +- The easy handle must be created before building the multi-part. +.br +- The multi-part is always created by a call to curl_mime_init(easyhandle). +.br +- Each part is created by a call to curl_mime_addpart(multipart). +.br +- When complete, the multi-part must be bound to the easy handle using +\fICURLOPT_MIMEPOST(3)\fP instead of \fICURLOPT_HTTPPOST(3)\fP. + +Here are some example of \fIcurl_formadd\fP calls to MIME API sequences: + +.nf + curl_formadd(&post, &last, + CURLFORM_COPYNAME, "id", + CURLFORM_COPYCONTENTS, "daniel", CURLFORM_END); + CURLFORM_CONTENTHEADER, headers, + CURLFORM_END); +.fi +becomes: +.nf + part = curl_mime_addpart(multipart); + curl_mime_name(part, "id"); + curl_mime_data(part, "daniel", CURL_ZERO_TERMINATED); + curl_mime_headers(part, headers, FALSE); +.fi + +Setting the last \fIcurl_mime_headers\fP argument to TRUE would have caused +the headers to be automatically released upon destroyed the multi-part, thus +saving a clean-up call to \fIcurl_slist_free_all(3)\fP. + +.nf + curl_formadd(&post, &last, + CURLFORM_PTRNAME, "logotype-image", + CURLFORM_FILECONTENT, "-", + CURLFORM_END); +.fi +becomes: +.nf + part = curl_mime_addpart(multipart); + curl_mime_name(part, "logotype-image"); + curl_mime_data_cb(part, (curl_off_t) -1, fread, fseek, NULL, stdin); +.fi + +\fIcurl_mime_name\fP always copies the field name. The special file name "-" +is not supported by \fIcurl_mime_file\fP: to read an open file, use +a callback source using fread(). The transfer will be chunked since the data +size is unknown. + +.nf + curl_formadd(&post, &last, + CURLFORM_COPYNAME, "datafile[]", + CURLFORM_FILE, "file1", + CURLFORM_FILE, "file2", + CURLFORM_END); +.fi +becomes: +.nf + part = curl_mime_addpart(multipart); + curl_mime_name(part, "datafile[]"); + curl_mime_filedata(part, "file1"); + part = curl_mime_addpart(multipart); + curl_mime_name(part, "datafile[]"); + curl_mime_filedata(part, "file2"); +.fi + +The deprecated multipart/mixed implementation of multiple files field is +translated to two distinct parts with the same name. + +.nf + curl_easy_setopt(easyhandle, CURLOPT_READFUNCTION, myreadfunc); + curl_formadd(&post, &last, + CURLFORM_COPYNAME, "stream", + CURLFORM_STREAM, arg, + CURLFORM_CONTENTLEN, (curl_off_t) datasize, + CURLFORM_FILENAME, "archive.zip", + CURLFORM_CONTENTTYPE, "application/zip", + CURLFORM_END); +.fi +becomes: +.nf + part = curl_mime_addpart(multipart); + curl_mime_name(part, "stream"); + curl_mime_data_cb(part, (curl_off_t) datasize, + myreadfunc, NULL, NULL, arg); + curl_mime_filename(part, "archive.zip"); + curl_mime_type(part, "application/zip"); +.fi + +\fICURLOPT_READFUNCTION\fP callback is not used: it is replace by directly +setting the part source data from the callback read function. + +.nf + curl_formadd(&post, &last, + CURLFORM_COPYNAME, "memfile", + CURLFORM_BUFFER, "memfile.bin", + CURLFORM_BUFFERPTR, databuffer, + CURLFORM_BUFFERLENGTH, (long) sizeof databuffer, + CURLFORM_END); +.fi +becomes: +.nf + part = curl_mime_addpart(multipart); + curl_mime_name(part, "memfile"); + curl_mime_data(part, databuffer, (curl_off_t) sizeof databuffer); + curl_mime_filename(part, "memfile.bin"); +.fi + +\fIcurl_mime_data\fP always copies the initial data: data buffer is thus +free for immediate reuse. + +.nf + curl_formadd(&post, &last, + CURLFORM_COPYNAME, "message", + CURLFORM_FILECONTENT, "msg.txt", + CURLFORM_END); +.fi +becomes: +.nf + part = curl_mime_addpart(multipart); + curl_mime_name(part, "message"); + curl_mime_filedata(part, "msg.txt"); + curl_mime_filename(part, NULL); +.fi + +Use of \fIcurl_mime_filedata\fP sets the remote file name as a side effect: it +is therefore necessary to clear it for \fICURLFORM_FILECONTENT\fP emulation. + .SH "Showing Progress" For historical and traditional reasons, libcurl has a built-in progress meter @@ -1006,6 +1189,81 @@ LPRT before trying PORT, as they work with more protocols. You can disable this behavior by setting \fICURLOPT_FTP_USE_EPRT(3)\fP to zero. +.SH "MIME API revisited for SMTP and IMAP" +In addition to support HTTP multi-part form fields, the MIME API can be used +to build structured e-mail messages and send them via SMTP or append such +messages to IMAP directories. + +A structured e-mail message may contain several parts: some are displayed +inline by the MUA, some are attachments. Parts can also be structured as +multi-part, for example to include another e-mail message or to offer several +text formats alternatives. This can be nested to any level. + +To build such a message, you prepare the nth-level multi-part and then include +it as a source to the parent multi-part using function +\fIcurl_mime_subparts(3)\fP. Once it has been +bound to its parent multi-part, a nth-level multi-part belongs to it and +should not be freed explicitly. + +E-mail messages data is not supposed to be non-ascii and line length is +limited: fortunately, some transfer encodings are defined by the standards +to support the transmission of such incompatible data. Function +\fIcurl_mime_encoder(3)\fP tells a part that its source data must be encoded +before being sent. It also generates the corresponding header for that part. +If the part data you want to send is already encoded in such a scheme, +do not use this function (this would over-encode it), but explicitly set the +corresponding part header. + +Upon sending such a message, libcurl prepends it with the header list +set with \fICURLOPT_HTTPHEADER(3)\fP, as 0th-level mime part headers. + +Here is an example building an e-mail message with an inline plain/html text +alternative and a file attachment encoded in base64: + +.nf + curl_mime *message = curl_mime_init(easyhandle); + + /* The inline part is an alternative proposing the html and the text + versions of the e-mail. */ + curl_mime *alt = curl_mime_init(easyhandle); + + /* HTML message. */ + curl_mimepart *part = curl_mime_addpart(alt); + curl_mime_data(part, "

This is HTML

", + CURL_ZERO_TERMINATED); + curl_mime_type(part, "text/html"); + + /* Text message. */ + part = curl_mime_addpart(alt); + curl_mime_data(part, "This is plain text message", + CURL_ZERO_TERMINATED); + + /* Create the inline part. */ + part = curl_mime_addpart(message); + curl_mime_subparts(part, alt); + curl_mime_type(part, "multipart/alternative"); + struct curl_slist *headers = curl_slist_append(NULL, + "Content-Disposition: inline"); + curl_mime_headers(part, headers, TRUE); + + /* Add the attachment. */ + part = curl_mime_addpart(message); + curl_mime_filedata(part, "manual.pdf"); + curl_mime_encoder(part, "base64"); + + /* Build the mail headers. */ + headers = curl_slist_append(NULL, "From: me@example.com"); + headers = curl_slist_append(headers, "To: you@example.com"); + + /* Set these into the easy handle. */ + curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, headers); + curl_easy_setopt(easyhandle, CURLOPT_MIMEPOST, mime); +.fi + +It should be noted that appending a message to an IMAP directory requires +the message size to be known prior upload. It is therefore not possible to +include parts with unknown data size in this context. + .SH "Headers Equal Fun" Some protocols provide "headers", meta-data separated from the normal diff -Nru curl-7.55.1/docs/libcurl/Makefile.in curl-7.57.0/docs/libcurl/Makefile.in --- curl-7.55.1/docs/libcurl/Makefile.in 2017-08-13 16:22:16.000000000 +0000 +++ curl-7.57.0/docs/libcurl/Makefile.in 2017-11-28 15:13:57.000000000 +0000 @@ -477,7 +477,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -494,6 +496,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -650,7 +653,11 @@ curl_multi_timeout.3 curl_formget.3 curl_multi_assign.3 \ curl_easy_pause.3 curl_easy_recv.3 curl_easy_send.3 \ curl_multi_socket_action.3 curl_multi_wait.3 libcurl-symbols.3 \ - libcurl-thread.3 curl_multi_socket_all.3 + libcurl-thread.3 curl_multi_socket_all.3 curl_global_sslset.3 \ + curl_mime_init.3 curl_mime_free.3 curl_mime_addpart.3 curl_mime_name.3 \ + curl_mime_data.3 curl_mime_data_cb.3 curl_mime_filedata.3 \ + curl_mime_filename.3 curl_mime_subparts.3 \ + curl_mime_type.3 curl_mime_headers.3 curl_mime_encoder.3 man_DISTMANS = $(man_MANS:.3=.3.dist) HTMLPAGES = $(man_MANS:.3=.html) diff -Nru curl-7.55.1/docs/libcurl/Makefile.inc curl-7.57.0/docs/libcurl/Makefile.inc --- curl-7.55.1/docs/libcurl/Makefile.inc 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/docs/libcurl/Makefile.inc 2017-11-09 22:40:36.000000000 +0000 @@ -17,4 +17,8 @@ curl_multi_timeout.3 curl_formget.3 curl_multi_assign.3 \ curl_easy_pause.3 curl_easy_recv.3 curl_easy_send.3 \ curl_multi_socket_action.3 curl_multi_wait.3 libcurl-symbols.3 \ - libcurl-thread.3 curl_multi_socket_all.3 + libcurl-thread.3 curl_multi_socket_all.3 curl_global_sslset.3 \ + curl_mime_init.3 curl_mime_free.3 curl_mime_addpart.3 curl_mime_name.3 \ + curl_mime_data.3 curl_mime_data_cb.3 curl_mime_filedata.3 \ + curl_mime_filename.3 curl_mime_subparts.3 \ + curl_mime_type.3 curl_mime_headers.3 curl_mime_encoder.3 diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_ACTIVESOCKET 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_ACTIVESOCKET 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_ACTIVESOCKET \- get the active socket diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_APPCONNECT_TIME 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_APPCONNECT_TIME 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_APPCONNECT_TIME \- get the time until the SSL/SSH handshake is completed diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_CERTINFO.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_CERTINFO.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_CERTINFO.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_CERTINFO.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_CERTINFO 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_CERTINFO 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_CERTINFO \- get the TLS certificate chain diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_CONDITION_UNMET 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_CONDITION_UNMET 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_CONDITION_UNMET \- get info on unmet time conditional diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_CONNECT_TIME.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_CONNECT_TIME.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_CONNECT_TIME.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_CONNECT_TIME.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_CONNECT_TIME 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_CONNECT_TIME 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_CONNECT_TIME \- get the time until connect diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_CONTENT_LENGTH_DOWNLOAD 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_CONTENT_LENGTH_DOWNLOAD 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_CONTENT_LENGTH_DOWNLOAD \- get content-length of download diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_CONTENT_LENGTH_DOWNLOAD_T 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_CONTENT_LENGTH_DOWNLOAD_T 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_CONTENT_LENGTH_DOWNLOAD_T \- get content-length of download diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_CONTENT_LENGTH_UPLOAD 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_CONTENT_LENGTH_UPLOAD 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_CONTENT_LENGTH_UPLOAD \- get the specified size of the upload diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_CONTENT_LENGTH_UPLOAD_T 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_CONTENT_LENGTH_UPLOAD_T 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_CONTENT_LENGTH_UPLOAD_T \- get the specified size of the upload diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_CONTENT_TYPE 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_CONTENT_TYPE 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_CONTENT_TYPE \- get Content-Type diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_COOKIELIST.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_COOKIELIST.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_COOKIELIST.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_COOKIELIST.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_COOKIELIST 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_COOKIELIST 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_COOKIELIST \- get all known cookies diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_EFFECTIVE_URL 3 "May 04, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_EFFECTIVE_URL 3 "May 04, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_EFFECTIVE_URL \- get the last used URL diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_FILETIME.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_FILETIME.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_FILETIME.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_FILETIME.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_FILETIME 3 "April 03, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_FILETIME 3 "April 03, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_FILETIME \- get the remote time of the retrieved document diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_FTP_ENTRY_PATH 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_FTP_ENTRY_PATH 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_FTP_ENTRY_PATH \- get entry path in FTP server diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_HEADER_SIZE.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_HEADER_SIZE.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_HEADER_SIZE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_HEADER_SIZE.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_HEADER_SIZE 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_HEADER_SIZE 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_HEADER_SIZE \- get size of retrieved headers diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_HTTPAUTH_AVAIL 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_HTTPAUTH_AVAIL 3 "October 07, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_HTTPAUTH_AVAIL \- get available HTTP authentication methods @@ -63,7 +63,8 @@ } .fi .SH AVAILABILITY -Added in 7.10.8 +Added RFC2617 in 7.10.8 +Added RFC7616 in 7.57.0 .SH RETURN VALUE Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. .SH "SEE ALSO" diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_HTTP_CONNECTCODE 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_HTTP_CONNECTCODE 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_HTTP_CONNECTCODE \- get the CONNECT response code diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_HTTP_VERSION.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_HTTP_VERSION.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_HTTP_VERSION.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_HTTP_VERSION.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_HTTP_VERSION 3 "May 11, 2016" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_HTTP_VERSION 3 "May 11, 2016" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_HTTP_VERSION \- get the http version used in the connection diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_LASTSOCKET.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_LASTSOCKET.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_LASTSOCKET.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_LASTSOCKET.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_LASTSOCKET 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_LASTSOCKET 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_LASTSOCKET \- get the last socket used diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_LOCAL_IP.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_LOCAL_IP.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_LOCAL_IP.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_LOCAL_IP.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_LOCAL_IP 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_LOCAL_IP 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_LOCAL_IP \- get local IP address of last connection diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_LOCAL_PORT.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_LOCAL_PORT.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_LOCAL_PORT.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_LOCAL_PORT.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_LOCAL_PORT 3 "March 16, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_LOCAL_PORT 3 "March 16, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_LOCAL_PORT \- get the latest local port number diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_NAMELOOKUP_TIME 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_NAMELOOKUP_TIME 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_NAMELOOKUP_TIME \- get the name lookup time diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_NUM_CONNECTS 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_NUM_CONNECTS 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_NUM_CONNECTS \- get number of created connections diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_OS_ERRNO.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_OS_ERRNO.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_OS_ERRNO.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_OS_ERRNO.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_OS_ERRNO 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_OS_ERRNO 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_OS_ERRNO \- get errno number from last connect failure diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_PRETRANSFER_TIME 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_PRETRANSFER_TIME 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_PRETRANSFER_TIME \- get the time until the file transfer start diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_PRIMARY_IP.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_PRIMARY_IP.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_PRIMARY_IP.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_PRIMARY_IP.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_PRIMARY_IP 3 "March 22, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_PRIMARY_IP 3 "March 22, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_PRIMARY_IP \- get IP address of last connection diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_PRIMARY_PORT 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_PRIMARY_PORT 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_PRIMARY_PORT \- get the latest destination port number diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_PRIVATE.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_PRIVATE.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_PRIVATE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_PRIVATE.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_PRIVATE 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_PRIVATE 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_PRIVATE \- get the private pointer diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_PROTOCOL.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_PROTOCOL.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_PROTOCOL.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_PROTOCOL.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_PROTOCOL 3 "November 23, 2016" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_PROTOCOL 3 "November 23, 2016" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_PROTOCOL \- get the protocol used in the connection diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_PROXYAUTH_AVAIL 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_PROXYAUTH_AVAIL 3 "October 07, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_PROXYAUTH_AVAIL \- get available HTTP proxy authentication methods @@ -64,7 +64,8 @@ } .fi .SH AVAILABILITY -Added in 7.10.8 +Added RFC2617 in 7.10.8 +Added RFC7616 in 7.57.0 .SH RETURN VALUE Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. .SH "SEE ALSO" diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_PROXY_SSL_VERIFYRESULT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_PROXY_SSL_VERIFYRESULT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_PROXY_SSL_VERIFYRESULT \- get the result of the proxy certificate verification diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_REDIRECT_COUNT 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_REDIRECT_COUNT 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_REDIRECT_COUNT \- get the number of redirects diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_REDIRECT_TIME 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_REDIRECT_TIME 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_REDIRECT_TIME \- get the time for all redirection steps diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_REDIRECT_URL.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_REDIRECT_URL.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_REDIRECT_URL.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_REDIRECT_URL.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_REDIRECT_URL 3 "June 24, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_REDIRECT_URL 3 "June 24, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_REDIRECT_URL \- get the URL a redirect would go to diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_REQUEST_SIZE 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_REQUEST_SIZE 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_REQUEST_SIZE \- get size of sent request diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_RESPONSE_CODE 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_RESPONSE_CODE 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_RESPONSE_CODE \- get the last response code diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_RTSP_CLIENT_CSEQ 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_RTSP_CLIENT_CSEQ 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_RTSP_CLIENT_CSEQ \- get the next RTSP client CSeq diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_RTSP_CSEQ_RECV 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_RTSP_CSEQ_RECV 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_RTSP_CSEQ_RECV \- get the recently received CSeq diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_RTSP_SERVER_CSEQ 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_RTSP_SERVER_CSEQ 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_RTSP_SERVER_CSEQ \- get the next RTSP server CSeq diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_RTSP_SESSION_ID 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_RTSP_SESSION_ID 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_RTSP_SESSION_ID \- get RTSP session ID diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SCHEME.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SCHEME.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SCHEME.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SCHEME.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SCHEME 3 "April 08, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SCHEME 3 "April 08, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SCHEME \- get the URL scheme (sometimes called protocol) used in the connection diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SIZE_DOWNLOAD 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SIZE_DOWNLOAD 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SIZE_DOWNLOAD \- get the number of downloaded bytes diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SIZE_DOWNLOAD_T 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SIZE_DOWNLOAD_T 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SIZE_DOWNLOAD_T \- get the number of downloaded bytes diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SIZE_UPLOAD 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SIZE_UPLOAD 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SIZE_UPLOAD \- get the number of uploaded bytes diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SIZE_UPLOAD_T 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SIZE_UPLOAD_T 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SIZE_UPLOAD_T \- get the number of uploaded bytes diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SPEED_DOWNLOAD 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SPEED_DOWNLOAD 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SPEED_DOWNLOAD \- get download speed diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SPEED_DOWNLOAD_T 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SPEED_DOWNLOAD_T 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SPEED_DOWNLOAD_T \- get download speed diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SPEED_UPLOAD 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SPEED_UPLOAD 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SPEED_UPLOAD \- get upload speed diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SPEED_UPLOAD_T 3 "June 15, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SPEED_UPLOAD_T 3 "June 15, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SPEED_UPLOAD_T \- get upload speed diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SSL_ENGINES.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SSL_ENGINES.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SSL_ENGINES.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SSL_ENGINES.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SSL_ENGINES 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SSL_ENGINES 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SSL_ENGINES \- get an slist of OpenSSL crypto-engines diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_SSL_VERIFYRESULT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_SSL_VERIFYRESULT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_SSL_VERIFYRESULT \- get the result of the certificate verification diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_STARTTRANSFER_TIME 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_STARTTRANSFER_TIME 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_STARTTRANSFER_TIME \- get the time until the first byte is received diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_TLS_SESSION.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_TLS_SESSION.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_TLS_SESSION.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_TLS_SESSION.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_TLS_SESSION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_TLS_SESSION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_TLS_SESSION \- get TLS session info diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_TLS_SSL_PTR 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_TLS_SSL_PTR 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_TLS_SESSION, CURLINFO_TLS_SSL_PTR \- get TLS session info diff -Nru curl-7.55.1/docs/libcurl/opts/CURLINFO_TOTAL_TIME.3 curl-7.57.0/docs/libcurl/opts/CURLINFO_TOTAL_TIME.3 --- curl-7.55.1/docs/libcurl/opts/CURLINFO_TOTAL_TIME.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLINFO_TOTAL_TIME.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLINFO_TOTAL_TIME 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_getinfo options" +.TH CURLINFO_TOTAL_TIME 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_getinfo options" .SH NAME CURLINFO_TOTAL_TIME \- get total time of previous transfer diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE 3 "May 27, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE 3 "May 27, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE \- chunk length threshold for pipelining diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE 3 "May 27, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE 3 "May 27, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE \- size threshold for pipelining penalty diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_MAXCONNECTS 3 "May 27, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_MAXCONNECTS 3 "May 27, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_MAXCONNECTS \- set size of connection cache diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_MAX_HOST_CONNECTIONS 3 "May 27, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_MAX_HOST_CONNECTIONS 3 "May 27, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_MAX_HOST_CONNECTIONS \- set max number of connections to a single host diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_MAX_PIPELINE_LENGTH 3 "May 27, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_MAX_PIPELINE_LENGTH 3 "May 27, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_MAX_PIPELINE_LENGTH \- maximum number of requests in a pipeline diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_MAX_TOTAL_CONNECTIONS 3 "May 27, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_MAX_TOTAL_CONNECTIONS 3 "May 27, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_MAX_TOTAL_CONNECTIONS \- max simultaneously open connections diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_PIPELINING.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_PIPELINING.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_PIPELINING.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_PIPELINING.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_PIPELINING 3 "May 27, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_PIPELINING 3 "May 27, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_PIPELINING \- enable HTTP pipelining and multiplexing diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_PIPELINING_SERVER_BL 3 "February 03, 2016" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_PIPELINING_SERVER_BL 3 "February 03, 2016" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_PIPELINING_SERVER_BL \- pipelining server blacklist diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_PIPELINING_SITE_BL 3 "February 03, 2016" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_PIPELINING_SITE_BL 3 "February 03, 2016" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_PIPELINING_SITE_BL \- pipelining host blacklist diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_PUSHDATA.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_PUSHDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_PUSHDATA.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_PUSHDATA.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_PUSHDATA 3 "May 27, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_PUSHDATA 3 "May 27, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_PUSHDATA \- pointer to pass to push callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_PUSHFUNCTION 3 "February 03, 2016" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_PUSHFUNCTION 3 "February 03, 2016" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_PUSHFUNCTION \- callback that approves or denies server pushes diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_SOCKETDATA 3 "May 31, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_SOCKETDATA 3 "May 31, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_SOCKETDATA \- custom pointer passed to the socket callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_SOCKETFUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_SOCKETFUNCTION 3 "May 31, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_SOCKETFUNCTION \- callback informed about what to wait for diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_TIMERDATA.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_TIMERDATA.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_TIMERDATA 3 "May 27, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_TIMERDATA 3 "May 27, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_TIMERDATA \- custom pointer to pass to timer callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLMOPT_TIMERFUNCTION 3 "May 27, 2017" "libcurl 7.55.1" "curl_multi_setopt options" +.TH CURLMOPT_TIMERFUNCTION 3 "May 27, 2017" "libcurl 7.57.0" "curl_multi_setopt options" .SH NAME CURLMOPT_TIMERFUNCTION \- set callback to receive timeout values diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_ABSTRACT_UNIX_SOCKET 3 "January 09, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_ABSTRACT_UNIX_SOCKET 3 "January 09, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_ABSTRACT_UNIX_SOCKET \- set an abstract Unix domain socket diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_ACCEPT_ENCODING 3 "December 21, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_ACCEPT_ENCODING 3 "December 21, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_ACCEPT_ENCODING \- enables automatic decompression of HTTP downloads diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_ACCEPTTIMEOUT_MS 3 "March 06, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_ACCEPTTIMEOUT_MS 3 "March 06, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_ACCEPTTIMEOUT_MS \- timeout waiting for FTP server to connect back diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_ADDRESS_SCOPE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_ADDRESS_SCOPE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_ADDRESS_SCOPE \- set scope for local IPv6 addresses diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_APPEND.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_APPEND.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_APPEND.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_APPEND.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_APPEND 3 "March 06, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_APPEND 3 "March 06, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_APPEND \- enable appending to the remote file diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_AUTOREFERER.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_AUTOREFERER.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_AUTOREFERER.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_AUTOREFERER.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_AUTOREFERER 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_AUTOREFERER 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_AUTOREFERER \- automatically update the referer header diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_BUFFERSIZE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_BUFFERSIZE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_BUFFERSIZE.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_BUFFERSIZE.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_BUFFERSIZE 3 "May 13, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_BUFFERSIZE 3 "May 13, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_BUFFERSIZE \- set preferred receive buffer size diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CAINFO.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CAINFO.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CAINFO.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CAINFO.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CAINFO 3 "May 27, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CAINFO 3 "May 27, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CAINFO \- path to Certificate Authority (CA) bundle diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CAPATH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CAPATH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CAPATH.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CAPATH.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CAPATH 3 "May 27, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CAPATH 3 "September 10, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CAPATH \- specify directory holding CA certificates @@ -55,8 +55,9 @@ } .fi .SH AVAILABILITY -This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS -backend provides the option only for backward compatibility. +This option is supported by the OpenSSL, GnuTLS, PolarSSL and mbedTLS +(since 7.56.0) backends. The NSS backend provides the option only for +backward compatibility. .SH RETURN VALUE CURLE_OK if supported; or an error such as: diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CERTINFO.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CERTINFO.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CERTINFO.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CERTINFO.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CERTINFO 3 "May 27, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CERTINFO 3 "May 27, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CERTINFO \- request SSL certificate information diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CHUNK_BGN_FUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CHUNK_BGN_FUNCTION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CHUNK_BGN_FUNCTION \- callback before a transfer with FTP wildcardmatch diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CHUNK_DATA 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CHUNK_DATA 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CHUNK_DATA \- custom pointer to the FTP chunk callbacks diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CHUNK_END_FUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CHUNK_END_FUNCTION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CHUNK_END_FUNCTION \- callback after a transfer with FTP wildcardmatch diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CLOSESOCKETDATA 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CLOSESOCKETDATA 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CLOSESOCKETDATA \- pointer passed to the socket close callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CLOSESOCKETFUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CLOSESOCKETFUNCTION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CLOSESOCKETFUNCTION \- callback to socket close replacement function diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CONNECT_ONLY 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CONNECT_ONLY 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CONNECT_ONLY \- stop when connected to target server diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3 2017-11-29 09:29:19.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CONNECTTIMEOUT 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CONNECTTIMEOUT 3 "October 03, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CONNECTTIMEOUT \- timeout for the connect phase @@ -37,6 +37,9 @@ In unix-like systems, this might cause signals to be used unless \fICURLOPT_NOSIGNAL(3)\fP is set. + +If both \fICURLOPT_CONNECTTIMEOUT(3)\fP and \fICURLOPT_CONNECTTIMEOUT_MS(3)\fP +are set, the value set last will be used. .SH DEFAULT 300 .SH PROTOCOLS @@ -56,6 +59,8 @@ .SH AVAILABILITY Always .SH RETURN VALUE -Returns CURLE_OK +Returns CURLE_OK. Returns CURLE_BAD_FUNCTION_ARGUMENT if set to a negative +value or a value that when converted to milliseconds is too large. .SH "SEE ALSO" +.BR CURLOPT_CONNECTTIMEOUT_MS "(3), " .BR CURLOPT_TIMEOUT "(3), " CURLOPT_LOW_SPEED_LIMIT "(3), " diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CONNECTTIMEOUT_MS 3 "February 14, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CONNECTTIMEOUT_MS 3 "September 24, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CONNECTTIMEOUT_MS \- timeout for the connect phase @@ -37,6 +37,9 @@ In unix-like systems, this might cause signals to be used unless \fICURLOPT_NOSIGNAL(3)\fP is set. + +If both \fICURLOPT_CONNECTTIMEOUT(3)\fP and \fICURLOPT_CONNECTTIMEOUT_MS(3)\fP +are set, the value set last will be used. .SH DEFAULT 300000 .SH PROTOCOLS @@ -58,4 +61,5 @@ .SH RETURN VALUE Returns CURLE_OK .SH "SEE ALSO" +.BR CURLOPT_CONNECTTIMEOUT "(3), " .BR CURLOPT_TIMEOUT "(3), " CURLOPT_LOW_SPEED_LIMIT "(3), " diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CONNECT_TO.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CONNECT_TO.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CONNECT_TO.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CONNECT_TO.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CONNECT_TO 3 "May 20, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CONNECT_TO 3 "May 20, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CONNECT_TO \- Connect to a specific host and port instead of the URL's host and port diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CONV_FROM_NETWORK_FUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CONV_FROM_NETWORK_FUNCTION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CONV_FROM_NETWORK_FUNCTION \- convert data from network to host encoding diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CONV_FROM_UTF8_FUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CONV_FROM_UTF8_FUNCTION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CONV_FROM_UTF8_FUNCTION \- convert data from UTF8 to host encoding diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CONV_TO_NETWORK_FUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CONV_TO_NETWORK_FUNCTION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CONV_TO_NETWORK_FUNCTION \- convert data to network from host encoding diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_COOKIE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_COOKIE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_COOKIE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_COOKIE.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_COOKIE 3 "December 21, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_COOKIE 3 "December 21, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_COOKIE \- set contents of HTTP Cookie header diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_COOKIEFILE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_COOKIEFILE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_COOKIEFILE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_COOKIEFILE.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_COOKIEFILE 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_COOKIEFILE 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_COOKIEFILE \- file name to read cookies from diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_COOKIEJAR.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_COOKIEJAR.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_COOKIEJAR.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_COOKIEJAR.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_COOKIEJAR 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_COOKIEJAR 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_COOKIEJAR \- file name to store cookies to diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_COOKIELIST.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_COOKIELIST.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_COOKIELIST.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_COOKIELIST.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_COOKIELIST 3 "April 26, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_COOKIELIST 3 "April 26, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_COOKIELIST \- add to or manipulate cookies held in memory diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_COOKIESESSION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_COOKIESESSION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_COOKIESESSION.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_COOKIESESSION.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_COOKIESESSION 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_COOKIESESSION 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_COOKIESESSION \- start a new cookie session diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_COPYPOSTFIELDS 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_COPYPOSTFIELDS 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_COPYPOSTFIELDS \- have libcurl copy data to POST diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CRLF.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CRLF.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CRLF.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CRLF.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CRLF 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CRLF 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CRLF \- enable/disable CRLF conversion diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CRLFILE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CRLFILE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CRLFILE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CRLFILE.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CRLFILE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CRLFILE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CRLFILE \- specify a Certificate Revocation List file diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CUSTOMREQUEST 3 "June 21, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_CUSTOMREQUEST 3 "June 21, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_CUSTOMREQUEST \- custom string for request diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_DEBUGDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_DEBUGDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_DEBUGDATA.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_DEBUGDATA.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_DEBUGDATA 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_DEBUGDATA 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_DEBUGDATA \- custom pointer for debug callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_DEBUGFUNCTION 3 "October 06, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_DEBUGFUNCTION 3 "October 06, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_DEBUGFUNCTION \- debug callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_DEFAULT_PROTOCOL 3 "December 21, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_DEFAULT_PROTOCOL 3 "December 21, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_DEFAULT_PROTOCOL \- default protocol to use if the URL is missing a diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_DIRLISTONLY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_DIRLISTONLY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_DIRLISTONLY.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_DIRLISTONLY.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_DIRLISTONLY 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_DIRLISTONLY 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_DIRLISTONLY \- ask for names only in a directory listing diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_DNS_CACHE_TIMEOUT 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_DNS_CACHE_TIMEOUT 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_DNS_CACHE_TIMEOUT \- set life-time for DNS cache entries diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_DNS_INTERFACE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_DNS_INTERFACE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_DNS_INTERFACE \- set interface to speak DNS over diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_DNS_LOCAL_IP4 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_DNS_LOCAL_IP4 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_DNS_LOCAL_IP4 \- IPv4 address to bind DNS resolves to diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_DNS_LOCAL_IP6 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_DNS_LOCAL_IP6 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_DNS_LOCAL_IP6 \- IPv6 address to bind DNS resolves to diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_SERVERS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_SERVERS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_SERVERS.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_SERVERS.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_DNS_SERVERS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_DNS_SERVERS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_DNS_SERVERS \- set preferred DNS servers diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_DNS_USE_GLOBAL_CACHE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_DNS_USE_GLOBAL_CACHE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_DNS_USE_GLOBAL_CACHE \- enable/disable global DNS cache diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_EGDSOCKET 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_EGDSOCKET 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_EGDSOCKET \- set EGD socket path diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_ERRORBUFFER.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_ERRORBUFFER.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_ERRORBUFFER.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_ERRORBUFFER.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_ERRORBUFFER 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_ERRORBUFFER 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_ERRORBUFFER \- set error buffer for error messages diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_EXPECT_100_TIMEOUT_MS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_EXPECT_100_TIMEOUT_MS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_EXPECT_100_TIMEOUT_MS \- timeout for Expect: 100-continue response diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FAILONERROR.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FAILONERROR.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FAILONERROR.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FAILONERROR.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FAILONERROR 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FAILONERROR 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FAILONERROR \- request failure on HTTP response >= 400 diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FILETIME.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FILETIME.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FILETIME.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FILETIME.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FILETIME 3 "April 03, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FILETIME 3 "April 03, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FILETIME \- get the modification time of the remote resource diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FNMATCH_DATA 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FNMATCH_DATA 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FNMATCH_DATA \- custom pointer to fnmatch callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FNMATCH_FUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FNMATCH_FUNCTION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FNMATCH_FUNCTION \- wildcard matching function callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FOLLOWLOCATION 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FOLLOWLOCATION 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FOLLOWLOCATION \- follow HTTP 3xx redirects diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FORBID_REUSE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FORBID_REUSE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FORBID_REUSE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FORBID_REUSE.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FORBID_REUSE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FORBID_REUSE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FORBID_REUSE \- make connection get closed at once after use diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FRESH_CONNECT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FRESH_CONNECT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FRESH_CONNECT \- force a new connection to be used diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTP_ACCOUNT 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTP_ACCOUNT 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTP_ACCOUNT \- set account info for FTP diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTP_ALTERNATIVE_TO_USER 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTP_ALTERNATIVE_TO_USER 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTP_ALTERNATIVE_TO_USER \- command to use instead of USER with FTP diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTP_CREATE_MISSING_DIRS 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTP_CREATE_MISSING_DIRS 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTP_CREATE_MISSING_DIRS \- create missing dirs for FTP and SFTP diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTP_FILEMETHOD 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTP_FILEMETHOD 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTP_FILEMETHOD \- select directory traversing method for FTP diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTPPORT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTPPORT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTPPORT.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTPPORT.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTPPORT 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTPPORT 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTPPORT \- make FTP transfer active diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_RESPONSE_TIMEOUT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_RESPONSE_TIMEOUT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_RESPONSE_TIMEOUT.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_RESPONSE_TIMEOUT.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTP_RESPONSE_TIMEOUT 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTP_RESPONSE_TIMEOUT 3 "October 03, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTP_RESPONSE_TIMEOUT \- time allowed to wait for FTP response @@ -55,7 +55,9 @@ .SH AVAILABILITY Added in 7.10.8 .SH RETURN VALUE -Returns CURLE_OK if FTP is supported, and CURLE_UNKNOWN_OPTION if not. +Returns CURLE_OK if FTP is supported, and CURLE_UNKNOWN_OPTION if not. Returns +CURLE_BAD_FUNCTION_ARGUMENT if set to a negative value or a value that when +converted to milliseconds is too large. .SH "SEE ALSO" .BR CURLOPT_TIMEOUT "(3), " CURLOPT_CONNECTTIMEOUT "(3), " .BR CURLOPT_LOW_SPEED_LIMIT "(3), " diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTP_SKIP_PASV_IP 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTP_SKIP_PASV_IP 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTP_SKIP_PASV_IP \- ignore the IP address in the PASV response diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTPSSLAUTH 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTPSSLAUTH 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTPSSLAUTH \- set order in which to attempt TLS vs SSL when using FTP diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTP_SSL_CCC 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTP_SSL_CCC 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTP_SSL_CCC \- switch off SSL again with FTP after auth diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTP_USE_EPRT 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTP_USE_EPRT 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTP_USE_EPRT \- enable/disable use of EPRT with FTP diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTP_USE_EPSV 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTP_USE_EPSV 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTP_USE_EPSV \- enable/disable use of EPSV diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_FTP_USE_PRET 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_FTP_USE_PRET 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_FTP_USE_PRET \- enable the PRET command diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_GSSAPI_DELEGATION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_GSSAPI_DELEGATION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_GSSAPI_DELEGATION \- set allowed GSS-API delegation diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HEADER.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HEADER.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HEADER.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HEADER.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HEADER 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HEADER 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HEADER \- pass headers to the data stream diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HEADERDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HEADERDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HEADERDATA.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HEADERDATA.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HEADERDATA 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HEADERDATA 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HEADERDATA \- pointer to pass to header callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HEADERFUNCTION 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HEADERFUNCTION 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HEADERFUNCTION \- callback that receives header data diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HEADEROPT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HEADEROPT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HEADEROPT.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HEADEROPT.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HEADEROPT 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HEADEROPT 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HEADEROPT \- set how to send HTTP headers diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HTTP200ALIASES 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HTTP200ALIASES 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HTTP200ALIASES \- specify alternative matches for HTTP 200 OK diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTPAUTH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTPAUTH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTPAUTH.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTPAUTH.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HTTPAUTH 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HTTPAUTH 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HTTPAUTH \- set HTTP server authentication methods to try diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HTTP_CONTENT_DECODING 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HTTP_CONTENT_DECODING 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HTTP_CONTENT_DECODING \- enable/disable HTTP content decoding diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTPGET.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTPGET.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTPGET.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTPGET.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HTTPGET 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HTTPGET 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HTTPGET \- ask for a HTTP GET request diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HTTPHEADER 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HTTPHEADER 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HTTPHEADER \- set custom HTTP headers diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTPPOST.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTPPOST.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTPPOST.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTPPOST.3 2017-11-29 09:29:16.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HTTPPOST 3 "May 17, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HTTPPOST 3 "September 02, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HTTPPOST \- specify the multipart formpost content @@ -43,6 +43,9 @@ When setting \fICURLOPT_HTTPPOST(3)\fP, it will automatically set \fICURLOPT_NOBODY(3)\fP to 0. + +This option is deprecated! Do not use it. Use \fICURLOPT_MIMEPOST(3)\fP +instead after having prepared mime data. .SH DEFAULT NULL .SH PROTOCOLS @@ -72,9 +75,9 @@ CURLFORM_END); .fi .SH AVAILABILITY -As long as HTTP is enabled +As long as HTTP is enabled. Deprecated in 7.56.0. .SH RETURN VALUE Returns CURLE_OK if HTTP is enabled, and CURLE_UNKNOWN_OPTION if not. .SH "SEE ALSO" -.BR CURLOPT_POSTFIELDS "(3), " CURLOPT_POST "(3), " -.BR curl_formadd "(3), " curl_formfree "(3), " +.BR CURLOPT_POSTFIELDS "(3), " CURLOPT_POST "(3), " CURLOPT_MIMEPOST "(3)," +.BR curl_formadd "(3), " curl_formfree "(3), " curl_mime_init "(3)" diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HTTPPROXYTUNNEL 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HTTPPROXYTUNNEL 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HTTPPROXYTUNNEL \- tunnel through HTTP proxy diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HTTP_TRANSFER_DECODING 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HTTP_TRANSFER_DECODING 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HTTP_TRANSFER_DECODING \- enable/disable HTTP transfer decoding diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_HTTP_VERSION 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_HTTP_VERSION 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_HTTP_VERSION \- specify HTTP protocol version to use diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_IGNORE_CONTENT_LENGTH 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_IGNORE_CONTENT_LENGTH 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_IGNORE_CONTENT_LENGTH \- ignore content length diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_INFILESIZE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_INFILESIZE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_INFILESIZE.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_INFILESIZE.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_INFILESIZE 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_INFILESIZE 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_INFILESIZE \- set size of the input file to send off diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_INFILESIZE_LARGE 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_INFILESIZE_LARGE 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_INFILESIZE_LARGE \- set size of the input file to send off diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_INTERFACE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_INTERFACE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_INTERFACE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_INTERFACE.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_INTERFACE 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_INTERFACE 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_INTERFACE \- source interface for outgoing traffic diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,18 +20,19 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_INTERLEAVEDATA 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_INTERLEAVEDATA 3 "September 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME -CURLOPT_INTERLEAVEDATA \- custom pointer to RTSP interleave callback +CURLOPT_INTERLEAVEDATA \- custom pointer passed to RTSP interleave callback .SH SYNOPSIS #include CURLcode curl_easy_setopt(CURL *handle, CURLOPT_INTERLEAVEDATA, void *pointer); .SH DESCRIPTION This is the userdata \fIpointer\fP that will be passed to -\fICURLOPT_INTERLEAVEFUNCTION(3)\fP when interleaved RTP data is -received. +\fICURLOPT_INTERLEAVEFUNCTION(3)\fP when interleaved RTP data is received. If +the interleave function callback is not set, this pointer is not used +anywhere. .SH DEFAULT NULL .SH PROTOCOLS diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_INTERLEAVEFUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_INTERLEAVEFUNCTION 3 "September 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_INTERLEAVEFUNCTION \- callback function for RTSP interleaved data @@ -55,8 +55,12 @@ service RTP data when no requests are desired. If the application makes a request, (e.g. \fICURL_RTSPREQ_PAUSE\fP) then the response handler will process any pending RTP data before marking the request as finished. + +The \fICURLOPT_WRITEDATA(3)\fP is passed in the \fIuserdata\fP argument in the +callback. .SH DEFAULT -NULL +NULL, the interleave data is then passed to the regular write function: +\fICURLOPT_WRITEFUNCTION(3)\fP. .SH PROTOCOLS RTSP .SH EXAMPLE @@ -78,4 +82,4 @@ .SH RETURN VALUE Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. .SH "SEE ALSO" -.BR CURLOPT_INTERLEAVEFUNCTION "(3), " CURLOPT_RTSP_REQUEST "(3), " +.BR CURLOPT_INTERLEAVEDATA "(3), " CURLOPT_RTSP_REQUEST "(3), " diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_IOCTLDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_IOCTLDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_IOCTLDATA.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_IOCTLDATA.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_IOCTLDATA 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_IOCTLDATA 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_IOCTLDATA \- custom pointer passed to I/O callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_IOCTLFUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_IOCTLFUNCTION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_IOCTLFUNCTION \- callback for I/O operations diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_IPRESOLVE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_IPRESOLVE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_IPRESOLVE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_IPRESOLVE.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_IPRESOLVE 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_IPRESOLVE 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_IPRESOLVE \- specify which IP protocol version to use diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_ISSUERCERT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_ISSUERCERT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_ISSUERCERT.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_ISSUERCERT.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_ISSUERCERT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_ISSUERCERT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_ISSUERCERT \- issuer SSL certificate filename diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_KEEP_SENDING_ON_ERROR 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_KEEP_SENDING_ON_ERROR 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_KEEP_SENDING_ON_ERROR \- keep sending on early HTTP response >= 300 diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_KEYPASSWD.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_KEYPASSWD.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_KEYPASSWD.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_KEYPASSWD.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_KEYPASSWD 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_KEYPASSWD 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_KEYPASSWD \- set passphrase to private key diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_KRBLEVEL.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_KRBLEVEL.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_KRBLEVEL.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_KRBLEVEL.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_KRBLEVEL 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_KRBLEVEL 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_KRBLEVEL \- set FTP kerberos security level diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_LOCALPORT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_LOCALPORT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_LOCALPORT.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_LOCALPORT.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_LOCALPORT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_LOCALPORT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_LOCALPORT \- set local port number to use for socket diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_LOCALPORTRANGE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_LOCALPORTRANGE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_LOCALPORTRANGE \- number of additional local ports to try diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_LOGIN_OPTIONS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_LOGIN_OPTIONS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_LOGIN_OPTIONS \- set login options diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_LOW_SPEED_LIMIT 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_LOW_SPEED_LIMIT 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_LOW_SPEED_LIMIT \- set low speed limit in bytes per second diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_LOW_SPEED_TIME 3 "May 06, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_LOW_SPEED_TIME 3 "May 06, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_LOW_SPEED_TIME \- set low speed limit time period diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_MAIL_AUTH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_MAIL_AUTH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_MAIL_AUTH.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_MAIL_AUTH.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_MAIL_AUTH 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_MAIL_AUTH 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_MAIL_AUTH \- SMTP authentication address diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_MAIL_FROM.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_MAIL_FROM.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_MAIL_FROM.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_MAIL_FROM.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_MAIL_FROM 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_MAIL_FROM 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_MAIL_FROM \- SMTP sender address diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_MAIL_RCPT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_MAIL_RCPT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_MAIL_RCPT \- list of SMTP mail recipients diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_MAXCONNECTS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_MAXCONNECTS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_MAXCONNECTS.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_MAXCONNECTS.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_MAXCONNECTS 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_MAXCONNECTS 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_MAXCONNECTS \- maximum connection cache size diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_MAXFILESIZE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_MAXFILESIZE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_MAXFILESIZE.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_MAXFILESIZE.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_MAXFILESIZE 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_MAXFILESIZE 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_MAXFILESIZE \- maximum file size allowed to download diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_MAXFILESIZE_LARGE 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_MAXFILESIZE_LARGE 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_MAXFILESIZE_LARGE \- maximum file size allowed to download diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_MAX_RECV_SPEED_LARGE 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_MAX_RECV_SPEED_LARGE 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_MAX_RECV_SPEED_LARGE \- rate limit data download speed diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_MAXREDIRS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_MAXREDIRS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_MAXREDIRS.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_MAXREDIRS.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_MAXREDIRS 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_MAXREDIRS 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_MAXREDIRS \- maximum number of redirects allowed diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_MAX_SEND_SPEED_LARGE 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_MAX_SEND_SPEED_LARGE 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_MAX_SEND_SPEED_LARGE \- rate limit data upload speed diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_MIMEPOST.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_MIMEPOST.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_MIMEPOST.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_MIMEPOST.3 2017-11-29 09:29:20.000000000 +0000 @@ -0,0 +1,53 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLOPT_MIMEPOST 3 "September 04, 2017" "libcurl 7.57.0" "curl_easy_setopt options" + +.SH NAME +CURLOPT_MIMEPOST \- set post/send data from mime structure +.SH SYNOPSIS +.nf +#include + +curl_mime *mime; + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MIMEPOST, mime); +.SH DESCRIPTION +Pass a mime handle previously obtained from \fIcurl_mime_init(3)\fP. + +This setting is supported by the HTTP protocol to post forms and by the +SMTP and IMAP protocols to provide the e-mail data to send/upload. + +This option is the preferred way of posting an HTTP form, replacing and +extending the deprecated \fICURLOPT_HTTPPOST(3)\fP option. +.SH PROTOCOLS +HTTP, SMTP, IMAP. +.SH AVAILABILITY +Since 7.56.0. +.SH RETURN VALUE +This will return CURLE_OK. +.SH EXAMPLE +Using this option implies the use of several mime structure building +functions: see https://curl.haxx.se/libcurl/c/smtp-mime.html for a complete +example. +.SH "SEE ALSO" +.BR curl_mime_init "(3)" diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_NETRC.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_NETRC.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_NETRC.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_NETRC.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_NETRC 3 "August 02, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_NETRC 3 "August 02, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_NETRC \- request that .netrc is used diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_NETRC_FILE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_NETRC_FILE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_NETRC_FILE.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_NETRC_FILE.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_NETRC_FILE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_NETRC_FILE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_NETRC_FILE \- file name to read .netrc info from diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_NEW_DIRECTORY_PERMS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_NEW_DIRECTORY_PERMS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_NEW_DIRECTORY_PERMS \- permissions for remotely created directories diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_NEW_FILE_PERMS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_NEW_FILE_PERMS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_NEW_FILE_PERMS \- permissions for remotely created files diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_NOBODY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_NOBODY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_NOBODY.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_NOBODY.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_NOBODY 3 "June 21, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_NOBODY 3 "June 21, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_NOBODY \- do the download request without getting the body diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_NOPROGRESS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_NOPROGRESS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_NOPROGRESS.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_NOPROGRESS.3 2017-11-29 09:29:20.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_NOPROGRESS 3 "March 06, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_NOPROGRESS 3 "October 09, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_NOPROGRESS \- switch off the progress meter @@ -31,10 +31,8 @@ .SH DESCRIPTION If \fIonoff\fP is to 1, it tells the library to shut off the progress meter completely for requests done with this \fIhandle\fP. It will also prevent the -\fICURLOPT_PROGRESSFUNCTION(3)\fP from getting called. - -Future versions of libcurl are likely to not have any built-in progress meter -at all. +\fICURLOPT_XFERINFOFUNCTION(3)\fP or \fICURLOPT_PROGRESSFUNCTION(3)\fP from +getting called. .SH DEFAULT 1, meaning it normally runs without a progress meter. .SH PROTOCOLS @@ -57,4 +55,6 @@ .SH RETURN VALUE Returns CURLE_OK. .SH "SEE ALSO" +.BR CURLOPT_XFERINFOFUNCTION "(3), " .BR CURLOPT_PROGRESSFUNCTION "(3), " +.BR CURLOPT_VERBOSE "(3), " diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_NOPROXY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_NOPROXY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_NOPROXY.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_NOPROXY.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_NOPROXY 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_NOPROXY 3 "September 24, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_NOPROXY \- disable proxy use for specific hosts @@ -42,8 +42,13 @@ against the provided host name. This way ".example.com" will switch off proxy use for both "www.example.com" as well as for "foo.example.com". +Setting the noproxy string to "" (an empty string) will explicitly enable the +proxy for all host names, even if there is an environment variable set for it. + The application does not have to keep the string around after setting this option. +.SH "Environment variables" +See \fICURLOPT_PROXY(3)\fP .SH DEFAULT NULL .SH PROTOCOLS diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_NOSIGNAL.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_NOSIGNAL.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_NOSIGNAL.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_NOSIGNAL.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_NOSIGNAL 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_NOSIGNAL 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_NOSIGNAL \- skip all signal handling diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_OPENSOCKETDATA 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_OPENSOCKETDATA 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_OPENSOCKETDATA \- custom pointer passed to open socket callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_OPENSOCKETFUNCTION 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_OPENSOCKETFUNCTION 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_OPENSOCKETFUNCTION \- set callback for opening sockets diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PASSWORD.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PASSWORD.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PASSWORD.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PASSWORD.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PASSWORD 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PASSWORD 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PASSWORD \- password to use in authentication diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PATH_AS_IS 3 "February 14, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PATH_AS_IS 3 "February 14, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PATH_AS_IS \- do not handle dot dot sequences diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PINNEDPUBLICKEY 3 "April 17, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PINNEDPUBLICKEY 3 "April 17, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PINNEDPUBLICKEY \- set pinned public key diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PIPEWAIT 3 "May 01, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PIPEWAIT 3 "May 01, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PIPEWAIT \- wait for pipelining/multiplexing diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PORT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PORT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PORT.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PORT.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PORT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PORT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PORT \- set remote port number to work with diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_POST.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_POST.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_POST.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_POST.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_POST 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_POST 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_POST \- request a HTTP POST diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_POSTFIELDS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_POSTFIELDS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_POSTFIELDS.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_POSTFIELDS.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_POSTFIELDS 3 "July 07, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_POSTFIELDS 3 "July 07, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_POSTFIELDS \- specify data to POST to server diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_POSTFIELDSIZE 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_POSTFIELDSIZE 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_POSTFIELDSIZE \- size of POST data pointed to diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_POSTFIELDSIZE_LARGE 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_POSTFIELDSIZE_LARGE 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_POSTFIELDSIZE_LARGE \- size of POST data pointed to diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_POSTQUOTE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_POSTQUOTE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_POSTQUOTE.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_POSTQUOTE.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_POSTQUOTE 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_POSTQUOTE 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_POSTQUOTE \- (S)FTP commands to run after the transfer diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_POSTREDIR.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_POSTREDIR.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_POSTREDIR.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_POSTREDIR.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_POSTREDIR 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_POSTREDIR 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_POSTREDIR \- how to act on a HTTP POST redirect diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PRE_PROXY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PRE_PROXY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PRE_PROXY.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PRE_PROXY.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PRE_PROXY 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PRE_PROXY 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PRE_PROXY \- set pre-proxy to use diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PREQUOTE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PREQUOTE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PREQUOTE.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PREQUOTE.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PREQUOTE 3 "June 18, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PREQUOTE 3 "June 18, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PREQUOTE \- commands to run before an FTP transfer diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PRIVATE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PRIVATE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PRIVATE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PRIVATE.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PRIVATE 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PRIVATE 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PRIVATE \- store a private pointer diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROGRESSDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROGRESSDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROGRESSDATA.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROGRESSDATA.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROGRESSDATA 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROGRESSDATA 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROGRESSDATA \- custom pointer passed to the progress callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROGRESSFUNCTION 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROGRESSFUNCTION 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROGRESSFUNCTION \- callback to progress meter function diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROTOCOLS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROTOCOLS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROTOCOLS.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROTOCOLS.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROTOCOLS 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROTOCOLS 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROTOCOLS \- set allowed protocols diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY 3 "September 24, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY \- set proxy to use @@ -85,7 +85,8 @@ are set). That is the exact equivalent of setting the \fICURLOPT_NOPROXY(3)\fP option. -The \fICURLOPT_PROXY(3)\fP option overrides environment variables. +The \fICURLOPT_PROXY(3)\fP and \fICURLOPT_NOPROXY(3)\fP options override +environment variables. .SH DEFAULT Default is NULL, meaning no proxy is used. diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYAUTH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYAUTH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYAUTH.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYAUTH.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXYAUTH 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXYAUTH 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXYAUTH \- set HTTP proxy authentication methods to try diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_CAINFO 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_CAINFO 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_CAINFO \- path to proxy Certificate Authority (CA) bundle diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_CAPATH 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_CAPATH 3 "September 10, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_CAPATH \- specify directory holding proxy CA certificates @@ -56,8 +56,9 @@ .SH AVAILABILITY Added in 7.52.0 -This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS -backend provides the option only for backward compatibility. +This option is supported by the OpenSSL, GnuTLS, PolarSSL and mbedTLS +(since 7.56.0) backends. The NSS backend provides the option only for +backward compatibility. .SH RETURN VALUE CURLE_OK if supported; or an error such as: diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_CRLFILE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_CRLFILE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_CRLFILE \- specify a proxy Certificate Revocation List file diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYHEADER.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYHEADER.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYHEADER.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYHEADER.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXYHEADER 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXYHEADER 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXYHEADER \- custom HTTP headers to pass to proxy diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_KEYPASSWD 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_KEYPASSWD 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_KEYPASSWD \- set passphrase to proxy private key diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXYPASSWORD 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXYPASSWORD 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXYPASSWORD \- password to use with proxy authentication diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_PINNEDPUBLICKEY 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_PINNEDPUBLICKEY 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_PINNEDPUBLICKEY \- set pinned public key for https proxy diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYPORT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYPORT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYPORT.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYPORT.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXYPORT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXYPORT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXYPORT \- port number the proxy listens on diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_SERVICE_NAME 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_SERVICE_NAME 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_SERVICE_NAME \- proxy authentication service name diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_SSLCERT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_SSLCERT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_SSLCERT \- set SSL proxy client certificate diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_SSLCERTTYPE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_SSLCERTTYPE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_SSLCERTTYPE \- specify type of the proxy client SSL certificate diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_SSL_CIPHER_LIST 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_SSL_CIPHER_LIST 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_SSL_CIPHER_LIST \- specify ciphers to use for proxy TLS diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_SSLKEY 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_SSLKEY 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_SSLKEY \- specify private keyfile for TLS and SSL proxy client cert diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_SSLKEYTYPE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_SSLKEYTYPE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_SSLKEYTYPE \- set type of the proxy private key file diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_SSL_OPTIONS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_SSL_OPTIONS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_SSL_OPTIONS \- set proxy SSL behavior options diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_SSL_VERIFYHOST 3 "December 16, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_SSL_VERIFYHOST 3 "December 16, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_SSL_VERIFYHOST \- verify the proxy certificate's name against host diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_SSL_VERIFYPEER 3 "December 16, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_SSL_VERIFYPEER 3 "December 16, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_SSL_VERIFYPEER \- verify the proxy's SSL certificate diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_SSLVERSION 3 "August 12, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_SSLVERSION 3 "August 12, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_SSLVERSION \- set preferred proxy TLS/SSL version diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_TLSAUTH_PASSWORD 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_TLSAUTH_PASSWORD 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_TLSAUTH_PASSWORD \- password to use for proxy TLS authentication diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_TLSAUTH_TYPE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_TLSAUTH_TYPE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_TLSAUTH_TYPE \- set proxy TLS authentication methods diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_TLSAUTH_USERNAME 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_TLSAUTH_USERNAME 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_TLSAUTH_USERNAME \- user name to use for proxy TLS authentication diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXY_TRANSFER_MODE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXY_TRANSFER_MODE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXY_TRANSFER_MODE \- append FTP transfer mode to URL for proxy diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYTYPE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYTYPE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYTYPE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYTYPE.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXYTYPE 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXYTYPE 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXYTYPE \- proxy protocol type diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXYUSERNAME 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXYUSERNAME 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXYUSERNAME \- user name to use for proxy authentication diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PROXYUSERPWD 3 "May 30, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PROXYUSERPWD 3 "May 30, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PROXYUSERPWD \- user name and password to use for proxy authentication diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_PUT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_PUT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_PUT.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_PUT.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_PUT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_PUT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_PUT \- make a HTTP PUT request diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_QUOTE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_QUOTE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_QUOTE.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_QUOTE.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_QUOTE 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_QUOTE 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_QUOTE \- (S)FTP commands to run before transfer diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RANDOM_FILE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RANDOM_FILE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RANDOM_FILE \- specify a source for random data diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RANGE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RANGE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RANGE.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RANGE.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RANGE 3 "December 21, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RANGE 3 "December 21, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RANGE \- set byte range to request diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_READDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_READDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_READDATA.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_READDATA.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_READDATA 3 "May 01, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_READDATA 3 "May 01, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_READDATA \- custom pointer passed to the read callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_READFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_READFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_READFUNCTION.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_READFUNCTION.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_READFUNCTION 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_READFUNCTION 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_READFUNCTION \- read callback for data uploads diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_REDIR_PROTOCOLS 3 "September 21, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_REDIR_PROTOCOLS 3 "September 21, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_REDIR_PROTOCOLS \- set protocols allowed to redirect to diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_REFERER.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_REFERER.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_REFERER.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_REFERER.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_REFERER 3 "December 21, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_REFERER 3 "December 21, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_REFERER \- set the HTTP referer header diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_REQUEST_TARGET 3 "June 21, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_REQUEST_TARGET 3 "June 21, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_REQUEST_TARGET \- specify an alternative target for this request diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RESOLVE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RESOLVE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RESOLVE.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RESOLVE.3 2017-11-29 09:29:14.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RESOLVE 3 "May 17, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RESOLVE 3 "November 17, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RESOLVE \- provide custom host name to IP address resolves @@ -56,6 +56,8 @@ by including a string in the linked list that uses the format \&"-HOST:PORT". The host name must be prefixed with a dash, and the host name and port number must exactly match what was already added previously. + +Support for providing the ADDRESS within [brackets] was added in 7.57.0. .SH DEFAULT NULL .SH PROTOCOLS diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RESUME_FROM.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RESUME_FROM.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RESUME_FROM.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RESUME_FROM.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RESUME_FROM 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RESUME_FROM 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RESUME_FROM \- set a point to resume transfer from diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RESUME_FROM_LARGE 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RESUME_FROM_LARGE 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RESUME_FROM_LARGE \- set a point to resume transfer from diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RTSP_CLIENT_CSEQ 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RTSP_CLIENT_CSEQ 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RTSP_CLIENT_CSEQ \- set the RTSP client CSEQ number diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RTSP_REQUEST 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RTSP_REQUEST 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RTSP_REQUEST \- specify RTSP request diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RTSP_SERVER_CSEQ 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RTSP_SERVER_CSEQ 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RTSP_SERVER_CSEQ \- set the RTSP server CSEQ number diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RTSP_SESSION_ID 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RTSP_SESSION_ID 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RTSP_SESSION_ID \- set RTSP session ID diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RTSP_STREAM_URI 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RTSP_STREAM_URI 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RTSP_STREAM_URI \- set RTSP stream URI diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_RTSP_TRANSPORT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_RTSP_TRANSPORT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_RTSP_TRANSPORT \- set RTSP Transport: header diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SASL_IR.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SASL_IR.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SASL_IR.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SASL_IR.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SASL_IR 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SASL_IR 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SASL_IR \- enable sending initial response in first packet diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SEEKDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SEEKDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SEEKDATA.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SEEKDATA.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SEEKDATA 3 "August 12, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SEEKDATA 3 "August 12, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SEEKDATA \- custom pointer passed to the seek callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SEEKFUNCTION 3 "August 12, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SEEKFUNCTION 3 "August 12, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SEEKFUNCTION \- user callback for seeking in input stream diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SERVICE_NAME 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SERVICE_NAME 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SERVICE_NAME \- authentication service name diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SHARE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SHARE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SHARE.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SHARE.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SHARE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SHARE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SHARE \- specify share handle to use diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SOCKOPTDATA 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SOCKOPTDATA 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SOCKOPTDATA \- custom pointer to pass to sockopt callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SOCKOPTFUNCTION 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SOCKOPTFUNCTION 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SOCKOPTFUNCTION \- set callback for setting socket options diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SOCKS5_AUTH 3 "April 27, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SOCKS5_AUTH 3 "April 27, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SOCKS5_AUTH \- set allowed methods for SOCKS5 proxy authentication diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SOCKS5_GSSAPI_NEC 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SOCKS5_GSSAPI_NEC 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SOCKS5_GSSAPI_NEC \- set socks proxy gssapi negotiation protection diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SOCKS5_GSSAPI_SERVICE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SOCKS5_GSSAPI_SERVICE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SOCKS5_GSSAPI_SERVICE \- SOCKS5 proxy authentication service name diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSH_AUTH_TYPES 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSH_AUTH_TYPES 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSH_AUTH_TYPES \- set desired auth types for SFTP and SCP diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.3 2017-11-29 09:29:20.000000000 +0000 @@ -0,0 +1,59 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLOPT_SSH_COMPRESSION 3 "August 17, 2017" "libcurl 7.57.0" "curl_easy_setopt options" + +.SH NAME +CURLOPT_SSH_COMPRESSION \- enables automatic decompression of HTTP downloads +.SH SYNOPSIS +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_COMPRESSION, long enable); +.SH DESCRIPTION +Pass a long as parameter set to 1L to enable or 0L to disable. + +Enables built-in SSH compression. This is a request, not an order; the server +may or may not do it. +.SH DEFAULT +0, disabled +.SH PROTOCOLS +All SSH based protocols: SCP, SFTP +.SH EXAMPLE +.nf +CURL *curl = curl_easy_init(); +if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com"); + + /* enable built-in compression */ + curl_easy_setopt(curl, CURLOPT_SSH_COMPRESSION, 1L); + + /* Perform the request */ + curl_easy_perform(curl); +} +.fi +.SH AVAILABILITY +Added in 7.56.0 +.SH RETURN VALUE +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. +.SH "SEE ALSO" +.BR CURLOPT_ACCEPT_ENCODING "(3), " CURLOPT_TRANSFER_ENCODING "(3), " diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 \- checksum of SSH server public key diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.3 2017-11-29 09:29:26.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSH_KEYDATA 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSH_KEYDATA 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSH_KEYDATA \- pointer to pass to the SSH key callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSH_KEYFUNCTION 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSH_KEYFUNCTION 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSH_KEYFUNCTION \- callback for known host matching logic diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSH_KNOWNHOSTS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSH_KNOWNHOSTS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSH_KNOWNHOSTS \- file name holding the SSH known hosts diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSH_PRIVATE_KEYFILE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSH_PRIVATE_KEYFILE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSH_PRIVATE_KEYFILE \- set private key file for SSH auth diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSH_PUBLIC_KEYFILE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSH_PUBLIC_KEYFILE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSH_PUBLIC_KEYFILE \- set public key file for SSH auth diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLCERT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLCERT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLCERT.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLCERT.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSLCERT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSLCERT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSLCERT \- set SSL client certificate diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSLCERTTYPE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSLCERTTYPE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSLCERTTYPE \- specify type of the client SSL certificate diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_CIPHER_LIST 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_CIPHER_LIST 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_CIPHER_LIST \- specify ciphers to use for TLS diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_CTX_DATA 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_CTX_DATA 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_CTX_DATA \- custom pointer passed to ssl_ctx callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_CTX_FUNCTION 3 "March 26, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_CTX_FUNCTION 3 "March 26, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL, wolfSSL/CyaSSL or mbedTLS diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_ENABLE_ALPN 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_ENABLE_ALPN 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_ENABLE_ALPN \- enable ALPN diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_ENABLE_NPN 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_ENABLE_NPN 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_ENABLE_NPN \- enable NPN diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLENGINE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLENGINE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLENGINE.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLENGINE.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSLENGINE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSLENGINE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSLENGINE \- set SSL engine identifier diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSLENGINE_DEFAULT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSLENGINE_DEFAULT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSLENGINE_DEFAULT \- make SSL engine default diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_FALSESTART 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_FALSESTART 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_FALSESTART \- enable TLS false start diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLKEY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLKEY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLKEY.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLKEY.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSLKEY 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSLKEY 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSLKEY \- specify private keyfile for TLS and SSL client cert diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSLKEYTYPE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSLKEYTYPE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSLKEYTYPE \- set type of the private key file diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_OPTIONS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_OPTIONS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_OPTIONS \- set SSL behavior options diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_SESSIONID_CACHE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_SESSIONID_CACHE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_SESSIONID_CACHE \- enable/disable use of the SSL session-ID cache diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_VERIFYHOST 3 "February 02, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_VERIFYHOST 3 "February 02, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_VERIFYHOST \- verify the certificate's name against host diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 2017-11-29 09:29:25.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_VERIFYPEER 3 "February 09, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_VERIFYPEER 3 "February 09, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_VERIFYPEER \- verify the peer's SSL certificate diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSL_VERIFYSTATUS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSL_VERIFYSTATUS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_VERIFYSTATUS \- verify the certificate's status diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLVERSION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLVERSION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SSLVERSION.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SSLVERSION.3 2017-11-29 09:29:22.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SSLVERSION 3 "August 12, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SSLVERSION 3 "August 12, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSLVERSION \- set preferred TLS/SSL version diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_STDERR.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_STDERR.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_STDERR.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_STDERR.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_STDERR 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_STDERR 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_STDERR \- redirect stderr to another stream diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_STREAM_DEPENDS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_STREAM_DEPENDS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_STREAM_DEPENDS \- set stream this transfer depends on diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_STREAM_DEPENDS_E 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_STREAM_DEPENDS_E 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_STREAM_DEPENDS_E \- set stream this transfer depends on execlusively diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_STREAM_WEIGHT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_STREAM_WEIGHT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_STREAM_WEIGHT \- set numerical stream weight diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_SUPPRESS_CONNECT_HEADERS 3 "April 28, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_SUPPRESS_CONNECT_HEADERS 3 "April 28, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_SUPPRESS_CONNECT_HEADERS \- Suppress proxy CONNECT response headers from user callbacks diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TCP_FASTOPEN 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TCP_FASTOPEN 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TCP_FASTOPEN \- enable TCP Fast Open diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TCP_KEEPALIVE 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TCP_KEEPALIVE 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TCP_KEEPALIVE \- enable TCP keep-alive probing diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TCP_KEEPIDLE 3 "January 02, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TCP_KEEPIDLE 3 "January 02, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TCP_KEEPIDLE \- set TCP keep-alive idle time wait diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TCP_KEEPINTVL 3 "January 02, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TCP_KEEPINTVL 3 "January 02, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TCP_KEEPINTVL \- set TCP keep-alive interval diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TCP_NODELAY.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TCP_NODELAY.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TCP_NODELAY.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TCP_NODELAY.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TCP_NODELAY 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TCP_NODELAY 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TCP_NODELAY \- set the TCP_NODELAY option diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TELNETOPTIONS 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TELNETOPTIONS 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TELNETOPTIONS \- custom telnet options diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TFTP_BLKSIZE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TFTP_BLKSIZE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TFTP_BLKSIZE \- TFTP block size diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TFTP_NO_OPTIONS 3 "April 06, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TFTP_NO_OPTIONS 3 "April 06, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TFTP_NO_OPTIONS \- Do not send TFTP options requests. diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TIMECONDITION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TIMECONDITION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TIMECONDITION.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TIMECONDITION.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TIMECONDITION 3 "April 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TIMECONDITION 3 "April 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TIMECONDITION \- select condition for a time request diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TIMEOUT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TIMEOUT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TIMEOUT.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TIMEOUT.3 2017-11-29 09:29:27.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TIMEOUT 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TIMEOUT 3 "October 03, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TIMEOUT \- set maximum time the request is allowed to take @@ -65,7 +65,8 @@ .SH AVAILABILITY Always .SH RETURN VALUE -Returns CURLE_OK +Returns CURLE_OK. Returns CURLE_BAD_FUNCTION_ARGUMENT if set to a negative +value or a value that when converted to milliseconds is too large. .SH "SEE ALSO" -.BR CURLOPT_TIMEOUT_MS "(3), " +.BR CURLOPT_TIMEOUT_MS "(3), " .BR CURLOPT_CONNECTTIMEOUT "(3), " CURLOPT_LOW_SPEED_LIMIT "(3), " diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3 2017-11-29 09:29:20.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TIMEOUT_MS 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TIMEOUT_MS 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TIMEOUT_MS \- set maximum time the request is allowed to take diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TIMEVALUE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TIMEVALUE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TIMEVALUE.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TIMEVALUE.3 2017-11-29 09:29:14.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TIMEVALUE 3 "April 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TIMEVALUE 3 "April 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TIMEVALUE \- set time value for conditional diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TLSAUTH_PASSWORD 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TLSAUTH_PASSWORD 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TLSAUTH_PASSWORD \- password to use for TLS authentication diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.3 2017-11-29 09:29:17.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TLSAUTH_TYPE 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TLSAUTH_TYPE 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TLSAUTH_TYPE \- set TLS authentication methods diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TLSAUTH_USERNAME 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TLSAUTH_USERNAME 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TLSAUTH_USERNAME \- user name to use for TLS authentication diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TRANSFER_ENCODING 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TRANSFER_ENCODING 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TRANSFER_ENCODING \- ask for HTTP Transfer Encoding diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_TRANSFERTEXT 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_TRANSFERTEXT 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_TRANSFERTEXT \- request a text based transfer for FTP diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_UNIX_SOCKET_PATH 3 "December 21, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_UNIX_SOCKET_PATH 3 "December 21, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_UNIX_SOCKET_PATH \- set Unix domain socket diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_UNRESTRICTED_AUTH 3 "May 15, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_UNRESTRICTED_AUTH 3 "May 15, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_UNRESTRICTED_AUTH \- send credentials to other hosts too diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_UPLOAD.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_UPLOAD.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_UPLOAD.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_UPLOAD.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_UPLOAD 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_UPLOAD 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_UPLOAD \- enable data upload diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_URL.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_URL.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_URL.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_URL.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_URL 3 "December 21, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_URL 3 "December 21, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_URL \- provide the URL to use in the request diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_USERAGENT.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_USERAGENT.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_USERAGENT.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_USERAGENT.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_USERAGENT 3 "December 21, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_USERAGENT 3 "December 21, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_USERAGENT \- set HTTP user-agent header diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_USERNAME.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_USERNAME.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_USERNAME.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_USERNAME.3 2017-11-29 09:29:19.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_USERNAME 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_USERNAME 3 "May 05, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_USERNAME \- user name to use in authentication diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_USERPWD.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_USERPWD.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_USERPWD.3 2017-08-14 06:05:11.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_USERPWD.3 2017-11-29 09:29:21.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_USERPWD 3 "May 05, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_USERPWD 3 "August 24, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_USERPWD \- user name and password to use in authentication @@ -89,3 +89,4 @@ CURLE_OUT_OF_MEMORY if there was insufficient heap space. .SH "SEE ALSO" .BR CURLOPT_USERNAME "(3), " CURLOPT_PASSWORD "(3), " +.BR CURLOPT_PROXYUSERPWD "(3), " diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_USE_SSL.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_USE_SSL.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_USE_SSL.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_USE_SSL.3 2017-11-29 09:29:15.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_USE_SSL 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_USE_SSL 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_USE_SSL \- request using SSL / TLS for the transfer diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_VERBOSE.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_VERBOSE.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_VERBOSE.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_VERBOSE.3 2017-11-29 09:29:18.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_VERBOSE 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_VERBOSE 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_VERBOSE \- set verbose mode on/off diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3 2017-11-29 09:29:27.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_WILDCARDMATCH 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_WILDCARDMATCH 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_WILDCARDMATCH \- enable directory wildcard transfers diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_WRITEDATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_WRITEDATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_WRITEDATA.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_WRITEDATA.3 2017-11-29 09:29:23.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_WRITEDATA 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_WRITEDATA 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_WRITEDATA \- custom pointer passed to the write callback diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.3 2017-08-14 06:05:12.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_WRITEFUNCTION 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_WRITEFUNCTION 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_WRITEFUNCTION \- set callback for writing received data diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_XFERINFODATA.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_XFERINFODATA.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_XFERINFODATA.3 2017-08-14 06:05:09.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_XFERINFODATA.3 2017-11-29 09:29:15.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_XFERINFODATA 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_XFERINFODATA 3 "October 09, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_XFERINFODATA \- custom pointer passed to the progress callback @@ -44,4 +44,4 @@ .SH RETURN VALUE Returns CURLE_OK .SH "SEE ALSO" -.BR CURLOPT_XFERINFOFUNCTION "(3), " CURLOPT_XFERINFOFUNCTION "(3), " +.BR CURLOPT_XFERINFOFUNCTION "(3), " CURLOPT_VERBOSE "(3), " diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.3 2017-08-14 06:05:13.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.3 2017-11-29 09:29:24.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_XFERINFOFUNCTION 3 "February 03, 2016" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_XFERINFOFUNCTION 3 "February 03, 2016" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_XFERINFOFUNCTION \- callback to progress meter function diff -Nru curl-7.55.1/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.3 curl-7.57.0/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.3 --- curl-7.55.1/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.3 2017-08-14 06:05:10.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.3 2017-11-29 09:29:16.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_XOAUTH2_BEARER 3 "May 31, 2017" "libcurl 7.55.1" "curl_easy_setopt options" +.TH CURLOPT_XOAUTH2_BEARER 3 "May 31, 2017" "libcurl 7.57.0" "curl_easy_setopt options" .SH NAME CURLOPT_XOAUTH2_BEARER \- specify OAuth 2.0 access token diff -Nru curl-7.55.1/docs/libcurl/opts/Makefile.in curl-7.57.0/docs/libcurl/opts/Makefile.in --- curl-7.55.1/docs/libcurl/opts/Makefile.in 2017-08-13 16:22:16.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/Makefile.in 2017-11-28 15:13:57.000000000 +0000 @@ -237,7 +237,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -254,6 +256,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -567,6 +570,7 @@ CURLOPT_MAXREDIRS.3 \ CURLOPT_MAX_RECV_SPEED_LARGE.3 \ CURLOPT_MAX_SEND_SPEED_LARGE.3 \ + CURLOPT_MIMEPOST.3 \ CURLOPT_NETRC.3 \ CURLOPT_NETRC_FILE.3 \ CURLOPT_NEW_DIRECTORY_PERMS.3 \ @@ -650,6 +654,7 @@ CURLOPT_SOCKS5_GSSAPI_NEC.3 \ CURLOPT_SOCKS5_GSSAPI_SERVICE.3 \ CURLOPT_SSH_AUTH_TYPES.3 \ + CURLOPT_SSH_COMPRESSION.3 \ CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 \ CURLOPT_SSH_KEYDATA.3 \ CURLOPT_SSH_KEYFUNCTION.3 \ diff -Nru curl-7.55.1/docs/libcurl/opts/Makefile.inc curl-7.57.0/docs/libcurl/opts/Makefile.inc --- curl-7.55.1/docs/libcurl/opts/Makefile.inc 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/docs/libcurl/opts/Makefile.inc 2017-11-09 22:40:36.000000000 +0000 @@ -175,6 +175,7 @@ CURLOPT_MAXREDIRS.3 \ CURLOPT_MAX_RECV_SPEED_LARGE.3 \ CURLOPT_MAX_SEND_SPEED_LARGE.3 \ + CURLOPT_MIMEPOST.3 \ CURLOPT_NETRC.3 \ CURLOPT_NETRC_FILE.3 \ CURLOPT_NEW_DIRECTORY_PERMS.3 \ @@ -258,6 +259,7 @@ CURLOPT_SOCKS5_GSSAPI_NEC.3 \ CURLOPT_SOCKS5_GSSAPI_SERVICE.3 \ CURLOPT_SSH_AUTH_TYPES.3 \ + CURLOPT_SSH_COMPRESSION.3 \ CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 \ CURLOPT_SSH_KEYDATA.3 \ CURLOPT_SSH_KEYFUNCTION.3 \ diff -Nru curl-7.55.1/docs/libcurl/symbols-in-versions curl-7.57.0/docs/libcurl/symbols-in-versions --- curl-7.55.1/docs/libcurl/symbols-in-versions 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/libcurl/symbols-in-versions 2017-11-26 13:19:01.000000000 +0000 @@ -160,27 +160,27 @@ CURLFINFOFLAG_KNOWN_SIZE 7.21.0 CURLFINFOFLAG_KNOWN_TIME 7.21.0 CURLFINFOFLAG_KNOWN_UID 7.21.0 -CURLFORM_ARRAY 7.9.1 +CURLFORM_ARRAY 7.9.1 7.56.0 CURLFORM_ARRAY_END 7.9.1 7.9.5 7.9.6 CURLFORM_ARRAY_START 7.9.1 7.9.5 7.9.6 -CURLFORM_BUFFER 7.9.8 -CURLFORM_BUFFERLENGTH 7.9.8 -CURLFORM_BUFFERPTR 7.9.8 -CURLFORM_CONTENTHEADER 7.9.3 -CURLFORM_CONTENTLEN 7.46.0 -CURLFORM_CONTENTSLENGTH 7.9 -CURLFORM_CONTENTTYPE 7.9 -CURLFORM_COPYCONTENTS 7.9 -CURLFORM_COPYNAME 7.9 -CURLFORM_END 7.9 -CURLFORM_FILE 7.9 -CURLFORM_FILECONTENT 7.9.1 -CURLFORM_FILENAME 7.9.6 -CURLFORM_NAMELENGTH 7.9 -CURLFORM_NOTHING 7.9 -CURLFORM_PTRCONTENTS 7.9 -CURLFORM_PTRNAME 7.9 -CURLFORM_STREAM 7.18.2 +CURLFORM_BUFFER 7.9.8 7.56.0 +CURLFORM_BUFFERLENGTH 7.9.8 7.56.0 +CURLFORM_BUFFERPTR 7.9.8 7.56.0 +CURLFORM_CONTENTHEADER 7.9.3 7.56.0 +CURLFORM_CONTENTLEN 7.46.0 7.56.0 +CURLFORM_CONTENTSLENGTH 7.9 7.56.0 +CURLFORM_CONTENTTYPE 7.9 7.56.0 +CURLFORM_COPYCONTENTS 7.9 7.56.0 +CURLFORM_COPYNAME 7.9 7.56.0 +CURLFORM_END 7.9 7.56.0 +CURLFORM_FILE 7.9 7.56.0 +CURLFORM_FILECONTENT 7.9.1 7.56.0 +CURLFORM_FILENAME 7.9.6 7.56.0 +CURLFORM_NAMELENGTH 7.9 7.56.0 +CURLFORM_NOTHING 7.9 7.56.0 +CURLFORM_PTRCONTENTS 7.9 7.56.0 +CURLFORM_PTRNAME 7.9 7.56.0 +CURLFORM_STREAM 7.18.2 7.56.0 CURLFTPAUTH_DEFAULT 7.12.2 CURLFTPAUTH_SSL 7.12.2 CURLFTPAUTH_TLS 7.12.2 @@ -406,7 +406,7 @@ CURLOPT_HTTPAUTH 7.10.6 CURLOPT_HTTPGET 7.8.1 CURLOPT_HTTPHEADER 7.1 -CURLOPT_HTTPPOST 7.1 +CURLOPT_HTTPPOST 7.1 7.56.0 CURLOPT_HTTPPROXYTUNNEL 7.3 CURLOPT_HTTPREQUEST 7.1 - 7.15.5 CURLOPT_HTTP_CONTENT_DECODING 7.16.2 @@ -441,6 +441,7 @@ CURLOPT_MAXREDIRS 7.5 CURLOPT_MAX_RECV_SPEED_LARGE 7.15.5 CURLOPT_MAX_SEND_SPEED_LARGE 7.15.5 +CURLOPT_MIMEPOST 7.56.0 CURLOPT_MUTE 7.1 7.8 7.15.5 CURLOPT_NETRC 7.1 CURLOPT_NETRC_FILE 7.11.0 @@ -540,6 +541,7 @@ CURLOPT_SOURCE_URL 7.13.0 - 7.15.5 CURLOPT_SOURCE_USERPWD 7.12.1 - 7.15.5 CURLOPT_SSH_AUTH_TYPES 7.16.1 +CURLOPT_SSH_COMPRESSION 7.56.0 CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 7.17.1 CURLOPT_SSH_KEYDATA 7.19.6 CURLOPT_SSH_KEYFUNCTION 7.19.6 @@ -689,10 +691,15 @@ CURLSSLBACKEND_WOLFSSL 7.49.0 CURLSSLOPT_ALLOW_BEAST 7.25.0 CURLSSLOPT_NO_REVOKE 7.44.0 +CURLSSLSET_NO_BACKENDS 7.56.0 +CURLSSLSET_OK 7.56.0 +CURLSSLSET_TOO_LATE 7.56.0 +CURLSSLSET_UNKNOWN_BACKEND 7.56.0 CURLUSESSL_ALL 7.17.0 CURLUSESSL_CONTROL 7.17.0 CURLUSESSL_NONE 7.17.0 CURLUSESSL_TRY 7.17.0 +CURLVERSION_FIFTH 7.57.0 CURLVERSION_FIRST 7.10 CURLVERSION_FOURTH 7.16.1 CURLVERSION_NOW 7.10 @@ -713,14 +720,14 @@ CURL_FNMATCHFUNC_FAIL 7.21.0 CURL_FNMATCHFUNC_MATCH 7.21.0 CURL_FNMATCHFUNC_NOMATCH 7.21.0 -CURL_FORMADD_DISABLED 7.12.1 -CURL_FORMADD_ILLEGAL_ARRAY 7.9.8 -CURL_FORMADD_INCOMPLETE 7.9.8 -CURL_FORMADD_MEMORY 7.9.8 -CURL_FORMADD_NULL 7.9.8 -CURL_FORMADD_OK 7.9.8 -CURL_FORMADD_OPTION_TWICE 7.9.8 -CURL_FORMADD_UNKNOWN_OPTION 7.9.8 +CURL_FORMADD_DISABLED 7.12.1 7.56.0 +CURL_FORMADD_ILLEGAL_ARRAY 7.9.8 7.56.0 +CURL_FORMADD_INCOMPLETE 7.9.8 7.56.0 +CURL_FORMADD_MEMORY 7.9.8 7.56.0 +CURL_FORMADD_NULL 7.9.8 7.56.0 +CURL_FORMADD_OK 7.9.8 7.56.0 +CURL_FORMADD_OPTION_TWICE 7.9.8 7.56.0 +CURL_FORMADD_UNKNOWN_OPTION 7.9.8 7.56.0 CURL_GLOBAL_ACK_EINTR 7.30.0 CURL_GLOBAL_ALL 7.8 CURL_GLOBAL_DEFAULT 7.8 @@ -823,6 +830,7 @@ CURL_TLSAUTH_NONE 7.21.4 CURL_TLSAUTH_SRP 7.21.4 CURL_VERSION_ASYNCHDNS 7.10.7 +CURL_VERSION_BROTLI 7.57.0 CURL_VERSION_CONV 7.15.4 CURL_VERSION_CURLDEBUG 7.19.6 CURL_VERSION_DEBUG 7.10.6 @@ -836,6 +844,7 @@ CURL_VERSION_KERBEROS5 7.40.0 CURL_VERSION_LARGEFILE 7.11.1 CURL_VERSION_LIBZ 7.10 +CURL_VERSION_MULTI_SSL 7.56.0 CURL_VERSION_NTLM 7.10.6 CURL_VERSION_NTLM_WB 7.22.0 CURL_VERSION_PSL 7.47.0 @@ -848,3 +857,4 @@ CURL_WAIT_POLLOUT 7.28.0 CURL_WAIT_POLLPRI 7.28.0 CURL_WRITEFUNC_PAUSE 7.18.0 +CURL_ZERO_TERMINATED 7.56.0 diff -Nru curl-7.55.1/docs/MAIL-ETIQUETTE curl-7.57.0/docs/MAIL-ETIQUETTE --- curl-7.55.1/docs/MAIL-ETIQUETTE 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/MAIL-ETIQUETTE 2017-11-09 22:40:36.000000000 +0000 @@ -15,6 +15,7 @@ 1.6 Handling trolls and spam 1.7 How to unsubscribe 1.8 I posted, now what? + 1.9 Your emails are public 2. Sending mail 2.1 Reply or New Mail @@ -118,9 +119,9 @@ to the page for the particular mailing list you're subscribed to and you enter your email address and password and press the unsubscribe button. - Also, the instructions to unsubscribe are included in the headers of every - mail that is sent out to all curl related mailing lists and there's a footer - in each mail that links to the "admin" page on which you can unsubscribe and + Also, the instructions to unsubscribe are included in the headers of every + mail that is sent out to all curl related mailing lists and there's a footer + in each mail that links to the "admin" page on which you can unsubscribe and change other options. You NEVER EVER email the mailing list requesting someone else to take you off @@ -151,7 +152,7 @@ or repeat the same steps in their locations. Failing to include details will only delay responses and make people respond - and ask for more details and you will have to send a follow-up email that + and ask for more details and you will have to send a follow-up email that includes them. Expect the responses to primarily help YOU debug the issue, or ask YOU @@ -162,6 +163,27 @@ chances are that people will ignore you at will and your chances to get responses in the future will greatly diminish. + 1.9 Your emails are public + + Your email, its contents and all its headers and the details in those + headers will be received by every subscriber of the mailing list that you + send your email to. + + Your email as sent to a curl mailing list will end up in mail archives, on + the curl web site and elsewhere, for others to see and read. Today and in + the future. In addition to the archives, the mail is sent out to thousands + of individuals. There is no way to undo a sent email. + + When sending emails to a curl mailing list, do not include sensitive + information such as user names and passwords; use fake ones, temporary ones + or just remove them completely from the mail. Note that this includes base64 + encoded HTTP Basic auth headers. + + This public nature of the curl mailing lists makes automaticly inserted mail + footers about mails being "private" or "only meant for the receipient" or + similar even more silly than usual. Because they are absolutely not private + when sent to a public mailing list. + 2. Sending mail @@ -261,4 +283,3 @@ Getting the solution posted also helps other users that experience the same problem(s). They get to see (possibly in the web archives) that the suggested fixes actually has helped at least one person. - diff -Nru curl-7.55.1/docs/Makefile.am curl-7.57.0/docs/Makefile.am --- curl-7.55.1/docs/Makefile.am 2017-08-09 08:24:04.000000000 +0000 +++ curl-7.57.0/docs/Makefile.am 2017-11-27 07:50:21.000000000 +0000 @@ -46,7 +46,7 @@ README.netware MAIL-ETIQUETTE HTTP-COOKIES.md SECURITY.md RELEASE-PROCEDURE \ SSL-PROBLEMS.md HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md CODE_STYLE.md \ CHECKSRC.md CMakeLists.txt README.md CIPHERS.md INSTALL.cmake README.cmake \ - $(noinst_man_MANS) + $(noinst_man_MANS) HELP-US.md MAN2HTML= roffit $< >$@ @@ -81,3 +81,6 @@ rm $$foo.ps; \ echo "converted $< to $@") +distclean: + rm -f $(CLEANFILES) + diff -Nru curl-7.55.1/docs/Makefile.in curl-7.57.0/docs/Makefile.in --- curl-7.55.1/docs/Makefile.in 2017-08-13 16:22:16.000000000 +0000 +++ curl-7.57.0/docs/Makefile.in 2017-11-28 15:13:57.000000000 +0000 @@ -295,7 +295,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -312,6 +314,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -472,7 +475,7 @@ README.netware MAIL-ETIQUETTE HTTP-COOKIES.md SECURITY.md RELEASE-PROCEDURE \ SSL-PROBLEMS.md HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md CODE_STYLE.md \ CHECKSRC.md CMakeLists.txt README.md CIPHERS.md INSTALL.cmake README.cmake \ - $(noinst_man_MANS) + $(noinst_man_MANS) HELP-US.md MAN2HTML = roffit $< >$@ SUFFIXES = .1 .html .pdf @@ -756,8 +759,6 @@ clean-am: clean-generic clean-libtool mostlyclean-am -distclean: distclean-recursive - -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive @@ -864,6 +865,9 @@ rm $$foo.ps; \ echo "converted $< to $@") +distclean: + rm -f $(CLEANFILES) + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru curl-7.55.1/docs/RELEASE-PROCEDURE curl-7.57.0/docs/RELEASE-PROCEDURE --- curl-7.55.1/docs/RELEASE-PROCEDURE 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/RELEASE-PROCEDURE 2017-11-09 22:40:37.000000000 +0000 @@ -83,10 +83,13 @@ Based on the description above, here are some planned release dates (at the time of this writing): -- June 14, 2017 (version 7.54.1) -- August 9, 2017 -- October 4, 2017 - November 29, 2017 - January 24, 2018 - March 21, 2018 - May 16, 2018 +- July 11, 2018 +- September 5, 2018 +- October 31, 2018 +- December 26, 2018 +- February 20, 2019 +- April 17, 2019 diff -Nru curl-7.55.1/docs/RESOURCES curl-7.57.0/docs/RESOURCES --- curl-7.55.1/docs/RESOURCES 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/RESOURCES 2017-11-26 13:19:01.000000000 +0000 @@ -81,3 +81,5 @@ RFC 4616 - PLAIN authentication RFC 4954 - SMTP Authentication + + RFC 7932 - Brotli Compressed Data Format diff -Nru curl-7.55.1/docs/ROADMAP.md curl-7.57.0/docs/ROADMAP.md --- curl-7.55.1/docs/ROADMAP.md 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/ROADMAP.md 2017-11-26 13:19:01.000000000 +0000 @@ -1,20 +1,14 @@ curl the next few years - perhaps ================================= -Roadmap of things Daniel Stenberg and Steve Holme want to work on next. It is -intended to serve as a guideline for others for information, feedback and -possible participation. +Roadmap of things Daniel Stenberg wants to work on next. It is intended to +serve as a guideline for others for information, feedback and possible +participation. QUIC ---- -The standardization process of QUIC has been taken to the IETF and can be -followed on the [IETF QUIC Mailing -list](https://www.ietf.org/mailman/listinfo/quic). I'd like us to get on the -bandwagon. Ideally, this would be done with a separate library/project to -handle the binary/framing layer in a similar fashion to how HTTP/2 is -implemented. This, to allow other projects to benefit from the work and to -thus broaden the interest and chance of others to participate. + See the [QUIC wiki page](https://github.com/curl/curl/wiki/QUIC). HTTP cookies ------------ @@ -34,85 +28,15 @@ How to find services for specific domains/hosts. -curl_formadd() --------------- - -make sure there's an easy handle passed in to `curl_formadd()`, -`curl_formget()` and `curl_formfree()` by adding replacement functions and -deprecating the old ones to allow custom mallocs and more. - -Or perhaps even better: revamp the formpost API completely while we're at it -and making something that is easier to use and understand: - - https://github.com/curl/curl/wiki/formpost-API-redesigned - -Third-party SASL ----------------- - -Add support for third-party SASL libraries such as Cyrus SASL. - -SASL authentication in LDAP ---------------------------- - -... - -Simplify the SMTP email ------------------------ - -Simplify the SMTP email interface so that programmers don't have to -construct the body of an email that contains all the headers, alternative -content, images and attachments - maintain raw interface so that -programmers that want to do this can - -email capabilities ------------------- - -Allow the email protocols to return the capabilities before -authenticating. This will allow an application to decide on the best -authentication mechanism - -Win32 pthreads --------------- - -Allow Windows threading model to be replaced by Win32 pthreads port - -dynamic buffer size -------------------- - -Implement a dynamic buffer size to allow SFTP to use much larger buffers and -possibly allow the size to be customizable by applications. Use less memory -when handles are not in use? - -New stuff - curl ----------------- - -1. Embed a language interpreter (lua?). For that middle ground where curl - isn’t enough and a libcurl binding feels “too much”. Build-time conditional - of course. - -2. Simplify the SMTP command line so that the headers and multi-part content - don't have to be constructed before calling curl - Improve ------- -1. build for windows (considered hard by many users) - -2. curl -h output (considered overwhelming to users) +1. curl -h output (considered overwhelming to users). -3. we have > 200 command line options, is there a way to redo things to +2. We have > 200 command line options, is there a way to redo things to simplify or improve the situation as we are likely to keep adding - features/options in the future too - -4. authentication framework (consider merging HTTP and SASL authentication to - give one API for protocols to call) + features/options in the future too. -5. Perform some of the clean up from the TODO document, removing old +3. Perform some of the clean up from the TODO document, removing old definitions and such like that are currently earmarked to be removed years - ago - -Remove ------- - -1. makefile.vc files as there is no point in maintaining two sets of Windows - makefiles. Note: These are currently being used by the Windows autobuilds + ago. diff -Nru curl-7.55.1/docs/THANKS curl-7.57.0/docs/THANKS --- curl-7.55.1/docs/THANKS 2017-08-14 06:03:41.000000000 +0000 +++ curl-7.57.0/docs/THANKS 2017-11-29 09:27:26.000000000 +0000 @@ -40,8 +40,10 @@ Alex Chan Alex Fishman Alex Gruz +Alex Malinovich Alex McLellan Alex Neblett +Alex Nichols Alex Potapenko Alex Rousskov Alex Suykov @@ -60,11 +62,13 @@ Alexander Traud Alexander Zhuravlev Alexey Borzov +Alexey Melnichuk Alexey Pesternikov Alexey Simak Alexey Zakhlestin Alexis Carvalho Alexis La Goutte +Alfonso Martone Alfred Gebert Allen Pulsifer Alona Rossen @@ -92,6 +96,7 @@ Andreas Wurf Andrei Benea Andrei Cipu +Andrei Karas Andrei Kurushin Andrei Sedoi Andrej E Baranov @@ -102,6 +107,7 @@ Andrew Fuller Andrew Krieger Andrew Kurushin +Andrew Lambert Andrew Moise Andrew Robbins Andrew Wansink @@ -130,6 +136,7 @@ Armel Asselin Arnaud Compan Arnaud Ebalard +Artak Galoyan Arthur Murray Arve Knudsen Arvid Norberg @@ -158,6 +165,7 @@ Benjamin Gilbert Benjamin Johnson Benjamin Kircher +Benjamin Sergeant Benoit Neil Benoit Sigoure Bernard Leak @@ -172,6 +180,7 @@ Bill Hoffman Bill Middlecamp Bill Nagel +Bill Pyne Bjoern Sikora Bjorn Augustsson Bjorn Reese @@ -302,6 +311,7 @@ Dan Petitt Dan Torop Dan Zitter +Daniel Bankhead Daniel Black Daniel Cater Daniel Egger @@ -384,8 +394,10 @@ Dimitris Sarris Dinar Dirk Eddelbuettel +Dirk Feytons Dirk Manske Dmitri Shubin +Dmitri Tikhonov Dmitriy Sergeyev Dmitry Bartsevich Dmitry Eremin-Solenikov @@ -477,6 +489,7 @@ Fahim Chandurwala Fedor Karpelevitch Feist Josselin +Felix Kaiser Felix Yan Felix von Leitner Feng Tu @@ -487,6 +500,7 @@ Forrest Cahoon Francisco Moraes Francois Petitjean +Frank Denis Frank Gevaerts Frank Hempel Frank Keeney @@ -595,6 +609,7 @@ Hubert Kario Hzhijun Ian D Allen +Ian Fette Ian Ford Ian Gulliver Ian Lynagh @@ -618,6 +633,7 @@ Ivan Avdeev Ivo Bellin Salarin Jack Zhang +Jackarain on github Jacky Lam Jacob Meuser Jacob Moshenko @@ -640,6 +656,7 @@ Jamie Lokier Jamie Newton Jamie Wilkinson +Jan Alexander Steffens Jan Ehrhardt Jan Koen Annot Jan Kunder @@ -656,6 +673,7 @@ Jason S. Priebe Javier Barroso Javier G. Sogo +Javier Sixto Jay Austin Jayesh A Shah Jaz Fresh @@ -721,6 +739,7 @@ John Bradshaw John Coffey John Crow +John David Anglin John Dennis John Dunn John E. Malmberg @@ -736,11 +755,13 @@ John Marshall John McGowan John P. McCaskey +John Starks John Suprock John Wanghui John Wilkinson John-Mark Bell Johnny Luong +Jon DeVree Jon Grubbs Jon Nelson Jon Sargeant @@ -782,6 +803,7 @@ Julien Royer Jun-ichiro itojun Hagino Jurij Smakov +Juro Bystricky Justin Clift Justin Ehlert Justin Fletcher @@ -819,6 +841,7 @@ Kevin Lussier Kevin Reed Kevin Roth +Kevin Smith Kim Minjoong Kim Rinnewitz Kim Vandry @@ -832,6 +855,7 @@ Krister Johansen Kristian Gunstone Kristian Köhntopp +Kristiyan Tsaklev Kurt Fankhauser Kyle J. McKay Kyle L. Huff @@ -852,6 +876,7 @@ Lau Hang Kin Laurent Rabret Lauri Kasanen +Lawrence Wagerfield Legoff Vincent Lehel Bernadt Leif W @@ -878,6 +903,7 @@ Loren Kirkby Luan Cestari Luca Altea +Luca Boccassi Lucas Adamski Lucas Pardue Ludek Finstrle @@ -903,6 +929,7 @@ Mandy Wu Manfred Schwarb Manuel Massing +Marc Aldorasi Marc Boucher Marc Deslauriers Marc Doughty @@ -974,6 +1001,7 @@ Matthew Blain Matthew Clarke Matthew Hall +Matthew Kerwin Matthias Bolte Maurice Barnum Mauro Iorio @@ -994,6 +1022,7 @@ Michael Cronenworth Michael Curtis Michael Day +Michael Felt Michael Goffioul Michael Jahn Michael Jerris @@ -1069,6 +1098,7 @@ Nicolas Berloquin Nicolas Croiset Nicolas François +Nicolas Morey-Chaisemartin Niels van Tongeren Nikita Schmidt Nikitinskit Dmitriy @@ -1090,6 +1120,7 @@ Olaf Flebbe Olaf Stüben Oleg Pudeyev +Oli Kingshott Oliver Gondža Oliver Graute Oliver Kuckertz @@ -1136,13 +1167,17 @@ Paul Querna Paul Saab Pavel Cenek +Pavel Gushchin Pavel Orehov +Pavel P Pavel Raiskup Pavel Rochnyak +Pavol Markovic Pawel A. Gajda Pawel Kierski Pedro Larroy Pedro Neves +Per Lundberg Per Malmberg Peter Bray Peter Forret @@ -1151,10 +1186,12 @@ Peter Heuchert Peter Hjalmarsson Peter Korsgaard +Peter Lamare Peter Lamberg Peter Laser Peter O'Gorman Peter Pentchev +Peter Piekarski Peter Silva Peter Su Peter Sylvester @@ -1167,6 +1204,7 @@ Petr Bahula Petr Novak Petr Pisar +Petr Voytsik Phil Blundell Phil Crump Phil Karn @@ -1253,6 +1291,7 @@ Rick Richardson Ricki Hirner Rider Linden +Rob Cotrone Rob Crittenden Rob Davies Rob Jones @@ -1303,6 +1342,7 @@ Ryuichi KAWAMATA Rémy Léone S. Moonesamy +SBKarr on github Salah-Eddin Shaban Salvador Dávila Salvatore Sorrentino @@ -1544,6 +1584,7 @@ Wojciech Zwiefka Wouter Van Rooy Wu Yongzheng +Wyatt O'Day Xavier Bouchoux Xiangbin Li Yaakov Selkowitz @@ -1564,18 +1605,23 @@ Yves Lejeune Zdenek Pavlas Zekun Ni +Zenju on github Zmey Petroff Zvi Har'El afrind on github +arainchik on github asavah on github baumanj on github bsammon on github -canavan at github -destman at github +canavan on github +cbartl on github +destman on github dkjjr89 on github eXeC64 on github -jonrumsey at github +hsiao yi +imilli on github jonrumsey on github +joshhe on github jveazey on github ka7 on github kreshano on github @@ -1585,21 +1631,24 @@ marc-groundctl on github mccormickt12 on github mkzero on github +moohoorama on github neex on github neheb on github nk nopjmp on github -olesteban at github +olesteban on github +omau on github ovidiu-benea on github paulharris on github silveja1 on github -stootill at github +stootill on github swalkaus at yahoo.com tarek112 on github tommink[at]post.pl vanillajonathan on github wmsch on github -wyattoday at github +wyattoday on github +youngchopin on github zelinchen on github İsmail Dönmez Štefan Kremeň diff -Nru curl-7.55.1/docs/TODO curl-7.57.0/docs/TODO --- curl-7.55.1/docs/TODO 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/docs/TODO 2017-11-26 13:19:01.000000000 +0000 @@ -27,7 +27,6 @@ 1.9 Cache negative name resolves 1.10 auto-detect proxy 1.11 minimize dependencies with dynamically loaded modules - 1.12 have form functions use CURL handle argument 1.14 Typesafe curl_easy_setopt() 1.15 Monitor connections in the connection pool 1.16 Try to URL encode given URL @@ -57,6 +56,7 @@ 4.5 ASCII support 4.6 GSSAPI via Windows SSPI 4.7 STAT for LIST without data connection + 4.8 Option to ignore private IP addresses in PASV response 5. HTTP 5.1 Better persistency for HTTP 1.0 @@ -65,11 +65,8 @@ 5.4 HTTP Digest using SHA-256 5.5 auth= in URLs 5.6 Refuse "downgrade" redirects - 5.7 Brotli compression - 5.8 QUIC - 5.9 Improve formpost API - 5.10 Leave secure cookies alone - 5.11 Chunked transfer multipart formpost + 5.7 QUIC + 5.8 Leave secure cookies alone 6. TELNET 6.1 ditch stdin @@ -139,7 +136,6 @@ 18.2 glob posts 18.3 prevent file overwriting 18.4 simultaneous parallel transfers - 18.5 provide formpost headers 18.6 warning when setting an option 18.8 offer color-coded HTTP header output 18.9 Choose the name of file in braces for complex URLs @@ -210,7 +206,7 @@ 1.5 get rid of PATH_MAX Having code use and rely on PATH_MAX is not nice: - http://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html + https://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html Currently the SSH based code uses it a bit, but to remove PATH_MAX from there we need libssh2 to properly tell us when we pass in a too small buffer and @@ -276,18 +272,6 @@ app/invoke/used protocols would be necessary to load. See https://github.com/curl/curl/issues/349 -1.12 have form functions use CURL handle argument - - curl_formadd() and curl_formget() both currently have no CURL handle - argument, but both can use a callback that is set in the easy handle, and - thus curl_formget() with callback cannot function without first having - curl_easy_perform() (or similar) called - which is hard to grasp and a design - mistake. - - The curl_formadd() design can probably also be reconsidered to make it easier - to use and less error-prone. Probably easiest by splitting it into several - function calls. - 1.14 Typesafe curl_easy_setopt() One of the most common problems in libcurl using applications is the lack of @@ -465,17 +449,23 @@ 4.6 GSSAPI via Windows SSPI -In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5) -via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add -support for GSSAPI authentication via Windows SSPI. + In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5) + via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add + support for GSSAPI authentication via Windows SSPI. 4.7 STAT for LIST without data connection -Some FTP servers allow STAT for listing directories instead of using LIST, and -the response is then sent over the control connection instead of as the -otherwise usedw data connection: http://www.nsftools.com/tips/RawFTP.htm#STAT + Some FTP servers allow STAT for listing directories instead of using LIST, + and the response is then sent over the control connection instead of as the + otherwise usedw data connection: http://www.nsftools.com/tips/RawFTP.htm#STAT + + This is not detailed in any FTP specification. + +4.8 Option to ignore private IP addresses in PASV response -This is not detailed in any FTP specification. + Some servers respond with and some other FTP client implementations can + ignore private (RFC 1918 style) IP addresses when received in PASV responses. + To consider for libcurl as well. See https://github.com/curl/curl/issues/1455 5. HTTP @@ -530,13 +520,7 @@ Consider a way to tell curl to refuse to "downgrade" protocol with a redirect and/or possibly a bit that refuses redirect to change protocol completely. -5.7 Brotli compression - - Brotli compression performs better than gzip and is being implemented by - browsers and servers widely. The algorithm: https://github.com/google/brotli - The Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=366559 - -5.8 QUIC +5.7 QUIC The standardization process of QUIC has been taken to the IETF and can be followed on the [IETF QUIC Mailing @@ -546,29 +530,13 @@ implemented. This, to allow other projects to benefit from the work and to thus broaden the interest and chance of others to participate. -5.9 Improve formpost API - - Revamp the formpost API and making something that is easier to use and - understand: - - https://github.com/curl/curl/wiki/formpost-API-redesigned - -5.10 Leave secure cookies alone +5.8 Leave secure cookies alone Non-secure origins (HTTP sites) should not be allowed to set or modify cookies with the 'secure' property: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01 -5.11 Chunked transfer multipart formpost - - For a case where the file is being made during the upload is progressing - (like passed on stdin to the curl tool), we cannot know the size before-hand - and we rather not read the entire thing into memory before it can start the - upload. - - https://github.com/curl/curl/issues/1139 - 6. TELNET @@ -911,20 +879,6 @@ Using the multi interface would also allow properly using parallel transfers with HTTP/2 and supporting HTTP/2 server push from the command line. -18.5 provide formpost headers - - Extending the capabilities of the multipart formposting. How about leaving - the ';type=foo' syntax as it is and adding an extra tag (headers) which - works like this: curl -F "coolfiles=@fil1.txt;headers=@fil1.hdr" where - fil1.hdr contains extra headers like - - Content-Type: text/plain; charset=KOI8-R" - Content-Transfer-Encoding: base64 - X-User-Comment: Please don't use browser specific HTML code - - which should overwrite the program reasonable defaults (plain/text, - 8bit...) - 18.6 warning when setting an option Display a warning when libcurl returns an error when setting an option. diff -Nru curl-7.55.1/include/curl/curl.h curl-7.57.0/include/curl/curl.h --- curl-7.55.1/include/curl/curl.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/include/curl/curl.h 2017-11-27 12:50:52.000000000 +0000 @@ -74,6 +74,7 @@ #if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \ defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \ defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \ + defined(__CYGWIN__) || \ (defined(__FreeBSD_version) && (__FreeBSD_version < 800000)) #include #endif @@ -132,6 +133,27 @@ #define curl_socket_typedef #endif /* curl_socket_typedef */ +/* enum for the different supported SSL backends */ +typedef enum { + CURLSSLBACKEND_NONE = 0, + CURLSSLBACKEND_OPENSSL = 1, + CURLSSLBACKEND_GNUTLS = 2, + CURLSSLBACKEND_NSS = 3, + CURLSSLBACKEND_OBSOLETE4 = 4, /* Was QSOSSL. */ + CURLSSLBACKEND_GSKIT = 5, + CURLSSLBACKEND_POLARSSL = 6, + CURLSSLBACKEND_WOLFSSL = 7, + CURLSSLBACKEND_SCHANNEL = 8, + CURLSSLBACKEND_DARWINSSL = 9, + CURLSSLBACKEND_AXTLS = 10, + CURLSSLBACKEND_MBEDTLS = 11 +} curl_sslbackend; + +/* aliases for library clones and renames */ +#define CURLSSLBACKEND_LIBRESSL CURLSSLBACKEND_OPENSSL +#define CURLSSLBACKEND_BORINGSSL CURLSSLBACKEND_OPENSSL +#define CURLSSLBACKEND_CYASSL CURLSSLBACKEND_WOLFSSL + struct curl_httppost { struct curl_httppost *next; /* next entry in the list */ char *name; /* pointer to allocated name */ @@ -335,7 +357,7 @@ size_t nitems, void *instream); -typedef enum { +typedef enum { CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */ CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */ CURLSOCKTYPE_LAST /* never use */ @@ -377,7 +399,7 @@ CURLIOE_LAST /* never use */ } curlioerr; -typedef enum { +typedef enum { CURLIOCMD_NOP, /* no operation */ CURLIOCMD_RESTARTREAD, /* restart the read stream from start */ CURLIOCMD_LAST /* never use */ @@ -1788,6 +1810,12 @@ /* bitmask of allowed auth methods for connections to SOCKS5 proxies */ CINIT(SOCKS5_AUTH, LONG, 267), + /* Enable/disable SSH compression */ + CINIT(SSH_COMPRESSION, LONG, 268), + + /* Post MIME data. */ + CINIT(MIMEPOST, OBJECTPOINT, 269), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; @@ -1934,15 +1962,140 @@ CURL_TIMECOND_LAST } curl_TimeCond; +/* Special size_t value signaling a zero-terminated string. */ +#define CURL_ZERO_TERMINATED ((size_t) -1) /* curl_strequal() and curl_strnequal() are subject for removal in a future - libcurl, see lib/README.curlx for details + release */ +CURL_EXTERN int curl_strequal(const char *s1, const char *s2); +CURL_EXTERN int curl_strnequal(const char *s1, const char *s2, size_t n); + +/* Mime/form handling support. */ +typedef struct curl_mime_s curl_mime; /* Mime context. */ +typedef struct curl_mimepart_s curl_mimepart; /* Mime part context. */ + +/* + * NAME curl_mime_init() + * + * DESCRIPTION + * + * Create a mime context and return its handle. The easy parameter is the + * target handle. + */ +CURL_EXTERN curl_mime *curl_mime_init(CURL *easy); + +/* + * NAME curl_mime_free() + * + * DESCRIPTION + * + * release a mime handle and its substructures. + */ +CURL_EXTERN void curl_mime_free(curl_mime *mime); + +/* + * NAME curl_mime_addpart() + * + * DESCRIPTION + * + * Append a new empty part to the given mime context and return a handle to + * the created part. + */ +CURL_EXTERN curl_mimepart *curl_mime_addpart(curl_mime *mime); + +/* + * NAME curl_mime_name() + * + * DESCRIPTION + * + * Set mime/form part name. + */ +CURL_EXTERN CURLcode curl_mime_name(curl_mimepart *part, const char *name); + +/* + * NAME curl_mime_filename() + * + * DESCRIPTION + * + * Set mime part remote file name. + */ +CURL_EXTERN CURLcode curl_mime_filename(curl_mimepart *part, + const char *filename); + +/* + * NAME curl_mime_type() + * + * DESCRIPTION + * + * Set mime part type. + */ +CURL_EXTERN CURLcode curl_mime_type(curl_mimepart *part, const char *mimetype); + +/* + * NAME curl_mime_encoder() + * + * DESCRIPTION + * + * Set mime data transfer encoder. + */ +CURL_EXTERN CURLcode curl_mime_encoder(curl_mimepart *part, + const char *encoding); + +/* + * NAME curl_mime_data() + * + * DESCRIPTION + * + * Set mime part data source from memory data, + */ +CURL_EXTERN CURLcode curl_mime_data(curl_mimepart *part, + const char *data, size_t datasize); - !checksrc! disable SPACEBEFOREPAREN 2 -*/ -CURL_EXTERN int (curl_strequal)(const char *s1, const char *s2); -CURL_EXTERN int (curl_strnequal)(const char *s1, const char *s2, size_t n); +/* + * NAME curl_mime_filedata() + * + * DESCRIPTION + * + * Set mime part data source from named file. + */ +CURL_EXTERN CURLcode curl_mime_filedata(curl_mimepart *part, + const char *filename); +/* + * NAME curl_mime_data_cb() + * + * DESCRIPTION + * + * Set mime part data source from callback function. + */ +CURL_EXTERN CURLcode curl_mime_data_cb(curl_mimepart *part, + curl_off_t datasize, + curl_read_callback readfunc, + curl_seek_callback seekfunc, + curl_free_callback freefunc, + void *arg); + +/* + * NAME curl_mime_subparts() + * + * DESCRIPTION + * + * Set mime part data source from subparts. + */ +CURL_EXTERN CURLcode curl_mime_subparts(curl_mimepart *part, + curl_mime *subparts); +/* + * NAME curl_mime_headers() + * + * DESCRIPTION + * + * Set mime part headers. + */ +CURL_EXTERN CURLcode curl_mime_headers(curl_mimepart *part, + struct curl_slist *headers, + int take_ownership); + +/* Old form API. */ /* name is uppercase CURLFORM_ */ #ifdef CFINIT #undef CFINIT @@ -2185,6 +2338,47 @@ }; /* + * NAME curl_global_sslset() + * + * DESCRIPTION + * + * When built with multiple SSL backends, curl_global_sslset() allows to + * choose one. This function can only be called once, and it must be called + * *before* curl_global_init(). + * + * The backend can be identified by the id (e.g. CURLSSLBACKEND_OPENSSL). The + * backend can also be specified via the name parameter (passing -1 as id). + * If both id and name are specified, the name will be ignored. If neither id + * nor name are specified, the function will fail with + * CURLSSLSET_UNKNOWN_BACKEND and set the "avail" pointer to the + * NULL-terminated list of available backends. + * + * Upon success, the function returns CURLSSLSET_OK. + * + * If the specified SSL backend is not available, the function returns + * CURLSSLSET_UNKNOWN_BACKEND and sets the "avail" pointer to a NULL-terminated + * list of available SSL backends. + * + * The SSL backend can be set only once. If it has already been set, a + * subsequent attempt to change it will result in a CURLSSLSET_TOO_LATE. + */ + +typedef struct { + curl_sslbackend id; + const char *name; +} curl_ssl_backend; + +typedef enum { + CURLSSLSET_OK = 0, + CURLSSLSET_UNKNOWN_BACKEND, + CURLSSLSET_TOO_LATE, + CURLSSLSET_NO_BACKENDS /* libcurl was built without any SSL support */ +} CURLsslset; + +CURL_EXTERN CURLsslset curl_global_sslset(curl_sslbackend id, const char *name, + const curl_ssl_backend ***avail); + +/* * NAME curl_slist_append() * * DESCRIPTION @@ -2224,27 +2418,6 @@ format "name: value" */ }; -/* enum for the different supported SSL backends */ -typedef enum { - CURLSSLBACKEND_NONE = 0, - CURLSSLBACKEND_OPENSSL = 1, - CURLSSLBACKEND_GNUTLS = 2, - CURLSSLBACKEND_NSS = 3, - CURLSSLBACKEND_OBSOLETE4 = 4, /* Was QSOSSL. */ - CURLSSLBACKEND_GSKIT = 5, - CURLSSLBACKEND_POLARSSL = 6, - CURLSSLBACKEND_CYASSL = 7, - CURLSSLBACKEND_SCHANNEL = 8, - CURLSSLBACKEND_DARWINSSL = 9, - CURLSSLBACKEND_AXTLS = 10, - CURLSSLBACKEND_MBEDTLS = 11 -} curl_sslbackend; - -/* aliases for library clones and renames */ -#define CURLSSLBACKEND_LIBRESSL 1 -#define CURLSSLBACKEND_BORINGSSL 1 -#define CURLSSLBACKEND_WOLFSSL 6 - /* Information about the SSL library used and the respective internal SSL handle, which can be used to obtain further information regarding the connection. Asked for with CURLINFO_TLS_SSL_PTR or CURLINFO_TLS_SESSION. */ @@ -2341,7 +2514,7 @@ CURLCLOSEPOLICY_LAST /* last, never use this */ } curl_closepolicy; -#define CURL_GLOBAL_SSL (1<<0) +#define CURL_GLOBAL_SSL (1<<0) /* no purpose since since 7.57.0 */ #define CURL_GLOBAL_WIN32 (1<<1) #define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32) #define CURL_GLOBAL_NOTHING 0 @@ -2419,6 +2592,7 @@ CURLVERSION_SECOND, CURLVERSION_THIRD, CURLVERSION_FOURTH, + CURLVERSION_FIFTH, CURLVERSION_LAST /* never actually use this */ } CURLversion; @@ -2427,7 +2601,7 @@ meant to be a built-in version number for what kind of struct the caller expects. If the struct ever changes, we redefine the NOW to another enum from above. */ -#define CURLVERSION_NOW CURLVERSION_FOURTH +#define CURLVERSION_NOW CURLVERSION_FIFTH typedef struct { CURLversion age; /* age of the returned struct */ @@ -2455,6 +2629,12 @@ const char *libssh_version; /* human readable string */ + /* These fields were added in CURLVERSION_FIFTH */ + + unsigned int brotli_ver_num; /* Numeric Brotli version + (MAJOR << 24) | (MINOR << 12) | PATCH */ + const char *brotli_version; /* human readable string. */ + } curl_version_info_data; #define CURL_VERSION_IPV6 (1<<0) /* IPv6-enabled */ @@ -2484,6 +2664,8 @@ #define CURL_VERSION_PSL (1<<20) /* Mozilla's Public Suffix List, used for cookie domain verification */ #define CURL_VERSION_HTTPS_PROXY (1<<21) /* HTTPS-proxy support built-in */ +#define CURL_VERSION_MULTI_SSL (1<<22) /* Multiple SSL backends available */ +#define CURL_VERSION_BROTLI (1<<23) /* Brotli features are present. */ /* * NAME curl_version_info() diff -Nru curl-7.55.1/include/curl/curlver.h curl-7.57.0/include/curl/curlver.h --- curl-7.55.1/include/curl/curlver.h 2017-08-14 06:04:49.000000000 +0000 +++ curl-7.57.0/include/curl/curlver.h 2017-11-29 09:28:45.000000000 +0000 @@ -30,13 +30,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.55.1" +#define LIBCURL_VERSION "7.57.0" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 55 -#define LIBCURL_VERSION_PATCH 1 +#define LIBCURL_VERSION_MINOR 57 +#define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparions by programs. The LIBCURL_VERSION_NUM define will @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x073701 +#define LIBCURL_VERSION_NUM 0x073900 /* * This is the date and time when the full source package was created. The @@ -68,7 +68,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2017-08-14" +#define LIBCURL_TIMESTAMP "2017-11-29" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff -Nru curl-7.55.1/include/curl/Makefile.in curl-7.57.0/include/curl/Makefile.in --- curl-7.55.1/include/curl/Makefile.in 2017-08-13 16:22:16.000000000 +0000 +++ curl-7.57.0/include/curl/Makefile.in 2017-11-28 15:13:57.000000000 +0000 @@ -230,7 +230,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -247,6 +249,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/include/curl/multi.h curl-7.57.0/include/curl/multi.h --- curl-7.55.1/include/curl/multi.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/include/curl/multi.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff -Nru curl-7.55.1/include/curl/system.h curl-7.57.0/include/curl/system.h --- curl-7.55.1/include/curl/system.h 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/include/curl/system.h 2017-11-09 22:40:36.000000000 +0000 @@ -52,226 +52,171 @@ #if defined(__DJGPP__) || defined(__GO32__) # if defined(__DJGPP__) && (__DJGPP__ > 1) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # else -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # endif # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__SALFORDC__) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__BORLANDC__) # if (__BORLANDC__ < 0x520) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # else -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T __int64 # define CURL_FORMAT_CURL_OFF_T "I64d" # define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T i64 # define CURL_SUFFIX_CURL_OFF_TU ui64 # endif # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__TURBOC__) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__WATCOMC__) # if defined(__386__) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T __int64 # define CURL_FORMAT_CURL_OFF_T "I64d" # define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T i64 # define CURL_SUFFIX_CURL_OFF_TU ui64 # else -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # endif # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__POCC__) # if (__POCC__ < 280) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # elif defined(_MSC_VER) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T __int64 # define CURL_FORMAT_CURL_OFF_T "I64d" # define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T i64 # define CURL_SUFFIX_CURL_OFF_TU ui64 # else -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # endif # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__LCC__) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__SYMBIAN32__) # if defined(__EABI__) /* Treat all ARM compilers equally */ -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # elif defined(__CW32__) # pragma longlong on -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # elif defined(__VC32__) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T __int64 # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # endif # define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__MWERKS__) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(_WIN32_WCE) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T __int64 # define CURL_FORMAT_CURL_OFF_T "I64d" # define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T i64 # define CURL_SUFFIX_CURL_OFF_TU ui64 # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__MINGW32__) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "I64d" # define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 # define CURL_PULL_SYS_TYPES_H 1 # define CURL_PULL_WS2TCPIP_H 1 #elif defined(__VMS) # if defined(__VAX) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # else -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # endif # define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__OS400__) # if defined(__ILEC400__) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 # define CURL_PULL_SYS_TYPES_H 1 # define CURL_PULL_SYS_SOCKET_H 1 # endif @@ -279,34 +224,28 @@ #elif defined(__MVS__) # if defined(__IBMC__) || defined(__IBMCPP__) # if defined(_ILP32) -# define CURL_SIZEOF_LONG 4 # elif defined(_LP64) -# define CURL_SIZEOF_LONG 8 # endif # if defined(_LONG_LONG) # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # elif defined(_LP64) # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # else # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # endif # define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 # define CURL_PULL_SYS_TYPES_H 1 # define CURL_PULL_SYS_SOCKET_H 1 # endif @@ -314,56 +253,45 @@ #elif defined(__370__) # if defined(__IBMC__) || defined(__IBMCPP__) # if defined(_ILP32) -# define CURL_SIZEOF_LONG 4 # elif defined(_LP64) -# define CURL_SIZEOF_LONG 8 # endif # if defined(_LONG_LONG) # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # elif defined(_LP64) # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # else # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # endif # define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 # define CURL_PULL_SYS_TYPES_H 1 # define CURL_PULL_SYS_SOCKET_H 1 # endif #elif defined(TPF) -# define CURL_SIZEOF_LONG 8 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 #elif defined(__TINYC__) /* also known as tcc */ -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t @@ -373,25 +301,20 @@ #elif defined(__SUNPRO_C) /* Oracle Solaris Studio */ # if !defined(__LP64) && (defined(__ILP32) || \ defined(__i386) || defined(__sparcv8)) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # elif defined(__LP64) || \ defined(__amd64) || defined(__sparcv9) -# define CURL_SIZEOF_LONG 8 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # endif # define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 # define CURL_PULL_SYS_TYPES_H 1 # define CURL_PULL_SYS_SOCKET_H 1 @@ -401,62 +324,51 @@ #elif defined(_MSC_VER) # if (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64) -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T __int64 # define CURL_FORMAT_CURL_OFF_T "I64d" # define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T i64 # define CURL_SUFFIX_CURL_OFF_TU ui64 # else -# define CURL_SIZEOF_LONG 4 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # endif # define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 /* ===================================== */ /* KEEP GENERIC GCC THE LAST ENTRY */ /* ===================================== */ #elif defined(__GNUC__) -# if !defined(__LP64__) && (defined(__ILP32__) || \ - defined(__i386__) || defined(__powerpc__) || defined(__arm__) || \ - defined(__sparc__) || defined(__mips__) || defined(__sh__) || \ - defined(__XTENSA__) || (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 4)) -# define CURL_SIZEOF_LONG 4 +# if !defined(__LP64__) && \ + (defined(__ILP32__) || defined(__i386__) || defined(__hppa__) || \ + defined(__ppc__) || defined(__powerpc__) || defined(__arm__) || \ + defined(__sparc__) || defined(__mips__) || defined(__sh__) || \ + defined(__XTENSA__) || \ + (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 4)) # define CURL_TYPEOF_CURL_OFF_T long long # define CURL_FORMAT_CURL_OFF_T "lld" # define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL # elif defined(__LP64__) || \ defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__) || \ (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 8) -# define CURL_SIZEOF_LONG 8 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SIZEOF_CURL_OFF_T 8 # define CURL_SUFFIX_CURL_OFF_T L # define CURL_SUFFIX_CURL_OFF_TU UL # endif # define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 # define CURL_PULL_SYS_TYPES_H 1 # define CURL_PULL_SYS_SOCKET_H 1 #else /* generic "safe guess" on old 32 bit style */ -# define CURL_SIZEOF_LONG 4 -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 -# define CURL_SIZEOF_CURL_OFF_T 4 # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" @@ -465,6 +377,12 @@ # define CURL_TYPEOF_CURL_SOCKLEN_T int #endif +#ifdef _AIX +/* AIX needs */ +#define CURL_PULL_SYS_POLL_H +#endif + + /* CURL_PULL_WS2TCPIP_H is defined above when inclusion of header file */ /* ws2tcpip.h is required here to properly make type definitions below. */ #ifdef CURL_PULL_WS2TCPIP_H @@ -485,6 +403,12 @@ # include #endif +/* CURL_PULL_SYS_POLL_H is defined above when inclusion of header file */ +/* sys/poll.h is required here to properly make type definitions below. */ +#ifdef CURL_PULL_SYS_POLL_H +# include +#endif + /* Data type definition of curl_socklen_t. */ #ifdef CURL_TYPEOF_CURL_SOCKLEN_T typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t; diff -Nru curl-7.55.1/include/curl/typecheck-gcc.h curl-7.57.0/include/curl/typecheck-gcc.h --- curl-7.55.1/include/curl/typecheck-gcc.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/include/curl/typecheck-gcc.h 2017-11-09 22:40:36.000000000 +0000 @@ -96,6 +96,9 @@ if((_curl_opt) == CURLOPT_HTTPPOST) \ if(!_curl_is_arr((value), struct curl_httppost)) \ _curl_easy_setopt_err_curl_httpost(); \ + if((_curl_opt) == CURLOPT_MIMEPOST) \ + if(!_curl_is_ptr((value), curl_mime)) \ + _curl_easy_setopt_err_curl_mimepost(); \ if(_curl_is_slist_option(_curl_opt)) \ if(!_curl_is_arr((value), struct curl_slist)) \ _curl_easy_setopt_err_curl_slist(); \ @@ -200,6 +203,9 @@ _CURL_WARNING(_curl_easy_setopt_err_curl_httpost, "curl_easy_setopt expects a 'struct curl_httppost *' " "argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_curl_mimepost, + "curl_easy_setopt expects a 'curl_mime *' " + "argument for this option") _CURL_WARNING(_curl_easy_setopt_err_curl_slist, "curl_easy_setopt expects a 'struct curl_slist *' argument for this option") _CURL_WARNING(_curl_easy_setopt_err_CURLSH, diff -Nru curl-7.55.1/include/Makefile.in curl-7.57.0/include/Makefile.in --- curl-7.55.1/include/Makefile.in 2017-08-13 16:22:16.000000000 +0000 +++ curl-7.57.0/include/Makefile.in 2017-11-28 15:13:57.000000000 +0000 @@ -243,7 +243,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -260,6 +262,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/include/README curl-7.57.0/include/README --- curl-7.55.1/include/README 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/include/README 2017-11-09 22:40:36.000000000 +0000 @@ -30,4 +30,4 @@ To figure out how to do good and portable checks for features, operating systems or specific hardwarare, a very good resource is Bjorn Reese's -collection at http://predef.sf.net/ +collection at https://sourceforge.net/p/predef/wiki/ diff -Nru curl-7.55.1/lib/asyn-ares.c curl-7.57.0/lib/asyn-ares.c --- curl-7.55.1/lib/asyn-ares.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/asyn-ares.c 2017-11-26 13:19:01.000000000 +0000 @@ -22,6 +22,14 @@ #include "curl_setup.h" +/*********************************************************************** + * Only for ares-enabled builds + * And only for functions that fulfill the asynch resolver backend API + * as defined in asyn.h, nothing else belongs in this file! + **********************************************************************/ + +#ifdef CURLRES_ARES + #ifdef HAVE_LIMITS_H #include #endif @@ -48,14 +56,6 @@ #define in_addr_t unsigned long #endif -/*********************************************************************** - * Only for ares-enabled builds - * And only for functions that fulfill the asynch resolver backend API - * as defined in asyn.h, nothing else belongs in this file! - **********************************************************************/ - -#ifdef CURLRES_ARES - #include "urldata.h" #include "sendf.h" #include "hostip.h" @@ -260,7 +260,7 @@ bitmask = ares_getsock((ares_channel)data->state.resolver, socks, ARES_GETSOCK_MAXNUM); - for(i=0; i < ARES_GETSOCK_MAXNUM; i++) { + for(i = 0; i < ARES_GETSOCK_MAXNUM; i++) { pfd[i].events = 0; pfd[i].revents = 0; if(ARES_GETSOCK_READABLE(bitmask, i)) { @@ -289,7 +289,7 @@ ARES_SOCKET_BAD); else { /* move through the descriptors and ask for processing on them */ - for(i=0; i < num; i++) + for(i = 0; i < num; i++) ares_process_fd((ares_channel)data->state.resolver, pfd[i].revents & (POLLRDNORM|POLLIN)? pfd[i].fd:ARES_SOCKET_BAD, @@ -354,8 +354,8 @@ { CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; - long timeout; - struct curltime now = Curl_tvnow(); + timediff_t timeout; + struct curltime now = Curl_now(); struct Curl_dns_entry *temp_entry; if(entry) @@ -400,8 +400,8 @@ if(Curl_pgrsUpdate(conn)) result = CURLE_ABORTED_BY_CALLBACK; else { - struct curltime now2 = Curl_tvnow(); - time_t timediff = Curl_tvdiff(now2, now); /* spent time */ + struct curltime now2 = Curl_now(); + timediff_t timediff = Curl_timediff(now2, now); /* spent time */ if(timediff <= 0) timeout -= 1; /* always deduct at least 1 */ else if(timediff > timeout) diff -Nru curl-7.55.1/lib/asyn-thread.c curl-7.57.0/lib/asyn-thread.c --- curl-7.55.1/lib/asyn-thread.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/asyn-thread.c 2017-11-26 13:19:01.000000000 +0000 @@ -210,6 +210,10 @@ tsd->td = td; tsd->port = port; + /* Treat the request as done until the thread actually starts so any early + * cleanup gets done properly. + */ + tsd->done = 1; #ifdef HAVE_GETADDRINFO DEBUGASSERT(hints); tsd->hints = *hints; @@ -380,11 +384,11 @@ const struct addrinfo *hints) { struct thread_data *td = calloc(1, sizeof(struct thread_data)); - int err = RESOLVER_ENOMEM; + int err = ENOMEM; conn->async.os_specific = (void *)td; if(!td) - goto err_exit; + goto errno_exit; conn->async.port = port; conn->async.done = FALSE; @@ -392,14 +396,20 @@ conn->async.dns = NULL; td->thread_hnd = curl_thread_t_null; - if(!init_thread_sync_data(td, hostname, port, hints)) - goto err_exit; + if(!init_thread_sync_data(td, hostname, port, hints)) { + conn->async.os_specific = NULL; + free(td); + goto errno_exit; + } free(conn->async.hostname); conn->async.hostname = strdup(hostname); if(!conn->async.hostname) goto err_exit; + /* The thread will set this to 1 when complete. */ + td->tsd.done = 0; + #ifdef HAVE_GETADDRINFO td->thread_hnd = Curl_thread_create(getaddrinfo_thread, &td->tsd); #else @@ -407,6 +417,8 @@ #endif if(!td->thread_hnd) { + /* The thread never started, so mark it as done here for proper cleanup. */ + td->tsd.done = 1; err = errno; goto err_exit; } @@ -416,6 +428,7 @@ err_exit: destroy_async_data(&conn->async); + errno_exit: errno = err; return FALSE; } @@ -522,7 +535,8 @@ } else { /* poll for name lookup done with exponential backoff up to 250ms */ - time_t elapsed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle); + timediff_t elapsed = Curl_timediff(Curl_now(), + data->progress.t_startsingle); if(elapsed < 0) elapsed = 0; diff -Nru curl-7.55.1/lib/checksrc.pl curl-7.57.0/lib/checksrc.pl --- curl-7.55.1/lib/checksrc.pl 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/checksrc.pl 2017-11-09 22:40:36.000000000 +0000 @@ -58,7 +58,11 @@ 'OPENCOMMENT' => 'file ended with a /* comment still "open"', 'ASTERISKSPACE' => 'pointer declared with space after asterisk', 'ASTERISKNOSPACE' => 'pointer declared without space before asterisk', - 'ASSIGNWITHINCONDITION' => 'assignment within conditional expression' + 'ASSIGNWITHINCONDITION' => 'assignment within conditional expression', + 'EQUALSNOSPACE' => 'equals sign without following space', + 'NOSPACEEQUALS' => 'equals sign without preceeding space', + 'SEMINOSPACE' => 'semicolon without following space', + 'MULTISPACE' => 'multiple spaces used when not suitable', ); sub readwhitelist { @@ -345,6 +349,9 @@ elsif($3 eq "return") { # return must have a space } + elsif($3 eq "case") { + # case must have a space + } elsif($4 eq "*") { # (* beginning makes the space OK! } @@ -523,6 +530,52 @@ "wrongly placed open brace"); } } + + # check for equals sign without spaces next to it + if($nostr =~ /(.*)\=[a-z0-9]/i) { + checkwarn("EQUALSNOSPACE", + $line, length($1)+1, $file, $ol, + "no space after equals sign"); + } + # check for equals sign without spaces before it + elsif($nostr =~ /(.*)[a-z0-9]\=/i) { + checkwarn("NOSPACEEQUALS", + $line, length($1)+1, $file, $ol, + "no space before equals sign"); + } + + # check for plus signs without spaces next to it + if($nostr =~ /(.*)[^+]\+[a-z0-9]/i) { + checkwarn("PLUSNOSPACE", + $line, length($1)+1, $file, $ol, + "no space after plus sign"); + } + # check for plus sign without spaces before it + elsif($nostr =~ /(.*)[a-z0-9]\+[^+]/i) { + checkwarn("NOSPACEPLUS", + $line, length($1)+1, $file, $ol, + "no space before plus sign"); + } + + # check for semicolons without space next to it + if($nostr =~ /(.*)\;[a-z0-9]/i) { + checkwarn("SEMINOSPACE", + $line, length($1)+1, $file, $ol, + "no space after semilcolon"); + } + + # check for more than one consecutive space before open brace or + # question mark. Skip lines containing strings since they make it hard + # due to artificially getting multiple spaces + if(($l eq $nostr) && + $nostr =~ /^(.*(\S)) + [{?]/i) { + checkwarn("MULTISPACE", + $line, length($1)+1, $file, $ol, + "multiple space"); + print STDERR "L: $l\n"; + print STDERR "nostr: $nostr\n"; + } + $line++; $prevl = $ol; } diff -Nru curl-7.55.1/lib/CMakeLists.txt curl-7.57.0/lib/CMakeLists.txt --- curl-7.55.1/lib/CMakeLists.txt 2017-08-12 13:00:31.000000000 +0000 +++ curl-7.57.0/lib/CMakeLists.txt 2017-11-26 13:19:01.000000000 +0000 @@ -108,7 +108,24 @@ endif() endif() +target_include_directories(${LIB_NAME} INTERFACE + $) + install(TARGETS ${LIB_NAME} + EXPORT libcurl-target ARCHIVE DESTINATION lib LIBRARY DESTINATION lib - RUNTIME DESTINATION bin) + RUNTIME DESTINATION bin +) + +export(TARGETS ${LIB_NAME} + APPEND FILE ${PROJECT_BINARY_DIR}/libcurl-target.cmake + NAMESPACE CURL:: +) + +install(EXPORT libcurl-target + FILE libcurl-target.cmake + NAMESPACE CURL:: + DESTINATION ${CURL_INSTALL_CMAKE_DIR} +) + diff -Nru curl-7.55.1/lib/config-dos.h curl-7.57.0/lib/config-dos.h --- curl-7.55.1/lib/config-dos.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/config-dos.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,8 +40,10 @@ #define PACKAGE "curl" #define HAVE_ARPA_INET_H 1 +#define HAVE_ASSERT_H 1 #define HAVE_ERRNO_H 1 #define HAVE_FCNTL_H 1 +#define HAVE_FREEADDRINFO 1 #define HAVE_GETADDRINFO 1 #define HAVE_GETNAMEINFO 1 #define HAVE_GETPROTOBYNAME 1 @@ -85,9 +87,11 @@ #define RETSIGTYPE void #define SIZEOF_INT 4 +#define SIZEOF_LONG 4 #define SIZEOF_LONG_DOUBLE 16 #define SIZEOF_SHORT 2 #define SIZEOF_SIZE_T 4 +#define SIZEOF_CURL_OFF_T 4 #define STDC_HEADERS 1 #define TIME_WITH_SYS_TIME 1 diff -Nru curl-7.55.1/lib/config-os400.h curl-7.57.0/lib/config-os400.h --- curl-7.55.1/lib/config-os400.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/config-os400.h 2017-11-10 16:47:30.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -403,8 +403,14 @@ /* The size of `short', as computed by sizeof. */ #define SIZEOF_SHORT 2 +/* The size of `long', as computed by sizeof. */ +#define SIZEOF_LONG 4 + /* The size of `size_t', as computed by sizeof. */ -#define SIZEOF_SIZE_T 8 +#define SIZEOF_SIZE_T 4 + +/* The size of `curl_off_t', as computed by sizeof. */ +#define SIZEOF_CURL_OFF_T 8 /* Whether long long constants must be suffixed by LL. */ diff -Nru curl-7.55.1/lib/config-tpf.h curl-7.57.0/lib/config-tpf.h --- curl-7.55.1/lib/config-tpf.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/config-tpf.h 2017-11-09 22:40:36.000000000 +0000 @@ -618,6 +618,9 @@ /* The size of `short', as computed by sizeof. */ #define SIZEOF_SHORT 2 +/* Define to the size of `long', as computed by sizeof. */ +#define SIZEOF_LONG 8 + /* The size of `size_t', as computed by sizeof. */ #define SIZEOF_SIZE_T 8 diff -Nru curl-7.55.1/lib/config-win32ce.h curl-7.57.0/lib/config-win32ce.h --- curl-7.55.1/lib/config-win32ce.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/config-win32ce.h 2017-11-09 22:40:36.000000000 +0000 @@ -346,6 +346,9 @@ /* The size of `short', as computed by sizeof. */ #define SIZEOF_SHORT 2 +/* Define to the size of `long', as computed by sizeof. */ +#define SIZEOF_LONG 4 + /* The size of `size_t', as computed by sizeof. */ #if defined(_WIN64) # define SIZEOF_SIZE_T 8 diff -Nru curl-7.55.1/lib/config-win32.h curl-7.57.0/lib/config-win32.h --- curl-7.55.1/lib/config-win32.h 2017-08-12 14:37:48.000000000 +0000 +++ curl-7.57.0/lib/config-win32.h 2017-11-10 16:47:30.000000000 +0000 @@ -399,6 +399,9 @@ /* Define to the size of `short', as computed by sizeof. */ #define SIZEOF_SHORT 2 +/* Define to the size of `long', as computed by sizeof. */ +#define SIZEOF_LONG 4 + /* Define to the size of `size_t', as computed by sizeof. */ #if defined(_WIN64) # define SIZEOF_SIZE_T 8 @@ -406,6 +409,9 @@ # define SIZEOF_SIZE_T 4 #endif +/* Define to the size of `curl_off_t', as computed by sizeof. */ +#define SIZEOF_CURL_OFF_T 8 + /* ---------------------------------------------------------------- */ /* BSD-style lwIP TCP/IP stack SPECIFIC */ /* ---------------------------------------------------------------- */ @@ -703,9 +709,7 @@ #endif /* Define to use the Windows crypto library. */ -#if !defined(USE_OPENSSL) && !defined(USE_NSS) #define USE_WIN32_CRYPTO -#endif /* ---------------------------------------------------------------- */ /* ADDITIONAL DEFINITIONS */ diff -Nru curl-7.55.1/lib/conncache.c curl-7.57.0/lib/conncache.c --- curl-7.55.1/lib/conncache.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/conncache.c 2017-11-26 13:19:01.000000000 +0000 @@ -31,11 +31,21 @@ #include "multiif.h" #include "sendf.h" #include "conncache.h" +#include "share.h" +#include "sigpipe.h" +#include "connect.h" + /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" +#define CONN_LOCK(x) if((x)->share) \ + Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE) +#define CONN_UNLOCK(x) if((x)->share) \ + Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT) + + static void conn_llist_dtor(void *user, void *element) { struct connectdata *data = element; @@ -109,8 +119,23 @@ int Curl_conncache_init(struct conncache *connc, int size) { - return Curl_hash_init(&connc->hash, size, Curl_hash_str, - Curl_str_key_compare, free_bundle_hash_entry); + int rc; + + /* allocate a new easy handle to use when closing cached connections */ + connc->closure_handle = curl_easy_init(); + if(!connc->closure_handle) + return 1; /* bad */ + + rc = Curl_hash_init(&connc->hash, size, Curl_hash_str, + Curl_str_key_compare, free_bundle_hash_entry); + if(rc) { + Curl_close(connc->closure_handle); + connc->closure_handle = NULL; + } + else + connc->closure_handle->state.conn_cache = connc; + + return rc; } void Curl_conncache_destroy(struct conncache *connc) @@ -149,7 +174,9 @@ if(connc) { char key[128]; hashkey(conn, key, sizeof(key)); + CONN_LOCK(conn->data); bundle = Curl_hash_pick(&connc->hash, key, strlen(key)); + CONN_UNLOCK(conn->data); } return bundle; @@ -206,7 +233,9 @@ return result; hashkey(conn, key, sizeof(key)); + CONN_LOCK(data); rc = conncache_add_bundle(data->state.conn_cache, key, new_bundle); + CONN_UNLOCK(data); if(!rc) { bundle_destroy(new_bundle); @@ -215,12 +244,15 @@ bundle = new_bundle; } + CONN_LOCK(data); result = bundle_add_conn(bundle, conn); if(result) { if(new_bundle) conncache_remove_bundle(data->state.conn_cache, new_bundle); + CONN_UNLOCK(data); return result; } + CONN_UNLOCK(data); conn->connection_id = connc->next_connection_id++; connc->num_connections++; @@ -240,11 +272,11 @@ /* The bundle pointer can be NULL, since this function can be called due to a failed connection attempt, before being added to a bundle */ if(bundle) { + CONN_LOCK(conn->data); bundle_remove_conn(bundle, conn); - if(bundle->num_connections == 0) { + if(bundle->num_connections == 0) conncache_remove_bundle(connc, bundle); - } - + CONN_UNLOCK(conn->data); if(connc) { connc->num_connections--; @@ -261,7 +293,8 @@ Return 0 from func() to continue the loop, return 1 to abort it. */ -void Curl_conncache_foreach(struct conncache *connc, +void Curl_conncache_foreach(struct Curl_easy *data, + struct conncache *connc, void *param, int (*func)(struct connectdata *conn, void *param)) { @@ -272,6 +305,7 @@ if(!connc) return; + CONN_LOCK(data); Curl_hash_start_iterate(&connc->hash, &iter); he = Curl_hash_next_element(&iter); @@ -288,14 +322,21 @@ struct connectdata *conn = curr->ptr; curr = curr->next; - if(1 == func(conn, param)) + if(1 == func(conn, param)) { + CONN_UNLOCK(data); return; + } } } + CONN_UNLOCK(data); } /* Return the first connection found in the cache. Used when closing all - connections */ + connections. + + NOTE: no locking is done here as this is presumably only done when cleaning + up a cache! +*/ struct connectdata * Curl_conncache_find_first_connection(struct conncache *connc) { @@ -321,6 +362,90 @@ return NULL; } +/* + * This function finds the connection in the connection + * cache that has been unused for the longest time. + * + * Returns the pointer to the oldest idle connection, or NULL if none was + * found. + */ +struct connectdata * +Curl_conncache_oldest_idle(struct Curl_easy *data) +{ + struct conncache *bc = data->state.conn_cache; + struct curl_hash_iterator iter; + struct curl_llist_element *curr; + struct curl_hash_element *he; + timediff_t highscore =- 1; + timediff_t score; + struct curltime now; + struct connectdata *conn_candidate = NULL; + struct connectbundle *bundle; + + now = Curl_now(); + + CONN_LOCK(data); + Curl_hash_start_iterate(&bc->hash, &iter); + + he = Curl_hash_next_element(&iter); + while(he) { + struct connectdata *conn; + + bundle = he->ptr; + + curr = bundle->conn_list.head; + while(curr) { + conn = curr->ptr; + + if(!conn->inuse) { + /* Set higher score for the age passed since the connection was used */ + score = Curl_timediff(now, conn->now); + + if(score > highscore) { + highscore = score; + conn_candidate = conn; + } + } + curr = curr->next; + } + + he = Curl_hash_next_element(&iter); + } + CONN_UNLOCK(data); + + return conn_candidate; +} + +void Curl_conncache_close_all_connections(struct conncache *connc) +{ + struct connectdata *conn; + + conn = Curl_conncache_find_first_connection(connc); + while(conn) { + SIGPIPE_VARIABLE(pipe_st); + conn->data = connc->closure_handle; + + sigpipe_ignore(conn->data, &pipe_st); + conn->data->easy_conn = NULL; /* clear the easy handle's connection + pointer */ + /* This will remove the connection from the cache */ + connclose(conn, "kill all"); + (void)Curl_disconnect(conn, FALSE); + sigpipe_restore(&pipe_st); + + conn = Curl_conncache_find_first_connection(connc); + } + + if(connc->closure_handle) { + SIGPIPE_VARIABLE(pipe_st); + sigpipe_ignore(connc->closure_handle, &pipe_st); + + Curl_hostcache_clean(connc->closure_handle, + connc->closure_handle->dns.hostcache); + Curl_close(connc->closure_handle); + sigpipe_restore(&pipe_st); + } +} #if 0 /* Useful for debugging the connection cache */ diff -Nru curl-7.55.1/lib/conncache.h curl-7.57.0/lib/conncache.h --- curl-7.55.1/lib/conncache.h 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/conncache.h 2017-11-26 13:19:01.000000000 +0000 @@ -28,6 +28,8 @@ size_t num_connections; long next_connection_id; struct curltime last_cleanup; + /* handle used for closing cached connections */ + struct Curl_easy *closure_handle; }; #define BUNDLE_NO_MULTIUSE -1 @@ -41,8 +43,8 @@ struct curl_llist conn_list; /* The connectdata members of the bundle */ }; +/* returns 1 on error, 0 is fine */ int Curl_conncache_init(struct conncache *, int size); - void Curl_conncache_destroy(struct conncache *connc); /* return the correct bundle, to a host or a proxy */ @@ -55,7 +57,8 @@ void Curl_conncache_remove_conn(struct conncache *connc, struct connectdata *conn); -void Curl_conncache_foreach(struct conncache *connc, +void Curl_conncache_foreach(struct Curl_easy *data, + struct conncache *connc, void *param, int (*func)(struct connectdata *conn, void *param)); @@ -63,6 +66,9 @@ struct connectdata * Curl_conncache_find_first_connection(struct conncache *connc); +struct connectdata * +Curl_conncache_oldest_idle(struct Curl_easy *data); +void Curl_conncache_close_all_connections(struct conncache *connc); void Curl_conncache_print(struct conncache *connc); #endif /* HEADER_CURL_CONNCACHE_H */ diff -Nru curl-7.55.1/lib/connect.c curl-7.57.0/lib/connect.c --- curl-7.55.1/lib/connect.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/connect.c 2017-11-27 07:50:21.000000000 +0000 @@ -28,8 +28,10 @@ #ifdef HAVE_SYS_UN_H #include /* for sockaddr_un */ #endif -#ifdef HAVE_NETINET_TCP_H -#include /* for TCP_NODELAY */ +#ifdef HAVE_LINUX_TCP_H +#include +#elif defined(HAVE_NETINET_TCP_H) +#include #endif #ifdef HAVE_SYS_IOCTL_H #include @@ -179,12 +181,12 @@ * * @unittest: 1303 */ -time_t Curl_timeleft(struct Curl_easy *data, - struct curltime *nowp, - bool duringconnect) +timediff_t Curl_timeleft(struct Curl_easy *data, + struct curltime *nowp, + bool duringconnect) { int timeout_set = 0; - time_t timeout_ms = duringconnect?DEFAULT_CONNECT_TIMEOUT:0; + timediff_t timeout_ms = duringconnect?DEFAULT_CONNECT_TIMEOUT:0; struct curltime now; /* if a timeout is set, use the most restrictive one */ @@ -218,17 +220,17 @@ } if(!nowp) { - now = Curl_tvnow(); + now = Curl_now(); nowp = &now; } /* subtract elapsed time */ if(duringconnect) /* since this most recent connect started */ - timeout_ms -= Curl_tvdiff(*nowp, data->progress.t_startsingle); + timeout_ms -= Curl_timediff(*nowp, data->progress.t_startsingle); else /* since the entire operation started */ - timeout_ms -= Curl_tvdiff(*nowp, data->progress.t_startop); + timeout_ms -= Curl_timediff(*nowp, data->progress.t_startop); if(!timeout_ms) /* avoid returning 0 as that means no timeout! */ return -1; @@ -249,7 +251,7 @@ struct sockaddr_in6 *si6 = (struct sockaddr_in6 *)&sa; #endif - struct Curl_dns_entry *h=NULL; + struct Curl_dns_entry *h = NULL; unsigned short port = data->set.localport; /* use this port number, 0 for "random" */ /* how many port numbers to try to bind to, increasing one at a time */ @@ -285,6 +287,34 @@ /* interface */ if(!is_host) { +#ifdef SO_BINDTODEVICE + /* I am not sure any other OSs than Linux that provide this feature, + * and at the least I cannot test. --Ben + * + * This feature allows one to tightly bind the local socket to a + * particular interface. This will force even requests to other + * local interfaces to go out the external interface. + * + * + * Only bind to the interface when specified as interface, not just + * as a hostname or ip address. + * + * interface might be a VRF, eg: vrf-blue, which means it cannot be + * converted to an IP address and would fail Curl_if2ip. Simply try + * to use it straight away. + */ + if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE, + dev, (curl_socklen_t)strlen(dev) + 1) == 0) { + /* This is typically "errno 1, error: Operation not permitted" if + * you're not running as root or another suitable privileged + * user. + * If it succeeds it means the parameter was a valid interface and + * not an IP address. Return immediately. + */ + return CURLE_OK; + } +#endif + switch(Curl_if2ip(af, scope, conn->scope_id, dev, myhost, sizeof(myhost))) { case IF2IP_NOT_FOUND: @@ -305,30 +335,6 @@ infof(data, "Local Interface %s is ip %s using address family %i\n", dev, myhost, af); done = 1; - -#ifdef SO_BINDTODEVICE - /* I am not sure any other OSs than Linux that provide this feature, - * and at the least I cannot test. --Ben - * - * This feature allows one to tightly bind the local socket to a - * particular interface. This will force even requests to other - * local interfaces to go out the external interface. - * - * - * Only bind to the interface when specified as interface, not just - * as a hostname or ip address. - */ - if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE, - dev, (curl_socklen_t)strlen(dev)+1) != 0) { - error = SOCKERRNO; - infof(data, "SO_BINDTODEVICE %s failed with errno %d: %s;" - " will do regular bind\n", - dev, error, Curl_strerror(conn, error)); - /* This is typically "errno 1, error: Operation not permitted" if - you're not running as root or another suitable privileged - user */ - } -#endif break; } } @@ -408,6 +414,10 @@ } if(done < 1) { + /* errorbuf is set false so failf will overwrite any message already in + the error buffer, so the user receives this error message instead of a + generic resolve error. */ + data->state.errorbuf = FALSE; failf(data, "Couldn't bind to '%s'", dev); return CURLE_INTERFACE_FAILED; } @@ -721,7 +731,7 @@ { struct Curl_easy *data = conn->data; CURLcode result = CURLE_OK; - time_t allow; + timediff_t allow; int error = 0; struct curltime now; int rc; @@ -737,7 +747,7 @@ return CURLE_OK; } - now = Curl_tvnow(); + now = Curl_now(); /* figure out how long time we have left to connect */ allow = Curl_timeleft(data, &now, TRUE); @@ -748,7 +758,7 @@ return CURLE_OPERATION_TIMEDOUT; } - for(i=0; i<2; i++) { + for(i = 0; i<2; i++) { const int other = i ^ 1; if(conn->tempsock[i] == CURL_SOCKET_BAD) continue; @@ -765,7 +775,7 @@ if(rc == 0) { /* no connection yet */ error = 0; - if(curlx_tvdiff(now, conn->connecttime) >= conn->timeoutms_per_addr) { + if(Curl_timediff(now, conn->connecttime) >= conn->timeoutms_per_addr) { infof(data, "After %ldms connect time, move on!\n", conn->timeoutms_per_addr); error = ETIMEDOUT; @@ -773,7 +783,7 @@ /* should we try another protocol family? */ if(i == 0 && conn->tempaddr[1] == NULL && - curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) { + Curl_timediff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) { trynextip(conn, sockindex, 1); } } @@ -785,6 +795,9 @@ conn->sock[sockindex] = conn->tempsock[i]; conn->ip_addr = conn->tempaddr[i]; conn->tempsock[i] = CURL_SOCKET_BAD; +#ifdef ENABLE_IPV6 + conn->bits.ipv6 = (conn->ip_addr->ai_family == AF_INET6)?TRUE:FALSE; +#endif /* close the other socket, if open */ if(conn->tempsock[other] != CURL_SOCKET_BAD) { @@ -900,7 +913,7 @@ static void nosigpipe(struct connectdata *conn, curl_socket_t sockfd) { - struct Curl_easy *data= conn->data; + struct Curl_easy *data = conn->data; int onoff = 1; if(setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, (void *)&onoff, sizeof(onoff)) < 0) @@ -978,6 +991,9 @@ char ipaddress[MAX_IPADR_LEN]; long port; bool is_tcp; +#ifdef TCP_FASTOPEN_CONNECT + int optval = 1; +#endif *sockp = CURL_SOCKET_BAD; @@ -1051,25 +1067,45 @@ /* set socket non-blocking */ (void)curlx_nonblock(sockfd, TRUE); - conn->connecttime = Curl_tvnow(); + conn->connecttime = Curl_now(); if(conn->num_addr > 1) Curl_expire(data, conn->timeoutms_per_addr, EXPIRE_DNS_PER_NAME); /* Connect TCP sockets, bind UDP */ if(!isconnected && (conn->socktype == SOCK_STREAM)) { if(conn->bits.tcp_fastopen) { -#if defined(CONNECT_DATA_IDEMPOTENT) /* OS X */ - sa_endpoints_t endpoints; - endpoints.sae_srcif = 0; - endpoints.sae_srcaddr = NULL; - endpoints.sae_srcaddrlen = 0; - endpoints.sae_dstaddr = &addr.sa_addr; - endpoints.sae_dstaddrlen = addr.addrlen; - - rc = connectx(sockfd, &endpoints, SAE_ASSOCID_ANY, - CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT, - NULL, 0, NULL, NULL); -#elif defined(MSG_FASTOPEN) /* Linux */ +#if defined(CONNECT_DATA_IDEMPOTENT) /* Darwin */ +# if defined(HAVE_BUILTIN_AVAILABLE) + /* while connectx function is available since macOS 10.11 / iOS 9, + it did not have the interface declared correctly until + Xcode 9 / macOS SDK 10.13 */ + if(__builtin_available(macOS 10.11, iOS 9.0, tvOS 9.0, watchOS 2.0, *)) { + sa_endpoints_t endpoints; + endpoints.sae_srcif = 0; + endpoints.sae_srcaddr = NULL; + endpoints.sae_srcaddrlen = 0; + endpoints.sae_dstaddr = &addr.sa_addr; + endpoints.sae_dstaddrlen = addr.addrlen; + + rc = connectx(sockfd, &endpoints, SAE_ASSOCID_ANY, + CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT, + NULL, 0, NULL, NULL); + } + else { + rc = connect(sockfd, &addr.sa_addr, addr.addrlen); + } +# else + rc = connect(sockfd, &addr.sa_addr, addr.addrlen); +# endif /* HAVE_BUILTIN_AVAILABLE */ +#elif defined(TCP_FASTOPEN_CONNECT) /* Linux >= 4.11 */ + if(setsockopt(sockfd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, + (void *)&optval, sizeof(optval)) < 0) + infof(data, "Failed to enable TCP Fast Open on fd %d\n", sockfd); + else + infof(data, "TCP_FASTOPEN_CONNECT set\n"); + + rc = connect(sockfd, &addr.sa_addr, addr.addrlen); +#elif defined(MSG_FASTOPEN) /* old Linux */ if(conn->given->flags & PROTOPT_SSL) rc = connect(sockfd, &addr.sa_addr, addr.addrlen); else @@ -1088,10 +1124,6 @@ return CURLE_OK; } -#ifdef ENABLE_IPV6 - conn->bits.ipv6 = (addr.family == AF_INET6)?TRUE:FALSE; -#endif - if(-1 == rc) { switch(error) { case EINPROGRESS: @@ -1136,10 +1168,10 @@ const struct Curl_dns_entry *remotehost) { struct Curl_easy *data = conn->data; - struct curltime before = Curl_tvnow(); + struct curltime before = Curl_now(); CURLcode result = CURLE_COULDNT_CONNECT; - time_t timeout_ms = Curl_timeleft(data, &before, TRUE); + timediff_t timeout_ms = Curl_timeleft(data, &before, TRUE); if(timeout_ms < 0) { /* a precaution, no need to continue if time already is up */ @@ -1152,7 +1184,6 @@ conn->tempaddr[1] = NULL; conn->tempsock[0] = CURL_SOCKET_BAD; conn->tempsock[1] = CURL_SOCKET_BAD; - Curl_expire(conn->data, HAPPY_EYEBALLS_TIMEOUT, EXPIRE_HAPPY_EYEBALLS); /* Max time for the next connection attempt */ conn->timeoutms_per_addr = @@ -1173,6 +1204,7 @@ } data->info.numconnects++; /* to track the number of connections made */ + Curl_expire(conn->data, HAPPY_EYEBALLS_TIMEOUT, EXPIRE_HAPPY_EYEBALLS); return CURLE_OK; } @@ -1216,7 +1248,7 @@ find.tofind = data->state.lastconnect; find.found = FALSE; - Curl_conncache_foreach(data->multi_easy? + Curl_conncache_foreach(data, data->multi_easy? &data->multi_easy->conn_cache: &data->multi->conn_cache, &find, conn_is_conn); @@ -1324,7 +1356,7 @@ addr->family = ai->ai_family; addr->socktype = conn->socktype; - addr->protocol = conn->socktype==SOCK_DGRAM?IPPROTO_UDP:ai->ai_protocol; + addr->protocol = conn->socktype == SOCK_DGRAM?IPPROTO_UDP:ai->ai_protocol; addr->addrlen = ai->ai_addrlen; if(addr->addrlen > sizeof(struct Curl_sockaddr_storage)) diff -Nru curl-7.55.1/lib/connect.h curl-7.57.0/lib/connect.h --- curl-7.55.1/lib/connect.h 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/connect.h 2017-11-26 13:19:01.000000000 +0000 @@ -25,6 +25,7 @@ #include "nonblock.h" /* for curlx_nonblock(), formerly Curl_nonblock() */ #include "sockaddr.h" +#include "timeval.h" CURLcode Curl_is_connected(struct connectdata *conn, int sockindex, @@ -35,9 +36,9 @@ /* generic function that returns how much time there's left to run, according to the timeouts set */ -time_t Curl_timeleft(struct Curl_easy *data, - struct curltime *nowp, - bool duringconnect); +timediff_t Curl_timeleft(struct Curl_easy *data, + struct curltime *nowp, + bool duringconnect); #define DEFAULT_CONNECT_TIMEOUT 300000 /* milliseconds == five minutes */ #define HAPPY_EYEBALLS_TIMEOUT 200 /* milliseconds to wait between diff -Nru curl-7.55.1/lib/content_encoding.c curl-7.57.0/lib/content_encoding.c --- curl-7.55.1/lib/content_encoding.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/content_encoding.c 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,22 +22,43 @@ #include "curl_setup.h" -#ifdef HAVE_LIBZ - #include "urldata.h" #include +#include + +#ifdef HAVE_ZLIB_H +#include +#ifdef __SYMBIAN32__ +/* zlib pollutes the namespace with this definition */ +#undef WIN32 +#endif +#endif + +#ifdef HAVE_BROTLI +#include +#endif + #include "sendf.h" +#include "http.h" #include "content_encoding.h" #include "strdup.h" +#include "strcase.h" #include "curl_memory.h" #include "memdebug.h" +#define CONTENT_ENCODING_DEFAULT "identity" + +#ifndef CURL_DISABLE_HTTP + +#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */ + + +#ifdef HAVE_LIBZ + /* Comment this out if zlib is always going to be at least ver. 1.2.0.4 (doing so will reduce code size slightly). */ #define OLD_ZLIB_SUPPORT 1 -#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */ - #define GZIP_MAGIC_0 0x1f #define GZIP_MAGIC_1 0x8b @@ -49,6 +70,21 @@ #define COMMENT 0x10 /* bit 4 set: file comment present */ #define RESERVED 0xE0 /* bits 5..7: reserved */ +typedef enum { + ZLIB_UNINIT, /* uninitialized */ + ZLIB_INIT, /* initialized */ + ZLIB_GZIP_HEADER, /* reading gzip header */ + ZLIB_GZIP_INFLATING, /* inflating gzip stream */ + ZLIB_INIT_GZIP /* initialized in transparent gzip mode */ +} zlibInitState; + +/* Writer parameters. */ +typedef struct { + zlibInitState zlib_init; /* zlib init state */ + z_stream z; /* State structure for zlib. */ +} zlib_params; + + static voidpf zalloc_cb(voidpf opaque, unsigned int items, unsigned int size) { @@ -79,19 +115,27 @@ } static CURLcode -exit_zlib(z_stream *z, zlibInitState *zlib_init, CURLcode result) +exit_zlib(struct connectdata *conn, + z_stream *z, zlibInitState *zlib_init, CURLcode result) { - inflateEnd(z); - *zlib_init = ZLIB_UNINIT; + if(*zlib_init == ZLIB_GZIP_HEADER) + Curl_safefree(z->next_in); + + if(*zlib_init != ZLIB_UNINIT) { + if(inflateEnd(z) != Z_OK && result == CURLE_OK) + result = process_zlib_error(conn, z); + *zlib_init = ZLIB_UNINIT; + } + return result; } static CURLcode -inflate_stream(struct connectdata *conn, - struct SingleRequest *k) +inflate_stream(struct connectdata *conn, contenc_writer *writer) { + zlib_params *zp = (zlib_params *) &writer->params; int allow_restart = 1; - z_stream *z = &k->z; /* zlib state structure */ + z_stream *z = &zp->z; /* zlib state structure */ uInt nread = z->avail_in; Bytef *orig_in = z->next_in; int status; /* zlib status */ @@ -102,44 +146,42 @@ large to hold on the stack */ decomp = malloc(DSIZ); if(decomp == NULL) { - return exit_zlib(z, &k->zlib_init, CURLE_OUT_OF_MEMORY); + return exit_zlib(conn, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY); } /* because the buffer size is fixed, iteratively decompress and transfer to the client via client_write. */ for(;;) { + if(z->avail_in == 0) { + free(decomp); + return result; + } + /* (re)set buffer for decompressed output for every iteration */ - z->next_out = (Bytef *)decomp; + z->next_out = (Bytef *) decomp; z->avail_out = DSIZ; status = inflate(z, Z_SYNC_FLUSH); if(status == Z_OK || status == Z_STREAM_END) { allow_restart = 0; - if((DSIZ - z->avail_out) && (!k->ignorebody)) { - result = Curl_client_write(conn, CLIENTWRITE_BODY, decomp, + result = Curl_unencode_write(conn, writer->downstream, decomp, DSIZ - z->avail_out); - /* if !CURLE_OK, clean up, return */ - if(result) { - free(decomp); - return exit_zlib(z, &k->zlib_init, result); - } + /* if !CURLE_OK, clean up, return */ + if(result) { + free(decomp); + return exit_zlib(conn, z, &zp->zlib_init, result); } /* Done? clean up, return */ if(status == Z_STREAM_END) { free(decomp); - if(inflateEnd(z) == Z_OK) - return exit_zlib(z, &k->zlib_init, result); - return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z)); + return exit_zlib(conn, z, &zp->zlib_init, result); } /* Done with these bytes, exit */ /* status is always Z_OK at this point! */ - if(z->avail_in == 0) { - free(decomp); - return result; - } + continue; } else if(allow_restart && status == Z_DATA_ERROR) { /* some servers seem to not generate zlib headers, so this is an attempt @@ -148,7 +190,8 @@ (void) inflateEnd(z); /* don't care about the return code */ if(inflateInit2(z, -MAX_WBITS) != Z_OK) { free(decomp); - return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z)); + zp->zlib_init = ZLIB_UNINIT; /* inflateEnd() already called. */ + return exit_zlib(conn, z, &zp->zlib_init, process_zlib_error(conn, z)); } z->next_in = orig_in; z->avail_in = nread; @@ -157,36 +200,97 @@ } else { /* Error; exit loop, handle below */ free(decomp); - return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z)); + return exit_zlib(conn, z, &zp->zlib_init, process_zlib_error(conn, z)); } } - /* Will never get here */ + /* UNREACHED */ } -CURLcode -Curl_unencode_deflate_write(struct connectdata *conn, - struct SingleRequest *k, - ssize_t nread) + +/* Deflate handler. */ +static CURLcode deflate_init_writer(struct connectdata *conn, + contenc_writer *writer) { - z_stream *z = &k->z; /* zlib state structure */ + zlib_params *zp = (zlib_params *) &writer->params; + z_stream *z = &zp->z; /* zlib state structure */ - /* Initialize zlib? */ - if(k->zlib_init == ZLIB_UNINIT) { - memset(z, 0, sizeof(z_stream)); - z->zalloc = (alloc_func)zalloc_cb; - z->zfree = (free_func)zfree_cb; + if(!writer->downstream) + return CURLE_WRITE_ERROR; - if(inflateInit(z) != Z_OK) - return process_zlib_error(conn, z); - k->zlib_init = ZLIB_INIT; - } + /* Initialize zlib */ + z->zalloc = (alloc_func) zalloc_cb; + z->zfree = (free_func) zfree_cb; + + if(inflateInit(z) != Z_OK) + return process_zlib_error(conn, z); + zp->zlib_init = ZLIB_INIT; + return CURLE_OK; +} + +static CURLcode deflate_unencode_write(struct connectdata *conn, + contenc_writer *writer, + const char *buf, size_t nbytes) +{ + zlib_params *zp = (zlib_params *) &writer->params; + z_stream *z = &zp->z; /* zlib state structure */ /* Set the compressed input when this function is called */ - z->next_in = (Bytef *)k->str; - z->avail_in = (uInt)nread; + z->next_in = (Bytef *) buf; + z->avail_in = (uInt) nbytes; /* Now uncompress the data */ - return inflate_stream(conn, k); + return inflate_stream(conn, writer); +} + +static void deflate_close_writer(struct connectdata *conn, + contenc_writer *writer) +{ + zlib_params *zp = (zlib_params *) &writer->params; + z_stream *z = &zp->z; /* zlib state structure */ + + exit_zlib(conn, z, &zp->zlib_init, CURLE_OK); +} + +static const content_encoding deflate_encoding = { + "deflate", + NULL, + deflate_init_writer, + deflate_unencode_write, + deflate_close_writer, + sizeof(zlib_params) +}; + + +/* Gzip handler. */ +static CURLcode gzip_init_writer(struct connectdata *conn, + contenc_writer *writer) +{ + zlib_params *zp = (zlib_params *) &writer->params; + z_stream *z = &zp->z; /* zlib state structure */ + + if(!writer->downstream) + return CURLE_WRITE_ERROR; + + /* Initialize zlib */ + z->zalloc = (alloc_func) zalloc_cb; + z->zfree = (free_func) zfree_cb; + + if(strcmp(zlibVersion(), "1.2.0.4") >= 0) { + /* zlib ver. >= 1.2.0.4 supports transparent gzip decompressing */ + if(inflateInit2(z, MAX_WBITS + 32) != Z_OK) { + return process_zlib_error(conn, z); + } + zp->zlib_init = ZLIB_INIT_GZIP; /* Transparent gzip decompress state */ + } + else { + /* we must parse the gzip header ourselves */ + if(inflateInit2(z, -MAX_WBITS) != Z_OK) { + return process_zlib_error(conn, z); + } + zp->zlib_init = ZLIB_INIT; /* Initial call state */ + } + + return CURLE_OK; } #ifdef OLD_ZLIB_SUPPORT @@ -227,7 +331,7 @@ extra_len = (data[1] << 8) | data[0]; - if(len < (extra_len+2)) + if(len < (extra_len + 2)) return GZIP_UNDERFLOW; len -= (extra_len + 2); @@ -273,47 +377,25 @@ } #endif -CURLcode -Curl_unencode_gzip_write(struct connectdata *conn, - struct SingleRequest *k, - ssize_t nread) -{ - z_stream *z = &k->z; /* zlib state structure */ - - /* Initialize zlib? */ - if(k->zlib_init == ZLIB_UNINIT) { - memset(z, 0, sizeof(z_stream)); - z->zalloc = (alloc_func)zalloc_cb; - z->zfree = (free_func)zfree_cb; - - if(strcmp(zlibVersion(), "1.2.0.4") >= 0) { - /* zlib ver. >= 1.2.0.4 supports transparent gzip decompressing */ - if(inflateInit2(z, MAX_WBITS+32) != Z_OK) { - return process_zlib_error(conn, z); - } - k->zlib_init = ZLIB_INIT_GZIP; /* Transparent gzip decompress state */ - } - else { - /* we must parse the gzip header ourselves */ - if(inflateInit2(z, -MAX_WBITS) != Z_OK) { - return process_zlib_error(conn, z); - } - k->zlib_init = ZLIB_INIT; /* Initial call state */ - } - } +static CURLcode gzip_unencode_write(struct connectdata *conn, + contenc_writer *writer, + const char *buf, size_t nbytes) +{ + zlib_params *zp = (zlib_params *) &writer->params; + z_stream *z = &zp->z; /* zlib state structure */ - if(k->zlib_init == ZLIB_INIT_GZIP) { + if(zp->zlib_init == ZLIB_INIT_GZIP) { /* Let zlib handle the gzip decompression entirely */ - z->next_in = (Bytef *)k->str; - z->avail_in = (uInt)nread; + z->next_in = (Bytef *) buf; + z->avail_in = (uInt) nbytes; /* Now uncompress the data */ - return inflate_stream(conn, k); + return inflate_stream(conn, writer); } #ifndef OLD_ZLIB_SUPPORT /* Support for old zlib versions is compiled away and we are running with an old version, so return an error. */ - return exit_zlib(z, &k->zlib_init, CURLE_WRITE_ERROR); + return exit_zlib(conn, z, &zp->zlib_init, CURLE_WRITE_ERROR); #else /* This next mess is to get around the potential case where there isn't @@ -326,18 +408,18 @@ * can handle the gzip header themselves. */ - switch(k->zlib_init) { + switch(zp->zlib_init) { /* Skip over gzip header? */ case ZLIB_INIT: { /* Initial call state */ ssize_t hlen; - switch(check_gzip_header((unsigned char *)k->str, nread, &hlen)) { + switch(check_gzip_header((unsigned char *) buf, nbytes, &hlen)) { case GZIP_OK: - z->next_in = (Bytef *)k->str + hlen; - z->avail_in = (uInt)(nread - hlen); - k->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */ + z->next_in = (Bytef *) buf + hlen; + z->avail_in = (uInt) (nbytes - hlen); + zp->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */ break; case GZIP_UNDERFLOW: @@ -348,19 +430,19 @@ * the first place, and it's even more unlikely for a transfer to fail * immediately afterwards, it should seldom be a problem. */ - z->avail_in = (uInt)nread; + z->avail_in = (uInt) nbytes; z->next_in = malloc(z->avail_in); if(z->next_in == NULL) { - return exit_zlib(z, &k->zlib_init, CURLE_OUT_OF_MEMORY); + return exit_zlib(conn, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY); } - memcpy(z->next_in, k->str, z->avail_in); - k->zlib_init = ZLIB_GZIP_HEADER; /* Need more gzip header data state */ + memcpy(z->next_in, buf, z->avail_in); + zp->zlib_init = ZLIB_GZIP_HEADER; /* Need more gzip header data state */ /* We don't have any data to inflate yet */ return CURLE_OK; case GZIP_BAD: default: - return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z)); + return exit_zlib(conn, z, &zp->zlib_init, process_zlib_error(conn, z)); } } @@ -370,22 +452,22 @@ { /* Need more gzip header data state */ ssize_t hlen; - z->avail_in += (uInt)nread; + z->avail_in += (uInt) nbytes; z->next_in = Curl_saferealloc(z->next_in, z->avail_in); if(z->next_in == NULL) { - return exit_zlib(z, &k->zlib_init, CURLE_OUT_OF_MEMORY); + return exit_zlib(conn, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY); } /* Append the new block of data to the previous one */ - memcpy(z->next_in + z->avail_in - nread, k->str, nread); + memcpy(z->next_in + z->avail_in - nbytes, buf, nbytes); switch(check_gzip_header(z->next_in, z->avail_in, &hlen)) { case GZIP_OK: /* This is the zlib stream data */ free(z->next_in); /* Don't point into the malloced block since we just freed it */ - z->next_in = (Bytef *)k->str + hlen + nread - z->avail_in; - z->avail_in = (uInt)(z->avail_in - hlen); - k->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */ + z->next_in = (Bytef *) buf + hlen + nbytes - z->avail_in; + z->avail_in = (uInt) (z->avail_in - hlen); + zp->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */ break; case GZIP_UNDERFLOW: @@ -394,8 +476,7 @@ case GZIP_BAD: default: - free(z->next_in); - return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z)); + return exit_zlib(conn, z, &zp->zlib_init, process_zlib_error(conn, z)); } } @@ -404,8 +485,8 @@ case ZLIB_GZIP_INFLATING: default: /* Inflating stream state */ - z->next_in = (Bytef *)k->str; - z->avail_in = (uInt)nread; + z->next_in = (Bytef *) buf; + z->avail_in = (uInt) nbytes; break; } @@ -415,17 +496,465 @@ } /* We've parsed the header, now uncompress the data */ - return inflate_stream(conn, k); + return inflate_stream(conn, writer); +#endif +} + +static void gzip_close_writer(struct connectdata *conn, + contenc_writer *writer) +{ + zlib_params *zp = (zlib_params *) &writer->params; + z_stream *z = &zp->z; /* zlib state structure */ + + exit_zlib(conn, z, &zp->zlib_init, CURLE_OK); +} + +static const content_encoding gzip_encoding = { + "gzip", + "x-gzip", + gzip_init_writer, + gzip_unencode_write, + gzip_close_writer, + sizeof(zlib_params) +}; + +#endif /* HAVE_LIBZ */ + + +#ifdef HAVE_BROTLI + +/* Writer parameters. */ +typedef struct { + BrotliDecoderState *br; /* State structure for brotli. */ +} brotli_params; + + +static CURLcode brotli_map_error(BrotliDecoderErrorCode be) +{ + switch(be) { + case BROTLI_DECODER_ERROR_FORMAT_EXUBERANT_NIBBLE: + case BROTLI_DECODER_ERROR_FORMAT_EXUBERANT_META_NIBBLE: + case BROTLI_DECODER_ERROR_FORMAT_SIMPLE_HUFFMAN_ALPHABET: + case BROTLI_DECODER_ERROR_FORMAT_SIMPLE_HUFFMAN_SAME: + case BROTLI_DECODER_ERROR_FORMAT_CL_SPACE: + case BROTLI_DECODER_ERROR_FORMAT_HUFFMAN_SPACE: + case BROTLI_DECODER_ERROR_FORMAT_CONTEXT_MAP_REPEAT: + case BROTLI_DECODER_ERROR_FORMAT_BLOCK_LENGTH_1: + case BROTLI_DECODER_ERROR_FORMAT_BLOCK_LENGTH_2: + case BROTLI_DECODER_ERROR_FORMAT_TRANSFORM: + case BROTLI_DECODER_ERROR_FORMAT_DICTIONARY: + case BROTLI_DECODER_ERROR_FORMAT_WINDOW_BITS: + case BROTLI_DECODER_ERROR_FORMAT_PADDING_1: + case BROTLI_DECODER_ERROR_FORMAT_PADDING_2: + case BROTLI_DECODER_ERROR_COMPOUND_DICTIONARY: + case BROTLI_DECODER_ERROR_DICTIONARY_NOT_SET: + case BROTLI_DECODER_ERROR_INVALID_ARGUMENTS: + return CURLE_BAD_CONTENT_ENCODING; + case BROTLI_DECODER_ERROR_ALLOC_CONTEXT_MODES: + case BROTLI_DECODER_ERROR_ALLOC_TREE_GROUPS: + case BROTLI_DECODER_ERROR_ALLOC_CONTEXT_MAP: + case BROTLI_DECODER_ERROR_ALLOC_RING_BUFFER_1: + case BROTLI_DECODER_ERROR_ALLOC_RING_BUFFER_2: + case BROTLI_DECODER_ERROR_ALLOC_BLOCK_TYPE_TREES: + return CURLE_OUT_OF_MEMORY; + default: + break; + } + return CURLE_WRITE_ERROR; +} + +static CURLcode brotli_init_writer(struct connectdata *conn, + contenc_writer *writer) +{ + brotli_params *bp = (brotli_params *) &writer->params; + + (void) conn; + + if(!writer->downstream) + return CURLE_WRITE_ERROR; + + bp->br = BrotliDecoderCreateInstance(NULL, NULL, NULL); + return bp->br? CURLE_OK: CURLE_OUT_OF_MEMORY; +} + +static CURLcode brotli_unencode_write(struct connectdata *conn, + contenc_writer *writer, + const char *buf, size_t nbytes) +{ + brotli_params *bp = (brotli_params *) &writer->params; + const uint8_t *src = (const uint8_t *) buf; + char *decomp; + uint8_t *dst; + size_t dstleft; + CURLcode result = CURLE_OK; + + if(!bp->br) + return CURLE_WRITE_ERROR; /* Stream already ended. */ + + decomp = malloc(DSIZ); + if(!decomp) + return CURLE_OUT_OF_MEMORY; + + while(nbytes && result == CURLE_OK) { + BrotliDecoderResult r; + + dst = (uint8_t *) decomp; + dstleft = DSIZ; + r = BrotliDecoderDecompressStream(bp->br, + &nbytes, &src, &dstleft, &dst, NULL); + result = Curl_unencode_write(conn, writer->downstream, + decomp, DSIZ - dstleft); + if(result) + break; + switch(r) { + case BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT: + case BROTLI_DECODER_RESULT_NEEDS_MORE_INPUT: + break; + case BROTLI_DECODER_RESULT_SUCCESS: + BrotliDecoderDestroyInstance(bp->br); + bp->br = NULL; + if(nbytes) + result = CURLE_WRITE_ERROR; + break; + default: + result = brotli_map_error(BrotliDecoderGetErrorCode(bp->br)); + break; + } + } + free(decomp); + return result; +} + +static void brotli_close_writer(struct connectdata *conn, + contenc_writer *writer) +{ + brotli_params *bp = (brotli_params *) &writer->params; + + (void) conn; + + if(bp->br) { + BrotliDecoderDestroyInstance(bp->br); + bp->br = NULL; + } +} + +static const content_encoding brotli_encoding = { + "br", + NULL, + brotli_init_writer, + brotli_unencode_write, + brotli_close_writer, + sizeof(brotli_params) +}; +#endif + + +/* Identity handler. */ +static CURLcode identity_init_writer(struct connectdata *conn, + contenc_writer *writer) +{ + (void) conn; + return writer->downstream? CURLE_OK: CURLE_WRITE_ERROR; +} + +static CURLcode identity_unencode_write(struct connectdata *conn, + contenc_writer *writer, + const char *buf, size_t nbytes) +{ + return Curl_unencode_write(conn, writer->downstream, buf, nbytes); +} + +static void identity_close_writer(struct connectdata *conn, + contenc_writer *writer) +{ + (void) conn; + (void) writer; +} + +static const content_encoding identity_encoding = { + "identity", + NULL, + identity_init_writer, + identity_unencode_write, + identity_close_writer, + 0 +}; + + +/* supported content encodings table. */ +static const content_encoding * const encodings[] = { + &identity_encoding, +#ifdef HAVE_LIBZ + &deflate_encoding, + &gzip_encoding, #endif +#ifdef HAVE_BROTLI + &brotli_encoding, +#endif + NULL +}; + + +/* Return a list of comma-separated names of supported encodings. */ +char *Curl_all_content_encodings(void) +{ + size_t len = 0; + const content_encoding * const *cep; + const content_encoding *ce; + char *ace; + char *p; + + for(cep = encodings; *cep; cep++) { + ce = *cep; + if(!strcasecompare(ce->name, CONTENT_ENCODING_DEFAULT)) + len += strlen(ce->name) + 2; + } + + if(!len) + return strdup(CONTENT_ENCODING_DEFAULT); + + ace = malloc(len); + if(ace) { + p = ace; + for(cep = encodings; *cep; cep++) { + ce = *cep; + if(!strcasecompare(ce->name, CONTENT_ENCODING_DEFAULT)) { + strcpy(p, ce->name); + p += strlen(p); + *p++ = ','; + *p++ = ' '; + } + } + p[-2] = '\0'; + } + + return ace; +} + + +/* Real client writer: no downstream. */ +static CURLcode client_init_writer(struct connectdata *conn, + contenc_writer *writer) +{ + (void) conn; + return writer->downstream? CURLE_WRITE_ERROR: CURLE_OK; +} + +static CURLcode client_unencode_write(struct connectdata *conn, + contenc_writer *writer, + const char *buf, size_t nbytes) +{ + struct Curl_easy *data = conn->data; + struct SingleRequest *k = &data->req; + + (void) writer; + + if(!nbytes || k->ignorebody) + return CURLE_OK; + + return Curl_client_write(conn, CLIENTWRITE_BODY, (char *) buf, nbytes); +} + +static void client_close_writer(struct connectdata *conn, + contenc_writer *writer) +{ + (void) conn; + (void) writer; +} + +static const content_encoding client_encoding = { + NULL, + NULL, + client_init_writer, + client_unencode_write, + client_close_writer, + 0 +}; + + +/* Deferred error dummy writer. */ +static CURLcode error_init_writer(struct connectdata *conn, + contenc_writer *writer) +{ + (void) conn; + return writer->downstream? CURLE_OK: CURLE_WRITE_ERROR; +} + +static CURLcode error_unencode_write(struct connectdata *conn, + contenc_writer *writer, + const char *buf, size_t nbytes) +{ + char *all = Curl_all_content_encodings(); + + (void) writer; + (void) buf; + (void) nbytes; + + if(!all) + return CURLE_OUT_OF_MEMORY; + failf(conn->data, "Unrecognized content encoding type. " + "libcurl understands %s content encodings.", all); + free(all); + return CURLE_BAD_CONTENT_ENCODING; +} + +static void error_close_writer(struct connectdata *conn, + contenc_writer *writer) +{ + (void) conn; + (void) writer; +} + +static const content_encoding error_encoding = { + NULL, + NULL, + error_init_writer, + error_unencode_write, + error_close_writer, + 0 +}; + +/* Create an unencoding writer stage using the given handler. */ +static contenc_writer *new_unencoding_writer(struct connectdata *conn, + const content_encoding *handler, + contenc_writer *downstream) +{ + size_t sz = offsetof(contenc_writer, params) + handler->paramsize; + contenc_writer *writer = (contenc_writer *) malloc(sz); + + if(writer) { + memset(writer, 0, sz); + writer->handler = handler; + writer->downstream = downstream; + if(handler->init_writer(conn, writer)) { + free(writer); + writer = NULL; + } + } + + return writer; +} + +/* Write data using an unencoding writer stack. */ +CURLcode Curl_unencode_write(struct connectdata *conn, contenc_writer *writer, + const char *buf, size_t nbytes) +{ + if(!nbytes) + return CURLE_OK; + return writer->handler->unencode_write(conn, writer, buf, nbytes); } +/* Close and clean-up the connection's writer stack. */ void Curl_unencode_cleanup(struct connectdata *conn) { struct Curl_easy *data = conn->data; struct SingleRequest *k = &data->req; - z_stream *z = &k->z; - if(k->zlib_init != ZLIB_UNINIT) - (void) exit_zlib(z, &k->zlib_init, CURLE_OK); + contenc_writer *writer = k->writer_stack; + + while(writer) { + k->writer_stack = writer->downstream; + writer->handler->close_writer(conn, writer); + free(writer); + writer = k->writer_stack; + } } -#endif /* HAVE_LIBZ */ +/* Find the content encoding by name. */ +static const content_encoding *find_encoding(const char *name, size_t len) +{ + const content_encoding * const *cep; + const content_encoding *ce; + + for(cep = encodings; *cep; cep++) { + ce = *cep; + if((strncasecompare(name, ce->name, len) && !ce->name[len]) || + (ce->alias && strncasecompare(name, ce->alias, len) && !ce->alias[len])) + return ce; + } + return NULL; +} + +/* Set-up the unencoding stack from the Content-Encoding header value. + * See RFC 7231 section 3.1.2.2. */ +CURLcode Curl_build_unencoding_stack(struct connectdata *conn, + const char *enclist, int maybechunked) +{ + struct Curl_easy *data = conn->data; + struct SingleRequest *k = &data->req; + + do { + const char *name; + size_t namelen; + + /* Parse a single encoding name. */ + while(ISSPACE(*enclist) || *enclist == ',') + enclist++; + + name = enclist; + + for(namelen = 0; *enclist && *enclist != ','; enclist++) + if(!ISSPACE(*enclist)) + namelen = enclist - name + 1; + + /* Special case: chunked encoding is handled at the reader level. */ + if(maybechunked && namelen == 7 && strncasecompare(name, "chunked", 7)) { + k->chunk = TRUE; /* chunks coming our way. */ + Curl_httpchunk_init(conn); /* init our chunky engine. */ + } + else if(namelen) { + const content_encoding *encoding = find_encoding(name, namelen); + contenc_writer *writer; + + if(!k->writer_stack) { + k->writer_stack = new_unencoding_writer(conn, &client_encoding, NULL); + + if(!k->writer_stack) + return CURLE_OUT_OF_MEMORY; + } + + if(!encoding) + encoding = &error_encoding; /* Defer error at stack use. */ + + /* Stack the unencoding stage. */ + writer = new_unencoding_writer(conn, encoding, k->writer_stack); + if(!writer) + return CURLE_OUT_OF_MEMORY; + k->writer_stack = writer; + } + } while(*enclist); + + return CURLE_OK; +} + +#else +/* Stubs for builds without HTTP. */ +CURLcode Curl_build_unencoding_stack(struct connectdata *conn, + const char *enclist, int maybechunked) +{ + (void) conn; + (void) enclist; + (void) maybechunked; + return CURLE_NOT_BUILT_IN; +} + +CURLcode Curl_unencode_write(struct connectdata *conn, contenc_writer *writer, + const char *buf, size_t nbytes) +{ + (void) conn; + (void) writer; + (void) buf; + (void) nbytes; + return CURLE_NOT_BUILT_IN; +} + +void Curl_unencode_cleanup(struct connectdata *conn) +{ + (void) conn; +} + +char *Curl_all_content_encodings(void) +{ + return strdup(CONTENT_ENCODING_DEFAULT); /* Satisfy caller. */ +} + +#endif /* CURL_DISABLE_HTTP */ diff -Nru curl-7.55.1/lib/content_encoding.h curl-7.57.0/lib/content_encoding.h --- curl-7.55.1/lib/content_encoding.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/content_encoding.h 2017-11-26 13:19:01.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -23,26 +23,33 @@ ***************************************************************************/ #include "curl_setup.h" -/* - * Comma-separated list all supported Content-Encodings ('identity' is implied) - */ -#ifdef HAVE_LIBZ -#define ALL_CONTENT_ENCODINGS "deflate, gzip" -/* force a cleanup */ -void Curl_unencode_cleanup(struct connectdata *conn); -#else -#define ALL_CONTENT_ENCODINGS "identity" -#define Curl_unencode_cleanup(x) Curl_nop_stmt -#endif - -CURLcode Curl_unencode_deflate_write(struct connectdata *conn, - struct SingleRequest *req, - ssize_t nread); - -CURLcode -Curl_unencode_gzip_write(struct connectdata *conn, - struct SingleRequest *k, - ssize_t nread); +/* Decoding writer. */ +typedef struct contenc_writer_s contenc_writer; +typedef struct content_encoding_s content_encoding; + +struct contenc_writer_s { + const content_encoding *handler; /* Encoding handler. */ + contenc_writer *downstream; /* Downstream writer. */ + void *params; /* Encoding-specific storage (variable length). */ +}; + +/* Content encoding writer. */ +struct content_encoding_s { + const char *name; /* Encoding name. */ + const char *alias; /* Encoding name alias. */ + CURLcode (*init_writer)(struct connectdata *conn, contenc_writer *writer); + CURLcode (*unencode_write)(struct connectdata *conn, contenc_writer *writer, + const char *buf, size_t nbytes); + void (*close_writer)(struct connectdata *conn, contenc_writer *writer); + size_t paramsize; +}; +CURLcode Curl_build_unencoding_stack(struct connectdata *conn, + const char *enclist, int maybechunked); +CURLcode Curl_unencode_write(struct connectdata *conn, contenc_writer *writer, + const char *buf, size_t nbytes); +void Curl_unencode_cleanup(struct connectdata *conn); +char *Curl_all_content_encodings(void); + #endif /* HEADER_CURL_CONTENT_ENCODING_H */ diff -Nru curl-7.55.1/lib/cookie.c curl-7.57.0/lib/cookie.c --- curl-7.55.1/lib/cookie.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/cookie.c 2017-11-26 13:19:01.000000000 +0000 @@ -125,7 +125,7 @@ if(hostname_len < cookie_domain_len) return FALSE; - if(!strcasecompare(cooke_domain, hostname+hostname_len-cookie_domain_len)) + if(!strcasecompare(cooke_domain, hostname + hostname_len-cookie_domain_len)) return FALSE; /* A lead char of cookie_domain is not '.'. @@ -309,7 +309,7 @@ while(co) { nx = co->next; if(co->expires && co->expires < now) { - if(co == cookies->cookies) { + if(!pv) { cookies->cookies = co->next; } else { @@ -375,9 +375,8 @@ unless set */ { struct Cookie *clist; - char name[MAX_NAME]; struct Cookie *co; - struct Cookie *lastc=NULL; + struct Cookie *lastc = NULL; time_t now = time(NULL); bool replace_old = FALSE; bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */ @@ -397,17 +396,19 @@ if(httpheader) { /* This line was read off a HTTP-header */ + char name[MAX_NAME]; + char what[MAX_NAME]; const char *ptr; const char *semiptr; - char *what; - what = malloc(MAX_COOKIE_LINE); - if(!what) { + size_t linelength = strlen(lineptr); + if(linelength > MAX_COOKIE_LINE) { + /* discard overly long lines at once */ free(co); return NULL; } - semiptr=strchr(lineptr, ';'); /* first, find a semicolon */ + semiptr = strchr(lineptr, ';'); /* first, find a semicolon */ while(*lineptr && ISBLANK(*lineptr)) lineptr++; @@ -415,9 +416,9 @@ ptr = lineptr; do { /* we have a = pair or a stand-alone word here */ - name[0]=what[0]=0; /* init the buffers */ + name[0] = what[0] = 0; /* init the buffers */ if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n=] =%" - MAX_COOKIE_LINE_TXT "[^;\r\n]", + MAX_NAME_TXT "[^;\r\n]", name, what)) { /* Use strstore() below to properly deal with received cookie headers that have the same string property set more than once, @@ -425,10 +426,24 @@ const char *whatptr; bool done = FALSE; bool sep; - size_t len=strlen(what); + size_t len = strlen(what); size_t nlen = strlen(name); const char *endofn = &ptr[ nlen ]; + infof(data, "cookie size: name/val %d + %d bytes\n", + nlen, len); + + if(nlen >= (MAX_NAME-1) || len >= (MAX_NAME-1) || + ((nlen + len) > MAX_NAME)) { + /* too long individual name or contents, or too long combination of + name + contents. Chrome and Firefox support 4095 or 4096 bytes + combo. */ + freecookie(co); + infof(data, "oversized cookie dropped, name/val %d + %d bytes\n", + nlen, len); + return NULL; + } + /* name ends with a '=' ? */ sep = (*endofn == '=')?TRUE:FALSE; @@ -440,18 +455,18 @@ endofn--; nlen--; } - name[nlen]=0; /* new end of name */ + name[nlen] = 0; /* new end of name */ } } /* Strip off trailing whitespace from the 'what' */ while(len && ISBLANK(what[len-1])) { - what[len-1]=0; + what[len-1] = 0; len--; } /* Skip leading whitespace from the 'what' */ - whatptr=what; + whatptr = what; while(*whatptr && ISBLANK(*whatptr)) whatptr++; @@ -484,6 +499,7 @@ badcookie = TRUE; /* out of memory bad */ break; } + free(co->spath); /* if this is set again */ co->spath = sanitize_cookie_path(co->path); if(!co->spath) { badcookie = TRUE; /* out of memory bad */ @@ -510,7 +526,7 @@ /* check for more dots */ dotp = strchr(whatptr, '.'); if(!dotp && !strcasecompare("localhost", whatptr)) - domain=":"; + domain = ":"; } #endif @@ -525,14 +541,14 @@ break; } if(!is_ip) - co->tailmatch=TRUE; /* we always do that if the domain name was - given */ + co->tailmatch = TRUE; /* we always do that if the domain name was + given */ } else { /* we did not get a tailmatch and then the attempted set domain is not a domain to which the current host belongs. Mark as bad. */ - badcookie=TRUE; + badcookie = TRUE; infof(data, "skipped cookie with bad tailmatch domain: %s\n", whatptr); } @@ -581,26 +597,32 @@ continue; } - ptr=semiptr+1; + ptr = semiptr + 1; while(*ptr && ISBLANK(*ptr)) ptr++; - semiptr=strchr(ptr, ';'); /* now, find the next semicolon */ + semiptr = strchr(ptr, ';'); /* now, find the next semicolon */ if(!semiptr && *ptr) /* There are no more semicolons, but there's a final name=value pair coming up */ - semiptr=strchr(ptr, '\0'); + semiptr = strchr(ptr, '\0'); } while(semiptr); if(co->maxage) { - co->expires = - curlx_strtoofft((*co->maxage=='\"')? - &co->maxage[1]:&co->maxage[0], NULL, 10); - if(CURL_OFF_T_MAX - now < co->expires) - /* avoid overflow */ + CURLofft offt; + offt = curlx_strtoofft((*co->maxage == '\"')? + &co->maxage[1]:&co->maxage[0], NULL, 10, + &co->expires); + if(offt == CURL_OFFT_FLOW) + /* overflow, used max value */ co->expires = CURL_OFF_T_MAX; - else - co->expires += now; + else if(!offt) { + if(CURL_OFF_T_MAX - now < co->expires) + /* would overflow */ + co->expires = CURL_OFF_T_MAX; + else + co->expires += now; + } } else if(co->expirestr) { /* Note that if the date couldn't get parsed for whatever reason, @@ -619,7 +641,7 @@ if(!badcookie && !co->domain) { if(domain) { /* no domain was given in the header line, set the default */ - co->domain=strdup(domain); + co->domain = strdup(domain); if(!co->domain) badcookie = TRUE; } @@ -639,11 +661,11 @@ else endslash = memrchr(path, '/', (size_t)(queryp - path)); if(endslash) { - size_t pathlen = (size_t)(endslash-path+1); /* include ending slash */ - co->path=malloc(pathlen+1); /* one extra for the zero byte */ + size_t pathlen = (size_t)(endslash-path + 1); /* include end slash */ + co->path = malloc(pathlen + 1); /* one extra for the zero byte */ if(co->path) { memcpy(co->path, path, pathlen); - co->path[pathlen]=0; /* zero terminate */ + co->path[pathlen] = 0; /* zero terminate */ co->spath = sanitize_cookie_path(co->path); if(!co->spath) badcookie = TRUE; /* out of memory bad */ @@ -653,8 +675,6 @@ } } - free(what); - if(badcookie || !co->name) { /* we didn't get a cookie name or a bad one, this is an illegal line, bail out */ @@ -668,7 +688,7 @@ reading the odd netscape cookies-file format here */ char *ptr; char *firstptr; - char *tok_buf=NULL; + char *tok_buf = NULL; int fields; /* IE introduced HTTP-only cookies to prevent XSS attacks. Cookies @@ -689,19 +709,19 @@ return NULL; } /* strip off the possible end-of-line characters */ - ptr=strchr(lineptr, '\r'); + ptr = strchr(lineptr, '\r'); if(ptr) - *ptr=0; /* clear it */ - ptr=strchr(lineptr, '\n'); + *ptr = 0; /* clear it */ + ptr = strchr(lineptr, '\n'); if(ptr) - *ptr=0; /* clear it */ + *ptr = 0; /* clear it */ - firstptr=strtok_r(lineptr, "\t", &tok_buf); /* tokenize it on the TAB */ + firstptr = strtok_r(lineptr, "\t", &tok_buf); /* tokenize it on the TAB */ /* Now loop through the fields and init the struct we already have allocated */ - for(ptr=firstptr, fields=0; ptr && !badcookie; - ptr=strtok_r(NULL, "\t", &tok_buf), fields++) { + for(ptr = firstptr, fields = 0; ptr && !badcookie; + ptr = strtok_r(NULL, "\t", &tok_buf), fields++) { switch(fields) { case 0: if(ptr[0]=='.') /* skip preceding dots */ @@ -753,7 +773,8 @@ co->secure = strcasecompare(ptr, "TRUE")?TRUE:FALSE; break; case 4: - co->expires = curlx_strtoofft(ptr, NULL, 10); + if(curlx_strtoofft(ptr, NULL, 10, &co->expires)) + badcookie = TRUE; break; case 5: co->name = strdup(ptr); @@ -828,7 +849,7 @@ if(strcasecompare(clist->domain, co->domain) && (clist->tailmatch == co->tailmatch)) /* The domains are identical */ - replace_old=TRUE; + replace_old = TRUE; } else if(!clist->domain && !co->domain) replace_old = TRUE; @@ -957,7 +978,7 @@ { struct CookieInfo *c; FILE *fp = NULL; - bool fromfile=TRUE; + bool fromfile = TRUE; char *line = NULL; if(NULL == inc) { @@ -977,7 +998,7 @@ if(file && !strcmp(file, "-")) { fp = stdin; - fromfile=FALSE; + fromfile = FALSE; } else if(file && !*file) { /* points to a "" string */ @@ -998,12 +1019,12 @@ while(get_line(line, MAX_COOKIE_LINE, fp)) { if(checkprefix("Set-Cookie:", line)) { /* This is a cookie line, get it! */ - lineptr=&line[11]; - headerline=TRUE; + lineptr = &line[11]; + headerline = TRUE; } else { - lineptr=line; - headerline=FALSE; + lineptr = line; + headerline = FALSE; } while(*lineptr && ISBLANK(*lineptr)) lineptr++; @@ -1113,7 +1134,7 @@ struct Cookie *newco; struct Cookie *co; time_t now = time(NULL); - struct Cookie *mainco=NULL; + struct Cookie *mainco = NULL; size_t matches = 0; bool is_ip; @@ -1185,7 +1206,7 @@ co = mainco; - for(i=0; co; co = co->next) + for(i = 0; co; co = co->next) array[i++] = co; /* now sort the cookie pointers in path length order */ @@ -1194,8 +1215,8 @@ /* remake the linked list order according to the new order */ mainco = array[0]; /* start here */ - for(i=0; inext = array[i+1]; + for(i = 0; inext = array[i + 1]; array[matches-1]->next = NULL; /* terminate the list */ free(array); /* remove the temporary data again */ @@ -1335,7 +1356,7 @@ { struct Cookie *co; FILE *out; - bool use_stdout=FALSE; + bool use_stdout = FALSE; char *format_ptr; if((NULL == c) || (0 == c->numcookies)) @@ -1349,7 +1370,7 @@ if(!strcmp("-", dumphere)) { /* use stdout */ out = stdout; - use_stdout=TRUE; + use_stdout = TRUE; } else { out = fopen(dumphere, FOPEN_WRITETEXT); @@ -1382,7 +1403,7 @@ return 0; } -struct curl_slist *Curl_cookie_list(struct Curl_easy *data) +static struct curl_slist *cookie_list(struct Curl_easy *data) { struct curl_slist *list = NULL; struct curl_slist *beg; @@ -1413,6 +1434,15 @@ return list; } +struct curl_slist *Curl_cookie_list(struct Curl_easy *data) +{ + struct curl_slist *list; + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + list = cookie_list(data); + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); + return list; +} + void Curl_flush_cookies(struct Curl_easy *data, int cleanup) { if(data->set.str[STRING_COOKIEJAR]) { diff -Nru curl-7.55.1/lib/cookie.h curl-7.57.0/lib/cookie.h --- curl-7.55.1/lib/cookie.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/cookie.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -62,13 +62,16 @@ that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)" + We allow max 5000 bytes cookie header. Max 4095 bytes length per cookie + name and value. Name + value may not exceed 4096 bytes. + */ #define MAX_COOKIE_LINE 5000 #define MAX_COOKIE_LINE_TXT "4999" -/* This is the maximum length of a cookie name we deal with: */ -#define MAX_NAME 1024 -#define MAX_NAME_TXT "1023" +/* This is the maximum length of a cookie name or content we deal with: */ +#define MAX_NAME 4096 +#define MAX_NAME_TXT "4095" struct Curl_easy; /* diff -Nru curl-7.55.1/lib/curl_addrinfo.c curl-7.57.0/lib/curl_addrinfo.c --- curl-7.55.1/lib/curl_addrinfo.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/curl_addrinfo.c 2017-11-09 22:40:36.000000000 +0000 @@ -286,7 +286,7 @@ DEBUGASSERT((he->h_name != NULL) && (he->h_addr_list != NULL)); - for(i=0; (curr = he->h_addr_list[i]) != NULL; i++) { + for(i = 0; (curr = he->h_addr_list[i]) != NULL; i++) { size_t ss_size; #ifdef ENABLE_IPV6 @@ -570,9 +570,9 @@ int line, const char *source) { #ifdef USE_LWIPSOCK - int res=lwip_getaddrinfo(hostname, service, hints, result); + int res = lwip_getaddrinfo(hostname, service, hints, result); #else - int res=(getaddrinfo)(hostname, service, hints, result); + int res = (getaddrinfo)(hostname, service, hints, result); #endif if(0 == res) /* success */ diff -Nru curl-7.55.1/lib/curl_config.h.cmake curl-7.57.0/lib/curl_config.h.cmake --- curl-7.55.1/lib/curl_config.h.cmake 2017-08-12 14:37:48.000000000 +0000 +++ curl-7.57.0/lib/curl_config.h.cmake 2017-11-26 13:19:01.000000000 +0000 @@ -51,9 +51,6 @@ /* to disable RTSP */ #cmakedefine CURL_DISABLE_RTSP 1 -/* to disable RTMP */ -#cmakedefine CURL_DISABLE_RTMP 1 - /* to disable SMB */ #cmakedefine CURL_DISABLE_SMB 1 @@ -82,9 +79,6 @@ /* when not building a shared library */ #cmakedefine CURL_STATICLIB 1 -/* Set to explicitly specify we don't want to use thread-safe functions */ -#cmakedefine DISABLED_THREADSAFE 1 - /* your Entropy Gathering Daemon socket pathname */ #cmakedefine EGD_SOCKET ${EGD_SOCKET} @@ -894,6 +888,9 @@ /* The size of `off_t', as computed by sizeof. */ #cmakedefine SIZEOF_OFF_T ${SIZEOF_OFF_T} +/* The size of `curl_off_t', as computed by sizeof. */ +#cmakedefine SIZEOF_CURL_OFF_T ${SIZEOF_CURL_OFF_T} + /* The size of `size_t', as computed by sizeof. */ #cmakedefine SIZEOF_SIZE_T ${SIZEOF_SIZE_T} @@ -1003,3 +1000,6 @@ /* the signed version of size_t */ #cmakedefine ssize_t ${ssize_t} + +/* Define to 1 if you have the mach_absolute_time function. */ +#cmakedefine HAVE_MACH_ABSOLUTE_TIME 1 diff -Nru curl-7.55.1/lib/curl_config.h.in curl-7.57.0/lib/curl_config.h.in --- curl-7.55.1/lib/curl_config.h.in 2017-08-13 16:22:34.000000000 +0000 +++ curl-7.57.0/lib/curl_config.h.in 2017-11-28 15:14:22.000000000 +0000 @@ -9,6 +9,9 @@ /* Location of default ca path */ #undef CURL_CA_PATH +/* Default SSL backend */ +#undef CURL_DEFAULT_SSL_BACKEND + /* to disable cookies support */ #undef CURL_DISABLE_COOKIES @@ -72,6 +75,9 @@ /* Definition to make a library symbol externally visible. */ #undef CURL_EXTERN_SYMBOL +/* built with multiple SSL backends */ +#undef CURL_WITH_MULTI_SSL + /* your Entropy Gathering Daemon socket pathname */ #undef EGD_SOCKET @@ -126,6 +132,15 @@ /* Define to 1 if using BoringSSL. */ #undef HAVE_BORINGSSL +/* if BROTLI is in use */ +#undef HAVE_BROTLI + +/* Define to 1 if you have the header file. */ +#undef HAVE_BROTLI_DECODE_H + +/* Define to 1 if you have the __builtin_available function. */ +#undef HAVE_BUILTIN_AVAILABLE + /* Define to 1 if you have the clock_gettime function and monotonic timer. */ #undef HAVE_CLOCK_GETTIME_MONOTONIC @@ -383,6 +398,9 @@ /* Define to 1 if you have the `ldap_url_parse' function. */ #undef HAVE_LDAP_URL_PARSE +/* Define to 1 if you have the `brotlidec' library (-lbrotlidec). */ +#undef HAVE_LIBBROTLIDEC + /* Define to 1 if you have the header file. */ #undef HAVE_LIBGEN_H @@ -410,6 +428,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_LIMITS_H +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_TCP_H + /* if your compiler supports LL */ #undef HAVE_LL @@ -422,6 +443,9 @@ /* Define to 1 if the compiler supports the 'long long' data type. */ #undef HAVE_LONGLONG +/* Define to 1 if you have the `mach_absolute_time' function. */ +#undef HAVE_MACH_ABSOLUTE_TIME + /* Define to 1 if you have the malloc.h header file. */ #undef HAVE_MALLOC_H @@ -468,9 +492,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_PEM_H -/* Define to 1 if you have the header file. */ -#undef HAVE_OPENSSL_PKCS12_H - /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_RSA_H @@ -864,6 +885,9 @@ /* Define to the function return type for send. */ #undef SEND_TYPE_RETV +/* The size of `curl_off_t', as computed by sizeof. */ +#undef SIZEOF_CURL_OFF_T + /* The size of `int', as computed by sizeof. */ #undef SIZEOF_INT @@ -885,9 +909,6 @@ /* The size of `time_t', as computed by sizeof. */ #undef SIZEOF_TIME_T -/* The size of `void*', as computed by sizeof. */ -#undef SIZEOF_VOIDP - /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS diff -Nru curl-7.55.1/lib/curl_fnmatch.c curl-7.57.0/lib/curl_fnmatch.c --- curl-7.55.1/lib/curl_fnmatch.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/curl_fnmatch.c 2017-11-27 12:50:52.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -133,6 +133,9 @@ unsigned char c; for(;;) { c = **p; + if(!c) + return SETCHARSET_FAIL; + switch(state) { case CURLFNM_SCHS_DEFAULT: if(ISALNUM(c)) { /* ASCII value */ @@ -151,7 +154,7 @@ (*p)++; } else if(c == '[') { - char c2 = *((*p)+1); + char c2 = *((*p) + 1); if(c2 == ':') { /* there has to be a keyword */ (*p) += 2; if(parsekeyword(p, charset)) { @@ -196,9 +199,6 @@ else return SETCHARSET_FAIL; } - else if(c == '\0') { - return SETCHARSET_FAIL; - } else { charset[c] = 1; (*p)++; @@ -235,15 +235,10 @@ return SETCHARSET_FAIL; break; case CURLFNM_SCHS_MAYRANGE2: - if(c == '\\') { - c = *(++(*p)); - if(!ISPRINT(c)) - return SETCHARSET_FAIL; - } if(c == ']') { return SETCHARSET_OK; } - if(c == '\\') { + else if(c == '\\') { c = *(++(*p)); if(ISPRINT(c)) { charset[c] = 1; @@ -253,7 +248,7 @@ else return SETCHARSET_FAIL; } - if(c >= rangestart) { + else if(c >= rangestart) { if((ISLOWER(c) && ISLOWER(rangestart)) || (ISDIGIT(c) && ISDIGIT(rangestart)) || (ISUPPER(c) && ISUPPER(rangestart))) { @@ -267,6 +262,8 @@ else return SETCHARSET_FAIL; } + else + return SETCHARSET_FAIL; break; case CURLFNM_SCHS_RIGHTBR: if(c == '[') { @@ -277,9 +274,6 @@ else if(c == ']') { return SETCHARSET_OK; } - else if(c == '\0') { - return SETCHARSET_FAIL; - } else if(ISPRINT(c)) { charset[c] = 1; (*p)++; @@ -319,9 +313,9 @@ switch(state) { case CURLFNM_LOOP_DEFAULT: if(*p == '*') { - while(*(p+1) == '*') /* eliminate multiple stars */ + while(*(p + 1) == '*') /* eliminate multiple stars */ p++; - if(*s == '\0' && *(p+1) == '\0') + if(*s == '\0' && *(p + 1) == '\0') return CURL_FNMATCH_MATCH; rc = loop(p + 1, s); /* *.txt matches .txt <=> .txt matches .txt */ if(rc == CURL_FNMATCH_MATCH) @@ -351,7 +345,7 @@ p++; } else if(*p == '[') { - unsigned char *pp = p+1; /* cannot handle with pointer to register */ + unsigned char *pp = p + 1; /* cannot handle with pointer to register */ if(setcharset(&pp, charset)) { int found = FALSE; if(charset[(unsigned int)*s]) @@ -381,7 +375,7 @@ found = !found; if(found) { - p = pp+1; + p = pp + 1; s++; memset(charset, 0, CURLFNM_CHSET_SIZE); } diff -Nru curl-7.55.1/lib/curl_ntlm_core.c curl-7.57.0/lib/curl_ntlm_core.c --- curl-7.55.1/lib/curl_ntlm_core.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/curl_ntlm_core.c 2017-11-27 10:48:30.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,6 +31,25 @@ * https://www.innovation.ch/java/ntlm.html */ +/* Please keep the SSL backend-specific #if branches in this order: + + 1. USE_OPENSSL + 2. USE_GNUTLS_NETTLE + 3. USE_GNUTLS + 4. USE_NSS + 5. USE_MBEDTLS + 6. USE_DARWINSSL + 7. USE_OS400CRYPTO + 8. USE_WIN32_CRYPTO + + This ensures that: + - the same SSL branch gets activated throughout this source + file even if multiple backends are enabled at the same time. + - OpenSSL and NSS have higher priority than Windows Crypt, due + to issues with the latter supporting NTLM2Session responses + in NTLM type-3 messages. + */ + #if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO) #ifdef USE_OPENSSL @@ -76,14 +95,6 @@ # define MD5_DIGEST_LENGTH 16 # define MD4_DIGEST_LENGTH 16 -#elif defined(USE_MBEDTLS) - -# include -# include -# if !defined(MBEDTLS_MD4_C) -# include "curl_md4.h" -# endif - #elif defined(USE_NSS) # include @@ -92,6 +103,14 @@ # include "curl_md4.h" # define MD5_DIGEST_LENGTH MD5_LENGTH +#elif defined(USE_MBEDTLS) + +# include +# include +# if !defined(MBEDTLS_MD4_C) +# include "curl_md4.h" +# endif + #elif defined(USE_DARWINSSL) # include @@ -196,26 +215,6 @@ gcry_cipher_setkey(*des, key, sizeof(key)); } -#elif defined(USE_MBEDTLS) - -static bool encrypt_des(const unsigned char *in, unsigned char *out, - const unsigned char *key_56) -{ - mbedtls_des_context ctx; - char key[8]; - - /* Expand the 56-bit key to 64-bits */ - extend_key_56_to_64(key_56, key); - - /* Set the key parity to odd */ - mbedtls_des_key_set_parity((unsigned char *) key); - - /* Perform the encryption */ - mbedtls_des_init(&ctx); - mbedtls_des_setkey_enc(&ctx, (unsigned char *) key); - return mbedtls_des_crypt_ecb(&ctx, in, out) == 0; -} - #elif defined(USE_NSS) /* @@ -281,6 +280,26 @@ return rv; } +#elif defined(USE_MBEDTLS) + +static bool encrypt_des(const unsigned char *in, unsigned char *out, + const unsigned char *key_56) +{ + mbedtls_des_context ctx; + char key[8]; + + /* Expand the 56-bit key to 64-bits */ + extend_key_56_to_64(key_56, key); + + /* Set the key parity to odd */ + mbedtls_des_key_set_parity((unsigned char *) key); + + /* Perform the encryption */ + mbedtls_des_init(&ctx); + mbedtls_des_setkey_enc(&ctx, (unsigned char *) key); + return mbedtls_des_crypt_ecb(&ctx, in, out) == 0; +} + #elif defined(USE_DARWINSSL) static bool encrypt_des(const unsigned char *in, unsigned char *out, @@ -428,7 +447,7 @@ setup_des_key(keys + 14, &des); gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8); gcry_cipher_close(des); -#elif defined(USE_MBEDTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) \ +#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_DARWINSSL) \ || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) encrypt_des(plaintext, results, keys); encrypt_des(plaintext, results + 8, keys + 7); @@ -492,7 +511,7 @@ setup_des_key(pw + 7, &des); gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8); gcry_cipher_close(des); -#elif defined(USE_MBEDTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) \ +#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_DARWINSSL) \ || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) encrypt_des(magic, lmbuffer, pw); encrypt_des(magic, lmbuffer + 8, pw + 7); @@ -538,7 +557,7 @@ unsigned char *ntbuffer /* 21 bytes */) { size_t len = strlen(password); - unsigned char *pw = malloc(len * 2); + unsigned char *pw = len ? malloc(len * 2) : strdup(""); CURLcode result; if(!pw) return CURLE_OUT_OF_MEMORY; @@ -571,13 +590,18 @@ gcry_md_write(MD4pw, pw, 2 * len); memcpy(ntbuffer, gcry_md_read(MD4pw, 0), MD4_DIGEST_LENGTH); gcry_md_close(MD4pw); -#elif defined(USE_NSS) || defined(USE_OS400CRYPTO) || \ - (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) +#elif defined(USE_NSS) Curl_md4it(ntbuffer, pw, 2 * len); #elif defined(USE_MBEDTLS) +#if defined(MBEDTLS_MD4_C) mbedtls_md4(pw, 2 * len, ntbuffer); +#else + Curl_md4it(ntbuffer, pw, 2 * len); +#endif #elif defined(USE_DARWINSSL) (void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer); +#elif defined(USE_OS400CRYPTO) + Curl_md4it(ntbuffer, pw, 2 * len); #elif defined(USE_WIN32_CRYPTO) HCRYPTPROV hprov; if(CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL, @@ -622,6 +646,15 @@ return CURLE_OK; } +#ifndef SIZE_T_MAX +/* some limits.h headers have this defined, some don't */ +#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4) +#define SIZE_T_MAX 18446744073709551615U +#else +#define SIZE_T_MAX 4294967295U +#endif +#endif + /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode * (uppercase UserName + Domain) as the data */ @@ -631,10 +664,20 @@ unsigned char *ntlmv2hash) { /* Unicode representation */ - size_t identity_len = (userlen + domlen) * 2; - unsigned char *identity = malloc(identity_len); + size_t identity_len; + unsigned char *identity; CURLcode result = CURLE_OK; + /* we do the length checks below separately to avoid integer overflow risk + on extreme data lengths */ + if((userlen > SIZE_T_MAX/2) || + (domlen > SIZE_T_MAX/2) || + ((userlen + domlen) > SIZE_T_MAX/2)) + return CURLE_OUT_OF_MEMORY; + + identity_len = (userlen + domlen) * 2; + identity = malloc(identity_len); + if(!identity) return CURLE_OUT_OF_MEMORY; @@ -780,7 +823,7 @@ /* Concatenate the HMAC MD5 output with the client nonce */ memcpy(lmresp, hmac_output, 16); - memcpy(lmresp+16, challenge_client, 8); + memcpy(lmresp + 16, challenge_client, 8); return result; } diff -Nru curl-7.55.1/lib/curl_ntlm_core.h curl-7.57.0/lib/curl_ntlm_core.h --- curl-7.55.1/lib/curl_ntlm_core.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/curl_ntlm_core.h 2017-11-09 22:40:36.000000000 +0000 @@ -26,13 +26,19 @@ #if defined(USE_NTLM) +/* If NSS is the first available SSL backend (see order in curl_ntlm_core.c) + then it must be initialized to be used by NTLM. */ +#if !defined(USE_OPENSSL) && \ + !defined(USE_GNUTLS_NETTLE) && \ + !defined(USE_GNUTLS) && \ + defined(USE_NSS) +#define NTLM_NEEDS_NSS_INIT +#endif + #if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO) #ifdef USE_OPENSSL -# if !defined(OPENSSL_VERSION_NUMBER) && \ - !defined(HEADER_SSL_H) && !defined(HEADER_MD5_H) -# error "curl_ntlm_core.h shall not be included before OpenSSL headers." -# endif +# include #endif /* Define USE_NTRESPONSES in order to make the type-3 message include diff -Nru curl-7.55.1/lib/curl_ntlm_wb.c curl-7.57.0/lib/curl_ntlm_wb.c --- curl-7.55.1/lib/curl_ntlm_wb.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/curl_ntlm_wb.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -48,6 +48,7 @@ #include "sendf.h" #include "select.h" #include "vauth/ntlm.h" +#include "curl_ntlm_core.h" #include "curl_ntlm_wb.h" #include "url.h" #include "strerror.h" @@ -357,7 +358,7 @@ /* not set means empty */ if(!userp) - userp=""; + userp = ""; switch(ntlm->state) { case NTLMSTATE_TYPE1: @@ -413,7 +414,7 @@ /* connection is already authenticated, * don't send a header in future requests */ free(*allocuserpwd); - *allocuserpwd=NULL; + *allocuserpwd = NULL; authp->done = TRUE; break; } diff -Nru curl-7.55.1/lib/curl_sasl.c curl-7.57.0/lib/curl_sasl.c --- curl-7.55.1/lib/curl_sasl.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/curl_sasl.c 2017-11-09 22:40:36.000000000 +0000 @@ -331,7 +331,8 @@ sasl->authused = SASL_MECH_NTLM; if(force_ir || data->set.sasl_ir) - result = Curl_auth_create_ntlm_type1_message(conn->user, conn->passwd, + result = Curl_auth_create_ntlm_type1_message(data, + conn->user, conn->passwd, &conn->ntlm, &resp, &len); } else @@ -493,7 +494,8 @@ #ifdef USE_NTLM case SASL_NTLM: /* Create the type-1 message */ - result = Curl_auth_create_ntlm_type1_message(conn->user, conn->passwd, + result = Curl_auth_create_ntlm_type1_message(data, + conn->user, conn->passwd, &conn->ntlm, &resp, &len); newstate = SASL_NTLM_TYPE2MSG; break; diff -Nru curl-7.55.1/lib/curl_setup.h curl-7.57.0/lib/curl_setup.h --- curl-7.55.1/lib/curl_setup.h 2017-08-12 14:37:48.000000000 +0000 +++ curl-7.57.0/lib/curl_setup.h 2017-11-26 13:19:01.000000000 +0000 @@ -141,14 +141,7 @@ #include -/* - * Ensure that no one is using the old SIZEOF_CURL_OFF_T macro - */ - -#ifdef SIZEOF_CURL_OFF_T -# error "SIZEOF_CURL_OFF_T shall not be defined!" - Error Compilation_aborted_SIZEOF_CURL_OFF_T_shall_not_be_defined -#endif +#define CURL_SIZEOF_CURL_OFF_T SIZEOF_CURL_OFF_T /* * Disable other protocols when http is the only one desired. @@ -185,9 +178,6 @@ # ifndef CURL_DISABLE_SMTP # define CURL_DISABLE_SMTP # endif -# ifndef CURL_DISABLE_RTMP -# define CURL_DISABLE_RTMP -# endif # ifndef CURL_DISABLE_GOPHER # define CURL_DISABLE_GOPHER # endif @@ -727,6 +717,7 @@ #if defined(WIN32) || defined(MSDOS) #define FOPEN_READTEXT "rt" #define FOPEN_WRITETEXT "wt" +#define FOPEN_APPENDTEXT "at" #elif defined(__CYGWIN__) /* Cygwin has specific behavior we need to address when WIN32 is not defined. https://cygwin.com/cygwin-ug-net/using-textbinary.html @@ -736,9 +727,11 @@ */ #define FOPEN_READTEXT "rt" #define FOPEN_WRITETEXT "w" +#define FOPEN_APPENDTEXT "a" #else #define FOPEN_READTEXT "r" #define FOPEN_WRITETEXT "w" +#define FOPEN_APPENDTEXT "a" #endif /* WinSock destroys recv() buffer when send() failed. @@ -758,9 +751,10 @@ /* Detect Windows App environment which has a restricted access * to the Win32 APIs. */ -# if defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0602) +# if (defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0602)) || \ + defined(WINAPI_FAMILY) # include -# if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \ +# if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \ !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) # define CURL_WINDOWS_APP # endif diff -Nru curl-7.55.1/lib/curl_sha256.h curl-7.57.0/lib/curl_sha256.h --- curl-7.55.1/lib/curl_sha256.h 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/lib/curl_sha256.h 2017-11-26 13:19:01.000000000 +0000 @@ -0,0 +1,32 @@ +#ifndef HEADER_CURL_SHA256_H +#define HEADER_CURL_SHA256_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2010, Florin Petriuc, + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#ifndef CURL_DISABLE_CRYPTO_AUTH + +void Curl_sha256it(unsigned char *outbuffer, + const unsigned char *input); + +#endif + +#endif /* HEADER_CURL_SHA256_H */ diff -Nru curl-7.55.1/lib/curlx.h curl-7.57.0/lib/curlx.h --- curl-7.55.1/lib/curlx.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/curlx.h 2017-11-26 13:19:01.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -42,16 +42,6 @@ curl_off_t number from a given string. */ -#include "timeval.h" -/* - "timeval.h" sets up a 'struct timeval' even for platforms that otherwise - don't have one and has protos for these functions: - - curlx_tvnow() - curlx_tvdiff() - curlx_tvdiff_secs() -*/ - #include "nonblock.h" /* "nonblock.h" provides curlx_nonblock() */ diff -Nru curl-7.55.1/lib/dict.c curl-7.57.0/lib/dict.c --- curl-7.55.1/lib/dict.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/dict.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -98,7 +98,7 @@ char *ptr; size_t len; char ch; - int olen=0; + int olen = 0; CURLcode result = Curl_urldecode(data, inputbuff, 0, &newp, &len, FALSE); if(!newp || result) @@ -117,7 +117,7 @@ } dictp[olen++] = ch; } - dictp[olen]=0; + dictp[olen] = 0; } free(newp); return dictp; @@ -132,8 +132,8 @@ char *strategy = NULL; char *nthdef = NULL; /* This is not part of the protocol, but required by RFC 2229 */ - CURLcode result=CURLE_OK; - struct Curl_easy *data=conn->data; + CURLcode result = CURLE_OK; + struct Curl_easy *data = conn->data; curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; char *path = data->state.path; @@ -168,7 +168,7 @@ if((word == NULL) || (*word == (char)0)) { infof(data, "lookup word is missing\n"); - word=(char *)"default"; + word = (char *)"default"; } if((database == NULL) || (*database == (char)0)) { database = (char *)"!"; @@ -222,7 +222,7 @@ if((word == NULL) || (*word == (char)0)) { infof(data, "lookup word is missing\n"); - word=(char *)"default"; + word = (char *)"default"; } if((database == NULL) || (*database == (char)0)) { database = (char *)"!"; diff -Nru curl-7.55.1/lib/dotdot.c curl-7.57.0/lib/dotdot.c --- curl-7.55.1/lib/dotdot.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/dotdot.c 2017-11-09 22:40:36.000000000 +0000 @@ -55,7 +55,7 @@ size_t inlen = strlen(input); char *clone; size_t clen = inlen; /* the length of the cloned input */ - char *out = malloc(inlen+1); + char *out = malloc(inlen + 1); char *outptr; char *orgclone; char *queryp; @@ -92,25 +92,25 @@ remove that prefix from the input buffer; otherwise, */ if(!strncmp("./", clone, 2)) { - clone+=2; - clen-=2; + clone += 2; + clen -= 2; } else if(!strncmp("../", clone, 3)) { - clone+=3; - clen-=3; + clone += 3; + clen -= 3; } /* B. if the input buffer begins with a prefix of "/./" or "/.", where "." is a complete path segment, then replace that prefix with "/" in the input buffer; otherwise, */ else if(!strncmp("/./", clone, 3)) { - clone+=2; - clen-=2; + clone += 2; + clen -= 2; } else if(!strcmp("/.", clone)) { clone[1]='/'; clone++; - clen-=1; + clen -= 1; } /* C. if the input buffer begins with a prefix of "/../" or "/..", where @@ -119,8 +119,8 @@ any) from the output buffer; otherwise, */ else if(!strncmp("/../", clone, 4)) { - clone+=3; - clen-=3; + clone += 3; + clen -= 3; /* remove the last segment from the output buffer */ while(outptr > out) { outptr--; @@ -131,8 +131,8 @@ } else if(!strcmp("/..", clone)) { clone[2]='/'; - clone+=2; - clen-=2; + clone += 2; + clen -= 2; /* remove the last segment from the output buffer */ while(outptr > out) { outptr--; @@ -146,8 +146,8 @@ that from the input buffer; otherwise, */ else if(!strcmp(".", clone) || !strcmp("..", clone)) { - *clone=0; - *out=0; + *clone = 0; + *out = 0; } else { @@ -172,7 +172,7 @@ from the correct index. */ size_t oindex = queryp - orgclone; qlen = strlen(&input[oindex]); - memcpy(outptr, &input[oindex], qlen+1); /* include the ending zero byte */ + memcpy(outptr, &input[oindex], qlen + 1); /* include the end zero byte */ } free(orgclone); diff -Nru curl-7.55.1/lib/easy.c curl-7.57.0/lib/easy.c --- curl-7.55.1/lib/easy.c 2017-08-12 13:00:31.000000000 +0000 +++ curl-7.57.0/lib/easy.c 2017-11-27 12:50:52.000000000 +0000 @@ -68,10 +68,11 @@ #include "amigaos.h" #include "non-ascii.h" #include "warnless.h" -#include "conncache.h" #include "multiif.h" #include "sigpipe.h" #include "ssh.h" +#include "setopt.h" + /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -214,11 +215,10 @@ #endif } - if(flags & CURL_GLOBAL_SSL) - if(!Curl_ssl_init()) { - DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n")); - return CURLE_FAILED_INIT; - } + if(!Curl_ssl_init()) { + DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n")); + return CURLE_FAILED_INIT; + } if(flags & CURL_GLOBAL_WIN32) if(win32_init()) { @@ -318,10 +318,7 @@ return; Curl_global_host_cache_dtor(); - - if(init_flags & CURL_GLOBAL_SSL) - Curl_ssl_cleanup(); - + Curl_ssl_cleanup(); Curl_resolver_global_cleanup(); if(init_flags & CURL_GLOBAL_WIN32) @@ -365,28 +362,6 @@ return data; } -/* - * curl_easy_setopt() is the external interface for setting options on an - * easy handle. - */ - -#undef curl_easy_setopt -CURLcode curl_easy_setopt(struct Curl_easy *data, CURLoption tag, ...) -{ - va_list arg; - CURLcode result; - - if(!data) - return CURLE_BAD_FUNCTION_ARGUMENT; - - va_start(arg, tag); - - result = Curl_setopt(data, tag, arg); - - va_end(arg); - return result; -} - #ifdef CURLDEBUG struct socketmonitor { @@ -433,7 +408,7 @@ */ static int poll2cselect(int pollmask) { - int omask=0; + int omask = 0; if(pollmask & POLLIN) omask |= CURL_CSELECT_IN; if(pollmask & POLLOUT) @@ -450,7 +425,7 @@ */ static short socketcb2poll(int pollmask) { - short omask=0; + short omask = 0; if(pollmask & CURL_POLL_IN) omask |= POLLIN; if(pollmask & CURL_POLL_OUT) @@ -473,7 +448,7 @@ { struct events *ev = userp; struct socketmonitor *m; - struct socketmonitor *prev=NULL; + struct socketmonitor *prev = NULL; #if defined(CURL_DISABLE_VERBOSE_STRINGS) (void) easy; @@ -569,14 +544,14 @@ struct socketmonitor *m; struct pollfd *f; struct pollfd fds[4]; - int numfds=0; + int numfds = 0; int pollrc; int i; struct curltime before; struct curltime after; /* populate the fds[] array */ - for(m = ev->list, f=&fds[0]; m; m = m->next) { + for(m = ev->list, f = &fds[0]; m; m = m->next) { f->fd = m->socket.fd; f->events = m->socket.events; f->revents = 0; @@ -586,12 +561,12 @@ } /* get the time stamp to use to figure out how long poll takes */ - before = curlx_tvnow(); + before = Curl_now(); /* wait for activity or timeout */ pollrc = Curl_poll(fds, numfds, (int)ev->ms); - after = curlx_tvnow(); + after = Curl_now(); ev->msbump = FALSE; /* reset here */ @@ -619,7 +594,7 @@ /* If nothing updated the timeout, we decrease it by the spent time. * If it was updated, it has the new timeout time stored already. */ - time_t timediff = curlx_tvdiff(after, before); + timediff_t timediff = Curl_timediff(after, before); if(timediff > 0) { if(timediff > ev->ms) ev->ms = 0; @@ -655,7 +630,7 @@ { /* this struct is made static to allow it to be used after this function returns and curl_multi_remove_handle() is called */ - static struct events evs= {2, FALSE, 0, NULL, 0}; + static struct events evs = {2, FALSE, 0, NULL, 0}; /* if running event-based, do some further multi inits */ events_setup(multi, &evs); @@ -680,17 +655,17 @@ int still_running = 0; int rc; - before = curlx_tvnow(); + before = Curl_now(); mcode = curl_multi_wait(multi, NULL, 0, 1000, &rc); if(!mcode) { if(!rc) { - struct curltime after = curlx_tvnow(); + struct curltime after = Curl_now(); /* If it returns without any filedescriptor instantly, we need to avoid busy-looping during periods where it has nothing particular to wait for */ - if(curlx_tvdiff(after, before) <= 10) { + if(Curl_timediff(after, before) <= 10) { without_fds++; if(without_fds > 2) { int sleep_ms = without_fds < 10 ? (1 << (without_fds - 1)) : 1000; @@ -861,6 +836,40 @@ return result; } +static CURLcode dupset(struct Curl_easy *dst, struct Curl_easy *src) +{ + CURLcode result = CURLE_OK; + enum dupstring i; + + /* Copy src->set into dst->set first, then deal with the strings + afterwards */ + dst->set = src->set; + + /* clear all string pointers first */ + memset(dst->set.str, 0, STRING_LAST * sizeof(char *)); + + /* duplicate all strings */ + for(i = (enum dupstring)0; i< STRING_LASTZEROTERMINATED; i++) { + result = Curl_setstropt(&dst->set.str[i], src->set.str[i]); + if(result) + return result; + } + + /* duplicate memory areas pointed to */ + i = STRING_COPYPOSTFIELDS; + if(src->set.postfieldsize && src->set.str[i]) { + /* postfieldsize is curl_off_t, Curl_memdup() takes a size_t ... */ + dst->set.str[i] = Curl_memdup(src->set.str[i], + curlx_sotouz(src->set.postfieldsize)); + if(!dst->set.str[i]) + return CURLE_OUT_OF_MEMORY; + /* point to the new copy */ + dst->set.postfields = dst->set.str[i]; + } + + return CURLE_OK; +} + /* * curl_easy_duphandle() is an external interface to allow duplication of a * given input easy handle. The returned handle will be a new working handle @@ -888,7 +897,7 @@ outcurl->state.headersize = HEADERSIZE; /* copy all userdefined values */ - if(Curl_dupset(outcurl, data)) + if(dupset(outcurl, data)) goto fail; /* the connection cache is setup on demand */ @@ -1027,13 +1036,13 @@ struct tempbuf writebuf[3]; /* there can only be three */ /* copy the structs to allow for immediate re-pausing */ - for(i=0; i < data->state.tempcount; i++) { + for(i = 0; i < data->state.tempcount; i++) { writebuf[i] = data->state.tempwrite[i]; data->state.tempwrite[i].buf = NULL; } data->state.tempcount = 0; - for(i=0; i < count; i++) { + for(i = 0; i < count; i++) { /* even if one function returns error, this loops through and frees all buffers */ if(!result) diff -Nru curl-7.55.1/lib/escape.c curl-7.57.0/lib/escape.c --- curl-7.55.1/lib/escape.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/escape.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -84,14 +84,14 @@ char *testing_ptr = NULL; unsigned char in; /* we need to treat the characters unsigned */ size_t newlen; - size_t strindex=0; + size_t strindex = 0; size_t length; CURLcode result; if(inlength < 0) return NULL; - alloc = (inlength?(size_t)inlength:strlen(string))+1; + alloc = (inlength?(size_t)inlength:strlen(string)) + 1; newlen = alloc; ns = malloc(alloc); @@ -104,7 +104,7 @@ if(Curl_isunreserved(in)) /* just copy this */ - ns[strindex++]=in; + ns[strindex++] = in; else { /* encode it */ newlen += 2; /* the size grows with two, since this'll become a %XX */ @@ -116,7 +116,7 @@ ns = testing_ptr; } - result = Curl_convert_to_network(data, &in, 1); + result = Curl_convert_to_network(data, (char *)&in, 1); if(result) { /* Curl_convert_to_network calls failf if unsuccessful */ free(ns); @@ -125,11 +125,11 @@ snprintf(&ns[strindex], 4, "%%%02X", in); - strindex+=3; + strindex += 3; } string++; } - ns[strindex]=0; /* terminate it */ + ns[strindex] = 0; /* terminate it */ return ns; } @@ -148,10 +148,10 @@ char **ostring, size_t *olen, bool reject_ctrl) { - size_t alloc = (length?length:strlen(string))+1; + size_t alloc = (length?length:strlen(string)) + 1; char *ns = malloc(alloc); unsigned char in; - size_t strindex=0; + size_t strindex = 0; unsigned long hex; CURLcode result; @@ -173,15 +173,15 @@ in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */ - result = Curl_convert_from_network(data, &in, 1); + result = Curl_convert_from_network(data, (char *)&in, 1); if(result) { /* Curl_convert_from_network calls failf if unsuccessful */ free(ns); return result; } - string+=2; - alloc-=2; + string += 2; + alloc -= 2; } if(reject_ctrl && (in < 0x20)) { @@ -192,7 +192,7 @@ ns[strindex++] = in; string++; } - ns[strindex]=0; /* terminate it */ + ns[strindex] = 0; /* terminate it */ if(olen) /* store output size */ diff -Nru curl-7.55.1/lib/file.c curl-7.57.0/lib/file.c --- curl-7.55.1/lib/file.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/file.c 2017-11-26 13:19:01.000000000 +0000 @@ -133,37 +133,42 @@ static CURLcode file_range(struct connectdata *conn) { curl_off_t from, to; - curl_off_t totalsize=-1; + curl_off_t totalsize = -1; char *ptr; char *ptr2; struct Curl_easy *data = conn->data; if(data->state.use_range && data->state.range) { - from=curlx_strtoofft(data->state.range, &ptr, 0); - while(*ptr && (ISSPACE(*ptr) || (*ptr=='-'))) + CURLofft from_t; + CURLofft to_t; + from_t = curlx_strtoofft(data->state.range, &ptr, 0, &from); + if(from_t == CURL_OFFT_FLOW) + return CURLE_RANGE_ERROR; + while(*ptr && (ISSPACE(*ptr) || (*ptr == '-'))) ptr++; - to=curlx_strtoofft(ptr, &ptr2, 0); - if(ptr == ptr2) { - /* we didn't get any digit */ - to=-1; - } - if((-1 == to) && (from>=0)) { + to_t = curlx_strtoofft(ptr, &ptr2, 0, &to); + if(to_t == CURL_OFFT_FLOW) + return CURLE_RANGE_ERROR; + if((to_t == CURL_OFFT_INVAL) && !from_t) { /* X - */ data->state.resume_from = from; DEBUGF(infof(data, "RANGE %" CURL_FORMAT_CURL_OFF_T " to end of file\n", from)); } - else if(from < 0) { + else if((from_t == CURL_OFFT_INVAL) && !to_t) { /* -Y */ - data->req.maxdownload = -from; - data->state.resume_from = from; + data->req.maxdownload = to; + data->state.resume_from = -to; DEBUGF(infof(data, "RANGE the last %" CURL_FORMAT_CURL_OFF_T " bytes\n", - -from)); + to)); } else { /* X-Y */ totalsize = to-from; - data->req.maxdownload = totalsize+1; /* include last byte */ + if(totalsize == CURL_OFF_T_MAX) + /* this is too big to increase, so bail out */ + return CURLE_RANGE_ERROR; + data->req.maxdownload = totalsize + 1; /* include last byte */ data->state.resume_from = from; DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T " getting %" CURL_FORMAT_CURL_OFF_T " bytes\n", @@ -226,7 +231,7 @@ } /* change path separators from '/' to '\\' for DOS, Windows and OS/2 */ - for(i=0; i < real_path_len; ++i) + for(i = 0; i < real_path_len; ++i) if(actual_path[i] == '/') actual_path[i] = '\\'; else if(!actual_path[i]) { /* binary zero */ @@ -399,7 +404,7 @@ if(Curl_pgrsUpdate(conn)) result = CURLE_ABORTED_BY_CALLBACK; else - result = Curl_speedcheck(data, Curl_tvnow()); + result = Curl_speedcheck(data, Curl_now()); } if(!result && Curl_pgrsUpdate(conn)) result = CURLE_ABORTED_BY_CALLBACK; @@ -428,9 +433,9 @@ struct_stat statbuf; /* struct_stat instead of struct stat just to allow the Windows version to have a different struct without having to redefine the simple word 'stat' */ - curl_off_t expected_size=0; + curl_off_t expected_size = 0; bool size_known; - bool fstated=FALSE; + bool fstated = FALSE; ssize_t nread; struct Curl_easy *data = conn->data; char *buf = data->state.buffer; @@ -584,7 +589,7 @@ if(Curl_pgrsUpdate(conn)) result = CURLE_ABORTED_BY_CALLBACK; else - result = Curl_speedcheck(data, Curl_tvnow()); + result = Curl_speedcheck(data, Curl_now()); } if(Curl_pgrsUpdate(conn)) result = CURLE_ABORTED_BY_CALLBACK; diff -Nru curl-7.55.1/lib/formdata.c curl-7.57.0/lib/formdata.c --- curl-7.55.1/lib/formdata.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/formdata.c 2017-11-10 16:47:30.000000000 +0000 @@ -32,6 +32,8 @@ #include "urldata.h" /* for struct Curl_easy */ #include "formdata.h" +#include "mime.h" +#include "non-ascii.h" #include "vtls/vtls.h" #include "strcase.h" #include "sendf.h" @@ -42,13 +44,6 @@ #include "curl_memory.h" #include "memdebug.h" -#ifndef HAVE_BASENAME -static char *Curl_basename(char *path); -#define basename(x) Curl_basename((x)) -#endif - -static size_t readfromfile(struct Form *form, char *buffer, size_t size); -static CURLcode formboundary(struct Curl_easy *data, char *buffer, size_t len); /* What kind of Content-Type to use on un-specified files with unrecognized extensions. */ @@ -197,7 +192,7 @@ contenttype = HTTPPOST_CONTENTTYPE_DEFAULT; if(filename) { /* in case a NULL was passed in */ - for(i=0; i= strlen(ctts[i].extension)) { if(strcasecompare(filename + strlen(filename) - strlen(ctts[i].extension), @@ -272,7 +267,7 @@ struct curl_httppost *post = NULL; CURLformoption option; struct curl_forms *forms = NULL; - char *array_value=NULL; /* value read from an array */ + char *array_value = NULL; /* value read from an array */ /* This is a state variable, that if TRUE means that we're parsing an array that we got passed to us. If FALSE we're parsing the input @@ -641,15 +636,26 @@ } form->contenttype_alloc = TRUE; } + if(form->name && form->namelength) { + /* Name should not contain nul bytes. */ + size_t i; + for(i = 0; i < form->namelength; i++) + if(!form->name[i]) { + return_value = CURL_FORMADD_NULL; + break; + } + if(return_value != CURL_FORMADD_OK) + break; + } if(!(form->flags & HTTPPOST_PTRNAME) && (form == first_form) ) { /* Note that there's small risk that form->name is NULL here if the app passed in a bad combo, so we better check for that first. */ if(form->name) { - /* copy name (without strdup; possibly contains null characters) */ + /* copy name (without strdup; possibly not nul-terminated) */ form->name = Curl_memdup(form->name, form->namelength? form->namelength: - strlen(form->name)+1); + strlen(form->name) + 1); } if(!form->name) { return_value = CURL_FORMADD_MEMORY; @@ -663,7 +669,7 @@ /* copy value (without strdup; possibly contains null characters) */ size_t clen = (size_t) form->contentslength; if(!clen) - clen = strlen(form->value)+1; + clen = strlen(form->value) + 1; form->value = Curl_memdup(form->value, clen); @@ -746,211 +752,6 @@ return result; } -#ifdef __VMS -#include -/* - * get_vms_file_size does what it takes to get the real size of the file - * - * For fixed files, find out the size of the EOF block and adjust. - * - * For all others, have to read the entire file in, discarding the contents. - * Most posted text files will be small, and binary files like zlib archives - * and CD/DVD images should be either a STREAM_LF format or a fixed format. - * - */ -curl_off_t VmsRealFileSize(const char *name, - const struct_stat *stat_buf) -{ - char buffer[8192]; - curl_off_t count; - int ret_stat; - FILE * file; - - file = fopen(name, FOPEN_READTEXT); /* VMS */ - if(file == NULL) - return 0; - - count = 0; - ret_stat = 1; - while(ret_stat > 0) { - ret_stat = fread(buffer, 1, sizeof(buffer), file); - if(ret_stat != 0) - count += ret_stat; - } - fclose(file); - - return count; -} - -/* - * - * VmsSpecialSize checks to see if the stat st_size can be trusted and - * if not to call a routine to get the correct size. - * - */ -static curl_off_t VmsSpecialSize(const char *name, - const struct_stat *stat_buf) -{ - switch(stat_buf->st_fab_rfm) { - case FAB$C_VAR: - case FAB$C_VFC: - return VmsRealFileSize(name, stat_buf); - break; - default: - return stat_buf->st_size; - } -} - -#endif - -#ifndef __VMS -#define filesize(name, stat_data) (stat_data.st_size) -#else - /* Getting the expected file size needs help on VMS */ -#define filesize(name, stat_data) VmsSpecialSize(name, &stat_data) -#endif - -/* - * AddFormData() adds a chunk of data to the FormData linked list. - * - * size is incremented by the chunk length, unless it is NULL - */ -static CURLcode AddFormData(struct FormData **formp, - enum formtype type, - const void *line, - curl_off_t length, - curl_off_t *size) -{ - struct FormData *newform; - char *alloc2 = NULL; - CURLcode result = CURLE_OK; - if(length < 0 || (size && *size < 0)) - return CURLE_BAD_FUNCTION_ARGUMENT; - - newform = malloc(sizeof(struct FormData)); - if(!newform) - return CURLE_OUT_OF_MEMORY; - newform->next = NULL; - - if(type <= FORM_CONTENT) { - /* we make it easier for plain strings: */ - if(!length) - length = strlen((char *)line); -#if (SIZEOF_SIZE_T < CURL_SIZEOF_CURL_OFF_T) - else if(length >= (curl_off_t)(size_t)-1) { - result = CURLE_BAD_FUNCTION_ARGUMENT; - goto error; - } -#endif - if(type != FORM_DATAMEM) { - newform->line = malloc((size_t)length+1); - if(!newform->line) { - result = CURLE_OUT_OF_MEMORY; - goto error; - } - alloc2 = newform->line; - memcpy(newform->line, line, (size_t)length); - - /* zero terminate for easier debugging */ - newform->line[(size_t)length]=0; - } - else { - newform->line = (char *)line; - type = FORM_DATA; /* in all other aspects this is just FORM_DATA */ - } - newform->length = (size_t)length; - } - else - /* For callbacks and files we don't have any actual data so we just keep a - pointer to whatever this points to */ - newform->line = (char *)line; - - newform->type = type; - - if(size) { - if(type != FORM_FILE) - /* for static content as well as callback data we add the size given - as input argument */ - *size += length; - else { - /* Since this is a file to be uploaded here, add the size of the actual - file */ - if(strcmp("-", newform->line)) { - struct_stat file; - if(!stat(newform->line, &file) && !S_ISDIR(file.st_mode)) - *size += filesize(newform->line, file); - else { - result = CURLE_BAD_FUNCTION_ARGUMENT; - goto error; - } - } - } - } - - if(*formp) { - (*formp)->next = newform; - *formp = newform; - } - else - *formp = newform; - - return CURLE_OK; - error: - if(newform) - free(newform); - if(alloc2) - free(alloc2); - return result; -} - -/* - * AddFormDataf() adds printf()-style formatted data to the formdata chain. - */ - -static CURLcode AddFormDataf(struct FormData **formp, - curl_off_t *size, - const char *fmt, ...) -{ - char *s; - CURLcode result; - va_list ap; - va_start(ap, fmt); - s = curl_mvaprintf(fmt, ap); - va_end(ap); - - if(!s) - return CURLE_OUT_OF_MEMORY; - - result = AddFormData(formp, FORM_DATAMEM, s, 0, size); - if(result) - free(s); - - return result; -} - -/* - * Curl_formclean() is used from http.c, this cleans a built FormData linked - * list - */ -void Curl_formclean(struct FormData **form_ptr) -{ - struct FormData *next, *form; - - form = *form_ptr; - if(!form) - return; - - do { - next=form->next; /* the following form line */ - if(form->type <= FORM_CONTENT) - free(form->line); /* free the line */ - free(form); /* free the struct */ - form = next; - } while(form); /* continue */ - - *form_ptr = NULL; -} - /* * curl_formget() * Serialize a curl_httppost struct. @@ -962,42 +763,34 @@ curl_formget_callback append) { CURLcode result; - curl_off_t size; - struct FormData *data, *ptr; + curl_mimepart toppart; - result = Curl_getformdata(NULL, &data, form, NULL, &size); - if(result) - return (int)result; + Curl_mime_initpart(&toppart, NULL); /* default form is empty */ + result = Curl_getformdata(NULL, &toppart, form, NULL); + if(!result) + result = Curl_mime_prepare_headers(&toppart, "multipart/form-data", + NULL, MIMESTRATEGY_FORM); - for(ptr = data; ptr; ptr = ptr->next) { - if((ptr->type == FORM_FILE) || (ptr->type == FORM_CALLBACK)) { - char buffer[8192]; - size_t nread; - struct Form temp; - - Curl_FormInit(&temp, ptr); - - do { - nread = readfromfile(&temp, buffer, sizeof(buffer)); - if((nread == (size_t) -1) || - (nread > sizeof(buffer)) || - (nread != append(arg, buffer, nread))) { - if(temp.fp) - fclose(temp.fp); - Curl_formclean(&data); - return -1; - } - } while(nread); - } - else { - if(ptr->length != append(arg, ptr->line, ptr->length)) { - Curl_formclean(&data); - return -1; - } + while(!result) { + char buffer[8192]; + size_t nread = Curl_mime_read(buffer, 1, sizeof buffer, &toppart); + + if(!nread) + break; + + switch(nread) { + default: + if(append(arg, buffer, nread) != nread) + result = CURLE_READ_ERROR; + break; + case CURL_READFUNC_ABORT: + case CURL_READFUNC_PAUSE: + break; } } - Curl_formclean(&data); - return 0; + + Curl_mime_cleanpart(&toppart); + return (int) result; } /* @@ -1013,7 +806,7 @@ return; do { - next=form->next; /* the following form line */ + next = form->next; /* the following form line */ /* recurse to sub-contents */ curl_formfree(form->more); @@ -1031,118 +824,29 @@ } while(form); /* continue */ } -#ifndef HAVE_BASENAME -/* - (Quote from The Open Group Base Specifications Issue 6 IEEE Std 1003.1, 2004 - Edition) - - The basename() function shall take the pathname pointed to by path and - return a pointer to the final component of the pathname, deleting any - trailing '/' characters. - - If the string pointed to by path consists entirely of the '/' character, - basename() shall return a pointer to the string "/". If the string pointed - to by path is exactly "//", it is implementation-defined whether '/' or "//" - is returned. - - If path is a null pointer or points to an empty string, basename() shall - return a pointer to the string ".". - - The basename() function may modify the string pointed to by path, and may - return a pointer to static storage that may then be overwritten by a - subsequent call to basename(). - - The basename() function need not be reentrant. A function that is not - required to be reentrant is not required to be thread-safe. - -*/ -static char *Curl_basename(char *path) -{ - /* Ignore all the details above for now and make a quick and simple - implementaion here */ - char *s1; - char *s2; - - s1=strrchr(path, '/'); - s2=strrchr(path, '\\'); - - if(s1 && s2) { - path = (s1 > s2? s1 : s2)+1; - } - else if(s1) - path = s1 + 1; - else if(s2) - path = s2 + 1; - - return path; -} -#endif - -static char *strippath(const char *fullfile) -{ - char *filename; - char *base; - filename = strdup(fullfile); /* duplicate since basename() may ruin the - buffer it works on */ - if(!filename) - return NULL; - base = strdup(basename(filename)); - - free(filename); /* free temporary buffer */ - - return base; /* returns an allocated string or NULL ! */ -} -static CURLcode formdata_add_filename(const struct curl_httppost *file, - struct FormData **form, - curl_off_t *size) +/* Set mime part name, taking care of non nul-terminated name string. */ +static CURLcode setname(curl_mimepart *part, const char *name, size_t len) { - CURLcode result = CURLE_OK; - char *filename = file->showfilename; - char *filebasename = NULL; - char *filename_escaped = NULL; - - if(!filename) { - filebasename = strippath(file->contents); - if(!filebasename) - return CURLE_OUT_OF_MEMORY; - filename = filebasename; - } + char *zname; + CURLcode res; - if(strchr(filename, '\\') || strchr(filename, '"')) { - char *p0, *p1; - - /* filename need be escaped */ - filename_escaped = malloc(strlen(filename)*2+1); - if(!filename_escaped) { - free(filebasename); - return CURLE_OUT_OF_MEMORY; - } - p0 = filename_escaped; - p1 = filename; - while(*p1) { - if(*p1 == '\\' || *p1 == '"') - *p0++ = '\\'; - *p0++ = *p1++; - } - *p0 = '\0'; - filename = filename_escaped; - } - result = AddFormDataf(form, size, - "; filename=\"%s\"", - filename); - free(filename_escaped); - free(filebasename); - return result; + if(!name || !len) + return curl_mime_name(part, name); + zname = malloc(len + 1); + if(!zname) + return CURLE_OUT_OF_MEMORY; + memcpy(zname, name, len); + zname[len] = '\0'; + res = curl_mime_name(part, zname); + free(zname); + return res; } /* - * Curl_getformdata() converts a linked list of "meta data" into a complete - * (possibly huge) multipart formdata. The input list is in 'post', while the - * output resulting linked lists gets stored in '*finalform'. *sizep will get - * the total size of the whole POST. - * A multipart/form_data content-type is built, unless a custom content-type - * is passed in 'custom_content_type'. + * Curl_getformdata() converts a linked list of "meta data" into a mime + * structure. The input list is in 'post', while the output is stored in + * mime part at '*finalform'. * * This function will not do a failf() for the potential memory failures but * should for all other errors it spots. Just note that this function MAY get @@ -1150,422 +854,123 @@ */ CURLcode Curl_getformdata(struct Curl_easy *data, - struct FormData **finalform, + curl_mimepart *finalform, struct curl_httppost *post, - const char *custom_content_type, - curl_off_t *sizep) + curl_read_callback fread_func) { - struct FormData *form = NULL; - struct FormData *firstform; - struct curl_httppost *file; CURLcode result = CURLE_OK; - curl_off_t size = 0; /* support potentially ENORMOUS formposts */ - char fileboundary[42]; - struct curl_slist *curList; - char boundary[42]; + curl_mime *form = NULL; + curl_mime *multipart; + curl_mimepart *part; + struct curl_httppost *file; - *finalform = NULL; /* default form is empty */ + Curl_mime_cleanpart(finalform); /* default form is empty */ if(!post) return result; /* no input => no output! */ - result = formboundary(data, boundary, sizeof(boundary)); - if(result) - return result; - - /* Make the first line of the output */ - result = AddFormDataf(&form, NULL, - "%s; boundary=%s\r\n", - custom_content_type?custom_content_type: - "Content-Type: multipart/form-data", - boundary); - - if(result) { - return result; - } - /* we DO NOT include that line in the total size of the POST, since it'll be - part of the header! */ - - firstform = form; - - do { - - if(size) { - result = AddFormDataf(&form, &size, "\r\n"); - if(result) - break; - } - - /* boundary */ - result = AddFormDataf(&form, &size, "--%s\r\n", boundary); - if(result) - break; - - /* Maybe later this should be disabled when a custom_content_type is - passed, since Content-Disposition is not meaningful for all multipart - types. - */ - result = AddFormDataf(&form, &size, - "Content-Disposition: form-data; name=\""); - if(result) - break; - - result = AddFormData(&form, FORM_DATA, post->name, post->namelength, - &size); - if(result) - break; + form = curl_mime_init(data); + if(!form) + result = CURLE_OUT_OF_MEMORY; - result = AddFormDataf(&form, &size, "\""); - if(result) - break; + if(!result) + result = curl_mime_subparts(finalform, form); + /* Process each top part. */ + for(; !result && post; post = post->next) { + /* If we have more than a file here, create a mime subpart and fill it. */ + multipart = form; if(post->more) { - /* If used, this is a link to more file names, we must then do - the magic to include several files with the same field name */ - - result = formboundary(data, fileboundary, sizeof(fileboundary)); - if(result) { - break; - } - - result = AddFormDataf(&form, &size, - "\r\nContent-Type: multipart/mixed;" - " boundary=%s\r\n", - fileboundary); - if(result) - break; - } - - file = post; - - do { - - /* If 'showfilename' is set, that is a faked name passed on to us - to use to in the formpost. If that is not set, the actually used - local file name should be added. */ - - if(post->more) { - /* if multiple-file */ - result = AddFormDataf(&form, &size, - "\r\n--%s\r\nContent-Disposition: " - "attachment", - fileboundary); - if(result) - break; - result = formdata_add_filename(file, &form, &size); - if(result) - break; - } - else if(post->flags & (HTTPPOST_FILENAME|HTTPPOST_BUFFER| - HTTPPOST_CALLBACK)) { - /* it should be noted that for the HTTPPOST_FILENAME and - HTTPPOST_CALLBACK cases the ->showfilename struct member is always - assigned at this point */ - if(post->showfilename || (post->flags & HTTPPOST_FILENAME)) { - result = formdata_add_filename(post, &form, &size); - } - - if(result) - break; - } - - if(file->contenttype) { - /* we have a specified type */ - result = AddFormDataf(&form, &size, - "\r\nContent-Type: %s", - file->contenttype); - if(result) - break; - } + part = curl_mime_addpart(form); + if(!part) + result = CURLE_OUT_OF_MEMORY; + if(!result) + result = setname(part, post->name, post->namelength); + if(!result) { + multipart = curl_mime_init(data); + if(!multipart) + result = CURLE_OUT_OF_MEMORY; + } + if(!result) + result = curl_mime_subparts(part, multipart); + } + + /* Generate all the part contents. */ + for(file = post; !result && file; file = file->more) { + /* Create the part. */ + part = curl_mime_addpart(multipart); + if(!part) + result = CURLE_OUT_OF_MEMORY; - curList = file->contentheader; - while(curList) { - /* Process the additional headers specified for this form */ - result = AddFormDataf(&form, &size, "\r\n%s", curList->data); - if(result) - break; - curList = curList->next; - } - if(result) - break; + /* Set the headers. */ + if(!result) + result = curl_mime_headers(part, file->contentheader, 0); + + /* Set the content type. */ + if(!result && file->contenttype) + result = curl_mime_type(part, file->contenttype); + + /* Set field name. */ + if(!result && !post->more) + result = setname(part, post->name, post->namelength); + + /* Process contents. */ + if(!result) { + curl_off_t clen = post->contentslength; - result = AddFormDataf(&form, &size, "\r\n\r\n"); - if(result) - break; + if(post->flags & CURL_HTTPPOST_LARGE) + clen = post->contentlen; + if(!clen) + clen = -1; - if((post->flags & HTTPPOST_FILENAME) || - (post->flags & HTTPPOST_READFILE)) { - /* we should include the contents from the specified file */ - FILE *fileread; - - fileread = !strcmp("-", file->contents)? - stdin:fopen(file->contents, "rb"); /* binary read for win32 */ - - /* - * VMS: This only allows for stream files on VMS. Stream files are - * OK, as are FIXED & VAR files WITHOUT implied CC For implied CC, - * every record needs to have a \n appended & 1 added to SIZE - */ - - if(fileread) { - if(fileread != stdin) { - /* close the file */ - fclose(fileread); - /* add the file name only - for later reading from this */ - result = AddFormData(&form, FORM_FILE, file->contents, 0, &size); - } - else { - /* When uploading from stdin, we can't know the size of the file, - * thus must read the full file as before. We *could* use chunked - * transfer-encoding, but that only works for HTTP 1.1 and we - * can't be sure we work with such a server. - */ - size_t nread; - char buffer[512]; - while((nread = fread(buffer, 1, sizeof(buffer), fileread)) != 0) { - result = AddFormData(&form, FORM_CONTENT, buffer, nread, &size); - if(result || feof(fileread) || ferror(fileread)) - break; - } + if(post->flags & (HTTPPOST_FILENAME | HTTPPOST_READFILE)) { + if(!strcmp(file->contents, "-")) { + /* There are a few cases where the code below won't work; in + particular, freopen(stdin) by the caller is not guaranteed + to result as expected. This feature has been kept for backward + compatibility: use of "-" pseudo file name should be avoided. */ + result = curl_mime_data_cb(part, (curl_off_t) -1, + (curl_read_callback) fread, + (curl_seek_callback) fseek, + NULL, (void *) stdin); } - } + else + result = curl_mime_filedata(part, file->contents); + if(!result && (post->flags & HTTPPOST_READFILE)) + result = curl_mime_filename(part, NULL); + } + else if(post->flags & HTTPPOST_BUFFER) + result = curl_mime_data(part, post->buffer, + post->bufferlength? post->bufferlength: -1); + else if(post->flags & HTTPPOST_CALLBACK) + /* the contents should be read with the callback and the size is set + with the contentslength */ + result = curl_mime_data_cb(part, clen, + fread_func, NULL, NULL, post->userp); else { - if(data) - failf(data, "couldn't open file \"%s\"", file->contents); - *finalform = NULL; - result = CURLE_READ_ERROR; + result = curl_mime_data(part, post->contents, (ssize_t) clen); +#ifdef CURL_DOES_CONVERSIONS + /* Convert textual contents now. */ + if(!result && data && part->datasize) + result = Curl_convert_to_network(data, part->data, part->datasize); +#endif } } - else if(post->flags & HTTPPOST_BUFFER) - /* include contents of buffer */ - result = AddFormData(&form, FORM_CONTENT, post->buffer, - post->bufferlength, &size); - else if(post->flags & HTTPPOST_CALLBACK) - /* the contents should be read with the callback and the size is set - with the contentslength */ - result = AddFormData(&form, FORM_CALLBACK, post->userp, - post->flags&CURL_HTTPPOST_LARGE? - post->contentlen:post->contentslength, &size); - else - /* include the contents we got */ - result = AddFormData(&form, FORM_CONTENT, post->contents, - post->flags&CURL_HTTPPOST_LARGE? - post->contentlen:post->contentslength, &size); - file = file->more; - } while(file && !result); /* for each specified file for this field */ - - if(result) - break; - if(post->more) { - /* this was a multiple-file inclusion, make a termination file - boundary: */ - result = AddFormDataf(&form, &size, - "\r\n--%s--", - fileboundary); - if(result) - break; + /* Set fake file name. */ + if(!result && post->showfilename) + if(post->more || (post->flags & (HTTPPOST_FILENAME | HTTPPOST_BUFFER | + HTTPPOST_CALLBACK))) + result = curl_mime_filename(part, post->showfilename); } - post = post->next; - } while(post); /* for each field */ - - /* end-boundary for everything */ - if(!result) - result = AddFormDataf(&form, &size, "\r\n--%s--\r\n", boundary); - - if(result) { - Curl_formclean(&firstform); - return result; } - *sizep = size; - *finalform = firstform; + if(result) + Curl_mime_cleanpart(finalform); return result; } -/* - * Curl_FormInit() inits the struct 'form' points to with the 'formdata' - * and resets the 'sent' counter. - */ -int Curl_FormInit(struct Form *form, struct FormData *formdata) -{ - if(!formdata) - return 1; /* error */ - - form->data = formdata; - form->sent = 0; - form->fp = NULL; - form->fread_func = ZERO_NULL; - - return 0; -} - -#ifndef __VMS -# define fopen_read fopen -#else - /* - * vmsfopenread - * - * For upload to work as expected on VMS, different optional - * parameters must be added to the fopen command based on - * record format of the file. - * - */ -# define fopen_read vmsfopenread -static FILE * vmsfopenread(const char *file, const char *mode) -{ - struct_stat statbuf; - int result; - - result = stat(file, &statbuf); - - switch(statbuf.st_fab_rfm) { - case FAB$C_VAR: - case FAB$C_VFC: - case FAB$C_STMCR: - return fopen(file, FOPEN_READTEXT); /* VMS */ - break; - default: - return fopen(file, FOPEN_READTEXT, "rfm=stmlf", "ctx=stm"); - } -} -#endif - -/* - * readfromfile() - * - * The read callback that this function may use can return a value larger than - * 'size' (which then this function returns) that indicates a problem and it - * must be properly dealt with - */ -static size_t readfromfile(struct Form *form, char *buffer, - size_t size) -{ - size_t nread; - bool callback = (form->data->type == FORM_CALLBACK)?TRUE:FALSE; - - if(callback) { - if(form->fread_func == ZERO_NULL) - return 0; - nread = form->fread_func(buffer, 1, size, form->data->line); - } - else { - if(!form->fp) { - /* this file hasn't yet been opened */ - form->fp = fopen_read(form->data->line, "rb"); /* b is for binary */ - if(!form->fp) - return (size_t)-1; /* failure */ - } - nread = fread(buffer, 1, size, form->fp); - } - if(!nread) { - /* this is the last chunk from the file, move on */ - if(form->fp) { - fclose(form->fp); - form->fp = NULL; - } - form->data = form->data->next; - } - - return nread; -} - -/* - * Curl_FormReader() is the fread() emulation function that will be used to - * deliver the formdata to the transfer loop and then sent away to the peer. - */ -size_t Curl_FormReader(char *buffer, - size_t size, - size_t nitems, - FILE *mydata) -{ - struct Form *form; - size_t wantedsize; - size_t gotsize = 0; - - form=(struct Form *)mydata; - - wantedsize = size * nitems; - - if(!form->data) - return 0; /* nothing, error, empty */ - - if((form->data->type == FORM_FILE) || - (form->data->type == FORM_CALLBACK)) { - gotsize = readfromfile(form, buffer, wantedsize); - - if(gotsize) - /* If positive or -1, return. If zero, continue! */ - return gotsize; - } - do { - - if((form->data->length - form->sent) > wantedsize - gotsize) { - - memcpy(buffer + gotsize, form->data->line + form->sent, - wantedsize - gotsize); - - form->sent += wantedsize-gotsize; - - return wantedsize; - } - - memcpy(buffer+gotsize, - form->data->line + form->sent, - (form->data->length - form->sent) ); - gotsize += form->data->length - form->sent; - - form->sent = 0; - - form->data = form->data->next; /* advance */ - - } while(form->data && (form->data->type < FORM_CALLBACK)); - /* If we got an empty line and we have more data, we proceed to the next - line immediately to avoid returning zero before we've reached the end. */ - - return gotsize; -} - -/* - * Curl_formpostheader() returns the first line of the formpost, the - * request-header part (which is not part of the request-body like the rest of - * the post). - */ -char *Curl_formpostheader(void *formp, size_t *len) -{ - char *header; - struct Form *form=(struct Form *)formp; - - if(!form->data) - return NULL; /* nothing, ERROR! */ - - header = form->data->line; - *len = form->data->length; - - form->data = form->data->next; /* advance */ - - return header; -} - -/* - * formboundary() creates a suitable boundary string and returns an allocated - * one. - */ -static CURLcode formboundary(struct Curl_easy *data, - char *buffer, size_t buflen) -{ - /* 24 dashes and 16 hexadecimal digits makes 64 bit (18446744073709551615) - combinations */ - if(buflen < 41) - return CURLE_BAD_FUNCTION_ARGUMENT; - - memset(buffer, '-', 24); - Curl_rand_hex(data, (unsigned char *)&buffer[24], 17); - - return CURLE_OK; -} - #else /* CURL_DISABLE_HTTP */ CURLFORMcode curl_formadd(struct curl_httppost **httppost, struct curl_httppost **last_post, diff -Nru curl-7.55.1/lib/formdata.h curl-7.57.0/lib/formdata.h --- curl-7.55.1/lib/formdata.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/formdata.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,32 +22,6 @@ * ***************************************************************************/ -enum formtype { - FORM_DATAMEM, /* already allocated FORM_DATA memory */ - FORM_DATA, /* form metadata (convert to network encoding if necessary) */ - FORM_CONTENT, /* form content (never convert) */ - FORM_CALLBACK, /* 'line' points to the custom pointer we pass to the callback - */ - FORM_FILE /* 'line' points to a file name we should read from - to create the form data (never convert) */ -}; - -/* plain and simple linked list with lines to send */ -struct FormData { - struct FormData *next; - enum formtype type; - char *line; - size_t length; -}; - -struct Form { - struct FormData *data; /* current form line to send */ - size_t sent; /* number of bytes of the current line that has - already been sent in a previous invoke */ - FILE *fp; /* file to read from */ - curl_read_callback fread_func; /* fread callback pointer */ -}; - /* used by FormAdd for temporary storage */ typedef struct FormInfo { char *name; @@ -69,31 +43,9 @@ struct FormInfo *more; } FormInfo; -int Curl_FormInit(struct Form *form, struct FormData *formdata); - CURLcode Curl_getformdata(struct Curl_easy *data, - struct FormData **, + curl_mimepart *, struct curl_httppost *post, - const char *custom_contenttype, - curl_off_t *size); - -/* fread() emulation */ -size_t Curl_FormReader(char *buffer, - size_t size, - size_t nitems, - FILE *mydata); - -/* - * Curl_formpostheader() returns the first line of the formpost, the - * request-header part (which is not part of the request-body like the rest of - * the post). - */ -char *Curl_formpostheader(void *formp, size_t *len); - -char *Curl_FormBoundary(void); - -void Curl_formclean(struct FormData **); - -CURLcode Curl_formconvert(struct Curl_easy *, struct FormData *); + curl_read_callback fread_func); #endif /* HEADER_CURL_FORMDATA_H */ diff -Nru curl-7.55.1/lib/ftp.c curl-7.57.0/lib/ftp.c --- curl-7.55.1/lib/ftp.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/ftp.c 2017-11-26 13:19:01.000000000 +0000 @@ -182,7 +182,8 @@ PORT_FTP, /* defport */ CURLPROTO_FTP, /* protocol */ PROTOPT_DUAL | PROTOPT_CLOSEACTION | PROTOPT_NEEDSPWD | - PROTOPT_NOURLQUERY | PROTOPT_PROXY_AS_HTTP /* flags */ + PROTOPT_NOURLQUERY | PROTOPT_PROXY_AS_HTTP | + PROTOPT_WILDCARD /* flags */ }; @@ -210,7 +211,7 @@ PORT_FTPS, /* defport */ CURLPROTO_FTPS, /* protocol */ PROTOPT_SSL | PROTOPT_DUAL | PROTOPT_CLOSEACTION | - PROTOPT_NEEDSPWD | PROTOPT_NOURLQUERY /* flags */ + PROTOPT_NEEDSPWD | PROTOPT_NOURLQUERY | PROTOPT_WILDCARD /* flags */ }; #endif @@ -239,9 +240,9 @@ { int i; if(ftpc->dirs) { - for(i=0; i < ftpc->dirdepth; i++) { + for(i = 0; i < ftpc->dirdepth; i++) { free(ftpc->dirs[i]); - ftpc->dirs[i]=NULL; + ftpc->dirs[i] = NULL; } free(ftpc->dirs); ftpc->dirs = NULL; @@ -288,7 +289,7 @@ if(0 == getsockname(sock, (struct sockaddr *) &add, &size)) { size = sizeof(add); - s=accept(sock, (struct sockaddr *) &add, &size); + s = accept(sock, (struct sockaddr *) &add, &size); } Curl_closesocket(conn, sock); /* close the first socket */ @@ -332,16 +333,16 @@ * Curl_pgrsTime(..., TIMER_STARTACCEPT); * */ -static time_t ftp_timeleft_accept(struct Curl_easy *data) +static timediff_t ftp_timeleft_accept(struct Curl_easy *data) { - time_t timeout_ms = DEFAULT_ACCEPT_TIMEOUT; - time_t other; + timediff_t timeout_ms = DEFAULT_ACCEPT_TIMEOUT; + timediff_t other; struct curltime now; if(data->set.accepttimeout > 0) timeout_ms = data->set.accepttimeout; - now = Curl_tvnow(); + now = Curl_now(); /* check if the generic timeout possibly is set shorter */ other = Curl_timeleft(data, &now, FALSE); @@ -351,7 +352,7 @@ timeout_ms = other; else { /* subtract elapsed time */ - timeout_ms -= Curl_tvdiff(now, data->progress.t_acceptdata); + timeout_ms -= Curl_timediff(now, data->progress.t_acceptdata); if(!timeout_ms) /* avoid returning 0 as that means no timeout! */ return -1; @@ -457,7 +458,7 @@ } if(conn->proto.ftpc.state_saved == FTP_STOR) { - *(ftp->bytecountp)=0; + *(ftp->bytecountp) = 0; /* When we know we're uploading a specified file, we can get the file size prior to the actual upload. */ @@ -592,7 +593,7 @@ #endif /* store the latest code for later retrieval */ - data->info.httpcode=code; + data->info.httpcode = code; if(ftpcode) *ftpcode = code; @@ -640,8 +641,8 @@ struct ftp_conn *ftpc = &conn->proto.ftpc; struct pingpong *pp = &ftpc->pp; size_t nread; - int cache_skip=0; - int value_to_be_ignored=0; + int cache_skip = 0; + int value_to_be_ignored = 0; if(ftpcode) *ftpcode = 0; /* 0 for errors */ @@ -649,13 +650,13 @@ /* make the pointer point to something for the rest of this function */ ftpcode = &value_to_be_ignored; - *nreadp=0; + *nreadp = 0; while(!*ftpcode && !result) { /* check and reset timeout value every lap */ timeout = Curl_pp_state_timeout(pp); - if(timeout <=0) { + if(timeout <= 0) { failf(data, "FTP response timeout"); return CURLE_OPERATION_TIMEDOUT; /* already too little time */ } @@ -713,7 +714,7 @@ else /* when we got data or there is no cache left, we reset the cache skip counter */ - cache_skip=0; + cache_skip = 0; *nreadp += nread; @@ -848,7 +849,7 @@ int i; /* PORT is used to tell the server to connect to us, and during that we don't do happy eyeballs, but we do if we connect to the server */ - for(s=1, i=0; i<2; i++) { + for(s = 1, i = 0; i<2; i++) { if(conn->tempsock[i] != CURL_SOCKET_BAD) { socks[s] = conn->tempsock[i]; bits |= GETSOCK_WRITESOCK(s++); @@ -885,7 +886,7 @@ /* count3 is set to allow a MKD to fail once. In the case when first CWD fails and then MKD fails (due to another session raced it to create the dir) this then allows for a second try to CWD to it */ - ftpc->count3 = (conn->data->set.ftp_create_missing_dirs==2)?1:0; + ftpc->count3 = (conn->data->set.ftp_create_missing_dirs == 2)?1:0; if((conn->data->set.ftp_filemethod == FTPFILE_NOCWD) && !ftpc->cwdcount) /* No CWD necessary */ @@ -928,15 +929,15 @@ { CURLcode result = CURLE_OK; struct ftp_conn *ftpc = &conn->proto.ftpc; - struct Curl_easy *data=conn->data; - curl_socket_t portsock= CURL_SOCKET_BAD; + struct Curl_easy *data = conn->data; + curl_socket_t portsock = CURL_SOCKET_BAD; char myhost[256] = ""; struct Curl_sockaddr_storage ss; Curl_addrinfo *res, *ai; curl_socklen_t sslen; char hbuf[NI_MAXHOST]; - struct sockaddr *sa=(struct sockaddr *)&ss; + struct sockaddr *sa = (struct sockaddr *)&ss; struct sockaddr_in * const sa4 = (void *)sa; #ifdef ENABLE_IPV6 struct sockaddr_in6 * const sa6 = (void *)sa; @@ -947,7 +948,7 @@ int error; char *host = NULL; char *string_ftpport = data->set.str[STRING_FTPPORT]; - struct Curl_dns_entry *h=NULL; + struct Curl_dns_entry *h = NULL; unsigned short port_min = 0; unsigned short port_max = 0; unsigned short port; @@ -975,7 +976,7 @@ char *port_start = NULL; char *port_sep = NULL; - addr = calloc(addrlen+1, 1); + addr = calloc(addrlen + 1, 1); if(!addr) return CURLE_OUT_OF_MEMORY; @@ -1018,7 +1019,7 @@ if(ip_end != NULL) { port_start = strchr(ip_end, ':'); if(port_start) { - port_min = curlx_ultous(strtoul(port_start+1, NULL, 10)); + port_min = curlx_ultous(strtoul(port_start + 1, NULL, 10)); port_sep = strchr(port_start, '-'); if(port_sep) { port_max = curlx_ultous(strtoul(port_sep + 1, NULL, 10)); @@ -1262,7 +1263,7 @@ /* translate x.x.x.x to x,x,x,x */ while(source && *source) { if(*source == '.') - *dest=','; + *dest = ','; else *dest = *source; dest++; @@ -1457,25 +1458,22 @@ then just do LIST (in that case: nothing to do here) */ char *cmd, *lstArg, *slashPos; + const char *inpath = data->state.path; lstArg = NULL; if((data->set.ftp_filemethod == FTPFILE_NOCWD) && - data->state.path && - data->state.path[0] && - strchr(data->state.path, '/')) { - - lstArg = strdup(data->state.path); - if(!lstArg) - return CURLE_OUT_OF_MEMORY; + inpath && inpath[0] && strchr(inpath, '/')) { + size_t n = strlen(inpath); /* Check if path does not end with /, as then we cut off the file part */ - if(lstArg[strlen(lstArg) - 1] != '/') { - + if(inpath[n - 1] != '/') { /* chop off the file part if format is dir/dir/file */ - slashPos = strrchr(lstArg, '/'); - if(slashPos) - *(slashPos+1) = '\0'; + slashPos = strrchr(inpath, '/'); + n = slashPos - inpath; } + result = Curl_urldecode(data, inpath, n, &lstArg, NULL, FALSE); + if(result) + return result; } cmd = aprintf("%s%s%s", @@ -1622,7 +1620,7 @@ } if(seekerr != CURL_SEEKFUNC_OK) { - curl_off_t passed=0; + curl_off_t passed = 0; if(seekerr != CURL_SEEKFUNC_CANTSEEK) { failf(data, "Could not seek stream"); return CURLE_FTP_COULDNT_USE_REST; @@ -1684,7 +1682,7 @@ struct Curl_easy *data = conn->data; struct FTP *ftp = data->req.protop; struct ftp_conn *ftpc = &conn->proto.ftpc; - bool quote=FALSE; + bool quote = FALSE; struct curl_slist *item; switch(instate) { @@ -1821,11 +1819,11 @@ { struct ftp_conn *ftpc = &conn->proto.ftpc; CURLcode result; - struct Curl_easy *data=conn->data; - struct Curl_dns_entry *addr=NULL; + struct Curl_easy *data = conn->data; + struct Curl_dns_entry *addr = NULL; int rc; unsigned short connectport; /* the local port connect() should use! */ - char *str=&data->state.buffer[4]; /* start on the first letter */ + char *str = &data->state.buffer[4]; /* start on the first letter */ /* if we come here again, make sure the former name is cleared */ Curl_safefree(ftpc->newhost); @@ -1849,9 +1847,9 @@ /* The four separators should be identical, or else this is an oddly formatted reply and we bail out immediately. */ - for(i=1; i<4; i++) { + for(i = 1; i<4; i++) { if(separator[i] != sep1) { - ptr=NULL; /* set to NULL to signal error */ + ptr = NULL; /* set to NULL to signal error */ break; } } @@ -1867,7 +1865,7 @@ } } else - ptr=NULL; + ptr = NULL; } if(!ptr) { failf(data, "Weirdly formatted EPSV reply"); @@ -1877,8 +1875,8 @@ else if((ftpc->count1 == 1) && (ftpcode == 227)) { /* positive PASV response */ - int ip[4]; - int port[2]; + unsigned int ip[4]; + unsigned int port[2]; /* * Scan for a sequence of six comma-separated numbers and use them as @@ -1890,14 +1888,15 @@ * "227 Entering passive mode. 127,0,0,1,4,51" */ while(*str) { - if(6 == sscanf(str, "%d,%d,%d,%d,%d,%d", + if(6 == sscanf(str, "%u,%u,%u,%u,%u,%u", &ip[0], &ip[1], &ip[2], &ip[3], &port[0], &port[1])) break; str++; } - if(!*str) { + if(!*str || (ip[0] > 255) || (ip[1] > 255) || (ip[2] > 255) || + (ip[3] > 255) || (port[0] > 255) || (port[1] > 255) ) { failf(data, "Couldn't interpret the 227-response"); return CURLE_FTP_WEIRD_227_FORMAT; } @@ -2041,7 +2040,7 @@ int ftpcode) { CURLcode result = CURLE_OK; - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; struct FTP *ftp = data->req.protop; struct ftp_conn *ftpc = &conn->proto.ftpc; @@ -2055,7 +2054,7 @@ &year, &month, &day, &hour, &minute, &second)) { /* we have a time, reformat it */ char timebuf[24]; - time_t secs=time(NULL); + time_t secs = time(NULL); snprintf(timebuf, sizeof(timebuf), "%04d%02d%02d %02d:%02d:%02d GMT", @@ -2071,7 +2070,7 @@ if(data->set.opt_no_body && ftpc->file && data->set.get_filetime && - (data->info.filetime>=0) ) { + (data->info.filetime >= 0) ) { char headerbuf[128]; time_t filetime = (time_t)data->info.filetime; struct tm buffer; @@ -2147,7 +2146,7 @@ ftpstate instate) { CURLcode result = CURLE_OK; - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; if(ftpcode/100 != 2) { /* "sasserftpd" and "(u)r(x)bot ftpd" both responds with 226 after a @@ -2176,7 +2175,7 @@ curl_off_t filesize) { CURLcode result = CURLE_OK; - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; struct FTP *ftp = data->req.protop; struct ftp_conn *ftpc = &conn->proto.ftpc; @@ -2259,12 +2258,14 @@ ftpstate instate) { CURLcode result = CURLE_OK; - struct Curl_easy *data=conn->data; - curl_off_t filesize; + struct Curl_easy *data = conn->data; + curl_off_t filesize = -1; char *buf = data->state.buffer; /* get the size from the ascii string: */ - filesize = (ftpcode == 213)?curlx_strtoofft(buf+4, NULL, 0):-1; + if(ftpcode == 213) + /* ignores parsing errors, which will make the size remain unknown */ + (void)curlx_strtoofft(buf + 4, NULL, 0, &filesize); if(instate == FTP_SIZE) { #ifdef CURL_FTP_HTTPSTYLE_HEAD @@ -2334,7 +2335,7 @@ CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; - if(ftpcode>=400) { + if(ftpcode >= 400) { failf(data, "Failed FTP upload: %0d", ftpcode); state(conn, FTP_STOP); /* oops, we never close the sockets! */ @@ -2392,7 +2393,7 @@ E: 125 Data connection already open; Transfer starting. */ - curl_off_t size=-1; /* default unknown size */ + curl_off_t size = -1; /* default unknown size */ /* @@ -2416,9 +2417,9 @@ * Example D above makes this parsing a little tricky */ char *bytes; char *buf = data->state.buffer; - bytes=strstr(buf, " bytes"); - if(bytes--) { - long in=(long)(bytes-buf); + bytes = strstr(buf, " bytes"); + if(bytes) { + long in = (long)(--bytes-buf); /* this is a hint there is size information in there! ;-) */ while(--in) { /* scan for the left parenthesis and break there */ @@ -2426,7 +2427,7 @@ break; /* skip only digits */ if(!ISDIGIT(*bytes)) { - bytes=NULL; + bytes = NULL; break; } /* one more estep backwards */ @@ -2435,7 +2436,7 @@ /* if we have nothing but digits: */ if(bytes++) { /* get the number! */ - size = curlx_strtoofft(bytes, NULL, 0); + (void)curlx_strtoofft(bytes, NULL, 0, &size); } } } @@ -2598,7 +2599,7 @@ { CURLcode result; curl_socket_t sock = conn->sock[FIRSTSOCKET]; - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; int ftpcode; struct ftp_conn *ftpc = &conn->proto.ftpc; struct pingpong *pp = &ftpc->pp; @@ -2650,7 +2651,7 @@ /* We don't have a SSL/TLS connection yet, but FTPS is requested. Try a FTPS connection now */ - ftpc->count3=0; + ftpc->count3 = 0; switch(data->set.ftpsslauth) { case CURLFTPAUTH_DEFAULT: case CURLFTPAUTH_SSL: @@ -2773,10 +2774,11 @@ case FTP_PWD: if(ftpcode == 257) { - char *ptr=&data->state.buffer[4]; /* start on the first letter */ + char *ptr = &data->state.buffer[4]; /* start on the first letter */ const size_t buf_size = data->set.buffer_size; char *dir; char *store; + bool entry_extracted = FALSE; dir = malloc(nread + 1); if(!dir) @@ -2808,7 +2810,7 @@ } else { /* end of path */ - *store = '\0'; /* zero terminate */ + entry_extracted = TRUE; break; /* get out of this loop */ } } @@ -2817,7 +2819,9 @@ store++; ptr++; } - + *store = '\0'; /* zero terminate */ + } + if(entry_extracted) { /* If the path name does not look like an absolute path (i.e.: it does not start with a '/'), we probably need some server-dependent adjustments. For example, this is the case when connecting to @@ -2864,7 +2868,7 @@ case FTP_SYST: if(ftpcode == 215) { - char *ptr=&data->state.buffer[4]; /* start on the first letter */ + char *ptr = &data->state.buffer[4]; /* start on the first letter */ char *os; char *store; @@ -2955,7 +2959,7 @@ } else { /* success */ - ftpc->count2=0; + ftpc->count2 = 0; if(++ftpc->cwdcount <= ftpc->dirdepth) { /* send next CWD */ PPSENDF(&ftpc->pp, "CWD %s", ftpc->dirs[ftpc->cwdcount - 1]); @@ -3174,7 +3178,7 @@ /* now store a copy of the directory we are in */ free(ftpc->prevpath); - if(data->set.wildcardmatch) { + if(data->state.wildcardmatch) { if(data->set.chunk_end && ftpc->file) { data->set.chunk_end(data->wildcard.customptr); } @@ -3195,15 +3199,16 @@ size_t flen = ftpc->file?strlen(ftpc->file):0; /* file is "raw" already */ size_t dlen = strlen(path)-flen; if(!ftpc->cwdfail) { + ftpc->prevmethod = data->set.ftp_filemethod; if(dlen && (data->set.ftp_filemethod != FTPFILE_NOCWD)) { ftpc->prevpath = path; if(flen) /* if 'path' is not the whole string */ - ftpc->prevpath[dlen]=0; /* terminate */ + ftpc->prevpath[dlen] = 0; /* terminate */ } else { /* we never changed dir */ - ftpc->prevpath=strdup(""); + ftpc->prevpath = strdup(""); free(path); } if(ftpc->prevpath) @@ -3257,7 +3262,7 @@ long old_time = pp->response_time; pp->response_time = 60*1000; /* give it only a minute for now */ - pp->response = Curl_tvnow(); /* timeout relative now */ + pp->response = Curl_now(); /* timeout relative now */ result = Curl_GetFTPResponse(&nread, conn, &ftpcode); @@ -3377,7 +3382,7 @@ PPSENDF(&conn->proto.ftpc.pp, "%s", cmd); - pp->response = Curl_tvnow(); /* timeout relative now */ + pp->response = Curl_now(); /* timeout relative now */ result = Curl_GetFTPResponse(&nread, conn, &ftpcode); if(result) @@ -3466,35 +3471,36 @@ { curl_off_t from, to; char *ptr; - char *ptr2; struct Curl_easy *data = conn->data; struct ftp_conn *ftpc = &conn->proto.ftpc; if(data->state.use_range && data->state.range) { - from=curlx_strtoofft(data->state.range, &ptr, 0); - while(*ptr && (ISSPACE(*ptr) || (*ptr=='-'))) + CURLofft from_t; + CURLofft to_t; + from_t = curlx_strtoofft(data->state.range, &ptr, 0, &from); + if(from_t == CURL_OFFT_FLOW) + return CURLE_RANGE_ERROR; + while(*ptr && (ISSPACE(*ptr) || (*ptr == '-'))) ptr++; - to=curlx_strtoofft(ptr, &ptr2, 0); - if(ptr == ptr2) { - /* we didn't get any digit */ - to=-1; - } - if((-1 == to) && (from>=0)) { + to_t = curlx_strtoofft(ptr, NULL, 0, &to); + if(to_t == CURL_OFFT_FLOW) + return CURLE_RANGE_ERROR; + if((to_t == CURL_OFFT_INVAL) && !from_t) { /* X - */ data->state.resume_from = from; DEBUGF(infof(conn->data, "FTP RANGE %" CURL_FORMAT_CURL_OFF_T " to end of file\n", from)); } - else if(from < 0) { + else if(!to_t && (from_t == CURL_OFFT_INVAL)) { /* -Y */ - data->req.maxdownload = -from; - data->state.resume_from = from; + data->req.maxdownload = to; + data->state.resume_from = -to; DEBUGF(infof(conn->data, "FTP RANGE the last %" CURL_FORMAT_CURL_OFF_T - " bytes\n", -from)); + " bytes\n", to)); } else { /* X-Y */ - data->req.maxdownload = (to-from)+1; /* include last byte */ + data->req.maxdownload = (to - from) + 1; /* include last byte */ data->state.resume_from = from; DEBUGF(infof(conn->data, "FTP RANGE from %" CURL_FORMAT_CURL_OFF_T " getting %" CURL_FORMAT_CURL_OFF_T " bytes\n", @@ -3525,7 +3531,7 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep) { - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; struct ftp_conn *ftpc = &conn->proto.ftpc; CURLcode result = CURLE_OK; bool connected = FALSE; @@ -3692,7 +3698,7 @@ bool *dophase_done) { /* this is FTP and no proxy */ - CURLcode result=CURLE_OK; + CURLcode result = CURLE_OK; DEBUGF(infof(conn->data, "DO phase starts\n")); @@ -3957,7 +3963,7 @@ *done = FALSE; /* default to false */ ftpc->wait_data_conn = FALSE; /* default to no such wait */ - if(conn->data->set.wildcardmatch) { + if(conn->data->state.wildcardmatch) { result = wc_statemach(conn); if(conn->data->wildcard.state == CURLWC_SKIP || conn->data->wildcard.state == CURLWC_DONE) { @@ -3985,7 +3991,7 @@ #define SBUF_SIZE 1024 char s[SBUF_SIZE]; size_t write_len; - char *sptr=s; + char *sptr = s; CURLcode result = CURLE_OK; #ifdef HAVE_GSSAPI enum protection_level data_sec = conn->data_prot; @@ -3996,9 +4002,8 @@ return CURLE_BAD_FUNCTION_ARGUMENT; strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */ - write_len +=2; - - bytes_written=0; + write_len += 2; + bytes_written = 0; result = Curl_convert_to_network(conn->data, s, write_len); /* Curl_convert_to_network calls failf if unsuccessful */ @@ -4076,7 +4081,7 @@ */ static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection) { - struct ftp_conn *ftpc= &conn->proto.ftpc; + struct ftp_conn *ftpc = &conn->proto.ftpc; struct pingpong *pp = &ftpc->pp; /* We cannot send quit unconditionally. If this connection is stale or @@ -4172,7 +4177,7 @@ ftpc->dirdepth = 0; break; } - slash_pos=strrchr(cur_pos, '/'); + slash_pos = strrchr(cur_pos, '/'); if(slash_pos || !*cur_pos) { size_t dirlen = slash_pos-cur_pos; CURLcode result; @@ -4193,7 +4198,7 @@ return result; } ftpc->dirdepth = 1; /* we consider it to be a single dir */ - filename = slash_pos ? slash_pos+1 : cur_pos; /* rest is file name */ + filename = slash_pos ? slash_pos + 1 : cur_pos; /* rest is file name */ } else filename = cur_pos; /* this is a file name only */ @@ -4277,8 +4282,8 @@ } } else - ftpc->file=NULL; /* instead of point to a zero byte, we make it a NULL - pointer */ + ftpc->file = NULL; /* instead of point to a zero byte, we make it a NULL + pointer */ if(data->set.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) { /* We need a file name when uploading. Return error! */ @@ -4302,7 +4307,8 @@ dlen -= ftpc->file?strlen(ftpc->file):0; if((dlen == strlen(ftpc->prevpath)) && - !strncmp(path, ftpc->prevpath, dlen)) { + !strncmp(path, ftpc->prevpath, dlen) && + (ftpc->prevmethod == data->set.ftp_filemethod)) { infof(data, "Request has same path as previous transfer\n"); ftpc->cwddone = TRUE; } @@ -4373,8 +4379,8 @@ CURLcode ftp_regular_transfer(struct connectdata *conn, bool *dophase_done) { - CURLcode result=CURLE_OK; - bool connected=FALSE; + CURLcode result = CURLE_OK; + bool connected = FALSE; struct Curl_easy *data = conn->data; struct ftp_conn *ftpc = &conn->proto.ftpc; data->req.size = -1; /* make sure this is unknown at this point */ diff -Nru curl-7.55.1/lib/ftp.h curl-7.57.0/lib/ftp.h --- curl-7.55.1/lib/ftp.h 2017-08-12 13:00:31.000000000 +0000 +++ curl-7.57.0/lib/ftp.h 2017-11-09 22:40:36.000000000 +0000 @@ -135,6 +135,7 @@ caching the current directory */ bool wait_data_conn; /* this is set TRUE if data connection is waited */ char *prevpath; /* conn->path from the previous transfer */ + curl_ftpfile prevmethod; /* ftp method in previous transfer */ char transfertype; /* set by ftp_transfertype for use by Curl_client_write()a and others (A/I or zero) */ int count1; /* general purpose counter for the state machine */ diff -Nru curl-7.55.1/lib/ftplistparser.c curl-7.57.0/lib/ftplistparser.c --- curl-7.55.1/lib/ftplistparser.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/ftplistparser.c 2017-11-26 13:19:01.000000000 +0000 @@ -264,16 +264,6 @@ return permissions; } -static void PL_ERROR(struct connectdata *conn, CURLcode err) -{ - struct ftp_wc_tmpdata *tmpdata = conn->data->wildcard.tmp; - struct ftp_parselist_data *parser = tmpdata->parser; - if(parser->file_data) - Curl_fileinfo_dtor(NULL, parser->file_data); - parser->file_data = NULL; - parser->error = err; -} - static CURLcode ftp_pl_insert_finfo(struct connectdata *conn, struct fileinfo *infop) { @@ -338,6 +328,7 @@ struct curl_fileinfo *finfo; unsigned long i = 0; CURLcode result; + size_t retsize = bufflen; if(parser->error) { /* error in previous call */ /* scenario: @@ -346,7 +337,7 @@ * 3. (last) call => is skipped RIGHT HERE and the error is hadled later * in wc_statemach() */ - return bufflen; + goto fail; } if(parser->os_type == OS_TYPE_UNKNOWN && bufflen > 0) { @@ -362,12 +353,12 @@ parser->file_data = Curl_fileinfo_alloc(); if(!parser->file_data) { parser->error = CURLE_OUT_OF_MEMORY; - return bufflen; + goto fail; } parser->file_data->info.b_data = malloc(FTP_BUFFER_ALLOCSIZE); if(!parser->file_data->info.b_data) { - PL_ERROR(conn, CURLE_OUT_OF_MEMORY); - return bufflen; + parser->error = CURLE_OUT_OF_MEMORY; + goto fail; } parser->file_data->info.b_size = FTP_BUFFER_ALLOCSIZE; parser->item_offset = 0; @@ -390,8 +381,7 @@ Curl_fileinfo_dtor(NULL, parser->file_data); parser->file_data = NULL; parser->error = CURLE_OUT_OF_MEMORY; - PL_ERROR(conn, CURLE_OUT_OF_MEMORY); - return bufflen; + goto fail; } } @@ -421,7 +411,7 @@ else if(c == '\n') { finfo->b_data[parser->item_length - 1] = 0; if(strncmp("total ", finfo->b_data, 6) == 0) { - char *endptr = finfo->b_data+6; + char *endptr = finfo->b_data + 6; /* here we can deal with directory size, pass the leading white spaces and then the digits */ while(ISSPACE(*endptr)) @@ -429,15 +419,15 @@ while(ISDIGIT(*endptr)) endptr++; if(*endptr != 0) { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } parser->state.UNIX.main = PL_UNIX_FILETYPE; finfo->b_used = 0; } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } } break; @@ -470,8 +460,8 @@ finfo->filetype = CURLFILETYPE_DOOR; break; default: - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } parser->state.UNIX.main = PL_UNIX_PERMISSION; parser->item_length = 0; @@ -481,21 +471,21 @@ parser->item_length++; if(parser->item_length <= 9) { if(!strchr("rwx-tTsS", c)) { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } } else if(parser->item_length == 10) { unsigned int perm; if(c != ' ') { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } finfo->b_data[10] = 0; /* terminate permissions */ perm = ftp_pl_get_permission(finfo->b_data + parser->item_offset); if(perm & FTP_LP_MALFORMATED_PERM) { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } parser->file_data->info.flags |= CURLFINFOFLAG_KNOWN_PERM; parser->file_data->info.perm = perm; @@ -516,8 +506,8 @@ parser->state.UNIX.sub.hlinks = PL_UNIX_HLINKS_NUMBER; } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } } break; @@ -538,8 +528,8 @@ parser->state.UNIX.sub.user = PL_UNIX_USER_PRESPACE; } else if(c < '0' || c > '9') { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; } @@ -598,8 +588,8 @@ parser->state.UNIX.sub.size = PL_UNIX_SIZE_NUMBER; } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } } break; @@ -609,20 +599,22 @@ char *p; curl_off_t fsize; finfo->b_data[parser->item_offset + parser->item_length - 1] = 0; - fsize = curlx_strtoofft(finfo->b_data+parser->item_offset, &p, 10); - if(p[0] == '\0' && fsize != CURL_OFF_T_MAX && - fsize != CURL_OFF_T_MIN) { - parser->file_data->info.flags |= CURLFINFOFLAG_KNOWN_SIZE; - parser->file_data->info.size = fsize; + if(!curlx_strtoofft(finfo->b_data + parser->item_offset, + &p, 10, &fsize)) { + if(p[0] == '\0' && fsize != CURL_OFF_T_MAX && + fsize != CURL_OFF_T_MIN) { + parser->file_data->info.flags |= CURLFINFOFLAG_KNOWN_SIZE; + parser->file_data->info.size = fsize; + } + parser->item_length = 0; + parser->item_offset = 0; + parser->state.UNIX.main = PL_UNIX_TIME; + parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART1; } - parser->item_length = 0; - parser->item_offset = 0; - parser->state.UNIX.main = PL_UNIX_TIME; - parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART1; } else if(!ISDIGIT(c)) { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; } @@ -637,8 +629,8 @@ parser->state.UNIX.sub.time = PL_UNIX_TIME_PART1; } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } } break; @@ -648,8 +640,8 @@ parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART2; } else if(!ISALNUM(c) && c != '.') { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; case PL_UNIX_TIME_PREPART2: @@ -659,8 +651,8 @@ parser->state.UNIX.sub.time = PL_UNIX_TIME_PART2; } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } } break; @@ -670,8 +662,8 @@ parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART3; } else if(!ISALNUM(c) && c != '.') { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; case PL_UNIX_TIME_PREPART3: @@ -681,8 +673,8 @@ parser->state.UNIX.sub.time = PL_UNIX_TIME_PART3; } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } } break; @@ -706,8 +698,8 @@ } } else if(!ISALNUM(c) && c != '.' && c != ':') { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; } @@ -732,8 +724,8 @@ parser->state.UNIX.main = PL_UNIX_FILETYPE; result = ftp_pl_insert_finfo(conn, infop); if(result) { - PL_ERROR(conn, result); - return bufflen; + parser->error = result; + goto fail; } } break; @@ -744,13 +736,13 @@ parser->state.UNIX.main = PL_UNIX_FILETYPE; result = ftp_pl_insert_finfo(conn, infop); if(result) { - PL_ERROR(conn, result); - return bufflen; + parser->error = result; + goto fail; } } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; } @@ -770,8 +762,8 @@ parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRETARGET1; } else if(c == '\r' || c == '\n') { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; case PL_UNIX_SYMLINK_PRETARGET1: @@ -780,8 +772,8 @@ parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRETARGET2; } else if(c == '\r' || c == '\n') { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } else { parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME; @@ -793,8 +785,8 @@ parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRETARGET3; } else if(c == '\r' || c == '\n') { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } else { parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME; @@ -811,8 +803,8 @@ parser->item_offset = 0; } else if(c == '\r' || c == '\n') { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } else { parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME; @@ -825,8 +817,8 @@ parser->item_length = 1; } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; case PL_UNIX_SYMLINK_TARGET: @@ -839,8 +831,8 @@ parser->offsets.symlink_target = parser->item_offset; result = ftp_pl_insert_finfo(conn, infop); if(result) { - PL_ERROR(conn, result); - return bufflen; + parser->error = result; + goto fail; } parser->state.UNIX.main = PL_UNIX_FILETYPE; } @@ -851,14 +843,14 @@ parser->offsets.symlink_target = parser->item_offset; result = ftp_pl_insert_finfo(conn, infop); if(result) { - PL_ERROR(conn, result); - return bufflen; + parser->error = result; + goto fail; } parser->state.UNIX.main = PL_UNIX_FILETYPE; } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; } @@ -871,8 +863,8 @@ parser->item_length++; if(parser->item_length < 9) { if(!strchr("0123456789-", c)) { /* only simple control */ - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } } else if(parser->item_length == 9) { @@ -881,13 +873,13 @@ parser->state.NT.sub.time = PL_WINNT_TIME_PRESPACE; } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; case PL_WINNT_TIME: @@ -907,8 +899,8 @@ parser->item_length = 0; } else if(!strchr("APM0123456789:", c)) { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; } @@ -935,21 +927,11 @@ } else { char *endptr; - finfo->size = curlx_strtoofft(finfo->b_data + - parser->item_offset, - &endptr, 10); - if(!*endptr) { - if(finfo->size == CURL_OFF_T_MAX || - finfo->size == CURL_OFF_T_MIN) { - if(errno == ERANGE) { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; - } - } - } - else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + if(curlx_strtoofft(finfo->b_data + + parser->item_offset, + &endptr, 10, &finfo->size)) { + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } /* correct file type */ parser->file_data->info.filetype = CURLFILETYPE_FILE; @@ -984,8 +966,8 @@ parser->offsets.filename = parser->item_offset; result = ftp_pl_insert_finfo(conn, infop); if(result) { - PL_ERROR(conn, result); - return bufflen; + parser->error = result; + goto fail; } parser->state.NT.main = PL_WINNT_DATE; parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE; @@ -996,15 +978,15 @@ parser->offsets.filename = parser->item_offset; result = ftp_pl_insert_finfo(conn, infop); if(result) { - PL_ERROR(conn, result); - return bufflen; + parser->error = result; + goto fail; } parser->state.NT.main = PL_WINNT_DATE; parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE; } else { - PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); - return bufflen; + parser->error = CURLE_FTP_BAD_FILE_LIST; + goto fail; } break; } @@ -1012,13 +994,22 @@ } break; default: - return bufflen + 1; + retsize = bufflen + 1; + goto fail; } i++; } - return bufflen; +fail: + + /* Clean up any allocated memory. */ + if(parser->file_data) { + Curl_fileinfo_dtor(NULL, parser->file_data); + parser->file_data = NULL; + } + + return retsize; } #endif /* CURL_DISABLE_FTP */ diff -Nru curl-7.55.1/lib/getinfo.c curl-7.57.0/lib/getinfo.c --- curl-7.55.1/lib/getinfo.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/getinfo.c 2017-11-09 22:40:36.000000000 +0000 @@ -54,6 +54,7 @@ pro->t_starttransfer = 0; pro->timespent = 0; pro->t_redirect = 0; + pro->is_t_startransfer_set = false; info->httpcode = 0; info->httpproxycode = 0; @@ -359,46 +360,25 @@ struct curl_tlssessioninfo **tsip = (struct curl_tlssessioninfo **) param_slistp; struct curl_tlssessioninfo *tsi = &data->tsi; +#ifdef USE_SSL struct connectdata *conn = data->easy_conn; +#endif *tsip = tsi; tsi->backend = Curl_ssl_backend(); tsi->internals = NULL; +#ifdef USE_SSL if(conn && tsi->backend != CURLSSLBACKEND_NONE) { unsigned int i; for(i = 0; i < (sizeof(conn->ssl) / sizeof(conn->ssl[0])); ++i) { if(conn->ssl[i].use) { -#if defined(USE_AXTLS) - tsi->internals = (void *)conn->ssl[i].ssl; -#elif defined(USE_CYASSL) - tsi->internals = (void *)conn->ssl[i].handle; -#elif defined(USE_DARWINSSL) - tsi->internals = (void *)conn->ssl[i].ssl_ctx; -#elif defined(USE_GNUTLS) - tsi->internals = (void *)conn->ssl[i].session; -#elif defined(USE_GSKIT) - tsi->internals = (void *)conn->ssl[i].handle; -#elif defined(USE_MBEDTLS) - tsi->internals = (void *)&conn->ssl[i].ssl; -#elif defined(USE_NSS) - tsi->internals = (void *)conn->ssl[i].handle; -#elif defined(USE_OPENSSL) - /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */ - tsi->internals = ((info == CURLINFO_TLS_SESSION) ? - (void *)conn->ssl[i].ctx : - (void *)conn->ssl[i].handle); -#elif defined(USE_POLARSSL) - tsi->internals = (void *)&conn->ssl[i].ssl; -#elif defined(USE_SCHANNEL) - tsi->internals = (void *)&conn->ssl[i].ctxt->ctxt_handle; -#elif defined(USE_SSL) -#error "SSL backend specific information missing for CURLINFO_TLS_SSL_PTR" -#endif + tsi->internals = Curl_ssl->get_internals(&conn->ssl[i], info); break; } } } +#endif } break; default: diff -Nru curl-7.55.1/lib/gopher.c curl-7.57.0/lib/gopher.c --- curl-7.55.1/lib/gopher.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/gopher.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -73,8 +73,8 @@ static CURLcode gopher_do(struct connectdata *conn, bool *done) { - CURLcode result=CURLE_OK; - struct Curl_easy *data=conn->data; + CURLcode result = CURLE_OK; + struct Curl_easy *data = conn->data; curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; curl_off_t *bytecount = &data->req.bytecount; @@ -97,11 +97,11 @@ /* Otherwise, drop / and the first character (i.e., item type) ... */ newp = path; - newp+=2; + newp += 2; /* ... then turn ? into TAB for search servers, Veronica, etc. ... */ j = strlen(newp); - for(i=0; icurrent_element) { - for(i = iter->slot_index;i < h->slots;i++) { + for(i = iter->slot_index; i < h->slots; i++) { if(h->table[i].head) { iter->current_element = h->table[i].head; - iter->slot_index = i+1; + iter->slot_index = i + 1; break; } } diff -Nru curl-7.55.1/lib/hostasyn.c curl-7.57.0/lib/hostasyn.c --- curl-7.55.1/lib/hostasyn.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/hostasyn.c 2017-11-26 13:19:01.000000000 +0000 @@ -22,6 +22,11 @@ #include "curl_setup.h" +/*********************************************************************** + * Only for builds using asynchronous name resolves + **********************************************************************/ +#ifdef CURLRES_ASYNCH + #ifdef HAVE_NETINET_IN_H #include #endif @@ -51,11 +56,6 @@ /* The last #include file should be: */ #include "memdebug.h" -/*********************************************************************** - * Only for builds using asynchronous name resolves - **********************************************************************/ -#ifdef CURLRES_ASYNCH - /* * Curl_addrinfo_callback() gets called by ares, gethostbyname_thread() * or getaddrinfo_thread() when we got the name resolved (or not!). diff -Nru curl-7.55.1/lib/hostcheck.c curl-7.57.0/lib/hostcheck.c --- curl-7.55.1/lib/hostcheck.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/hostcheck.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -73,10 +73,10 @@ /* normalize pattern and hostname by stripping off trailing dots */ size_t len = strlen(hostname); if(hostname[len-1]=='.') - hostname[len-1]=0; + hostname[len-1] = 0; len = strlen(pattern); if(pattern[len-1]=='.') - pattern[len-1]=0; + pattern[len-1] = 0; pattern_wildcard = strchr(pattern, '*'); if(pattern_wildcard == NULL) @@ -95,7 +95,7 @@ match. */ wildcard_enabled = 1; pattern_label_end = strchr(pattern, '.'); - if(pattern_label_end == NULL || strchr(pattern_label_end+1, '.') == NULL || + if(pattern_label_end == NULL || strchr(pattern_label_end + 1, '.') == NULL || pattern_wildcard > pattern_label_end || strncasecompare(pattern, "xn--", 4)) { wildcard_enabled = 0; @@ -116,9 +116,9 @@ return CURL_HOST_NOMATCH; prefixlen = pattern_wildcard - pattern; - suffixlen = pattern_label_end - (pattern_wildcard+1); + suffixlen = pattern_label_end - (pattern_wildcard + 1); return strncasecompare(pattern, hostname, prefixlen) && - strncasecompare(pattern_wildcard+1, hostname_label_end - suffixlen, + strncasecompare(pattern_wildcard + 1, hostname_label_end - suffixlen, suffixlen) ? CURL_HOST_MATCH : CURL_HOST_NOMATCH; } @@ -137,7 +137,7 @@ hostp = strdup(hostname); if(hostp) { if(hostmatch(hostp, matchp) == CURL_HOST_MATCH) - res= 1; + res = 1; free(hostp); } free(matchp); diff -Nru curl-7.55.1/lib/hostip4.c curl-7.57.0/lib/hostip4.c --- curl-7.55.1/lib/hostip4.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/hostip4.c 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,6 +22,11 @@ #include "curl_setup.h" +/*********************************************************************** + * Only for plain IPv4 builds + **********************************************************************/ +#ifdef CURLRES_IPV4 /* plain IPv4 code coming up */ + #ifdef HAVE_NETINET_IN_H #include #endif @@ -53,10 +58,6 @@ #include "curl_memory.h" #include "memdebug.h" -/*********************************************************************** - * Only for plain IPv4 builds - **********************************************************************/ -#ifdef CURLRES_IPV4 /* plain IPv4 code coming up */ /* * Curl_ipvalid() checks what CURL_IPRESOLVE_* requirements that might've * been set and returns TRUE if they are OK. @@ -249,7 +250,7 @@ */ if(CURL_HOSTENT_SIZE >= - (sizeof(struct hostent)+sizeof(struct hostent_data))) { + (sizeof(struct hostent) + sizeof(struct hostent_data))) { /* August 22nd, 2000: Albert Chin-A-Young brought an updated version * that should work! September 20: Richard Prescott worked on the buffer diff -Nru curl-7.55.1/lib/hostip6.c curl-7.57.0/lib/hostip6.c --- curl-7.55.1/lib/hostip6.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/hostip6.c 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,6 +22,11 @@ #include "curl_setup.h" +/*********************************************************************** + * Only for IPv6-enabled builds + **********************************************************************/ +#ifdef CURLRES_IPV6 + #ifdef HAVE_NETINET_IN_H #include #endif @@ -54,11 +59,6 @@ #include "curl_memory.h" #include "memdebug.h" -/*********************************************************************** - * Only for IPv6-enabled builds - **********************************************************************/ -#ifdef CURLRES_IPV6 - #if defined(CURLDEBUG) && defined(HAVE_GETNAMEINFO) /* These are strictly for memory tracing and are using the same style as the * family otherwise present in memdebug.c. I put these ones here since they @@ -212,7 +212,7 @@ if(port) { snprintf(sbuf, sizeof(sbuf), "%d", port); - sbufptr=sbuf; + sbufptr = sbuf; } error = Curl_getaddrinfo_ex(hostname, sbufptr, &hints, &res); diff -Nru curl-7.55.1/lib/hostip.c curl-7.57.0/lib/hostip.c --- curl-7.55.1/lib/hostip.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/hostip.c 2017-11-26 13:19:01.000000000 +0000 @@ -304,9 +304,9 @@ entry_len = strlen(entry_id); /* See if its already in our dns cache */ - dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len+1); + dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1); - if(dns && (data->set.dns_cache_timeout != -1)) { + if(dns && (data->set.dns_cache_timeout != -1)) { /* See whether the returned entry is stale. Done before we release lock */ struct hostcache_prune_data user; @@ -316,7 +316,7 @@ if(hostcache_timestamp_remove(&user, dns)) { infof(data, "Hostname in DNS cache was stale, zapped\n"); dns = NULL; /* the memory deallocation is being handled by the hash */ - Curl_hash_delete(data->dns.hostcache, entry_id, entry_len+1); + Curl_hash_delete(data->dns.hostcache, entry_id, entry_len + 1); } } @@ -403,7 +403,7 @@ dns->timestamp = 1; /* zero indicates CURLOPT_RESOLVE entry */ /* Store the resolved data in our DNS cache. */ - dns2 = Curl_hash_add(data->dns.hostcache, entry_id, entry_len+1, + dns2 = Curl_hash_add(data->dns.hostcache, entry_id, entry_len + 1, (void *)dns); if(!dns2) { free(dns); @@ -688,8 +688,8 @@ the time we spent until now! */ if(prev_alarm) { /* there was an alarm() set before us, now put it back */ - unsigned long elapsed_secs = (unsigned long) (Curl_tvdiff(Curl_tvnow(), - conn->created) / 1000); + timediff_t elapsed_secs = Curl_timediff(Curl_now(), + conn->created) / 1000; /* the alarm period is counted in even number of seconds */ unsigned long alarm_set = prev_alarm - elapsed_secs; @@ -778,7 +778,6 @@ { struct curl_slist *hostp; char hostname[256]; - char address[256]; int port; for(hostp = data->change.resolve; hostp; hostp = hostp->next) { @@ -807,7 +806,7 @@ Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); /* delete entry, ignore if it didn't exist */ - Curl_hash_delete(data->dns.hostcache, entry_id, entry_len+1); + Curl_hash_delete(data->dns.hostcache, entry_id, entry_len + 1); if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -820,6 +819,8 @@ Curl_addrinfo *addr; char *entry_id; size_t entry_len; + char buffer[256]; + char *address = &buffer[0]; if(3 != sscanf(hostp->data, "%255[^:]:%d:%255s", hostname, &port, address)) { @@ -828,6 +829,16 @@ continue; } + /* allow IP(v6) address within [brackets] */ + if(address[0] == '[') { + size_t alen = strlen(address); + if(address[alen-1] != ']') + /* it needs to also end with ] to be valid */ + continue; + address[alen-1] = 0; /* zero terminate there */ + address++; /* pass the open bracket */ + } + addr = Curl_str2addr(address, port); if(!addr) { infof(data, "Address in '%s' found illegal!\n", hostp->data); @@ -848,7 +859,7 @@ Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); /* See if its already in our dns cache */ - dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len+1); + dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1); /* free the allocated entry_id again */ free(entry_id); diff -Nru curl-7.55.1/lib/hostsyn.c curl-7.57.0/lib/hostsyn.c --- curl-7.55.1/lib/hostsyn.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/hostsyn.c 2017-11-26 13:19:01.000000000 +0000 @@ -22,6 +22,11 @@ #include "curl_setup.h" +/*********************************************************************** + * Only for builds using synchronous name resolves + **********************************************************************/ +#ifdef CURLRES_SYNCH + #ifdef HAVE_NETINET_IN_H #include #endif @@ -51,11 +56,6 @@ /* The last #include file should be: */ #include "memdebug.h" -/*********************************************************************** - * Only for builds using synchronous name resolves - **********************************************************************/ -#ifdef CURLRES_SYNCH - /* * Function provided by the resolver backend to set DNS servers to use. */ diff -Nru curl-7.55.1/lib/http2.c curl-7.57.0/lib/http2.c --- curl-7.55.1/lib/http2.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/http2.c 2017-11-26 13:19:01.000000000 +0000 @@ -32,7 +32,6 @@ #include "curl_base64.h" #include "strcase.h" #include "multiif.h" -#include "conncache.h" #include "url.h" #include "connect.h" #include "strtoofft.h" @@ -384,12 +383,12 @@ struct HTTP *stream = h->data->req.protop; size_t len = strlen(header); size_t i; - for(i=0; ipush_headers_used; i++) { + for(i = 0; ipush_headers_used; i++) { if(!strncmp(header, stream->push_headers[i], len)) { /* sub-match, make sure that it is followed by a colon */ if(stream->push_headers[i][len] != ':') continue; - return &stream->push_headers[i][len+1]; + return &stream->push_headers[i][len + 1]; } } } @@ -464,7 +463,7 @@ data->multi->push_userp); /* free the headers again */ - for(i=0; ipush_headers_used; i++) + for(i = 0; ipush_headers_used; i++) free(stream->push_headers[i]); free(stream->push_headers); stream->push_headers = NULL; @@ -1184,14 +1183,17 @@ httpc->local_settings_num); if(!binlen) { failf(conn->data, "nghttp2 unexpectedly failed on pack_settings_payload"); + Curl_add_buffer_free(req); return CURLE_FAILED_INIT; } conn->proto.httpc.binlen = binlen; result = Curl_base64url_encode(conn->data, (const char *)binsettings, binlen, &base64, &blen); - if(result) + if(result) { + Curl_add_buffer_free(req); return result; + } result = Curl_add_bufferf(req, "Connection: Upgrade, HTTP2-Settings\r\n" @@ -1582,7 +1584,7 @@ failf(data, "nghttp2_session_mem_recv() returned %d:%s\n", rv, nghttp2_strerror((int)rv)); *err = CURLE_RECV_ERROR; - return 0; + return -1; } DEBUGF(infof(data, "nghttp2_session_mem_recv() returns %zd\n", rv)); if(nread == rv) { @@ -1600,7 +1602,7 @@ rv = h2_session_send(data, httpc->h2); if(rv != 0) { *err = CURLE_SEND_ERROR; - return 0; + return -1; } if(should_close_session(httpc)) { @@ -1846,9 +1848,6 @@ goto fail; } - hdbuf = end + 1; - - end = line_end; nva[2].name = (unsigned char *)":scheme"; nva[2].namelen = strlen((char *)nva[2].name); if(conn->handler->flags & PROTOPT_SSL) @@ -1955,6 +1954,7 @@ switch(conn->data->set.httpreq) { case HTTPREQ_POST: case HTTPREQ_POST_FORM: + case HTTPREQ_POST_MIME: case HTTPREQ_PUT: if(conn->data->state.infilesize != -1) stream->upload_left = conn->data->state.infilesize; diff -Nru curl-7.55.1/lib/http.c curl-7.57.0/lib/http.c --- curl-7.55.1/lib/http.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/http.c 2017-11-26 13:19:01.000000000 +0000 @@ -50,6 +50,7 @@ #include "transfer.h" #include "sendf.h" #include "formdata.h" +#include "mime.h" #include "progress.h" #include "curl_base64.h" #include "cookie.h" @@ -72,7 +73,6 @@ #include "http_proxy.h" #include "warnless.h" #include "non-ascii.h" -#include "conncache.h" #include "pipeline.h" #include "http2.h" #include "connect.h" @@ -162,6 +162,7 @@ if(!http) return CURLE_OUT_OF_MEMORY; + Curl_mime_initpart(&http->form, conn->data); conn->data->req.protop = http; Curl_http2_setup_conn(conn); @@ -170,26 +171,6 @@ return CURLE_OK; } -/* - * checkheaders() checks the linked list of custom HTTP headers for a - * particular header (prefix). - * - * Returns a pointer to the first matching header or NULL if none matched. - */ -char *Curl_checkheaders(const struct connectdata *conn, - const char *thisheader) -{ - struct curl_slist *head; - size_t thislen = strlen(thisheader); - struct Curl_easy *data = conn->data; - - for(head = data->set.headers;head; head=head->next) { - if(strncasecompare(head->data, thisheader, thislen)) - return head->data; - } - - return NULL; -} /* * checkProxyHeaders() checks the linked list of custom proxy headers @@ -209,7 +190,7 @@ for(head = (conn->bits.proxy && data->set.sep_headers) ? data->set.proxyheaders : data->set.headers; - head; head=head->next) { + head; head = head->next) { if(strncasecompare(head->data, thisheader, thislen)) return head->data; } @@ -427,6 +408,7 @@ expectsend = data->state.infilesize; break; case HTTPREQ_POST_FORM: + case HTTPREQ_POST_MIME: expectsend = http->postsize; break; default: @@ -610,7 +592,7 @@ #endif #if defined(USE_NTLM) && defined(NTLM_WB_ENABLED) if(authstatus->picked == CURLAUTH_NTLM_WB) { - auth="NTLM_WB"; + auth = "NTLM_WB"; result = Curl_output_ntlm_wb(conn, proxy); if(result) return result; @@ -1022,7 +1004,7 @@ http->sending++; /* move one step up */ - http->backup.postsize=0; + http->backup.postsize = 0; } else http->postsize = 0; @@ -1150,7 +1132,7 @@ /* there was body data sent beyond the initial header part, pass that on to the debug callback too */ Curl_debug(conn->data, CURLINFO_DATA_OUT, - ptr+headlen, bodylen, conn); + ptr + headlen, bodylen, conn); } } @@ -1262,7 +1244,7 @@ (~(size * 2) < (in->size_used * 2))) new_size = (size_t)-1; else - new_size = (in->size_used+size) * 2; + new_size = (in->size_used + size) * 2; if(in->buffer) /* we have a buffer, enlarge the existing one */ @@ -1339,7 +1321,7 @@ clen = strlen(content); /* length of the word to find */ /* find the content string in the rest of the line */ - for(;len>=clen;len--, start++) { + for(; len >= clen; len--, start++) { if(strncasecompare(start, content, clen)) return TRUE; /* match! */ } @@ -1371,7 +1353,7 @@ if(CONNECT_FIRSTSOCKET_PROXY_SSL()) return CURLE_OK; /* wait for HTTPS proxy SSL initialization to complete */ - if(!Curl_connect_complete(conn)) + if(Curl_connect_ongoing(conn)) /* nothing else to do except wait right now - we're not done here. */ return CURLE_OK; @@ -1470,18 +1452,17 @@ Curl_http2_done(conn, premature); - if(HTTPREQ_POST_FORM == data->set.httpreq) { - data->req.bytecount = http->readbytecount + http->writebytecount; + Curl_mime_cleanpart(&http->form); - Curl_formclean(&http->sendit); /* Now free that whole lot */ - if(http->form.fp) { - /* a file being uploaded was left opened, close it! */ - fclose(http->form.fp); - http->form.fp = NULL; - } - } - else if(HTTPREQ_PUT == data->set.httpreq) + switch(data->set.httpreq) { + case HTTPREQ_PUT: + case HTTPREQ_POST_FORM: + case HTTPREQ_POST_MIME: data->req.bytecount = http->readbytecount + http->writebytecount; + break; + default: + break; + } if(status) return status; @@ -1581,7 +1562,7 @@ char *ptr; struct curl_slist *h[2]; struct curl_slist *headers; - int numlists=1; /* by default */ + int numlists = 1; /* by default */ struct Curl_easy *data = conn->data; int i; @@ -1613,7 +1594,7 @@ } /* loop through one or two lists */ - for(i=0; i < numlists; i++) { + for(i = 0; i < numlists; i++) { headers = h[i]; while(headers) { @@ -1637,15 +1618,19 @@ /* this header (extended by formdata.c) is sent later */ checkprefix("Content-Type:", headers->data)) ; + else if(data->set.httpreq == HTTPREQ_POST_MIME && + /* this header is sent later */ + checkprefix("Content-Type:", headers->data)) + ; else if(conn->bits.authneg && /* while doing auth neg, don't allow the custom length since we will force length zero then */ - checkprefix("Content-Length", headers->data)) + checkprefix("Content-Length:", headers->data)) ; else if(conn->allocptr.te && /* when asking for Transfer-Encoding, don't pass on a custom Connection: */ - checkprefix("Connection", headers->data)) + checkprefix("Connection:", headers->data)) ; else if((conn->httpversion == 20) && checkprefix("Transfer-Encoding:", headers->data)) @@ -1678,6 +1663,10 @@ *ptr = ':'; result = Curl_add_bufferf(req_buffer, "%s\r\n", headers->data); + + /* restore the previous value */ + *ptr = ';'; + if(result) return result; } @@ -1775,7 +1764,7 @@ const char *httpstring; Curl_send_buffer *req_buffer; curl_off_t postsize = 0; /* curl_off_t to handle large file sizes */ - int seekerr = CURL_SEEKFUNC_OK; + int seekerr = CURL_SEEKFUNC_CANTSEEK; /* Always consider the DO phase done after this function call, even if there may be parts of the request that is not yet sent, since we can deal with @@ -1848,6 +1837,7 @@ switch(httpreq) { case HTTPREQ_POST: case HTTPREQ_POST_FORM: + case HTTPREQ_POST_MIME: request = "POST"; break; case HTTPREQ_PUT: @@ -1873,7 +1863,7 @@ here. */ if(Curl_checkheaders(conn, "User-Agent:")) { free(conn->allocptr.uagent); - conn->allocptr.uagent=NULL; + conn->allocptr.uagent = NULL; } /* setup the authentication headers */ @@ -1942,6 +1932,48 @@ } #endif + switch(httpreq) { + case HTTPREQ_POST_MIME: + http->sendit = &data->set.mimepost; + break; + case HTTPREQ_POST_FORM: + /* Convert the form structure into a mime structure. */ + Curl_mime_cleanpart(&http->form); + result = Curl_getformdata(data, &http->form, data->set.httppost, + data->state.fread_func); + if(result) + return result; + http->sendit = &http->form; + break; + default: + http->sendit = NULL; + } + + if(http->sendit) { + const char *cthdr = Curl_checkheaders(conn, "Content-Type:"); + + /* Read and seek body only. */ + http->sendit->flags |= MIME_BODY_ONLY; + + /* Prepare the mime structure headers & set content type. */ + + if(cthdr) + for(cthdr += 13; *cthdr == ' '; cthdr++) + ; + else if(http->sendit->kind == MIMEKIND_MULTIPART) + cthdr = "multipart/form-data"; + + curl_mime_headers(http->sendit, data->set.headers, 0); + result = Curl_mime_prepare_headers(http->sendit, cthdr, + NULL, MIMESTRATEGY_FORM); + curl_mime_headers(http->sendit, NULL, 0); + if(!result) + result = Curl_mime_rewind(http->sendit); + if(result) + return result; + http->postsize = Curl_mime_size(http->sendit); + } + ptr = Curl_checkheaders(conn, "Transfer-Encoding:"); if(ptr) { /* Some kind of TE is requested, check if 'chunked' is chosen */ @@ -1949,9 +1981,10 @@ Curl_compareheader(ptr, "Transfer-Encoding:", "chunked"); } else { - if((conn->handler->protocol&PROTO_FAMILY_HTTP) && - data->set.upload && - (data->state.infilesize == -1)) { + if((conn->handler->protocol & PROTO_FAMILY_HTTP) && + (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) && + http->postsize < 0) || + (data->set.upload && data->state.infilesize == -1))) { if(conn->bits.authneg) /* don't enable chunked during auth neg */ ; @@ -2049,7 +2082,7 @@ } #ifndef CURL_DISABLE_PROXY - if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { + if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { /* Using a proxy but does not tunnel through it */ /* The path sent to the proxy is in fact the entire URL. But if the remote @@ -2123,21 +2156,9 @@ } #endif /* CURL_DISABLE_PROXY */ - if(HTTPREQ_POST_FORM == httpreq) { - /* we must build the whole post sequence first, so that we have a size of - the whole transfer before we start to send it */ - result = Curl_getformdata(data, &http->sendit, data->set.httppost, - Curl_checkheaders(conn, "Content-Type:"), - &http->postsize); - if(result) - return result; - } - http->p_accept = Curl_checkheaders(conn, "Accept:")?NULL:"Accept: */*\r\n"; - if(( (HTTPREQ_POST == httpreq) || - (HTTPREQ_POST_FORM == httpreq) || - (HTTPREQ_PUT == httpreq) ) && + if((HTTPREQ_POST == httpreq || HTTPREQ_PUT == httpreq) && data->state.resume_from) { /********************************************************************** * Resuming upload in HTTP means that we PUT or POST and that we have @@ -2145,6 +2166,7 @@ * a Range: header that will be passed along. We need to "fast forward" * the file the given number of bytes and decrease the assume upload * file size before we continue this venture in the dark lands of HTTP. + * Resuming mime/form posting at an offset > 0 has no sense and is ignored. *********************************************************************/ if(data->state.resume_from < 0) { @@ -2166,7 +2188,7 @@ } if(seekerr != CURL_SEEKFUNC_OK) { - curl_off_t passed=0; + curl_off_t passed = 0; if(seekerr != CURL_SEEKFUNC_CANTSEEK) { failf(data, "Could not seek stream"); @@ -2219,7 +2241,7 @@ conn->allocptr.rangeline = aprintf("Range: bytes=%s\r\n", data->state.range); } - else if((httpreq != HTTPREQ_GET) && + else if((httpreq == HTTPREQ_POST || httpreq == HTTPREQ_PUT) && !Curl_checkheaders(conn, "Content-Range:")) { /* if a line like this was already allocated, free the previous one */ @@ -2237,7 +2259,7 @@ } else if(data->state.resume_from) { /* This is because "resume" was selected */ - curl_off_t total_expected_size= + curl_off_t total_expected_size = data->state.resume_from + data->state.infilesize; conn->allocptr.rangeline = aprintf("Content-Range: bytes %s%" CURL_FORMAT_CURL_OFF_T @@ -2347,8 +2369,8 @@ #if !defined(CURL_DISABLE_COOKIES) if(data->cookies || addcookies) { - struct Cookie *co=NULL; /* no cookies from start */ - int count=0; + struct Cookie *co = NULL; /* no cookies from start */ + int count = 0; if(data->cookies) { Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); @@ -2361,7 +2383,7 @@ Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); } if(co) { - struct Cookie *store=co; + struct Cookie *store = co; /* now loop through all cookies that matched */ while(co) { if(co->value) { @@ -2415,117 +2437,79 @@ switch(httpreq) { - case HTTPREQ_POST_FORM: - if(!http->sendit || conn->bits.authneg) { - /* nothing to post! */ - result = Curl_add_bufferf(req_buffer, "Content-Length: 0\r\n\r\n"); - if(result) - return result; - - result = Curl_add_buffer_send(req_buffer, conn, - &data->info.request_size, 0, FIRSTSOCKET); - if(result) - failf(data, "Failed sending POST request"); - else - /* setup variables for the upcoming transfer */ - Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE, &http->readbytecount, - -1, NULL); - break; - } - - if(Curl_FormInit(&http->form, http->sendit)) { - failf(data, "Internal HTTP POST error!"); - return CURLE_HTTP_POST_ERROR; - } - - /* Get the currently set callback function pointer and store that in the - form struct since we might want the actual user-provided callback later - on. The data->set.fread_func pointer itself will be changed for the - multipart case to the function that returns a multipart formatted - stream. */ - http->form.fread_func = data->state.fread_func; - - /* Set the read function to read from the generated form data */ - data->state.fread_func = (curl_read_callback)Curl_FormReader; - data->state.in = &http->form; + case HTTPREQ_PUT: /* Let's PUT the data to the server! */ - http->sending = HTTPSEND_BODY; + if(conn->bits.authneg) + postsize = 0; + else + postsize = data->state.infilesize; - if(!data->req.upload_chunky && - !Curl_checkheaders(conn, "Content-Length:")) { + if((postsize != -1) && !data->req.upload_chunky && + (conn->bits.authneg || !Curl_checkheaders(conn, "Content-Length:"))) { /* only add Content-Length if not uploading chunked */ result = Curl_add_bufferf(req_buffer, "Content-Length: %" CURL_FORMAT_CURL_OFF_T - "\r\n", http->postsize); + "\r\n", postsize); if(result) return result; } - result = expect100(data, conn, req_buffer); - if(result) - return result; - - { - - /* Get Content-Type: line from Curl_formpostheader. - */ - char *contentType; - size_t linelength=0; - contentType = Curl_formpostheader((void *)&http->form, - &linelength); - if(!contentType) { - failf(data, "Could not get Content-Type header line!"); - return CURLE_HTTP_POST_ERROR; - } - - result = Curl_add_buffer(req_buffer, contentType, linelength); + if(postsize != 0) { + result = expect100(data, conn, req_buffer); if(result) return result; } - /* make the request end in a true CRLF */ - result = Curl_add_buffer(req_buffer, "\r\n", 2); + result = Curl_add_buffer(req_buffer, "\r\n", 2); /* end of headers */ if(result) return result; - /* set upload size to the progress meter */ - Curl_pgrsSetUploadSize(data, http->postsize); + /* set the upload size to the progress meter */ + Curl_pgrsSetUploadSize(data, postsize); - /* fire away the whole request to the server */ + /* this sends the buffer and frees all the buffer resources */ result = Curl_add_buffer_send(req_buffer, conn, &data->info.request_size, 0, FIRSTSOCKET); if(result) - failf(data, "Failed sending POST request"); + failf(data, "Failed sending PUT request"); else - /* setup variables for the upcoming transfer */ + /* prepare for transfer */ Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE, - &http->readbytecount, FIRSTSOCKET, - &http->writebytecount); - - if(result) { - Curl_formclean(&http->sendit); /* free that whole lot */ - return result; - } - - /* convert the form data */ - result = Curl_convert_form(data, http->sendit); - if(result) { - Curl_formclean(&http->sendit); /* free that whole lot */ + &http->readbytecount, postsize?FIRSTSOCKET:-1, + postsize?&http->writebytecount:NULL); + if(result) return result; - } - break; - case HTTPREQ_PUT: /* Let's PUT the data to the server! */ + case HTTPREQ_POST_FORM: + case HTTPREQ_POST_MIME: + /* This is form posting using mime data. */ + if(conn->bits.authneg) { + /* nothing to post! */ + result = Curl_add_bufferf(req_buffer, "Content-Length: 0\r\n\r\n"); + if(result) + return result; - if(conn->bits.authneg) - postsize = 0; - else - postsize = data->state.infilesize; + result = Curl_add_buffer_send(req_buffer, conn, + &data->info.request_size, 0, FIRSTSOCKET); + if(result) + failf(data, "Failed sending POST request"); + else + /* setup variables for the upcoming transfer */ + Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE, &http->readbytecount, + -1, NULL); + break; + } - if((postsize != -1) && !data->req.upload_chunky && + postsize = http->postsize; + + /* We only set Content-Length and allow a custom Content-Length if + we don't upload data chunked, as RFC2616 forbids us to set both + kinds of headers (Transfer-Encoding: chunked and Content-Length) */ + if(postsize != -1 && !data->req.upload_chunky && (conn->bits.authneg || !Curl_checkheaders(conn, "Content-Length:"))) { - /* only add Content-Length if not uploading chunked */ + /* we allow replacing this header if not during auth negotiation, + although it isn't very wise to actually set your own */ result = Curl_add_bufferf(req_buffer, "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", postsize); @@ -2533,24 +2517,52 @@ return result; } - if(postsize != 0) { + /* Output mime-generated headers. */ + { + struct curl_slist *hdr; + + for(hdr = http->sendit->curlheaders; hdr; hdr = hdr->next) { + result = Curl_add_bufferf(req_buffer, "%s\r\n", hdr->data); + if(result) + return result; + } + } + + /* For really small posts we don't use Expect: headers at all, and for + the somewhat bigger ones we allow the app to disable it. Just make + sure that the expect100header is always set to the preferred value + here. */ + ptr = Curl_checkheaders(conn, "Expect:"); + if(ptr) { + data->state.expect100header = + Curl_compareheader(ptr, "Expect:", "100-continue"); + } + else if(postsize > EXPECT_100_THRESHOLD || postsize < 0) { result = expect100(data, conn, req_buffer); if(result) return result; } + else + data->state.expect100header = FALSE; - result = Curl_add_buffer(req_buffer, "\r\n", 2); /* end of headers */ + /* make the request end in a true CRLF */ + result = Curl_add_buffer(req_buffer, "\r\n", 2); if(result) return result; /* set the upload size to the progress meter */ Curl_pgrsSetUploadSize(data, postsize); + /* Read from mime structure. */ + data->state.fread_func = (curl_read_callback) Curl_mime_read; + data->state.in = (void *) http->sendit; + http->sending = HTTPSEND_BODY; + /* this sends the buffer and frees all the buffer resources */ result = Curl_add_buffer_send(req_buffer, conn, &data->info.request_size, 0, FIRSTSOCKET); if(result) - failf(data, "Failed sending PUT request"); + failf(data, "Failed sending POST request"); else /* prepare for transfer */ Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE, @@ -2558,6 +2570,7 @@ postsize?&http->writebytecount:NULL); if(result) return result; + break; case HTTPREQ_POST: @@ -2614,7 +2627,7 @@ its size. */ if(conn->httpversion != 20 && !data->state.expect100header && - (postsize < MAX_INITIAL_POST_SIZE)) { + (postsize < MAX_INITIAL_POST_SIZE)) { /* if we don't use expect: 100 AND postsize is less than MAX_INITIAL_POST_SIZE @@ -2779,7 +2792,7 @@ failf(data, "Failed to allocate memory for conversion!"); return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */ } - if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s)+1)) { + if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s) + 1)) { /* Curl_convert_from_network calls failf if unsuccessful */ free(scratch); return FALSE; /* can't return CURLE_foobar so return FALSE */ @@ -2809,6 +2822,7 @@ checkrtspprefix(struct Curl_easy *data, const char *s) { + bool result = FALSE; #ifdef CURL_DOES_CONVERSIONS /* convert from the network encoding using a scratch area */ @@ -2817,18 +2831,19 @@ failf(data, "Failed to allocate memory for conversion!"); return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */ } - if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s)+1)) { + if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s) + 1)) { /* Curl_convert_from_network calls failf if unsuccessful */ - free(scratch); - return FALSE; /* can't return CURLE_foobar so return FALSE */ + result = FALSE; /* can't return CURLE_foobar so return FALSE */ } - s = scratch; + else + result = checkprefix("RTSP/", scratch)? TRUE: FALSE; + free(scratch); #else (void)data; /* unused */ + result = checkprefix("RTSP/", s)? TRUE: FALSE; #endif /* CURL_DOES_CONVERSIONS */ - if(checkprefix("RTSP/", s)) - return TRUE; - return FALSE; + + return result; } #endif /* CURL_DISABLE_RTSP */ @@ -2870,14 +2885,14 @@ return CURLE_OUT_OF_MEMORY; } - newsize=CURLMAX((k->hbuflen+ length)*3/2, data->state.headersize*2); + newsize = CURLMAX((k->hbuflen + length) * 3 / 2, data->state.headersize*2); hbufp_index = k->hbufp - data->state.headerbuff; newbuff = realloc(data->state.headerbuff, newsize); if(!newbuff) { failf(data, "Failed to alloc memory for big header!"); return CURLE_OUT_OF_MEMORY; } - data->state.headersize=newsize; + data->state.headersize = newsize; data->state.headerbuff = newbuff; k->hbufp = data->state.headerbuff + hbufp_index; } @@ -2970,7 +2985,7 @@ } /* decrease the size of the remaining (supposed) header line */ - rest_length = (k->end_ptr - k->str)+1; + rest_length = (k->end_ptr - k->str) + 1; *nread -= (ssize_t)rest_length; k->str = k->end_ptr + 1; /* move past new line */ @@ -3088,7 +3103,7 @@ !(conn->handler->protocol & CURLPROTO_RTSP) && data->set.httpreq != HTTPREQ_HEAD) { /* On HTTP 1.1, when connection is not to get closed, but no - Content-Length nor Content-Encoding chunked have been + Content-Length nor Transfer-Encoding chunked have been received, according to RFC2616 section 4.4 point 5, we assume that the server will close the connection to signal the end of the document. */ @@ -3169,6 +3184,7 @@ case HTTPREQ_PUT: case HTTPREQ_POST: case HTTPREQ_POST_FORM: + case HTTPREQ_POST_MIME: /* We got an error response. If this happened before the whole * request body has been sent we stop sending and mark the * connection for closure after we've read the entire response. @@ -3296,7 +3312,7 @@ #define HEADER1 scratch #define SCRATCHSIZE 21 CURLcode res; - char scratch[SCRATCHSIZE+1]; /* "HTTP/major.minor 123" */ + char scratch[SCRATCHSIZE + 1]; /* "HTTP/major.minor 123" */ /* We can't really convert this yet because we don't know if it's the 1st header line or the body. So we do a partial conversion into a scratch area, @@ -3337,7 +3353,7 @@ separator = ' '; } - if((nc==4) && (' ' == separator)) { + if((nc == 4) && (' ' == separator)) { conn->httpversion += 10 * httpversion_major; if(k->upgr101 == UPGR101_RECEIVED) { @@ -3350,7 +3366,7 @@ /* this is the real world, not a Nirvana NCSA 1.5.x returns this crap when asked for HTTP/1.1 */ - nc=sscanf(HEADER1, " HTTP %3d", &k->httpcode); + nc = sscanf(HEADER1, " HTTP %3d", &k->httpcode); conn->httpversion = 10; /* If user has set option HTTP200ALIASES, @@ -3370,12 +3386,14 @@ } } else if(conn->handler->protocol & CURLPROTO_RTSP) { + char separator; nc = sscanf(HEADER1, - " RTSP/%d.%d %3d", + " RTSP/%1d.%1d%c%3d", &rtspversion_major, &conn->rtspversion, + &separator, &k->httpcode); - if(nc==3) { + if((nc == 4) && (' ' == separator)) { conn->rtspversion += 10 * rtspversion_major; conn->httpversion = 11; /* For us, RTSP acts like HTTP 1.1 */ } @@ -3407,7 +3425,7 @@ ((k->httpcode != 407) || !conn->bits.proxy_user_passwd) ) { if(data->state.resume_from && - (data->set.httpreq==HTTPREQ_GET) && + (data->set.httpreq == HTTPREQ_GET) && (k->httpcode == 416)) { /* "Requested Range Not Satisfiable", just proceed and pretend this is no error */ @@ -3463,8 +3481,8 @@ * fields. */ if(data->set.timecondition) data->info.timecond = TRUE; - k->size=0; - k->maxdownload=0; + k->size = 0; + k->maxdownload = 0; k->ignorecl = TRUE; /* ignore Content-Length headers */ break; default: @@ -3486,28 +3504,32 @@ /* Check for Content-Length: header lines to get size */ if(!k->ignorecl && !data->set.ignorecl && checkprefix("Content-Length:", k->p)) { - curl_off_t contentlength = curlx_strtoofft(k->p+15, NULL, 10); - if(data->set.max_filesize && - contentlength > data->set.max_filesize) { - failf(data, "Maximum file size exceeded"); - return CURLE_FILESIZE_EXCEEDED; - } - if(contentlength >= 0) { - k->size = contentlength; - k->maxdownload = k->size; - /* we set the progress download size already at this point - just to make it easier for apps/callbacks to extract this - info as soon as possible */ - Curl_pgrsSetDownloadSize(data, k->size); - } - else { - /* Negative Content-Length is really odd, and we know it - happens for example when older Apache servers send large - files */ - streamclose(conn, "negative content-length"); - infof(data, "Negative content-length: %" CURL_FORMAT_CURL_OFF_T - ", closing after transfer\n", contentlength); + curl_off_t contentlength; + if(!curlx_strtoofft(k->p + 15, NULL, 10, &contentlength)) { + if(data->set.max_filesize && + contentlength > data->set.max_filesize) { + failf(data, "Maximum file size exceeded"); + return CURLE_FILESIZE_EXCEEDED; + } + if(contentlength >= 0) { + k->size = contentlength; + k->maxdownload = k->size; + /* we set the progress download size already at this point + just to make it easier for apps/callbacks to extract this + info as soon as possible */ + Curl_pgrsSetDownloadSize(data, k->size); + } + else { + /* Negative Content-Length is really odd, and we know it + happens for example when older Apache servers send large + files */ + streamclose(conn, "negative content-length"); + infof(data, "Negative content-length: %" CURL_FORMAT_CURL_OFF_T + ", closing after transfer\n", contentlength); + } } + else + infof(data, "Illegal Content-Length: header\n"); } /* check for Content-Type: header lines to get the MIME-type */ else if(checkprefix("Content-Type:", k->p)) { @@ -3591,51 +3613,9 @@ * of chunks, and a chunk-data set to zero signals the * end-of-chunks. */ - char *start; - - /* Find the first non-space letter */ - start = k->p + 18; - - for(;;) { - /* skip whitespaces and commas */ - while(*start && (ISSPACE(*start) || (*start == ','))) - start++; - - if(checkprefix("chunked", start)) { - k->chunk = TRUE; /* chunks coming our way */ - - /* init our chunky engine */ - Curl_httpchunk_init(conn); - - start += 7; - } - - if(k->auto_decoding) - /* TODO: we only support the first mentioned compression for now */ - break; - - if(checkprefix("identity", start)) { - k->auto_decoding = IDENTITY; - start += 8; - } - else if(checkprefix("deflate", start)) { - k->auto_decoding = DEFLATE; - start += 7; - } - else if(checkprefix("gzip", start)) { - k->auto_decoding = GZIP; - start += 4; - } - else if(checkprefix("x-gzip", start)) { - k->auto_decoding = GZIP; - start += 6; - } - else - /* unknown! */ - break; - - } - + result = Curl_build_unencoding_stack(conn, k->p + 18, TRUE); + if(result) + return result; } else if(checkprefix("Content-Encoding:", k->p) && data->set.str[STRING_ENCODING]) { @@ -3646,21 +3626,9 @@ * 2616). zlib cannot handle compress. However, errors are * handled further down when the response body is processed */ - char *start; - - /* Find the first non-space letter */ - start = k->p + 17; - while(*start && ISSPACE(*start)) - start++; - - /* Record the content-encoding for later use */ - if(checkprefix("identity", start)) - k->auto_decoding = IDENTITY; - else if(checkprefix("deflate", start)) - k->auto_decoding = DEFLATE; - else if(checkprefix("gzip", start) - || checkprefix("x-gzip", start)) - k->auto_decoding = GZIP; + result = Curl_build_unencoding_stack(conn, k->p + 17, FALSE); + if(result) + return result; } else if(checkprefix("Content-Range:", k->p)) { /* Content-Range: bytes [num]- @@ -3682,11 +3650,11 @@ /* if it truly stopped on a digit */ if(ISDIGIT(*ptr)) { - k->offset = curlx_strtoofft(ptr, NULL, 10); - - if(data->state.resume_from == k->offset) - /* we asked for a resume and we got it */ - k->content_range = TRUE; + if(!curlx_strtoofft(ptr, NULL, 10, &k->offset)) { + if(data->state.resume_from == k->offset) + /* we asked for a resume and we got it */ + k->content_range = TRUE; + } } else data->state.resume_from = 0; /* get everything */ @@ -3697,7 +3665,7 @@ Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); Curl_cookie_add(data, - data->cookies, TRUE, k->p+11, + data->cookies, TRUE, k->p + 11, /* If there is a custom-set Host: name, use it here, or else use real peer host name. */ conn->allocptr.cookiehost? @@ -3708,8 +3676,8 @@ #endif else if(checkprefix("Last-Modified:", k->p) && (data->set.timecondition || data->set.get_filetime) ) { - time_t secs=time(NULL); - k->timeofdoc = curl_getdate(k->p+strlen("Last-Modified:"), + time_t secs = time(NULL); + k->timeofdoc = curl_getdate(k->p + strlen("Last-Modified:"), &secs); if(data->set.get_filetime) data->info.filetime = (long)k->timeofdoc; diff -Nru curl-7.55.1/lib/http_chunks.c curl-7.57.0/lib/http_chunks.c --- curl-7.55.1/lib/http_chunks.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/http_chunks.c 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -86,8 +86,8 @@ void Curl_httpchunk_init(struct connectdata *conn) { struct Curl_chunker *chunk = &conn->chunk; - chunk->hexindex=0; /* start at 0 */ - chunk->dataleft=0; /* no data left yet! */ + chunk->hexindex = 0; /* start at 0 */ + chunk->dataleft = 0; /* no data left yet! */ chunk->state = CHUNK_HEX; /* we get hex first! */ } @@ -107,7 +107,7 @@ ssize_t datalen, ssize_t *wrotep) { - CURLcode result=CURLE_OK; + CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; struct Curl_chunker *ch = &conn->chunk; struct SingleRequest *k = &data->req; @@ -147,7 +147,7 @@ return CHUNKE_ILLEGAL_HEX; /* length and datap are unmodified */ - ch->hexbuffer[ch->hexindex]=0; + ch->hexbuffer[ch->hexindex] = 0; /* convert to host encoding before calling strtoul */ result = Curl_convert_from_network(conn->data, ch->hexbuffer, @@ -158,9 +158,7 @@ return CHUNKE_ILLEGAL_HEX; } - ch->datasize=curlx_strtoofft(ch->hexbuffer, &endptr, 16); - if((ch->datasize == CURL_OFF_T_MAX) && (errno == ERANGE)) - /* overflow is an error */ + if(curlx_strtoofft(ch->hexbuffer, &endptr, 16, &ch->datasize)) return CHUNKE_ILLEGAL_HEX; ch->state = CHUNK_LF; /* now wait for the CRLF */ } @@ -172,7 +170,7 @@ /* we're now expecting data to come, unless size was zero! */ if(0 == ch->datasize) { ch->state = CHUNK_TRAILER; /* now check for trailers */ - conn->trlPos=0; + conn->trlPos = 0; } else ch->state = CHUNK_DATA; @@ -189,49 +187,17 @@ piece = curlx_sotouz((ch->datasize >= length)?length:ch->datasize); /* Write the data portion available */ -#ifdef HAVE_LIBZ - switch(conn->data->set.http_ce_skip? - IDENTITY : data->req.auto_decoding) { - case IDENTITY: -#endif - if(!k->ignorebody) { - if(!data->set.http_te_skip) - result = Curl_client_write(conn, CLIENTWRITE_BODY, datap, - piece); - else - result = CURLE_OK; - } -#ifdef HAVE_LIBZ - break; - - case DEFLATE: - /* update data->req.keep.str to point to the chunk data. */ - data->req.str = datap; - result = Curl_unencode_deflate_write(conn, &data->req, - (ssize_t)piece); - break; - - case GZIP: - /* update data->req.keep.str to point to the chunk data. */ - data->req.str = datap; - result = Curl_unencode_gzip_write(conn, &data->req, - (ssize_t)piece); - break; - - default: - failf(conn->data, - "Unrecognized content encoding type. " - "libcurl understands `identity', `deflate' and `gzip' " - "content encodings."); - return CHUNKE_BAD_ENCODING; + if(conn->data->set.http_ce_skip || !k->writer_stack) { + if(!k->ignorebody) + result = Curl_client_write(conn, CLIENTWRITE_BODY, datap, piece); } -#endif + else + result = Curl_unencode_write(conn, k->writer_stack, datap, piece); if(result) return CHUNKE_WRITE_ERROR; *wrote += piece; - ch->datasize -= piece; /* decrease amount left to expect */ datap += piece; /* move read pointer forward */ length -= piece; /* decrease space left in this round */ @@ -259,9 +225,9 @@ if(conn->trlPos) { /* we allocate trailer with 3 bytes extra room to fit this */ - conn->trailer[conn->trlPos++]=0x0d; - conn->trailer[conn->trlPos++]=0x0a; - conn->trailer[conn->trlPos]=0; + conn->trailer[conn->trlPos++] = 0x0d; + conn->trailer[conn->trlPos++] = 0x0a; + conn->trailer[conn->trlPos] = 0; /* Convert to host encoding before calling Curl_client_write */ result = Curl_convert_from_network(conn->data, conn->trailer, @@ -277,7 +243,7 @@ if(result) return CHUNKE_WRITE_ERROR; } - conn->trlPos=0; + conn->trlPos = 0; ch->state = CHUNK_TRAILER_CR; if(*datap == 0x0a) /* already on the LF */ @@ -301,7 +267,7 @@ ptr = realloc(conn->trailer, conn->trlMax + 3); } else { - conn->trlMax=128; + conn->trlMax = 128; ptr = malloc(conn->trlMax + 3); } if(!ptr) diff -Nru curl-7.55.1/lib/http.h curl-7.57.0/lib/http.h --- curl-7.55.1/lib/http.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/http.h 2017-11-09 22:40:36.000000000 +0000 @@ -40,8 +40,6 @@ const char *header, /* header keyword _with_ colon */ const char *content); /* content string to find */ -char *Curl_checkheaders(const struct connectdata *conn, - const char *thisheader); char *Curl_copy_header_value(const char *header); char *Curl_checkProxyheaders(const struct connectdata *conn, @@ -130,7 +128,7 @@ * HTTP unique setup ***************************************************************************/ struct HTTP { - struct FormData *sendit; + curl_mimepart *sendit; curl_off_t postsize; /* off_t to handle large file sizes */ const char *postdata; @@ -140,7 +138,7 @@ curl_off_t writebytecount; /* For FORM posting */ - struct Form form; + curl_mimepart form; struct back { curl_read_callback fread_func; /* backup storage for fread pointer */ diff -Nru curl-7.55.1/lib/http_ntlm.c curl-7.57.0/lib/http_ntlm.c --- curl-7.55.1/lib/http_ntlm.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/http_ntlm.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -37,11 +37,14 @@ #include "sendf.h" #include "strcase.h" #include "http_ntlm.h" +#include "curl_ntlm_core.h" #include "curl_ntlm_wb.h" #include "vauth/vauth.h" #include "url.h" -#if defined(USE_NSS) +/* SSL backend-specific #if branches in this file must be kept in the order + documented in curl_ntlm_core. */ +#if defined(NTLM_NEEDS_NSS_INIT) #include "vtls/nssg.h" #elif defined(USE_WINDOWS_SSPI) #include "curl_sspi.h" @@ -129,7 +132,7 @@ DEBUGASSERT(conn); DEBUGASSERT(conn->data); -#ifdef USE_NSS +#if defined(NTLM_NEEDS_NSS_INIT) if(CURLE_OK != Curl_nss_force_init(conn->data)) return CURLE_OUT_OF_MEMORY; #endif @@ -170,8 +173,8 @@ case NTLMSTATE_TYPE1: default: /* for the weird cases we (re)start here */ /* Create a type-1 message */ - result = Curl_auth_create_ntlm_type1_message(userp, passwdp, ntlm, &base64, - &len); + result = Curl_auth_create_ntlm_type1_message(conn->data, userp, passwdp, + ntlm, &base64, &len); if(result) return result; diff -Nru curl-7.55.1/lib/http_proxy.c curl-7.57.0/lib/http_proxy.c --- curl-7.55.1/lib/http_proxy.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/http_proxy.c 2017-11-26 13:19:01.000000000 +0000 @@ -137,7 +137,7 @@ bool Curl_connect_complete(struct connectdata *conn) { - return conn->connect_state && + return !conn->connect_state || (conn->connect_state->tunnel_state == TUNNEL_COMPLETE); } @@ -163,10 +163,10 @@ s = conn->connect_state; } s->tunnel_state = TUNNEL_INIT; - s->keepon=TRUE; + s->keepon = TRUE; s->line_start = s->connect_buffer; s->ptr = s->line_start; - s->cl=0; + s->cl = 0; return CURLE_OK; } @@ -182,13 +182,13 @@ const char *hostname, int remote_port) { - int subversion=0; - struct Curl_easy *data=conn->data; + int subversion = 0; + struct Curl_easy *data = conn->data; struct SingleRequest *k = &data->req; CURLcode result; curl_socket_t tunnelsocket = conn->sock[sockindex]; bool closeConnection = FALSE; - time_t check; + timediff_t check; struct http_connect_state *s = conn->connect_state; #define SELECT_OK 0 @@ -234,8 +234,8 @@ if(!result) { char *host = NULL; - const char *proxyconn=""; - const char *useragent=""; + const char *proxyconn = ""; + const char *useragent = ""; const char *http = (conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0) ? "1.0" : "1.1"; bool ipv6_ip = conn->bits.ipv6_ip; @@ -244,7 +244,7 @@ /* the hostname may be different */ if(hostname != conn->host.name) ipv6_ip = (strchr(hostname, ':') != NULL); - hostheader= /* host:port with IPv6 support */ + hostheader = /* host:port with IPv6 support */ aprintf("%s%s%s:%hu", ipv6_ip?"[":"", hostname, ipv6_ip?"]":"", remote_port); if(!hostheader) { @@ -410,7 +410,8 @@ } /* convert from the network encoding */ - result = Curl_convert_from_network(data, line_start, perline); + result = Curl_convert_from_network(data, s->line_start, + (size_t)s->perline); /* Curl_convert_from_network calls failf if unsuccessful */ if(result) return result; @@ -523,8 +524,8 @@ k->httpcode); } else { - s->cl = curlx_strtoofft(s->line_start + - strlen("Content-Length:"), NULL, 10); + (void)curlx_strtoofft(s->line_start + + strlen("Content-Length:"), NULL, 10, &s->cl); } } else if(Curl_compareheader(s->line_start, "Connection:", "close")) @@ -566,7 +567,7 @@ if(error) return CURLE_RECV_ERROR; - if(data->info.httpproxycode != 200) { + if(data->info.httpproxycode/100 != 2) { /* Deal with the possibly already received authenticate headers. 'newurl' is set to a new URL if we must loop. */ result = Curl_http_auth_act(conn); @@ -597,7 +598,7 @@ } while(data->req.newurl); - if(200 != data->req.httpcode) { + if(data->info.httpproxycode/100 != 2) { if(closeConnection && data->req.newurl) { conn->bits.proxy_connect_closed = TRUE; infof(data, "Connect me again please\n"); @@ -633,7 +634,8 @@ data->state.authproxy.done = TRUE; - infof(data, "Proxy replied OK to CONNECT request\n"); + infof(data, "Proxy replied %d to CONNECT request\n", + data->info.httpproxycode); data->req.ignorebody = FALSE; /* put it (back) to non-ignore state */ conn->bits.rewindaftersend = FALSE; /* make sure this isn't set for the document request */ diff -Nru curl-7.55.1/lib/if2ip.c curl-7.57.0/lib/if2ip.c --- curl-7.55.1/lib/if2ip.c 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/lib/if2ip.c 2017-11-09 22:40:36.000000000 +0000 @@ -103,7 +103,7 @@ struct ifaddrs *iface, *head; if(getifaddrs(&head) >= 0) { - for(iface=head; iface != NULL; iface=iface->ifa_next) { + for(iface = head; iface != NULL; iface = iface->ifa_next) { if(strcasecompare(iface->ifa_name, interf)) { result = TRUE; break; @@ -131,7 +131,7 @@ #endif if(getifaddrs(&head) >= 0) { - for(iface = head; iface != NULL; iface=iface->ifa_next) { + for(iface = head; iface != NULL; iface = iface->ifa_next) { if(iface->ifa_addr != NULL) { if(iface->ifa_addr->sa_family == af) { if(strcasecompare(iface->ifa_name, interf)) { @@ -230,7 +230,7 @@ return IF2IP_NOT_FOUND; memset(&req, 0, sizeof(req)); - memcpy(req.ifr_name, interf, len+1); + memcpy(req.ifr_name, interf, len + 1); req.ifr_addr.sa_family = AF_INET; if(ioctl(dummy, SIOCGIFADDR, &req) < 0) { diff -Nru curl-7.55.1/lib/imap.c curl-7.57.0/lib/imap.c --- curl-7.55.1/lib/imap.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/imap.c 2017-11-28 15:23:39.000000000 +0000 @@ -68,6 +68,7 @@ #include "http.h" /* for HTTP proxy tunnel stuff */ #include "socks.h" #include "imap.h" +#include "mime.h" #include "strtoofft.h" #include "strcase.h" #include "vtls/vtls.h" @@ -162,11 +163,15 @@ }; #endif +#define IMAP_RESP_OK 1 +#define IMAP_RESP_NOT_OK 2 +#define IMAP_RESP_PREAUTH 3 + /* SASL parameters for the imap protocol */ static const struct SASLproto saslimap = { "imap", /* The service name */ '+', /* Code received when continuation is expected */ - 'O', /* Code to receive upon authentication success */ + IMAP_RESP_OK, /* Code to receive upon authentication success */ 0, /* Maximum initial response length (no max) */ imap_perform_authenticate, /* Send authentication command */ imap_continue_authenticate, /* Send authentication continuation */ @@ -249,15 +254,11 @@ len -= id_len + 1; if(len >= 2 && !memcmp(line, "OK", 2)) - *resp = 'O'; - else if(len >= 2 && !memcmp(line, "NO", 2)) - *resp = 'N'; - else if(len >= 3 && !memcmp(line, "BAD", 3)) - *resp = 'B'; - else { - failf(conn->data, "Bad tagged response"); - *resp = -1; - } + *resp = IMAP_RESP_OK; + else if(len >= 7 && !memcmp(line, "PREAUTH", 7)) + *resp = IMAP_RESP_PREAUTH; + else + *resp = IMAP_RESP_NOT_OK; return TRUE; } @@ -274,15 +275,15 @@ case IMAP_LIST: if((!imap->custom && !imap_matchresp(line, len, "LIST")) || (imap->custom && !imap_matchresp(line, len, imap->custom) && - (strcmp(imap->custom, "STORE") || + (!strcasecompare(imap->custom, "STORE") || !imap_matchresp(line, len, "FETCH")) && - strcmp(imap->custom, "SELECT") && - strcmp(imap->custom, "EXAMINE") && - strcmp(imap->custom, "SEARCH") && - strcmp(imap->custom, "EXPUNGE") && - strcmp(imap->custom, "LSUB") && - strcmp(imap->custom, "UID") && - strcmp(imap->custom, "NOOP"))) + !strcasecompare(imap->custom, "SELECT") && + !strcasecompare(imap->custom, "EXAMINE") && + !strcasecompare(imap->custom, "SEARCH") && + !strcasecompare(imap->custom, "EXPUNGE") && + !strcasecompare(imap->custom, "LSUB") && + !strcasecompare(imap->custom, "UID") && + !strcasecompare(imap->custom, "NOOP"))) return FALSE; break; @@ -563,9 +564,10 @@ struct imap_conn *imapc = &conn->proto.imapc; saslprogress progress; - /* Check we have enough data to authenticate with and end the - connect phase if we don't */ - if(!Curl_sasl_can_authenticate(&imapc->sasl, conn)) { + /* Check if already authenticated OR if there is enough data to authenticate + with and end the connect phase if we don't */ + if(imapc->preauth || + !Curl_sasl_can_authenticate(&imapc->sasl, conn)) { state(conn, IMAP_STOP); return result; } @@ -707,18 +709,48 @@ static CURLcode imap_perform_append(struct connectdata *conn) { CURLcode result = CURLE_OK; - struct IMAP *imap = conn->data->req.protop; + struct Curl_easy *data = conn->data; + struct IMAP *imap = data->req.protop; char *mailbox; /* Check we have a mailbox */ if(!imap->mailbox) { - failf(conn->data, "Cannot APPEND without a mailbox."); + failf(data, "Cannot APPEND without a mailbox."); return CURLE_URL_MALFORMAT; } + /* Prepare the mime data if some. */ + if(data->set.mimepost.kind != MIMEKIND_NONE) { + /* Use the whole structure as data. */ + data->set.mimepost.flags &= ~MIME_BODY_ONLY; + + /* Add external headers and mime version. */ + curl_mime_headers(&data->set.mimepost, data->set.headers, 0); + result = Curl_mime_prepare_headers(&data->set.mimepost, NULL, + NULL, MIMESTRATEGY_MAIL); + + if(!result) + if(!Curl_checkheaders(conn, "Mime-Version")) + result = Curl_mime_add_header(&data->set.mimepost.curlheaders, + "Mime-Version: 1.0"); + + /* Make sure we will read the entire mime structure. */ + if(!result) + result = Curl_mime_rewind(&data->set.mimepost); + + if(result) + return result; + + data->state.infilesize = Curl_mime_size(&data->set.mimepost); + + /* Read from mime structure. */ + data->state.fread_func = (curl_read_callback) Curl_mime_read; + data->state.in = (void *) &data->set.mimepost; + } + /* Check we know the size of the upload */ - if(conn->data->state.infilesize < 0) { - failf(conn->data, "Cannot APPEND with unknown input file size\n"); + if(data->state.infilesize < 0) { + failf(data, "Cannot APPEND with unknown input file size\n"); return CURLE_UPLOAD_FAILED; } @@ -729,7 +761,7 @@ /* Send the APPEND command */ result = imap_sendf(conn, "APPEND %s (\\Seen) {%" CURL_FORMAT_CURL_OFF_T "}", - mailbox, conn->data->state.infilesize); + mailbox, data->state.infilesize); free(mailbox); @@ -789,19 +821,21 @@ int imapcode, imapstate instate) { - CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; - (void)instate; /* no use for this yet */ - if(imapcode != 'O') { + if(imapcode == IMAP_RESP_PREAUTH) { + /* PREAUTH */ + struct imap_conn *imapc = &conn->proto.imapc; + imapc->preauth = TRUE; + infof(data, "PREAUTH connection, already authenticated!\n"); + } + else if(imapcode != IMAP_RESP_OK) { failf(data, "Got unexpected imap-server response"); - result = CURLE_WEIRD_SERVER_REPLY; + return CURLE_WEIRD_SERVER_REPLY; } - else - result = imap_perform_capability(conn); - return result; + return imap_perform_capability(conn); } /* For CAPABILITY responses */ @@ -868,7 +902,7 @@ line += wordlen; } } - else if(imapcode == 'O') { + else if(imapcode == IMAP_RESP_OK) { if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { /* We don't have a SSL/TLS connection yet, but SSL is requested */ if(imapc->tls_supported) @@ -901,7 +935,7 @@ (void)instate; /* no use for this yet */ - if(imapcode != 'O') { + if(imapcode != IMAP_RESP_OK) { if(data->set.use_ssl != CURLUSESSL_TRY) { failf(data, "STARTTLS denied"); result = CURLE_USE_SSL_FAILED; @@ -959,7 +993,7 @@ (void)instate; /* no use for this yet */ - if(imapcode != 'O') { + if(imapcode != IMAP_RESP_OK) { failf(data, "Access denied. %c", imapcode); result = CURLE_LOGIN_DENIED; } @@ -987,7 +1021,7 @@ result = Curl_client_write(conn, CLIENTWRITE_BODY, line, len + 1); line[len] = '\0'; } - else if(imapcode != 'O') + else if(imapcode != IMAP_RESP_OK) result = CURLE_QUOTE_ERROR; /* TODO: Fix error code */ else /* End of DO phase */ @@ -1016,10 +1050,10 @@ imapc->mailbox_uidvalidity = strdup(tmp); } } - else if(imapcode == 'O') { + else if(imapcode == IMAP_RESP_OK) { /* Check if the UIDVALIDITY has been specified and matches */ if(imap->uidvalidity && imapc->mailbox_uidvalidity && - strcmp(imap->uidvalidity, imapc->mailbox_uidvalidity)) { + !strcasecompare(imap->uidvalidity, imapc->mailbox_uidvalidity)) { failf(conn->data, "Mailbox UIDVALIDITY has changed"); result = CURLE_REMOTE_FILE_NOT_FOUND; } @@ -1070,10 +1104,11 @@ if(*ptr == '{') { char *endptr; - size = curlx_strtoofft(ptr + 1, &endptr, 10); - if(endptr - ptr > 1 && endptr[0] == '}' && - endptr[1] == '\r' && endptr[2] == '\0') - parsed = TRUE; + if(!curlx_strtoofft(ptr + 1, &endptr, 10, &size)) { + if(endptr - ptr > 1 && endptr[0] == '}' && + endptr[1] == '\r' && endptr[2] == '\0') + parsed = TRUE; + } } if(parsed) { @@ -1091,6 +1126,11 @@ /* The conversion from curl_off_t to size_t is always fine here */ chunk = (size_t)size; + if(!chunk) { + /* no size, we're done with the data */ + state(conn, IMAP_STOP); + return CURLE_OK; + } result = Curl_client_write(conn, CLIENTWRITE_BODY, pp->cache, chunk); if(result) return result; @@ -1147,7 +1187,7 @@ (void)instate; /* No use for this yet */ - if(imapcode != 'O') + if(imapcode != IMAP_RESP_OK) result = CURLE_WEIRD_SERVER_REPLY; else /* End of DONE phase */ @@ -1191,7 +1231,7 @@ (void)instate; /* No use for this yet */ - if(imapcode != 'O') + if(imapcode != IMAP_RESP_OK) result = CURLE_UPLOAD_FAILED; else /* End of DONE phase */ @@ -1419,9 +1459,10 @@ result = status; /* use the already set error code */ } else if(!data->set.connect_only && !imap->custom && - (imap->uid || data->set.upload)) { + (imap->uid || data->set.upload || + data->set.mimepost.kind != MIMEKIND_NONE)) { /* Handle responses after FETCH or APPEND transfer has finished */ - if(!data->set.upload) + if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE) state(conn, IMAP_FETCH_FINAL); else { /* End the APPEND command first by sending an empty line */ @@ -1485,13 +1526,13 @@ /* Determine if the requested mailbox (with the same UIDVALIDITY if set) has already been selected on this connection */ if(imap->mailbox && imapc->mailbox && - !strcmp(imap->mailbox, imapc->mailbox) && + strcasecompare(imap->mailbox, imapc->mailbox) && (!imap->uidvalidity || !imapc->mailbox_uidvalidity || - !strcmp(imap->uidvalidity, imapc->mailbox_uidvalidity))) + strcasecompare(imap->uidvalidity, imapc->mailbox_uidvalidity))) selected = TRUE; /* Start the first command in the DO phase */ - if(conn->data->set.upload) + if(conn->data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE) /* APPEND can be executed directly */ result = imap_perform_append(conn); else if(imap->custom && (selected || !imap->mailbox)) @@ -1761,7 +1802,7 @@ return strdup(str); /* Calculate the new string length */ - newlen = strlen(str) + backsp_count + quote_count + (others_exists ? 2 : 0); + newlen = strlen(str) + backsp_count + quote_count + (escape_only ? 0 : 2); /* Allocate the new string */ newstr = (char *) malloc((newlen + 1) * sizeof(char)); @@ -1770,7 +1811,7 @@ /* Surround the string in quotes if necessary */ p2 = newstr; - if(others_exists) { + if(!escape_only) { newstr[0] = '"'; newstr[newlen - 1] = '"'; p2++; diff -Nru curl-7.55.1/lib/imap.h curl-7.57.0/lib/imap.h --- curl-7.55.1/lib/imap.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/imap.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2009 - 2015, Daniel Stenberg, , et al. + * Copyright (C) 2009 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -71,6 +71,7 @@ struct pingpong pp; imapstate state; /* Always use imap.c:state() to change state! */ bool ssldone; /* Is connect() over SSL done? */ + bool preauth; /* Is this connection PREAUTH? */ struct SASL sasl; /* SASL-related parameters */ unsigned int preftype; /* Preferred authentication type */ int cmdid; /* Last used command ID */ diff -Nru curl-7.55.1/lib/inet_ntop.c curl-7.57.0/lib/inet_ntop.c --- curl-7.55.1/lib/inet_ntop.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/inet_ntop.c 2017-11-09 22:40:36.000000000 +0000 @@ -141,7 +141,7 @@ */ if(i == 6 && best.base == 0 && (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { - if(!inet_ntop4(src+12, tp, sizeof(tmp) - (tp - tmp))) { + if(!inet_ntop4(src + 12, tp, sizeof(tmp) - (tp - tmp))) { errno = ENOSPC; return (NULL); } diff -Nru curl-7.55.1/lib/ldap.c curl-7.57.0/lib/ldap.c --- curl-7.55.1/lib/ldap.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/ldap.c 2017-11-10 16:47:30.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -190,9 +190,11 @@ const char *passwd, unsigned long authflags) { ULONG method = 0; - SEC_WINNT_AUTH_IDENTITY cred = { 0, }; + SEC_WINNT_AUTH_IDENTITY cred; int rc = LDAP_AUTH_METHOD_NOT_SUPPORTED; + memset(&cred, 0, sizeof(cred)); + #if defined(USE_SPNEGO) if(authflags & CURLAUTH_NEGOTIATE) { method = LDAP_AUTH_NEGOTIATE; @@ -267,7 +269,7 @@ LDAPMessage *ldapmsg = NULL; LDAPMessage *entryIterator; int num = 0; - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; int ldap_proto = LDAP_VERSION3; int ldap_ssl = 0; char *val_b64 = NULL; diff -Nru curl-7.55.1/lib/libcurl.plist curl-7.57.0/lib/libcurl.plist --- curl-7.55.1/lib/libcurl.plist 2017-08-14 06:04:49.000000000 +0000 +++ curl-7.57.0/lib/libcurl.plist 2017-11-29 09:28:45.000000000 +0000 @@ -15,7 +15,7 @@ se.haxx.curl.libcurl CFBundleVersion - 7.55.1 + 7.57.0 CFBundleName libcurl @@ -27,9 +27,9 @@ ???? CFBundleShortVersionString - libcurl 7.55.1 + libcurl 7.57.0 CFBundleGetInfoString - libcurl.plist 7.55.1 + libcurl.plist 7.57.0 diff -Nru curl-7.55.1/lib/llist.c curl-7.57.0/lib/llist.c --- curl-7.55.1/lib/llist.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/llist.c 2017-11-26 13:19:01.000000000 +0000 @@ -106,7 +106,11 @@ e->next->prev = NULL; } else { - e->prev->next = e->next; + if(!e->prev) + list->head = e->next; + else + e->prev->next = e->next; + if(!e->next) list->tail = e->prev; else diff -Nru curl-7.55.1/lib/Makefile.am curl-7.57.0/lib/Makefile.am --- curl-7.55.1/lib/Makefile.am 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/Makefile.am 2017-11-09 22:40:36.000000000 +0000 @@ -66,21 +66,7 @@ # Prevent LIBS from being used for all link targets LIBS = $(BLANK_AT_MAKETIME) -if SONAME_BUMP -# -# Bumping of SONAME conditionally may seem like a weird thing to do, and yeah -# it is. The problem is that we try to avoid the bump as hard as possible, but -# yet it is still necessary for a few rare situations. The configure script will -# attempt to figure out these situations, and it can be forced to consider this -# to be such a case! See README.curl_off_t for further details. -# -# This conditional soname bump SHOULD be removed at next "proper" bump. -# -VERSIONINFO=-version-info 9:0:4 -else -VERSIONINFO=-version-info 8:0:4 -endif - +VERSIONINFO=-version-info 9:0:5 # This flag accepts an argument of the form current[:revision[:age]]. So, # passing -version-info 3:12:1 sets current to 3, revision to 12, and age to # 1. diff -Nru curl-7.55.1/lib/Makefile.in curl-7.57.0/lib/Makefile.in --- curl-7.55.1/lib/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/lib/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -21,7 +21,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -223,7 +223,8 @@ libcurl_la-pipeline.lo libcurl_la-dotdot.lo \ libcurl_la-x509asn1.lo libcurl_la-http2.lo libcurl_la-smb.lo \ libcurl_la-curl_endian.lo libcurl_la-curl_des.lo \ - libcurl_la-system_win32.lo + libcurl_la-system_win32.lo libcurl_la-mime.lo \ + libcurl_la-sha256.lo libcurl_la-setopt.lo am__dirstamp = $(am__leading_dot)dirstamp am__objects_2 = vauth/libcurl_la-vauth.lo \ vauth/libcurl_la-cleartext.lo vauth/libcurl_la-cram.lo \ @@ -300,7 +301,8 @@ libcurlu_la-dotdot.lo libcurlu_la-x509asn1.lo \ libcurlu_la-http2.lo libcurlu_la-smb.lo \ libcurlu_la-curl_endian.lo libcurlu_la-curl_des.lo \ - libcurlu_la-system_win32.lo + libcurlu_la-system_win32.lo libcurlu_la-mime.lo \ + libcurlu_la-sha256.lo libcurlu_la-setopt.lo am__objects_8 = vauth/libcurlu_la-vauth.lo \ vauth/libcurlu_la-cleartext.lo vauth/libcurlu_la-cram.lo \ vauth/libcurlu_la-digest.lo vauth/libcurlu_la-digest_sspi.lo \ @@ -435,7 +437,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -452,6 +456,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -638,7 +643,6 @@ # $(top_srcdir)/lib for libcurl's lib/curl_setup.h and other "private" files # $(top_builddir)/ares is for in-tree c-ares's generated ares_build.h file # $(top_srcdir)/ares is for in-tree c-ares's external include files - # This flag accepts an argument of the form current[:revision[:age]]. So, # passing -version-info 3:12:1 sets current to 3, revision to 12, and age to # 1. @@ -653,18 +657,7 @@ # For the full guide on libcurl ABI rules, see docs/libcurl/ABI AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/lib \ -I$(top_srcdir)/lib $(am__append_1) -DBUILDING_LIBCURL -@SONAME_BUMP_FALSE@VERSIONINFO = -version-info 8:0:4 - -# -# Bumping of SONAME conditionally may seem like a weird thing to do, and yeah -# it is. The problem is that we try to avoid the bump as hard as possible, but -# yet it is still necessary for a few rare situations. The configure script will -# attempt to figure out these situations, and it can be forced to consider this -# to be such a case! See README.curl_off_t for further details. -# -# This conditional soname bump SHOULD be removed at next "proper" bump. -# -@SONAME_BUMP_TRUE@VERSIONINFO = -version-info 9:0:4 +VERSIONINFO = -version-info 9:0:5 AM_LDFLAGS = AM_CFLAGS = libcurl_la_CPPFLAGS_EXTRA = $(am__append_6) $(am__append_7) @@ -709,7 +702,8 @@ http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \ http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c \ curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \ - x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c + x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \ + mime.c sha256.c setopt.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ @@ -728,7 +722,7 @@ curl_sasl.h curl_multibyte.h hostcheck.h conncache.h \ curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h \ x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ - curl_printf.h system_win32.h rand.h + curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h LIB_RCFILES = libcurl.rc CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES) @@ -1020,6 +1014,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-md4.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-md5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-memdebug.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-mime.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-mprintf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-multi.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-netrc.Plo@am__quote@ @@ -1036,6 +1031,8 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-security.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-select.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-sendf.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-setopt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-sha256.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-share.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-slist.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-smb.Plo@am__quote@ @@ -1121,6 +1118,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-md4.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-md5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-memdebug.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-mime.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-mprintf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-multi.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-netrc.Plo@am__quote@ @@ -1137,6 +1135,8 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-security.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-select.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-sendf.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-setopt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-sha256.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-share.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-slist.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-smb.Plo@am__quote@ @@ -1942,6 +1942,27 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-system_win32.lo `test -f 'system_win32.c' || echo '$(srcdir)/'`system_win32.c +libcurl_la-mime.lo: mime.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-mime.lo -MD -MP -MF $(DEPDIR)/libcurl_la-mime.Tpo -c -o libcurl_la-mime.lo `test -f 'mime.c' || echo '$(srcdir)/'`mime.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-mime.Tpo $(DEPDIR)/libcurl_la-mime.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mime.c' object='libcurl_la-mime.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-mime.lo `test -f 'mime.c' || echo '$(srcdir)/'`mime.c + +libcurl_la-sha256.lo: sha256.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-sha256.lo -MD -MP -MF $(DEPDIR)/libcurl_la-sha256.Tpo -c -o libcurl_la-sha256.lo `test -f 'sha256.c' || echo '$(srcdir)/'`sha256.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-sha256.Tpo $(DEPDIR)/libcurl_la-sha256.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='sha256.c' object='libcurl_la-sha256.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-sha256.lo `test -f 'sha256.c' || echo '$(srcdir)/'`sha256.c + +libcurl_la-setopt.lo: setopt.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-setopt.lo -MD -MP -MF $(DEPDIR)/libcurl_la-setopt.Tpo -c -o libcurl_la-setopt.lo `test -f 'setopt.c' || echo '$(srcdir)/'`setopt.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-setopt.Tpo $(DEPDIR)/libcurl_la-setopt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='setopt.c' object='libcurl_la-setopt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-setopt.lo `test -f 'setopt.c' || echo '$(srcdir)/'`setopt.c + vauth/libcurl_la-vauth.lo: vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-vauth.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-vauth.Tpo -c -o vauth/libcurl_la-vauth.lo `test -f 'vauth/vauth.c' || echo '$(srcdir)/'`vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-vauth.Tpo vauth/$(DEPDIR)/libcurl_la-vauth.Plo @@ -2817,6 +2838,27 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-system_win32.lo `test -f 'system_win32.c' || echo '$(srcdir)/'`system_win32.c +libcurlu_la-mime.lo: mime.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-mime.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-mime.Tpo -c -o libcurlu_la-mime.lo `test -f 'mime.c' || echo '$(srcdir)/'`mime.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-mime.Tpo $(DEPDIR)/libcurlu_la-mime.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mime.c' object='libcurlu_la-mime.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-mime.lo `test -f 'mime.c' || echo '$(srcdir)/'`mime.c + +libcurlu_la-sha256.lo: sha256.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-sha256.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-sha256.Tpo -c -o libcurlu_la-sha256.lo `test -f 'sha256.c' || echo '$(srcdir)/'`sha256.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-sha256.Tpo $(DEPDIR)/libcurlu_la-sha256.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='sha256.c' object='libcurlu_la-sha256.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-sha256.lo `test -f 'sha256.c' || echo '$(srcdir)/'`sha256.c + +libcurlu_la-setopt.lo: setopt.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-setopt.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-setopt.Tpo -c -o libcurlu_la-setopt.lo `test -f 'setopt.c' || echo '$(srcdir)/'`setopt.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-setopt.Tpo $(DEPDIR)/libcurlu_la-setopt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='setopt.c' object='libcurlu_la-setopt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-setopt.lo `test -f 'setopt.c' || echo '$(srcdir)/'`setopt.c + vauth/libcurlu_la-vauth.lo: vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-vauth.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-vauth.Tpo -c -o vauth/libcurlu_la-vauth.lo `test -f 'vauth/vauth.c' || echo '$(srcdir)/'`vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-vauth.Tpo vauth/$(DEPDIR)/libcurlu_la-vauth.Plo diff -Nru curl-7.55.1/lib/Makefile.inc curl-7.57.0/lib/Makefile.inc --- curl-7.55.1/lib/Makefile.inc 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/Makefile.inc 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -53,7 +53,8 @@ http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \ http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c \ curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \ - x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c + x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \ + mime.c sha256.c setopt.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ @@ -72,7 +73,7 @@ curl_sasl.h curl_multibyte.h hostcheck.h conncache.h \ curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h \ x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ - curl_printf.h system_win32.h rand.h + curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h LIB_RCFILES = libcurl.rc diff -Nru curl-7.55.1/lib/Makefile.m32 curl-7.57.0/lib/Makefile.m32 --- curl-7.55.1/lib/Makefile.m32 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/Makefile.m32 2017-11-26 13:19:01.000000000 +0000 @@ -22,8 +22,9 @@ ########################################################################### # -## Makefile for building libcurl.a with MingW (GCC-3.2 or later) -## and optionally OpenSSL (1.0.2a), libssh2 (1.5), zlib (1.2.8), librtmp (2.4) +## Makefile for building libcurl.a with MingW (GCC-3.2 or later or LLVM/Clang) +## and optionally OpenSSL (1.0.2a), libssh2 (1.5), zlib (1.2.8), librtmp (2.4), +## brotli (1.0.1) ## ## Usage: mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...] ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn @@ -38,6 +39,10 @@ ifndef ZLIB_PATH ZLIB_PATH = ../../zlib-1.2.8 endif +# Edit the path below to point to the base of your Brotli sources. +ifndef BROTLI_PATH +BROTLI_PATH = ../../brotli-1.0.1 +endif # Edit the path below to point to the base of your OpenSSL package. ifndef OPENSSL_PATH OPENSSL_PATH = ../../openssl-1.0.2a @@ -50,9 +55,9 @@ ifndef LIBRTMP_PATH LIBRTMP_PATH = ../../librtmp-2.4 endif -# Edit the path below to point to the base of your libidn package. -ifndef LIBIDN_PATH -LIBIDN_PATH = ../../libidn-1.32 +# Edit the path below to point to the base of your libidn2 package. +ifndef LIBIDN2_PATH +LIBIDN2_PATH = ../../libidn2-2.0.3 endif # Edit the path below to point to the base of your MS IDN package. # Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1 @@ -76,13 +81,23 @@ LIBCARES_PATH = $(PROOT)/ares endif -CC = $(CROSSPREFIX)gcc +ifeq ($(CURL_CC),) +CURL_CC := $(CROSSPREFIX)gcc +endif +ifeq ($(CURL_AR),) +CURL_AR := $(CROSSPREFIX)ar +endif +ifeq ($(CURL_RANLIB),) +CURL_RANLIB := $(CROSSPREFIX)ranlib +endif + +CC = $(CURL_CC) CFLAGS = $(CURL_CFLAG_EXTRAS) -g -O2 -Wall -W CFLAGS += -fno-strict-aliasing # comment LDFLAGS below to keep debug info LDFLAGS = $(CURL_LDFLAG_EXTRAS) $(CURL_LDFLAG_EXTRAS_DLL) -s -AR = $(CROSSPREFIX)ar -RANLIB = $(CROSSPREFIX)ranlib +AR = $(CURL_AR) +RANLIB = $(CURL_RANLIB) RC = $(CROSSPREFIX)windres RCFLAGS = --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF STRIP = $(CROSSPREFIX)strip -g @@ -153,9 +168,7 @@ endif ifeq ($(findstring -ssh2,$(CFG)),-ssh2) SSH2 = 1 -ifneq ($(findstring -winssl,$(CFG)),-winssl) SSL = 1 -endif ZLIB = 1 endif ifeq ($(findstring -ssl,$(CFG)),-ssl) @@ -167,8 +180,11 @@ ifeq ($(findstring -zlib,$(CFG)),-zlib) ZLIB = 1 endif -ifeq ($(findstring -idn,$(CFG)),-idn) -IDN = 1 +ifeq ($(findstring -brotli,$(CFG)),-brotli) +BROTLI = 1 +endif +ifeq ($(findstring -idn2,$(CFG)),-idn2) +IDN2 = 1 endif ifeq ($(findstring -winidn,$(CFG)),-winidn) WINIDN = 1 @@ -192,6 +208,11 @@ INCLUDES = -I. -I../include CFLAGS += -DBUILDING_LIBCURL +ifdef SSL + ifdef WINSSL + CFLAGS += -DCURL_WITH_MULTI_SSL + endif +endif ifdef SYNC CFLAGS += -DUSE_SYNC_DNS @@ -257,20 +278,30 @@ CFLAGS += -DHAVE_OPENSSL_SRP -DUSE_TLS_SRP endif endif -else +endif ifdef WINSSL + CFLAGS += -DUSE_SCHANNEL DLL_LIBS += -lcrypt32 endif -endif ifdef ZLIB INCLUDES += -I"$(ZLIB_PATH)" CFLAGS += -DHAVE_LIBZ -DHAVE_ZLIB_H DLL_LIBS += -L"$(ZLIB_PATH)" -lz endif -ifdef IDN - INCLUDES += -I"$(LIBIDN_PATH)/include" - CFLAGS += -DUSE_LIBIDN - DLL_LIBS += -L"$(LIBIDN_PATH)/lib" -lidn +ifdef BROTLI + INCLUDES += -I"$(BROTLI_PATH)/include" + CFLAGS += -DHAVE_BROTLI + DLL_LIBS += -L"$(BROTLI_PATH)/lib" + ifdef BROTLI_LIBS + DLL_LIBS += $(BROTLI_LIBS) + else + DLL_LIBS += -lbrotlidec + endif +endif +ifdef IDN2 + INCLUDES += -I"$(LIBIDN2_PATH)/include" + CFLAGS += -DUSE_LIBIDN2 + DLL_LIBS += -L"$(LIBIDN2_PATH)/lib" -lidn2 else ifdef WINIDN CFLAGS += -DUSE_WIN32_IDN @@ -280,9 +311,6 @@ endif ifdef SSPI CFLAGS += -DUSE_WINDOWS_SSPI - ifdef WINSSL - CFLAGS += -DUSE_SCHANNEL - endif endif ifdef SPNEGO CFLAGS += -DHAVE_SPNEGO @@ -313,8 +341,12 @@ # Makefile.inc provides the CSOURCES and HHEADERS defines include Makefile.inc -libcurl_dll_LIBRARY = libcurl.dll -libcurl_dll_a_LIBRARY = libcurldll.a +ifeq ($(CURL_DLL_A_SUFFIX),) +CURL_DLL_A_SUFFIX := dll +endif + +libcurl_dll_LIBRARY = libcurl$(CURL_DLL_SUFFIX).dll +libcurl_dll_a_LIBRARY = libcurl$(CURL_DLL_A_SUFFIX).a libcurl_a_LIBRARY = libcurl.a libcurl_a_OBJECTS := $(patsubst %.c,%.o,$(strip $(CSOURCES))) diff -Nru curl-7.55.1/lib/memdebug.c curl-7.57.0/lib/memdebug.c --- curl-7.55.1/lib/memdebug.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/memdebug.c 2017-11-26 13:19:01.000000000 +0000 @@ -170,7 +170,7 @@ return NULL; /* alloc at least 64 bytes */ - size = sizeof(struct memdebug)+wantedsize; + size = sizeof(struct memdebug) + wantedsize; mem = (Curl_cmalloc)(size); if(mem) { @@ -225,9 +225,9 @@ if(countcheck("strdup", line, source)) return NULL; - len=strlen(str)+1; + len = strlen(str) + 1; - mem=curl_domalloc(len, 0, NULL); /* NULL prevents logging */ + mem = curl_domalloc(len, 0, NULL); /* NULL prevents logging */ if(mem) memcpy(mem, str, len); @@ -269,9 +269,9 @@ void *curl_dorealloc(void *ptr, size_t wantedsize, int line, const char *source) { - struct memdebug *mem=NULL; + struct memdebug *mem = NULL; - size_t size = sizeof(struct memdebug)+wantedsize; + size_t size = sizeof(struct memdebug) + wantedsize; DEBUGASSERT(wantedsize != 0); @@ -343,7 +343,12 @@ "FD %s:%d socket() = %ld\n" : "FD %s:%d socket() = %zd\n"; - curl_socket_t sockfd = socket(domain, type, protocol); + curl_socket_t sockfd; + + if(countcheck("socket", line, source)) + return CURL_SOCKET_BAD; + + sockfd = socket(domain, type, protocol); if(source && (sockfd != CURL_SOCKET_BAD)) curl_memlog(fmt, source, line, sockfd); @@ -351,6 +356,35 @@ return sockfd; } +SEND_TYPE_RETV curl_dosend(SEND_TYPE_ARG1 sockfd, + SEND_QUAL_ARG2 SEND_TYPE_ARG2 buf, + SEND_TYPE_ARG3 len, SEND_TYPE_ARG4 flags, int line, + const char *source) +{ + SEND_TYPE_RETV rc; + if(countcheck("send", line, source)) + return -1; + rc = send(sockfd, buf, len, flags); + if(source) + curl_memlog("SEND %s:%d send(%lu) = %ld\n", + source, line, (unsigned long)len, (long)rc); + return rc; +} + +RECV_TYPE_RETV curl_dorecv(RECV_TYPE_ARG1 sockfd, RECV_TYPE_ARG2 buf, + RECV_TYPE_ARG3 len, RECV_TYPE_ARG4 flags, int line, + const char *source) +{ + RECV_TYPE_RETV rc; + if(countcheck("recv", line, source)) + return -1; + rc = recv(sockfd, buf, len, flags); + if(source) + curl_memlog("RECV %s:%d recv(%lu) = %ld\n", + source, line, (unsigned long)len, (long)rc); + return rc; +} + #ifdef HAVE_SOCKETPAIR int curl_socketpair(int domain, int type, int protocol, curl_socket_t socket_vector[2], @@ -407,7 +441,7 @@ /* this is our own defined way to close sockets on *ALL* platforms */ int curl_sclose(curl_socket_t sockfd, int line, const char *source) { - int res=sclose(sockfd); + int res = sclose(sockfd); curl_mark_sclose(sockfd, line, source); return res; } @@ -415,7 +449,7 @@ FILE *curl_fopen(const char *file, const char *mode, int line, const char *source) { - FILE *res=fopen(file, mode); + FILE *res = fopen(file, mode); if(source) curl_memlog("FILE %s:%d fopen(\"%s\",\"%s\") = %p\n", @@ -428,7 +462,7 @@ FILE *curl_fdopen(int filedes, const char *mode, int line, const char *source) { - FILE *res=fdopen(filedes, mode); + FILE *res = fdopen(filedes, mode); if(source) curl_memlog("FILE %s:%d fdopen(\"%d\",\"%s\") = %p\n", @@ -444,7 +478,7 @@ DEBUGASSERT(file != NULL); - res=fclose(file); + res = fclose(file); if(source) curl_memlog("FILE %s:%d fclose(%p)\n", diff -Nru curl-7.55.1/lib/memdebug.h curl-7.57.0/lib/memdebug.h --- curl-7.55.1/lib/memdebug.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/memdebug.h 2017-11-26 13:19:01.000000000 +0000 @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -66,6 +66,17 @@ int line, const char *source); #endif +/* send/receive sockets */ +CURL_EXTERN SEND_TYPE_RETV curl_dosend(SEND_TYPE_ARG1 sockfd, + SEND_QUAL_ARG2 SEND_TYPE_ARG2 buf, + SEND_TYPE_ARG3 len, + SEND_TYPE_ARG4 flags, int line, + const char *source); +CURL_EXTERN RECV_TYPE_RETV curl_dorecv(RECV_TYPE_ARG1 sockfd, + RECV_TYPE_ARG2 buf, RECV_TYPE_ARG3 len, + RECV_TYPE_ARG4 flags, int line, + const char *source); + /* FILE functions */ CURL_EXTERN FILE *curl_fopen(const char *file, const char *mode, int line, const char *source); @@ -84,6 +95,8 @@ #define calloc(nbelem,size) curl_docalloc(nbelem, size, __LINE__, __FILE__) #define realloc(ptr,size) curl_dorealloc(ptr, size, __LINE__, __FILE__) #define free(ptr) curl_dofree(ptr, __LINE__, __FILE__) +#define send(a,b,c,d) curl_dosend(a,b,c,d, __LINE__, __FILE__) +#define recv(a,b,c,d) curl_dorecv(a,b,c,d, __LINE__, __FILE__) #ifdef WIN32 # ifdef UNICODE diff -Nru curl-7.55.1/lib/mime.c curl-7.57.0/lib/mime.c --- curl-7.55.1/lib/mime.c 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/lib/mime.c 2017-11-26 13:19:01.000000000 +0000 @@ -0,0 +1,1908 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#include + +#include "mime.h" +#include "non-ascii.h" +#include "urldata.h" +#include "sendf.h" + +#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_SMTP) || \ + !defined(CURL_DISABLE_IMAP) + +#if defined(HAVE_LIBGEN_H) && defined(HAVE_BASENAME) +#include +#endif + +#include "rand.h" +#include "slist.h" +#include "strcase.h" +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +#ifdef WIN32 +# ifndef R_OK +# define R_OK 4 +# endif +#endif + + +#define FILE_CONTENTTYPE_DEFAULT "application/octet-stream" +#define MULTIPART_CONTENTTYPE_DEFAULT "multipart/mixed" +#define DISPOSITION_DEFAULT "attachment" + +#define READ_ERROR ((size_t) -1) + +/* Encoders. */ +static size_t encoder_nop_read(char *buffer, size_t size, bool ateof, + curl_mimepart *part); +static curl_off_t encoder_nop_size(curl_mimepart *part); +static size_t encoder_7bit_read(char *buffer, size_t size, bool ateof, + curl_mimepart *part); +static size_t encoder_base64_read(char *buffer, size_t size, bool ateof, + curl_mimepart *part); +static curl_off_t encoder_base64_size(curl_mimepart *part); +static size_t encoder_qp_read(char *buffer, size_t size, bool ateof, + curl_mimepart *part); +static curl_off_t encoder_qp_size(curl_mimepart *part); + +static const mime_encoder encoders[] = { + {"binary", encoder_nop_read, encoder_nop_size}, + {"8bit", encoder_nop_read, encoder_nop_size}, + {"7bit", encoder_7bit_read, encoder_nop_size}, + {"base64", encoder_base64_read, encoder_base64_size}, + {"quoted-printable", encoder_qp_read, encoder_qp_size}, + {ZERO_NULL, ZERO_NULL, ZERO_NULL} +}; + +/* Base64 encoding table */ +static const char base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +/* Quoted-printable character class table. + * + * We cannot rely on ctype functions since quoted-printable input data + * is assumed to be ascii-compatible, even on non-ascii platforms. */ +#define QP_OK 1 /* Can be represented by itself. */ +#define QP_SP 2 /* Space or tab. */ +#define QP_CR 3 /* Carriage return. */ +#define QP_LF 4 /* Line-feed. */ +static const unsigned char qp_class[] = { + 0, 0, 0, 0, 0, 0, 0, 0, /* 00 - 07 */ + 0, QP_SP, QP_LF, 0, 0, QP_CR, 0, 0, /* 08 - 0F */ + 0, 0, 0, 0, 0, 0, 0, 0, /* 10 - 17 */ + 0, 0, 0, 0, 0, 0, 0, 0, /* 18 - 1F */ + QP_SP, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 20 - 27 */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 28 - 2F */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 30 - 37 */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, 0 , QP_OK, QP_OK, /* 38 - 3F */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 40 - 47 */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 48 - 4F */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 50 - 57 */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 58 - 5F */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 60 - 67 */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 68 - 6F */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 70 - 77 */ + QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, 0, /* 78 - 7F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 80 - 8F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 90 - 9F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* A0 - AF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* B0 - BF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* C0 - CF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* D0 - DF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* E0 - EF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 /* F0 - FF */ +}; + + +/* Binary --> hexadecimal ASCII table. */ +static const char aschex[] = + "\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x46"; + + + +#ifndef __VMS +#define filesize(name, stat_data) (stat_data.st_size) +#define fopen_read fopen + +#else + +#include +/* + * get_vms_file_size does what it takes to get the real size of the file + * + * For fixed files, find out the size of the EOF block and adjust. + * + * For all others, have to read the entire file in, discarding the contents. + * Most posted text files will be small, and binary files like zlib archives + * and CD/DVD images should be either a STREAM_LF format or a fixed format. + * + */ +curl_off_t VmsRealFileSize(const char *name, + const struct_stat *stat_buf) +{ + char buffer[8192]; + curl_off_t count; + int ret_stat; + FILE * file; + + file = fopen(name, FOPEN_READTEXT); /* VMS */ + if(file == NULL) + return 0; + + count = 0; + ret_stat = 1; + while(ret_stat > 0) { + ret_stat = fread(buffer, 1, sizeof(buffer), file); + if(ret_stat != 0) + count += ret_stat; + } + fclose(file); + + return count; +} + +/* + * + * VmsSpecialSize checks to see if the stat st_size can be trusted and + * if not to call a routine to get the correct size. + * + */ +static curl_off_t VmsSpecialSize(const char *name, + const struct_stat *stat_buf) +{ + switch(stat_buf->st_fab_rfm) { + case FAB$C_VAR: + case FAB$C_VFC: + return VmsRealFileSize(name, stat_buf); + break; + default: + return stat_buf->st_size; + } +} + +#define filesize(name, stat_data) VmsSpecialSize(name, &stat_data) + +/* + * vmsfopenread + * + * For upload to work as expected on VMS, different optional + * parameters must be added to the fopen command based on + * record format of the file. + * + */ +static FILE * vmsfopenread(const char *file, const char *mode) +{ + struct_stat statbuf; + int result; + + result = stat(file, &statbuf); + + switch(statbuf.st_fab_rfm) { + case FAB$C_VAR: + case FAB$C_VFC: + case FAB$C_STMCR: + return fopen(file, FOPEN_READTEXT); /* VMS */ + break; + default: + return fopen(file, FOPEN_READTEXT, "rfm=stmlf", "ctx=stm"); + } +} + +#define fopen_read vmsfopenread +#endif + + +#ifndef HAVE_BASENAME +/* + (Quote from The Open Group Base Specifications Issue 6 IEEE Std 1003.1, 2004 + Edition) + + The basename() function shall take the pathname pointed to by path and + return a pointer to the final component of the pathname, deleting any + trailing '/' characters. + + If the string pointed to by path consists entirely of the '/' character, + basename() shall return a pointer to the string "/". If the string pointed + to by path is exactly "//", it is implementation-defined whether '/' or "//" + is returned. + + If path is a null pointer or points to an empty string, basename() shall + return a pointer to the string ".". + + The basename() function may modify the string pointed to by path, and may + return a pointer to static storage that may then be overwritten by a + subsequent call to basename(). + + The basename() function need not be reentrant. A function that is not + required to be reentrant is not required to be thread-safe. + +*/ +static char *Curl_basename(char *path) +{ + /* Ignore all the details above for now and make a quick and simple + implementaion here */ + char *s1; + char *s2; + + s1 = strrchr(path, '/'); + s2 = strrchr(path, '\\'); + + if(s1 && s2) { + path = (s1 > s2? s1 : s2) + 1; + } + else if(s1) + path = s1 + 1; + else if(s2) + path = s2 + 1; + + return path; +} + +#define basename(x) Curl_basename((x)) +#endif + + +/* Set readback state. */ +static void mimesetstate(mime_state *state, enum mimestate tok, void *ptr) +{ + state->state = tok; + state->ptr = ptr; + state->offset = 0; +} + + +/* Escape header string into allocated memory. */ +static char *escape_string(const char *src) +{ + size_t bytecount = 0; + size_t i; + char *dst; + + for(i = 0; src[i]; i++) + if(src[i] == '"' || src[i] == '\\') + bytecount++; + + bytecount += i; + dst = malloc(bytecount + 1); + if(!dst) + return NULL; + + for(i = 0; *src; src++) { + if(*src == '"' || *src == '\\') + dst[i++] = '\\'; + dst[i++] = *src; + } + + dst[i] = '\0'; + return dst; +} + +/* Check if header matches. */ +static char *match_header(struct curl_slist *hdr, const char *lbl, size_t len) +{ + char *value = NULL; + + if(strncasecompare(hdr->data, lbl, len) && hdr->data[len] == ':') + for(value = hdr->data + len + 1; *value == ' '; value++) + ; + return value; +} + +/* Get a header from an slist. */ +static char *search_header(struct curl_slist *hdrlist, const char *hdr) +{ + size_t len = strlen(hdr); + char *value = NULL; + + for(; !value && hdrlist; hdrlist = hdrlist->next) + value = match_header(hdrlist, hdr, len); + + return value; +} + +static char *strippath(const char *fullfile) +{ + char *filename; + char *base; + filename = strdup(fullfile); /* duplicate since basename() may ruin the + buffer it works on */ + if(!filename) + return NULL; + base = strdup(basename(filename)); + + free(filename); /* free temporary buffer */ + + return base; /* returns an allocated string or NULL ! */ +} + +/* Initialize data encoder state. */ +static void cleanup_encoder_state(mime_encoder_state *p) +{ + p->pos = 0; + p->bufbeg = 0; + p->bufend = 0; +} + + +/* Dummy encoder. This is used for 8bit and binary content encodings. */ +static size_t encoder_nop_read(char *buffer, size_t size, bool ateof, + curl_mimepart *part) +{ + mime_encoder_state *st = &part->encstate; + size_t insize = st->bufend - st->bufbeg; + + (void) ateof; + + if(size > insize) + size = insize; + if(size) + memcpy(buffer, st->buf, size); + st->bufbeg += size; + return size; +} + +static curl_off_t encoder_nop_size(curl_mimepart *part) +{ + return part->datasize; +} + + +/* 7bit encoder: the encoder is just a data validity check. */ +static size_t encoder_7bit_read(char *buffer, size_t size, bool ateof, + curl_mimepart *part) +{ + mime_encoder_state *st = &part->encstate; + size_t cursize = st->bufend - st->bufbeg; + + (void) ateof; + + if(size > cursize) + size = cursize; + + for(cursize = 0; cursize < size; cursize++) { + *buffer = st->buf[st->bufbeg]; + if(*buffer++ & 0x80) + return cursize? cursize: READ_ERROR; + st->bufbeg++; + } + + return cursize; +} + + +/* Base64 content encoder. */ +static size_t encoder_base64_read(char *buffer, size_t size, bool ateof, + curl_mimepart *part) +{ + mime_encoder_state *st = &part->encstate; + size_t cursize = 0; + int i; + char *ptr = buffer; + + while(st->bufbeg < st->bufend) { + /* Line full ? */ + if(st->pos > MAX_ENCODED_LINE_LENGTH - 4) { + /* Yes, we need 2 characters for CRLF. */ + if(size < 2) + break; + *ptr++ = '\r'; + *ptr++ = '\n'; + st->pos = 0; + cursize += 2; + size -= 2; + } + + /* Be sure there is enough space and input data for a base64 group. */ + if(size < 4 || st->bufend - st->bufbeg < 3) + break; + + /* Encode three bytes as four characters. */ + i = st->buf[st->bufbeg++] & 0xFF; + i = (i << 8) | (st->buf[st->bufbeg++] & 0xFF); + i = (i << 8) | (st->buf[st->bufbeg++] & 0xFF); + *ptr++ = base64[(i >> 18) & 0x3F]; + *ptr++ = base64[(i >> 12) & 0x3F]; + *ptr++ = base64[(i >> 6) & 0x3F]; + *ptr++ = base64[i & 0x3F]; + cursize += 4; + st->pos += 4; + size -= 4; + } + + /* If at eof, we have to flush the buffered data. */ + if(ateof && size >= 4) { + /* Buffered data size can only be 0, 1 or 2. */ + ptr[2] = ptr[3] = '='; + i = 0; + switch(st->bufend - st->bufbeg) { + case 2: + i = (st->buf[st->bufbeg + 1] & 0xFF) << 8; + /* FALLTHROUGH */ + case 1: + i |= (st->buf[st->bufbeg] & 0xFF) << 16; + ptr[0] = base64[(i >> 18) & 0x3F]; + ptr[1] = base64[(i >> 12) & 0x3F]; + if(++st->bufbeg != st->bufend) { + ptr[2] = base64[(i >> 6) & 0x3F]; + st->bufbeg++; + } + cursize += 4; + st->pos += 4; + break; + } + } + +#ifdef CURL_DOES_CONVERSIONS + /* This is now textual data, Convert character codes. */ + if(part->easy && cursize) { + CURLcode result = Curl_convert_to_network(part->easy, buffer, cursize); + if(result) + return READ_ERROR; + } +#endif + + return cursize; +} + +static curl_off_t encoder_base64_size(curl_mimepart *part) +{ + curl_off_t size = part->datasize; + + if(size <= 0) + return size; /* Unknown size or no data. */ + + /* Compute base64 character count. */ + size = 4 * (1 + (size - 1) / 3); + + /* Effective character count must include CRLFs. */ + return size + 2 * ((size - 1) / MAX_ENCODED_LINE_LENGTH); +} + + +/* Quoted-printable lookahead. + * + * Check if a CRLF or end of data is in input buffer at current position + n. + * Return -1 if more data needed, 1 if CRLF or end of data, else 0. + */ +static int qp_lookahead_eol(mime_encoder_state *st, int ateof, size_t n) +{ + n += st->bufbeg; + if(n >= st->bufend && ateof) + return 1; + if(n + 2 > st->bufend) + return ateof? 0: -1; + if(qp_class[st->buf[n] & 0xFF] == QP_CR && + qp_class[st->buf[n + 1] & 0xFF] == QP_LF) + return 1; + return 0; +} + +/* Quoted-printable encoder. */ +static size_t encoder_qp_read(char *buffer, size_t size, bool ateof, + curl_mimepart *part) +{ + mime_encoder_state *st = &part->encstate; + char *ptr = buffer; + size_t cursize = 0; + int i; + size_t len; + size_t consumed; + int softlinebreak; + char buf[4]; + + /* On all platforms, input is supposed to be ASCII compatible: for this + reason, we use hexadecimal ASCII codes in this function rather than + character constants that can be interpreted as non-ascii on some + platforms. Preserve ASCII encoding on output too. */ + while(st->bufbeg < st->bufend) { + len = 1; + consumed = 1; + i = st->buf[st->bufbeg]; + buf[0] = (char) i; + buf[1] = aschex[(i >> 4) & 0xF]; + buf[2] = aschex[i & 0xF]; + + switch(qp_class[st->buf[st->bufbeg] & 0xFF]) { + case QP_OK: /* Not a special character. */ + break; + case QP_SP: /* Space or tab. */ + /* Spacing must be escaped if followed by CRLF. */ + switch(qp_lookahead_eol(st, ateof, 1)) { + case -1: /* More input data needed. */ + return cursize; + case 0: /* No encoding needed. */ + break; + default: /* CRLF after space or tab. */ + buf[0] = '\x3D'; /* '=' */ + len = 3; + break; + } + break; + case QP_CR: /* Carriage return. */ + /* If followed by a line-feed, output the CRLF pair. + Else escape it. */ + switch(qp_lookahead_eol(st, ateof, 0)) { + case -1: /* Need more data. */ + return cursize; + case 1: /* CRLF found. */ + buf[len++] = '\x0A'; /* Append '\n'. */ + consumed = 2; + break; + default: /* Not followed by LF: escape. */ + buf[0] = '\x3D'; /* '=' */ + len = 3; + break; + } + break; + default: /* Character must be escaped. */ + buf[0] = '\x3D'; /* '=' */ + len = 3; + break; + } + + /* Be sure the encoded character fits within maximum line length. */ + if(buf[len - 1] != '\x0A') { /* '\n' */ + softlinebreak = st->pos + len > MAX_ENCODED_LINE_LENGTH; + if(!softlinebreak && st->pos + len == MAX_ENCODED_LINE_LENGTH) { + /* We may use the current line only if end of data or followed by + a CRLF. */ + switch(qp_lookahead_eol(st, ateof, consumed)) { + case -1: /* Need more data. */ + return cursize; + break; + case 0: /* Not followed by a CRLF. */ + softlinebreak = 1; + break; + } + } + if(softlinebreak) { + strcpy(buf, "\x3D\x0D\x0A"); /* "=\r\n" */ + len = 3; + consumed = 0; + } + } + + /* If the output buffer would overflow, do not store. */ + if(len > size) + break; + + /* Append to output buffer. */ + memcpy(ptr, buf, len); + cursize += len; + ptr += len; + size -= len; + st->pos += len; + if(buf[len - 1] == '\x0A') /* '\n' */ + st->pos = 0; + st->bufbeg += consumed; + } + + return cursize; +} + +static curl_off_t encoder_qp_size(curl_mimepart *part) +{ + /* Determining the size can only be done by reading the data: unless the + data size is 0, we return it as unknown (-1). */ + return part->datasize? -1: 0; +} + + +/* In-memory data callbacks. */ +/* Argument is a pointer to the mime part. */ +static size_t mime_mem_read(char *buffer, size_t size, size_t nitems, + void *instream) +{ + curl_mimepart *part = (curl_mimepart *) instream; + size_t sz = (size_t) part->datasize - part->state.offset; + (void) size; /* Always 1.*/ + + if(sz > nitems) + sz = nitems; + + if(sz) + memcpy(buffer, (char *) &part->data[part->state.offset], sz); + + part->state.offset += sz; + return sz; +} + +static int mime_mem_seek(void *instream, curl_off_t offset, int whence) +{ + curl_mimepart *part = (curl_mimepart *) instream; + + switch(whence) { + case SEEK_CUR: + offset += part->state.offset; + break; + case SEEK_END: + offset += part->datasize; + break; + } + + if(offset < 0 || offset > part->datasize) + return CURL_SEEKFUNC_FAIL; + + part->state.offset = (size_t) offset; + return CURL_SEEKFUNC_OK; +} + +static void mime_mem_free(void *ptr) +{ + Curl_safefree(((curl_mimepart *) ptr)->data); +} + + +/* Named file callbacks. */ +/* Argument is a pointer to the mime part. */ +static int mime_open_file(curl_mimepart * part) +{ + /* Open a MIMEKIND_FILE part. */ + + if(part->fp) + return 0; + part->fp = fopen_read(part->data, "rb"); + return part->fp? 0: -1; +} + +static size_t mime_file_read(char *buffer, size_t size, size_t nitems, + void *instream) +{ + curl_mimepart *part = (curl_mimepart *) instream; + + if(mime_open_file(part)) + return READ_ERROR; + + return fread(buffer, size, nitems, part->fp); +} + +static int mime_file_seek(void *instream, curl_off_t offset, int whence) +{ + curl_mimepart *part = (curl_mimepart *) instream; + + if(whence == SEEK_SET && !offset && !part->fp) + return CURL_SEEKFUNC_OK; /* Not open: implicitly already at BOF. */ + + if(mime_open_file(part)) + return CURL_SEEKFUNC_FAIL; + + return fseek(part->fp, (long) offset, whence)? + CURL_SEEKFUNC_CANTSEEK: CURL_SEEKFUNC_OK; +} + +static void mime_file_free(void *ptr) +{ + curl_mimepart *part = (curl_mimepart *) ptr; + + if(part->fp) { + fclose(part->fp); + part->fp = NULL; + } + Curl_safefree(part->data); + part->data = NULL; +} + + +/* Subparts callbacks. */ +/* Argument is a pointer to the mime structure. */ + +/* Readback a byte string segment. */ +static size_t readback_bytes(mime_state *state, + char *buffer, size_t bufsize, + const char *bytes, size_t numbytes, + const char *trail) +{ + size_t sz; + + if(numbytes > state->offset) { + sz = numbytes - state->offset; + bytes += state->offset; + } + else { + size_t tsz = strlen(trail); + + sz = state->offset - numbytes; + if(sz >= tsz) + return 0; + bytes = trail + sz; + sz = tsz - sz; + } + + if(sz > bufsize) + sz = bufsize; + + memcpy(buffer, bytes, sz); + state->offset += sz; + return sz; +} + +/* Read a non-encoded part content. */ +static size_t read_part_content(curl_mimepart *part, + char *buffer, size_t bufsize) +{ + size_t sz = 0; + + if(part->readfunc) + sz = part->readfunc(buffer, 1, bufsize, part->arg); + return sz; +} + +/* Read and encode part content. */ +static size_t read_encoded_part_content(curl_mimepart *part, + char *buffer, size_t bufsize) +{ + mime_encoder_state *st = &part->encstate; + size_t cursize = 0; + size_t sz; + bool ateof = FALSE; + + while(bufsize) { + if(st->bufbeg < st->bufend || ateof) { + /* Encode buffered data. */ + sz = part->encoder->encodefunc(buffer, bufsize, ateof, part); + switch(sz) { + case 0: + if(ateof) + return cursize; + break; + case CURL_READFUNC_ABORT: + case CURL_READFUNC_PAUSE: + case READ_ERROR: + return cursize? cursize: sz; + default: + cursize += sz; + buffer += sz; + bufsize -= sz; + continue; + } + } + + /* We need more data in input buffer. */ + if(st->bufbeg) { + size_t len = st->bufend - st->bufbeg; + + if(len) + memmove(st->buf, st->buf + st->bufbeg, len); + st->bufbeg = 0; + st->bufend = len; + } + if(st->bufend >= sizeof st->buf) + return cursize? cursize: READ_ERROR; /* Buffer full. */ + sz = read_part_content(part, st->buf + st->bufend, + sizeof st->buf - st->bufend); + switch(sz) { + case 0: + ateof = TRUE; + break; + case CURL_READFUNC_ABORT: + case CURL_READFUNC_PAUSE: + case READ_ERROR: + return cursize? cursize: sz; + default: + st->bufend += sz; + break; + } + } + + return cursize; +} + +/* Readback a mime part. */ +static size_t readback_part(curl_mimepart *part, + char *buffer, size_t bufsize) +{ + size_t cursize = 0; + size_t sz; + struct curl_slist *hdr; +#ifdef CURL_DOES_CONVERSIONS + char *convbuf = buffer; +#endif + + /* Readback from part. */ + + while(bufsize) { + sz = 0; + hdr = (struct curl_slist *) part->state.ptr; + switch(part->state.state) { + case MIMESTATE_BEGIN: + mimesetstate(&part->state, part->flags & MIME_BODY_ONLY? MIMESTATE_BODY: + MIMESTATE_CURLHEADERS, part->curlheaders); + break; + case MIMESTATE_USERHEADERS: + if(!hdr) { + mimesetstate(&part->state, MIMESTATE_EOH, NULL); + break; + } + if(match_header(hdr, "Content-Type", 12)) { + mimesetstate(&part->state, MIMESTATE_USERHEADERS, hdr->next); + break; + } + /* FALLTHROUGH */ + case MIMESTATE_CURLHEADERS: + if(!hdr) + mimesetstate(&part->state, MIMESTATE_USERHEADERS, part->userheaders); + else { + sz = readback_bytes(&part->state, buffer, bufsize, + hdr->data, strlen(hdr->data), "\r\n"); + if(!sz) + mimesetstate(&part->state, part->state.state, hdr->next); + } + break; + case MIMESTATE_EOH: + sz = readback_bytes(&part->state, buffer, bufsize, "\r\n", 2, ""); + if(!sz) + mimesetstate(&part->state, MIMESTATE_BODY, NULL); + break; + case MIMESTATE_BODY: +#ifdef CURL_DOES_CONVERSIONS + if(part->easy && convbuf < buffer) { + CURLcode result = Curl_convert_to_network(part->easy, convbuf, + buffer - convbuf); + if(result) + return READ_ERROR; + convbuf = buffer; + } +#endif + cleanup_encoder_state(&part->encstate); + mimesetstate(&part->state, MIMESTATE_CONTENT, NULL); + break; + case MIMESTATE_CONTENT: + if(part->encoder) + sz = read_encoded_part_content(part, buffer, bufsize); + else + sz = read_part_content(part, buffer, bufsize); + switch(sz) { + case 0: + mimesetstate(&part->state, MIMESTATE_END, NULL); + /* Try sparing open file descriptors. */ + if(part->kind == MIMEKIND_FILE && part->fp) { + fclose(part->fp); + part->fp = NULL; + } + /* FALLTHROUGH */ + case CURL_READFUNC_ABORT: + case CURL_READFUNC_PAUSE: + case READ_ERROR: + return cursize? cursize: sz; + } + break; + case MIMESTATE_END: + return cursize; + default: + break; /* Other values not in part state. */ + } + + /* Bump buffer and counters according to read size. */ + cursize += sz; + buffer += sz; + bufsize -= sz; + } + +#ifdef CURL_DOES_CONVERSIONS + if(part->easy && convbuf < buffer && + part->state.state < MIMESTATE_BODY) { + CURLcode result = Curl_convert_to_network(part->easy, convbuf, + buffer - convbuf); + if(result) + return READ_ERROR; + } +#endif + + return cursize; +} + +/* Readback from mime. */ +static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, + void *instream) +{ + curl_mime *mime = (curl_mime *) instream; + size_t cursize = 0; + size_t sz; + curl_mimepart *part; +#ifdef CURL_DOES_CONVERSIONS + char *convbuf = buffer; +#endif + + (void) size; /* Always 1. */ + + while(nitems) { + sz = 0; + part = mime->state.ptr; + switch(mime->state.state) { + case MIMESTATE_BEGIN: + case MIMESTATE_BODY: +#ifdef CURL_DOES_CONVERSIONS + convbuf = buffer; +#endif + mimesetstate(&mime->state, MIMESTATE_BOUNDARY1, mime->firstpart); + /* The first boundary always follows the header termination empty line, + so is always preceded by a CRLK. We can then spare 2 characters + by skipping the leading CRLF in boundary. */ + mime->state.offset += 2; + break; + case MIMESTATE_BOUNDARY1: + sz = readback_bytes(&mime->state, buffer, nitems, "\r\n--", 4, ""); + if(!sz) + mimesetstate(&mime->state, MIMESTATE_BOUNDARY2, part); + break; + case MIMESTATE_BOUNDARY2: + sz = readback_bytes(&mime->state, buffer, nitems, mime->boundary, + strlen(mime->boundary), part? "\r\n": "--\r\n"); + if(!sz) { +#ifdef CURL_DOES_CONVERSIONS + if(mime->easy && convbuf < buffer) { + CURLcode result = Curl_convert_to_network(mime->easy, convbuf, + buffer - convbuf); + if(result) + return READ_ERROR; + convbuf = buffer; + } +#endif + mimesetstate(&mime->state, MIMESTATE_CONTENT, part); + } + break; + case MIMESTATE_CONTENT: + if(!part) { + mimesetstate(&mime->state, MIMESTATE_END, NULL); + break; + } + sz = readback_part(part, buffer, nitems); + switch(sz) { + case CURL_READFUNC_ABORT: + case CURL_READFUNC_PAUSE: + case READ_ERROR: + return cursize? cursize: sz; + case 0: +#ifdef CURL_DOES_CONVERSIONS + convbuf = buffer; +#endif + mimesetstate(&mime->state, MIMESTATE_BOUNDARY1, part->nextpart); + break; + } + break; + case MIMESTATE_END: + return cursize; + default: + break; /* other values not used in mime state. */ + } + + /* Bump buffer and counters according to read size. */ + cursize += sz; + buffer += sz; + nitems -= sz; + } + +#ifdef CURL_DOES_CONVERSIONS + if(mime->easy && convbuf < buffer && + mime->state.state <= MIMESTATE_CONTENT) { + CURLcode result = Curl_convert_to_network(mime->easy, convbuf, + buffer - convbuf); + if(result) + return READ_ERROR; + } +#endif + + return cursize; +} + +static int mime_part_rewind(curl_mimepart *part) +{ + int res = CURL_SEEKFUNC_OK; + enum mimestate targetstate = MIMESTATE_BEGIN; + + if(part->flags & MIME_BODY_ONLY) + targetstate = MIMESTATE_BODY; + cleanup_encoder_state(&part->encstate); + if(part->state.state > targetstate) { + res = CURL_SEEKFUNC_CANTSEEK; + if(part->seekfunc) { + res = part->seekfunc(part->arg, (curl_off_t) 0, SEEK_SET); + switch(res) { + case CURL_SEEKFUNC_OK: + case CURL_SEEKFUNC_FAIL: + case CURL_SEEKFUNC_CANTSEEK: + break; + case -1: /* For fseek() error. */ + res = CURL_SEEKFUNC_CANTSEEK; + break; + default: + res = CURL_SEEKFUNC_FAIL; + break; + } + } + } + + if(res == CURL_SEEKFUNC_OK) + mimesetstate(&part->state, targetstate, NULL); + + return res; +} + +static int mime_subparts_seek(void *instream, curl_off_t offset, int whence) +{ + curl_mime *mime = (curl_mime *) instream; + curl_mimepart *part; + int result = CURL_SEEKFUNC_OK; + int res; + + if(whence != SEEK_SET || offset) + return CURL_SEEKFUNC_CANTSEEK; /* Only support full rewind. */ + + if(mime->state.state == MIMESTATE_BEGIN) + return CURL_SEEKFUNC_OK; /* Already rewound. */ + + for(part = mime->firstpart; part; part = part->nextpart) { + res = mime_part_rewind(part); + if(res != CURL_SEEKFUNC_OK) + result = res; + } + + if(result == CURL_SEEKFUNC_OK) + mimesetstate(&mime->state, MIMESTATE_BEGIN, NULL); + + return result; +} + +/* Release part content. */ +static void cleanup_part_content(curl_mimepart *part) +{ + if(part->freefunc) + part->freefunc(part->arg); + + part->readfunc = NULL; + part->seekfunc = NULL; + part->freefunc = NULL; + part->arg = (void *) part; /* Defaults to part itself. */ + part->data = NULL; + part->fp = NULL; + part->datasize = (curl_off_t) 0; /* No size yet. */ + cleanup_encoder_state(&part->encstate); + part->kind = MIMEKIND_NONE; +} + +static void mime_subparts_free(void *ptr) +{ + curl_mime *mime = (curl_mime *) ptr; + + if(mime && mime->parent) { + mime->parent->freefunc = NULL; /* Be sure we won't be called again. */ + cleanup_part_content(mime->parent); /* Avoid dangling pointer in part. */ + } + curl_mime_free(mime); +} + +/* Do not free subparts: unbind them. This is used for the top level only. */ +static void mime_subparts_unbind(void *ptr) +{ + curl_mime *mime = (curl_mime *) ptr; + + if(mime && mime->parent) { + mime->parent->freefunc = NULL; /* Be sure we won't be called again. */ + cleanup_part_content(mime->parent); /* Avoid dangling pointer in part. */ + mime->parent = NULL; + } +} + + +void Curl_mime_cleanpart(curl_mimepart *part) +{ + cleanup_part_content(part); + curl_slist_free_all(part->curlheaders); + if(part->flags & MIME_USERHEADERS_OWNER) + curl_slist_free_all(part->userheaders); + Curl_safefree(part->mimetype); + Curl_safefree(part->name); + Curl_safefree(part->filename); + Curl_mime_initpart(part, part->easy); +} + +/* Recursively delete a mime handle and its parts. */ +void curl_mime_free(curl_mime *mime) +{ + curl_mimepart *part; + + if(mime) { + mime_subparts_unbind(mime); /* Be sure it's not referenced anymore. */ + while(mime->firstpart) { + part = mime->firstpart; + mime->firstpart = part->nextpart; + Curl_mime_cleanpart(part); + free(part); + } + + free(mime->boundary); + free(mime); + } +} + +/* + * Mime build functions. + */ + +/* Create a mime handle. */ +curl_mime *curl_mime_init(struct Curl_easy *easy) +{ + curl_mime *mime; + + mime = (curl_mime *) malloc(sizeof *mime); + + if(mime) { + mime->easy = easy; + mime->parent = NULL; + mime->firstpart = NULL; + mime->lastpart = NULL; + + /* Get a part boundary. */ + mime->boundary = malloc(24 + MIME_RAND_BOUNDARY_CHARS + 1); + if(!mime->boundary) { + free(mime); + return NULL; + } + + memset(mime->boundary, '-', 24); + Curl_rand_hex(easy, (unsigned char *) mime->boundary + 24, + MIME_RAND_BOUNDARY_CHARS + 1); + mimesetstate(&mime->state, MIMESTATE_BEGIN, NULL); + } + + return mime; +} + +/* Initialize a mime part. */ +void Curl_mime_initpart(curl_mimepart *part, struct Curl_easy *easy) +{ + memset((char *) part, 0, sizeof *part); + part->easy = easy; + mimesetstate(&part->state, MIMESTATE_BEGIN, NULL); +} + +/* Create a mime part and append it to a mime handle's part list. */ +curl_mimepart *curl_mime_addpart(curl_mime *mime) +{ + curl_mimepart *part; + + if(!mime) + return NULL; + + part = (curl_mimepart *) malloc(sizeof *part); + + if(part) { + Curl_mime_initpart(part, mime->easy); + part->parent = mime; + + if(mime->lastpart) + mime->lastpart->nextpart = part; + else + mime->firstpart = part; + + mime->lastpart = part; + } + + return part; +} + +/* Set mime part name. */ +CURLcode curl_mime_name(curl_mimepart *part, const char *name) +{ + if(!part) + return CURLE_BAD_FUNCTION_ARGUMENT; + + Curl_safefree(part->name); + part->name = NULL; + + if(name) { + part->name = strdup(name); + if(!part->name) + return CURLE_OUT_OF_MEMORY; + } + + return CURLE_OK; +} + +/* Set mime part remote file name. */ +CURLcode curl_mime_filename(curl_mimepart *part, const char *filename) +{ + if(!part) + return CURLE_BAD_FUNCTION_ARGUMENT; + + Curl_safefree(part->filename); + part->filename = NULL; + + if(filename) { + part->filename = strdup(filename); + if(!part->filename) + return CURLE_OUT_OF_MEMORY; + } + + return CURLE_OK; +} + +/* Set mime part content from memory data. */ +CURLcode curl_mime_data(curl_mimepart *part, + const char *data, size_t datasize) +{ + if(!part) + return CURLE_BAD_FUNCTION_ARGUMENT; + + cleanup_part_content(part); + + if(data) { + if(datasize == CURL_ZERO_TERMINATED) + datasize = strlen(data); + + part->data = malloc(datasize + 1); + if(!part->data) + return CURLE_OUT_OF_MEMORY; + + part->datasize = datasize; + + if(datasize) + memcpy(part->data, data, datasize); + part->data[datasize] = '\0'; /* Set a nul terminator as sentinel. */ + + part->readfunc = mime_mem_read; + part->seekfunc = mime_mem_seek; + part->freefunc = mime_mem_free; + part->kind = MIMEKIND_DATA; + } + + return CURLE_OK; +} + +/* Set mime part content from named local file. */ +CURLcode curl_mime_filedata(curl_mimepart *part, const char *filename) +{ + CURLcode result = CURLE_OK; + char *base; + + if(!part) + return CURLE_BAD_FUNCTION_ARGUMENT; + + cleanup_part_content(part); + + if(filename) { + struct_stat sbuf; + + if(stat(filename, &sbuf) || access(filename, R_OK)) + result = CURLE_READ_ERROR; + + part->data = strdup(filename); + if(!part->data) + result = CURLE_OUT_OF_MEMORY; + + part->datasize = -1; + if(!result && S_ISREG(sbuf.st_mode)) { + part->datasize = filesize(filename, sbuf); + part->seekfunc = mime_file_seek; + } + + part->readfunc = mime_file_read; + part->freefunc = mime_file_free; + part->kind = MIMEKIND_FILE; + + /* As a side effect, set the filename to the current file's base name. + It is possible to withdraw this by explicitly calling + curl_mime_filename() with a NULL filename argument after the current + call. */ + base = strippath(filename); + if(!base) + result = CURLE_OUT_OF_MEMORY; + else { + CURLcode res = curl_mime_filename(part, base); + + if(res) + result = res; + free(base); + } + } + return result; +} + +/* Set mime part type. */ +CURLcode curl_mime_type(curl_mimepart *part, const char *mimetype) +{ + if(!part) + return CURLE_BAD_FUNCTION_ARGUMENT; + + Curl_safefree(part->mimetype); + part->mimetype = NULL; + + if(mimetype) { + part->mimetype = strdup(mimetype); + if(!part->mimetype) + return CURLE_OUT_OF_MEMORY; + } + + return CURLE_OK; +} + +/* Set mime data transfer encoder. */ +CURLcode curl_mime_encoder(curl_mimepart *part, const char *encoding) +{ + CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; + const mime_encoder *mep; + + if(!part) + return result; + + part->encoder = NULL; + + if(!encoding) + return CURLE_OK; /* Removing current encoder. */ + + for(mep = encoders; mep->name; mep++) + if(strcasecompare(encoding, mep->name)) { + part->encoder = mep; + result = CURLE_OK; + } + + return result; +} + +/* Set mime part headers. */ +CURLcode curl_mime_headers(curl_mimepart *part, + struct curl_slist *headers, int take_ownership) +{ + if(!part) + return CURLE_BAD_FUNCTION_ARGUMENT; + + if(part->flags & MIME_USERHEADERS_OWNER) { + if(part->userheaders != headers) /* Allow setting twice the same list. */ + curl_slist_free_all(part->userheaders); + part->flags &= ~MIME_USERHEADERS_OWNER; + } + part->userheaders = headers; + if(headers && take_ownership) + part->flags |= MIME_USERHEADERS_OWNER; + return CURLE_OK; +} + +/* Set mime part content from callback. */ +CURLcode curl_mime_data_cb(curl_mimepart *part, curl_off_t datasize, + curl_read_callback readfunc, + curl_seek_callback seekfunc, + curl_free_callback freefunc, void *arg) +{ + if(!part) + return CURLE_BAD_FUNCTION_ARGUMENT; + + cleanup_part_content(part); + + if(readfunc) { + part->readfunc = readfunc; + part->seekfunc = seekfunc; + part->freefunc = freefunc; + part->arg = arg; + part->datasize = datasize; + part->kind = MIMEKIND_CALLBACK; + } + + return CURLE_OK; +} + +/* Set mime part content from subparts. */ +CURLcode Curl_mime_set_subparts(curl_mimepart *part, + curl_mime *subparts, int take_ownership) +{ + curl_mime *root; + + if(!part) + return CURLE_BAD_FUNCTION_ARGUMENT; + + /* Accept setting twice the same subparts. */ + if(part->kind == MIMEKIND_MULTIPART && part->arg == subparts) + return CURLE_OK; + + cleanup_part_content(part); + + if(subparts) { + /* Must belong to the same data handle. */ + if(part->easy && subparts->easy && part->easy != subparts->easy) + return CURLE_BAD_FUNCTION_ARGUMENT; + + /* Should not have been attached already. */ + if(subparts->parent) + return CURLE_BAD_FUNCTION_ARGUMENT; + + /* Should not be the part's root. */ + root = part->parent; + if(root) { + while(root->parent && root->parent->parent) + root = root->parent->parent; + if(subparts == root) { + if(part->easy) + failf(part->easy, "Can't add itself as a subpart!"); + return CURLE_BAD_FUNCTION_ARGUMENT; + } + } + + subparts->parent = part; + part->readfunc = mime_subparts_read; + part->seekfunc = mime_subparts_seek; + part->freefunc = take_ownership? mime_subparts_free: mime_subparts_unbind; + part->arg = subparts; + part->datasize = -1; + part->kind = MIMEKIND_MULTIPART; + } + + return CURLE_OK; +} + +CURLcode curl_mime_subparts(curl_mimepart *part, curl_mime *subparts) +{ + return Curl_mime_set_subparts(part, subparts, TRUE); +} + + +/* Readback from top mime. */ +/* Argument is the dummy top part. */ +size_t Curl_mime_read(char *buffer, size_t size, size_t nitems, void *instream) +{ + curl_mimepart *part = (curl_mimepart *) instream; + + (void) size; /* Always 1. */ + return readback_part(part, buffer, nitems); +} + +/* Rewind mime stream. */ +CURLcode Curl_mime_rewind(curl_mimepart *part) +{ + return mime_part_rewind(part) == CURL_SEEKFUNC_OK? + CURLE_OK: CURLE_SEND_FAIL_REWIND; +} + +/* Compute header list size. */ +static size_t slist_size(struct curl_slist *s, + size_t overhead, const char *skip) +{ + size_t size = 0; + size_t skiplen = skip? strlen(skip): 0; + + for(; s; s = s->next) + if(!skip || !match_header(s, skip, skiplen)) + size += strlen(s->data) + overhead; + return size; +} + +/* Get/compute multipart size. */ +static curl_off_t multipart_size(curl_mime *mime) +{ + curl_off_t size; + curl_off_t sz; + size_t boundarysize; + curl_mimepart *part; + + if(!mime) + return 0; /* Not present -> empty. */ + + boundarysize = 4 + strlen(mime->boundary) + 2; + size = boundarysize; /* Final boundary - CRLF after headers. */ + + for(part = mime->firstpart; part; part = part->nextpart) { + sz = Curl_mime_size(part); + + if(sz < 0) + size = sz; + + if(size >= 0) + size += boundarysize + sz; + } + + return size; +} + +/* Get/compute mime size. */ +curl_off_t Curl_mime_size(curl_mimepart *part) +{ + curl_off_t size; + + if(part->kind == MIMEKIND_MULTIPART) + part->datasize = multipart_size(part->arg); + + size = part->datasize; + + if(part->encoder) + size = part->encoder->sizefunc(part); + + if(size >= 0 && !(part->flags & MIME_BODY_ONLY)) { + /* Compute total part size. */ + size += slist_size(part->curlheaders, 2, NULL); + size += slist_size(part->userheaders, 2, "Content-Type"); + size += 2; /* CRLF after headers. */ + } + return size; +} + +/* Add a header. */ +/* VARARGS2 */ +CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...) +{ + struct curl_slist *hdr = NULL; + char *s = NULL; + va_list ap; + + va_start(ap, fmt); + s = curl_mvaprintf(fmt, ap); + va_end(ap); + + if(s) { + hdr = Curl_slist_append_nodup(*slp, s); + if(hdr) + *slp = hdr; + else + free(s); + } + + return hdr? CURLE_OK: CURLE_OUT_OF_MEMORY; +} + +/* Add a content type header. */ +static CURLcode add_content_type(struct curl_slist **slp, + const char *type, const char *boundary) +{ + return Curl_mime_add_header(slp, "Content-Type: %s%s%s", type, + boundary? "; boundary=": "", + boundary? boundary: ""); +} + + +static const char *ContentTypeForFilename(const char *filename) +{ + unsigned int i; + + /* + * If no content type was specified, we scan through a few well-known + * extensions and pick the first we match! + */ + struct ContentType { + const char *extension; + const char *type; + }; + static const struct ContentType ctts[] = { + {".gif", "image/gif"}, + {".jpg", "image/jpeg"}, + {".jpeg", "image/jpeg"}, + {".png", "image/png"}, + {".svg", "image/svg+xml"}, + {".txt", "text/plain"}, + {".htm", "text/html"}, + {".html", "text/html"}, + {".pdf", "application/pdf"}, + {".xml", "application/xml"} + }; + + if(filename) { + size_t len1 = strlen(filename); + const char *nameend = filename + len1; + + for(i = 0; i < sizeof ctts / sizeof ctts[0]; i++) { + size_t len2 = strlen(ctts[i].extension); + + if(len1 >= len2 && strcasecompare(nameend - len2, ctts[i].extension)) + return ctts[i].type; + } + } + return NULL; +} + +CURLcode Curl_mime_prepare_headers(curl_mimepart *part, + const char *contenttype, + const char *disposition, + enum mimestrategy strategy) +{ + curl_mime *mime = NULL; + const char *boundary = NULL; + char *customct; + const char *cte = NULL; + CURLcode ret = CURLE_OK; + + /* Get rid of previously prepared headers. */ + curl_slist_free_all(part->curlheaders); + part->curlheaders = NULL; + + /* Be sure we won't access old headers later. */ + if(part->state.state == MIMESTATE_CURLHEADERS) + mimesetstate(&part->state, MIMESTATE_CURLHEADERS, NULL); + + /* Check if content type is specified. */ + customct = part->mimetype; + if(!customct) + customct = search_header(part->userheaders, "Content-Type"); + if(customct) + contenttype = customct; + + /* If content type is not specified, try to determine it. */ + if(!contenttype) { + switch(part->kind) { + case MIMEKIND_MULTIPART: + contenttype = MULTIPART_CONTENTTYPE_DEFAULT; + break; + case MIMEKIND_FILE: + contenttype = ContentTypeForFilename(part->filename); + if(!contenttype) + contenttype = ContentTypeForFilename(part->data); + if(!contenttype && part->filename) + contenttype = FILE_CONTENTTYPE_DEFAULT; + break; + default: + contenttype = ContentTypeForFilename(part->filename); + break; + } + } + + if(part->kind == MIMEKIND_MULTIPART) { + mime = (curl_mime *) part->arg; + if(mime) + boundary = mime->boundary; + } + else if(contenttype && !customct && + strcasecompare(contenttype, "text/plain")) + if(strategy == MIMESTRATEGY_MAIL || !part->filename) + contenttype = NULL; + + /* Issue content-disposition header only if not already set by caller. */ + if(!search_header(part->userheaders, "Content-Disposition")) { + if(!disposition) + if(part->filename || part->name || + (contenttype && !strncasecompare(contenttype, "multipart/", 10))) + disposition = DISPOSITION_DEFAULT; + if(disposition && curl_strequal(disposition, "attachment") && + !part->name && !part->filename) + disposition = NULL; + if(disposition) { + char *name = NULL; + char *filename = NULL; + + if(part->name) { + name = escape_string(part->name); + if(!name) + ret = CURLE_OUT_OF_MEMORY; + } + if(!ret && part->filename) { + filename = escape_string(part->filename); + if(!filename) + ret = CURLE_OUT_OF_MEMORY; + } + if(!ret) + ret = Curl_mime_add_header(&part->curlheaders, + "Content-Disposition: %s%s%s%s%s%s%s", + disposition, + name? "; name=\"": "", + name? name: "", + name? "\"": "", + filename? "; filename=\"": "", + filename? filename: "", + filename? "\"": ""); + Curl_safefree(name); + Curl_safefree(filename); + if(ret) + return ret; + } + } + + /* Issue Content-Type header. */ + if(contenttype) { + ret = add_content_type(&part->curlheaders, contenttype, boundary); + if(ret) + return ret; + } + + /* Content-Transfer-Encoding header. */ + if(!search_header(part->userheaders, "Content-Transfer-Encoding")) { + if(part->encoder) + cte = part->encoder->name; + else if(contenttype && strategy == MIMESTRATEGY_MAIL && + part->kind != MIMEKIND_MULTIPART) + cte = "8bit"; + if(cte) { + ret = Curl_mime_add_header(&part->curlheaders, + "Content-Transfer-Encoding: %s", cte); + if(ret) + return ret; + } + } + + /* If we were reading curl-generated headers, restart with new ones (this + should not occur). */ + if(part->state.state == MIMESTATE_CURLHEADERS) + mimesetstate(&part->state, MIMESTATE_CURLHEADERS, part->curlheaders); + + /* Process subparts. */ + if(part->kind == MIMEKIND_MULTIPART && mime) { + curl_mimepart *subpart; + + disposition = NULL; + if(strcasecompare(contenttype, "multipart/form-data")) + disposition = "form-data"; + for(subpart = mime->firstpart; subpart; subpart = subpart->nextpart) { + ret = Curl_mime_prepare_headers(subpart, NULL, disposition, strategy); + if(ret) + return ret; + } + } + return ret; +} + +#else /* !CURL_DISABLE_HTTP || !CURL_DISABLE_SMTP || !CURL_DISABLE_IMAP */ + +/* Mime not compiled in: define stubs for externally-referenced functions. */ +curl_mime *curl_mime_init(CURL *easy) +{ + (void) easy; + return NULL; +} + +void curl_mime_free(curl_mime *mime) +{ + (void) mime; +} + +curl_mimepart *curl_mime_addpart(curl_mime *mime) +{ + (void) mime; + return NULL; +} + +CURLcode curl_mime_name(curl_mimepart *part, const char *name) +{ + (void) part; + (void) name; + return CURLE_NOT_BUILT_IN; +} + +CURLcode curl_mime_filename(curl_mimepart *part, const char *filename) +{ + (void) part; + (void) filename; + return CURLE_NOT_BUILT_IN; +} + +CURLcode curl_mime_type(curl_mimepart *part, const char *mimetype) +{ + (void) part; + (void) mimetype; + return CURLE_NOT_BUILT_IN; +} + +CURLcode curl_mime_encoder(curl_mimepart *part, const char *encoding) +{ + (void) part; + (void) encoding; + return CURLE_NOT_BUILT_IN; +} + +CURLcode curl_mime_data(curl_mimepart *part, + const char *data, size_t datasize) +{ + (void) part; + (void) data; + (void) datasize; + return CURLE_NOT_BUILT_IN; +} + +CURLcode curl_mime_filedata(curl_mimepart *part, const char *filename) +{ + (void) part; + (void) filename; + return CURLE_NOT_BUILT_IN; +} + +CURLcode curl_mime_data_cb(curl_mimepart *part, + curl_off_t datasize, + curl_read_callback readfunc, + curl_seek_callback seekfunc, + curl_free_callback freefunc, + void *arg) +{ + (void) part; + (void) datasize; + (void) readfunc; + (void) seekfunc; + (void) freefunc; + (void) arg; + return CURLE_NOT_BUILT_IN; +} + +CURLcode curl_mime_subparts(curl_mimepart *part, curl_mime *subparts) +{ + (void) part; + (void) subparts; + return CURLE_NOT_BUILT_IN; +} + +CURLcode curl_mime_headers(curl_mimepart *part, + struct curl_slist *headers, int take_ownership) +{ + (void) part; + (void) headers; + (void) take_ownership; + return CURLE_NOT_BUILT_IN; +} + +void Curl_mime_initpart(curl_mimepart *part, struct Curl_easy *easy) +{ + (void) part; + (void) easy; +} + +void Curl_mime_cleanpart(curl_mimepart *part) +{ + (void) part; +} + +CURLcode Curl_mime_set_subparts(curl_mimepart *part, + curl_mime *subparts, int take_ownership) +{ + (void) part; + (void) subparts; + (void) take_ownership; + return CURLE_NOT_BUILT_IN; +} + +CURLcode Curl_mime_prepare_headers(curl_mimepart *part, + const char *contenttype, + const char *disposition, + enum mimestrategy strategy) +{ + (void) part; + (void) contenttype; + (void) disposition; + (void) strategy; + return CURLE_NOT_BUILT_IN; +} + +curl_off_t Curl_mime_size(curl_mimepart *part) +{ + (void) part; + return (curl_off_t) -1; +} + +size_t Curl_mime_read(char *buffer, size_t size, size_t nitems, void *instream) +{ + (void) buffer; + (void) size; + (void) nitems; + (void) instream; + return 0; +} + +CURLcode Curl_mime_rewind(curl_mimepart *part) +{ + (void) part; + return CURLE_NOT_BUILT_IN; +} + +/* VARARGS2 */ +CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...) +{ + (void) slp; + (void) fmt; + return CURLE_NOT_BUILT_IN; +} + +#endif /* !CURL_DISABLE_HTTP || !CURL_DISABLE_SMTP || !CURL_DISABLE_IMAP */ diff -Nru curl-7.55.1/lib/mime.h curl-7.57.0/lib/mime.h --- curl-7.55.1/lib/mime.h 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/lib/mime.h 2017-11-10 16:47:30.000000000 +0000 @@ -0,0 +1,137 @@ +#ifndef HEADER_CURL_MIME_H +#define HEADER_CURL_MIME_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#define MIME_RAND_BOUNDARY_CHARS 16 /* Nb. of random boundary chars. */ +#define MAX_ENCODED_LINE_LENGTH 76 /* Maximum encoded line length. */ +#define ENCODING_BUFFER_SIZE 256 /* Encoding temp buffers size. */ + +/* Part flags. */ +#define MIME_USERHEADERS_OWNER (1 << 0) +#define MIME_BODY_ONLY (1 << 1) + +/* Part source kinds. */ +enum mimekind { + MIMEKIND_NONE = 0, /* Part not set. */ + MIMEKIND_DATA, /* Allocated mime data. */ + MIMEKIND_FILE, /* Data from file. */ + MIMEKIND_CALLBACK, /* Data from `read' callback. */ + MIMEKIND_MULTIPART, /* Data is a mime subpart. */ + MIMEKIND_LAST +}; + +/* Readback state tokens. */ +enum mimestate { + MIMESTATE_BEGIN, /* Readback has not yet started. */ + MIMESTATE_CURLHEADERS, /* In curl-generated headers. */ + MIMESTATE_USERHEADERS, /* In caller's supplied headers. */ + MIMESTATE_EOH, /* End of headers. */ + MIMESTATE_BODY, /* Placeholder. */ + MIMESTATE_BOUNDARY1, /* In boundary prefix. */ + MIMESTATE_BOUNDARY2, /* In boundary. */ + MIMESTATE_CONTENT, /* In content. */ + MIMESTATE_END, /* End of part reached. */ + MIMESTATE_LAST +}; + +/* Mime headers strategies. */ +enum mimestrategy { + MIMESTRATEGY_MAIL, /* Mime mail. */ + MIMESTRATEGY_FORM, /* HTTP post form. */ + MIMESTRATEGY_LAST +}; + +/* Content transfer encoder. */ +typedef struct { + const char * name; /* Encoding name. */ + size_t (*encodefunc)(char *buffer, size_t size, bool ateof, + curl_mimepart *part); /* Encoded read. */ + curl_off_t (*sizefunc)(curl_mimepart *part); /* Encoded size. */ +} mime_encoder; + +/* Content transfer encoder state. */ +typedef struct { + size_t pos; /* Position on output line. */ + size_t bufbeg; /* Next data index in input buffer. */ + size_t bufend; /* First unused byte index in input buffer. */ + char buf[ENCODING_BUFFER_SIZE]; /* Input buffer. */ +} mime_encoder_state; + +/* Mime readback state. */ +typedef struct { + enum mimestate state; /* Current state token. */ + void *ptr; /* State-dependent pointer. */ + size_t offset; /* State-dependent offset. */ +} mime_state; + +/* A mime multipart. */ +struct curl_mime_s { + struct Curl_easy *easy; /* The associated easy handle. */ + curl_mimepart *parent; /* Parent part. */ + curl_mimepart *firstpart; /* First part. */ + curl_mimepart *lastpart; /* Last part. */ + char *boundary; /* The part boundary. */ + mime_state state; /* Current readback state. */ +}; + +/* A mime part. */ +struct curl_mimepart_s { + struct Curl_easy *easy; /* The associated easy handle. */ + curl_mime *parent; /* Parent mime structure. */ + curl_mimepart *nextpart; /* Forward linked list. */ + enum mimekind kind; /* The part kind. */ + char *data; /* Memory data or file name. */ + curl_read_callback readfunc; /* Read function. */ + curl_seek_callback seekfunc; /* Seek function. */ + curl_free_callback freefunc; /* Argument free function. */ + void *arg; /* Argument to callback functions. */ + FILE *fp; /* File pointer. */ + struct curl_slist *curlheaders; /* Part headers. */ + struct curl_slist *userheaders; /* Part headers. */ + char *mimetype; /* Part mime type. */ + char *filename; /* Remote file name. */ + char *name; /* Data name. */ + curl_off_t datasize; /* Expected data size. */ + unsigned int flags; /* Flags. */ + mime_state state; /* Current readback state. */ + const mime_encoder *encoder; /* Content data encoder. */ + mime_encoder_state encstate; /* Data encoder state. */ +}; + + +/* Prototypes. */ +void Curl_mime_initpart(curl_mimepart *part, struct Curl_easy *easy); +void Curl_mime_cleanpart(curl_mimepart *part); +CURLcode Curl_mime_set_subparts(curl_mimepart *part, + curl_mime *subparts, int take_ownership); +CURLcode Curl_mime_prepare_headers(curl_mimepart *part, + const char *contenttype, + const char *disposition, + enum mimestrategy strategy); +curl_off_t Curl_mime_size(curl_mimepart *part); +size_t Curl_mime_read(char *buffer, size_t size, size_t nitems, + void *instream); +CURLcode Curl_mime_rewind(curl_mimepart *part); +CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...); + +#endif /* HEADER_CURL_MIME_H */ diff -Nru curl-7.55.1/lib/mk-ca-bundle.pl curl-7.57.0/lib/mk-ca-bundle.pl --- curl-7.55.1/lib/mk-ca-bundle.pl 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/mk-ca-bundle.pl 2017-11-10 16:47:30.000000000 +0000 @@ -47,11 +47,9 @@ my %urls = ( 'nss' => - 'https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt', + 'https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt', 'central' => 'https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', - 'aurora' => - 'https://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', 'beta' => 'https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', 'release' => diff -Nru curl-7.55.1/lib/mprintf.c curl-7.57.0/lib/mprintf.c --- curl-7.55.1/lib/mprintf.c 2017-08-12 14:37:48.000000000 +0000 +++ curl-7.57.0/lib/mprintf.c 2017-11-09 22:40:36.000000000 +0000 @@ -46,10 +46,6 @@ * If SIZEOF_SIZE_T has not been defined, default to the size of long. */ -#ifndef SIZEOF_SIZE_T -# define SIZEOF_SIZE_T CURL_SIZEOF_LONG -#endif - #ifdef HAVE_LONGLONG # define LONG_LONG_TYPE long long # define HAVE_LONG_LONG_TYPE @@ -111,7 +107,7 @@ } WHILE_FALSE /* Data type to read from the arglist */ -typedef enum { +typedef enum { FORMAT_UNKNOWN = 0, FORMAT_STRING, FORMAT_PTR, @@ -181,7 +177,7 @@ static long dprintf_DollarString(char *input, char **end) { - int number=0; + int number = 0; while(ISDIGIT(*input)) { number *= 10; number += *input-'0'; @@ -237,7 +233,7 @@ long width; long precision; int flags; - long max_param=0; + long max_param = 0; long i; while(*fmt) { @@ -326,7 +322,7 @@ break; #if defined(MP_HAVE_INT_EXTENSIONS) case 'I': -#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG) +#if (SIZEOF_CURL_OFF_T > SIZEOF_LONG) flags |= FLAGS_LONGLONG; #else flags |= FLAGS_LONG; @@ -348,14 +344,14 @@ case 'z': /* the code below generates a warning if -Wunreachable-code is used */ -#if (SIZEOF_SIZE_T > CURL_SIZEOF_LONG) +#if (SIZEOF_SIZE_T > SIZEOF_LONG) flags |= FLAGS_LONGLONG; #else flags |= FLAGS_LONG; #endif break; case 'O': -#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG) +#if (SIZEOF_CURL_OFF_T > SIZEOF_LONG) flags |= FLAGS_LONGLONG; #else flags |= FLAGS_LONG; @@ -380,7 +376,7 @@ else width = param_num; if(width > max_param) - max_param=width; + max_param = width; break; default: break; @@ -486,7 +482,7 @@ } /* Read the arg list parameters into our data list */ - for(i=0; i$ sequence */ - param=dprintf_DollarString(f, &f); + param = dprintf_DollarString(f, &f); if(!param) param = param_num; @@ -952,7 +948,7 @@ output characters */ (sprintf)(work, formatbuf, p->data.dnum); DEBUGASSERT(strlen(work) <= sizeof(work)); - for(fptr=work; *fptr; fptr++) + for(fptr = work; *fptr; fptr++) OUTCHAR(*fptr); } break; @@ -984,7 +980,7 @@ /* fputc() look-alike */ static int addbyter(int output, FILE *data) { - struct nsprintf *infop=(struct nsprintf *)data; + struct nsprintf *infop = (struct nsprintf *)data; unsigned char outc = (unsigned char)output; if(infop->length < infop->max) { @@ -1032,7 +1028,7 @@ /* fputc() look-alike */ static int alloc_addbyter(int output, FILE *data) { - struct asprintf *infop=(struct asprintf *)data; + struct asprintf *infop = (struct asprintf *)data; unsigned char outc = (unsigned char)output; if(!infop->buffer) { @@ -1042,9 +1038,9 @@ return -1; /* fail */ } infop->alloc = 32; - infop->len =0; + infop->len = 0; } - else if(infop->len+1 >= infop->alloc) { + else if(infop->len + 1 >= infop->alloc) { char *newptr = NULL; size_t newsize = infop->alloc*2; @@ -1133,7 +1129,7 @@ va_start(ap_save, format); retcode = dprintf_formatf(&buffer, storebuffer, format, ap_save); va_end(ap_save); - *buffer=0; /* we terminate this with a zero byte */ + *buffer = 0; /* we terminate this with a zero byte */ return retcode; } @@ -1162,7 +1158,7 @@ { int retcode; retcode = dprintf_formatf(&buffer, storebuffer, format, ap_save); - *buffer=0; /* we terminate this with a zero byte */ + *buffer = 0; /* we terminate this with a zero byte */ return retcode; } diff -Nru curl-7.55.1/lib/multi.c curl-7.57.0/lib/multi.c --- curl-7.55.1/lib/multi.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/multi.c 2017-11-26 13:19:01.000000000 +0000 @@ -59,7 +59,9 @@ #define CURL_SOCKET_HASH_TABLE_SIZE 911 #endif +#ifndef CURL_CONNECTION_HASH_SIZE #define CURL_CONNECTION_HASH_SIZE 97 +#endif #define CURL_MULTI_HANDLE 0x000bab1e @@ -324,14 +326,6 @@ Curl_llist_init(&multi->msglist, multi_freeamsg); Curl_llist_init(&multi->pending, multi_freeamsg); - /* allocate a new easy handle to use when closing cached connections */ - multi->closure_handle = curl_easy_init(); - if(!multi->closure_handle) - goto error; - - multi->closure_handle->multi = multi; - multi->closure_handle->state.conn_cache = &multi->conn_cache; - multi->max_pipeline_length = 5; /* -1 means it not set by user, use the default value */ @@ -343,8 +337,6 @@ Curl_hash_destroy(&multi->sockhash); Curl_hash_destroy(&multi->hostcache); Curl_conncache_destroy(&multi->conn_cache); - Curl_close(multi->closure_handle); - multi->closure_handle = NULL; Curl_llist_destroy(&multi->msglist, NULL); Curl_llist_destroy(&multi->pending, NULL); @@ -405,8 +397,11 @@ data->dns.hostcachetype = HCACHE_MULTI; } - /* Point to the multi's connection cache */ - data->state.conn_cache = &multi->conn_cache; + /* Point to the shared or multi handle connection cache */ + if(data->share && (data->share->specifier & (1<< CURL_LOCK_DATA_CONNECT))) + data->state.conn_cache = &data->share->conn_cache; + else + data->state.conn_cache = &multi->conn_cache; /* This adds the new entry at the 'end' of the doubly-linked circular list of Curl_easy structs to try and maintain a FIFO queue so @@ -460,8 +455,8 @@ state somewhat we clone the timeouts from each added handle so that the closure handle always has the same timeouts as the most recently added easy handle. */ - multi->closure_handle->set.timeout = data->set.timeout; - multi->closure_handle->set.server_response_timeout = + data->state.conn_cache->closure_handle->set.timeout = data->set.timeout; + data->state.conn_cache->closure_handle->set.server_response_timeout = data->set.server_response_timeout; update_timer(multi); @@ -502,7 +497,7 @@ data->state.conn_cache->num_connections > maxconnects) { infof(data, "Connection cache is full, closing the oldest one.\n"); - conn_candidate = Curl_oldest_idle_connection(data); + conn_candidate = Curl_conncache_oldest_idle(data); if(conn_candidate) { /* Set the connection's owner correctly */ @@ -592,7 +587,7 @@ /* if the transfer was completed in a paused state there can be buffered data left to free */ - for(i=0; i < data->state.tempcount; i++) { + for(i = 0; i < data->state.tempcount; i++) { free(data->state.tempwrite[i].buf); } data->state.tempcount = 0; @@ -705,12 +700,6 @@ curl_easy_cleanup is called. */ Curl_expire_clear(data); - if(data->dns.hostcachetype == HCACHE_MULTI) { - /* stop using the multi handle's DNS cache */ - data->dns.hostcache = NULL; - data->dns.hostcachetype = HCACHE_NONE; - } - if(data->easy_conn) { /* we must call multi_done() here (if we still own the connection) so that @@ -729,6 +718,13 @@ Curl_getoff_all_pipelines(data, data->easy_conn); } + if(data->dns.hostcachetype == HCACHE_MULTI) { + /* stop using the multi handle's DNS cache, *after* the possible + multi_done() call above */ + data->dns.hostcache = NULL; + data->dns.hostcachetype = HCACHE_NONE; + } + Curl_wildcard_dtor(&data->wildcard); /* destroy the timeout list that is held in the easy handle, do this *after* @@ -802,8 +798,8 @@ int numsocks) { int i; - int s=0; - int rc=0; + int s = 0; + int rc = 0; if(!numsocks) return GETSOCK_BLANK; @@ -813,7 +809,7 @@ return Curl_ssl_getsock(conn, sock, numsocks); #endif - for(i=0; i<2; i++) { + for(i = 0; i<2; i++) { if(conn->tempsock[i] != CURL_SOCKET_BAD) { sock[s] = conn->tempsock[i]; rc |= GETSOCK_WRITESOCK(s++); @@ -924,7 +920,7 @@ Some easy handles may not have connected to the remote host yet, and then we must make sure that is done. */ struct Curl_easy *data; - int this_max_fd=-1; + int this_max_fd = -1; curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE]; int bitmap; int i; @@ -933,11 +929,11 @@ if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; - data=multi->easyp; + data = multi->easyp; while(data) { bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE); - for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) { + for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) { curl_socket_t s = CURL_SOCKET_BAD; if((bitmap & GETSOCK_READSOCK(i)) && VALID_SOCK((sockbunch[i]))) { @@ -994,11 +990,11 @@ timeout_ms = (int)timeout_internal; /* Count up how many fds we have from the multi handle */ - data=multi->easyp; + data = multi->easyp; while(data) { bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE); - for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) { + for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) { curl_socket_t s = CURL_SOCKET_BAD; if(bitmap & GETSOCK_READSOCK(i)) { @@ -1041,11 +1037,11 @@ if(curlfds) { /* Add the curl handles to our pollfds first */ - data=multi->easyp; + data = multi->easyp; while(data) { bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE); - for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) { + for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) { curl_socket_t s = CURL_SOCKET_BAD; if(bitmap & GETSOCK_READSOCK(i)) { @@ -1229,15 +1225,15 @@ */ static void do_complete(struct connectdata *conn) { - conn->data->req.chunk=FALSE; + conn->data->req.chunk = FALSE; conn->data->req.maxfd = (conn->sockfd>conn->writesockfd? - conn->sockfd:conn->writesockfd)+1; + conn->sockfd:conn->writesockfd) + 1; Curl_pgrsTime(conn->data, TIMER_PRETRANSFER); } static CURLcode multi_do(struct connectdata **connp, bool *done) { - CURLcode result=CURLE_OK; + CURLcode result = CURLE_OK; struct connectdata *conn = *connp; struct Curl_easy *data = conn->data; @@ -1286,7 +1282,7 @@ static CURLcode multi_do_more(struct connectdata *conn, int *complete) { - CURLcode result=CURLE_OK; + CURLcode result = CURLE_OK; *complete = 0; @@ -1315,7 +1311,7 @@ struct SingleRequest *k; time_t timeout_ms; time_t recv_timeout_ms; - time_t send_timeout_ms; + timediff_t send_timeout_ms; int control; if(!GOOD_EASY_HANDLE(data)) @@ -1379,23 +1375,23 @@ /* Handle timed out */ if(data->mstate == CURLM_STATE_WAITRESOLVE) failf(data, "Resolving timed out after %ld milliseconds", - Curl_tvdiff(now, data->progress.t_startsingle)); + Curl_timediff(now, data->progress.t_startsingle)); else if(data->mstate == CURLM_STATE_WAITCONNECT) failf(data, "Connection timed out after %ld milliseconds", - Curl_tvdiff(now, data->progress.t_startsingle)); + Curl_timediff(now, data->progress.t_startsingle)); else { k = &data->req; if(k->size != -1) { failf(data, "Operation timed out after %ld milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %" CURL_FORMAT_CURL_OFF_T " bytes received", - Curl_tvdiff(now, data->progress.t_startsingle), + Curl_timediff(now, data->progress.t_startsingle), k->bytecount, k->size); } else { failf(data, "Operation timed out after %ld milliseconds with %" CURL_FORMAT_CURL_OFF_T " bytes received", - Curl_tvdiff(now, data->progress.t_startsingle), + Curl_timediff(now, data->progress.t_startsingle), k->bytecount); } } @@ -1415,7 +1411,7 @@ switch(data->mstate) { case CURLM_STATE_INIT: /* init this transfer. */ - result=Curl_pretransfer(data); + result = Curl_pretransfer(data); if(!result) { /* after init, go CONNECT */ @@ -1660,7 +1656,7 @@ if(!result) { if(!dophase_done) { /* some steps needed for wildcard matching */ - if(data->set.wildcardmatch) { + if(data->state.wildcardmatch) { struct WildcardData *wc = &data->wildcard; if(wc->state == CURLWC_DONE || wc->state == CURLWC_SKIP) { /* skip some states if it is important */ @@ -1697,7 +1693,7 @@ * back to the CONNECT phase so we can try again. */ char *newurl = NULL; - followtype follow=FOLLOW_NONE; + followtype follow = FOLLOW_NONE; CURLcode drc; bool retry = FALSE; @@ -1783,7 +1779,7 @@ if(control) { /* if positive, advance to DO_DONE if negative, go back to DOING */ - multistate(data, control==1? + multistate(data, control == 1? CURLM_STATE_DO_DONE: CURLM_STATE_DOING); rc = CURLM_CALL_MULTI_PERFORM; @@ -1812,7 +1808,13 @@ (data->easy_conn->writesockfd != CURL_SOCKET_BAD)) multistate(data, CURLM_STATE_WAITPERFORM); else + { + if(data->state.wildcardmatch && + ((data->easy_conn->handler->flags & PROTOPT_WILDCARD) == 0)) { + data->wildcard.state = CURLWC_DONE; + } multistate(data, CURLM_STATE_DONE); + } rc = CURLM_CALL_MULTI_PERFORM; break; @@ -1938,7 +1940,7 @@ multi_done(&data->easy_conn, result, TRUE); } else if(done) { - followtype follow=FOLLOW_NONE; + followtype follow = FOLLOW_NONE; /* call this even if the readwrite function returned error */ Curl_posttransfer(data); @@ -2029,7 +2031,7 @@ data->easy_conn = NULL; } - if(data->set.wildcardmatch) { + if(data->state.wildcardmatch) { if(data->wildcard.state != CURLWC_DONE) { /* if a wildcard is set and we are not ending -> lets start again with CURLM_STATE_INIT */ @@ -2144,14 +2146,14 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) { struct Curl_easy *data; - CURLMcode returncode=CURLM_OK; + CURLMcode returncode = CURLM_OK; struct Curl_tree *t; - struct curltime now = Curl_tvnow(); + struct curltime now = Curl_now(); if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; - data=multi->easyp; + data = multi->easyp; while(data) { CURLMcode result; SIGPIPE_VARIABLE(pipe_st); @@ -2192,61 +2194,21 @@ return returncode; } -static void close_all_connections(struct Curl_multi *multi) -{ - struct connectdata *conn; - - conn = Curl_conncache_find_first_connection(&multi->conn_cache); - while(conn) { - SIGPIPE_VARIABLE(pipe_st); - conn->data = multi->closure_handle; - - sigpipe_ignore(conn->data, &pipe_st); - conn->data->easy_conn = NULL; /* clear the easy handle's connection - pointer */ - /* This will remove the connection from the cache */ - connclose(conn, "kill all"); - (void)Curl_disconnect(conn, FALSE); - sigpipe_restore(&pipe_st); - - conn = Curl_conncache_find_first_connection(&multi->conn_cache); - } -} - CURLMcode curl_multi_cleanup(struct Curl_multi *multi) { struct Curl_easy *data; struct Curl_easy *nextdata; if(GOOD_MULTI_HANDLE(multi)) { - bool restore_pipe = FALSE; - SIGPIPE_VARIABLE(pipe_st); - multi->type = 0; /* not good anymore */ - /* Close all the connections in the connection cache */ - close_all_connections(multi); - - if(multi->closure_handle) { - sigpipe_ignore(multi->closure_handle, &pipe_st); - restore_pipe = TRUE; - - multi->closure_handle->dns.hostcache = &multi->hostcache; - Curl_hostcache_clean(multi->closure_handle, - multi->closure_handle->dns.hostcache); - - Curl_close(multi->closure_handle); - } - - Curl_hash_destroy(&multi->sockhash); - Curl_conncache_destroy(&multi->conn_cache); - Curl_llist_destroy(&multi->msglist, NULL); - Curl_llist_destroy(&multi->pending, NULL); - - /* remove all easy handles */ + /* Firsrt remove all remaining easy handles */ data = multi->easyp; while(data) { - nextdata=data->next; + nextdata = data->next; + if(!data->state.done && data->easy_conn) + /* if DONE was never called for this handle */ + (void)multi_done(&data->easy_conn, CURLE_OK, TRUE); if(data->dns.hostcachetype == HCACHE_MULTI) { /* clear out the usage of the shared DNS cache */ Curl_hostcache_clean(data, data->dns.hostcache); @@ -2261,6 +2223,14 @@ data = nextdata; } + /* Close all the connections in the connection cache */ + Curl_conncache_close_all_connections(&multi->conn_cache); + + Curl_hash_destroy(&multi->sockhash); + Curl_conncache_destroy(&multi->conn_cache); + Curl_llist_destroy(&multi->msglist, NULL); + Curl_llist_destroy(&multi->pending, NULL); + Curl_hash_destroy(&multi->hostcache); /* Free the blacklists by setting them to NULL */ @@ -2268,8 +2238,6 @@ Curl_pipeline_set_server_blacklist(NULL, &multi->pipelining_server_bl); free(multi); - if(restore_pipe) - sigpipe_restore(&pipe_st); return CURLM_OK; } @@ -2326,7 +2294,7 @@ int num; unsigned int curraction; - for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) + for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) socks[i] = CURL_SOCKET_BAD; /* Fill in the 'current' struct with the state as it is now: what sockets to @@ -2338,7 +2306,7 @@ longer supervised ones and add new ones */ /* walk over the sockets we got right now */ - for(i=0; (i< MAX_SOCKSPEREASYHANDLE) && + for(i = 0; (i< MAX_SOCKSPEREASYHANDLE) && (curraction & (GETSOCK_READSOCK(i) | GETSOCK_WRITESOCK(i))); i++) { int action = CURL_POLL_NONE; @@ -2382,10 +2350,10 @@ /* when we've walked over all the sockets we should have right now, we must make sure to detect sockets that are removed */ - for(i=0; i< data->numsocks; i++) { + for(i = 0; i< data->numsocks; i++) { int j; s = data->sockets[i]; - for(j=0; jhead; e;) { struct curl_llist_element *n = e->next; - time_t diff; + timediff_t diff; node = (struct time_node *)e->ptr; - diff = curlx_tvdiff(node->time, now); + diff = Curl_timediff(node->time, now); if(diff <= 0) /* remove outdated entry */ Curl_llist_remove(list, e, NULL); @@ -2549,7 +2517,7 @@ CURLMcode result = CURLM_OK; struct Curl_easy *data = NULL; struct Curl_tree *t; - struct curltime now = Curl_tvnow(); + struct curltime now = Curl_now(); if(checkall) { /* *perform() deals with running_handles on its own */ @@ -2558,7 +2526,7 @@ /* walk through each easy handle and do the socket state change magic and callbacks */ if(result != CURLM_BAD_HANDLE) { - data=multi->easyp; + data = multi->easyp; while(data) { singlesocket(multi, data); data = data->next; @@ -2625,8 +2593,8 @@ data = NULL; /* set data to NULL again to avoid calling multi_runsingle() in case there's no need to */ - now = Curl_tvnow(); /* get a newer time since the multi_runsingle() loop - may have taken some time */ + now = Curl_now(); /* get a newer time since the multi_runsingle() loop + may have taken some time */ } } else { @@ -2779,15 +2747,15 @@ if(multi->timetree) { /* we have a tree of expire times */ - struct curltime now = Curl_tvnow(); + struct curltime now = Curl_now(); /* splay the lowest to the bottom */ multi->timetree = Curl_splay(tv_zero, multi->timetree); if(Curl_splaycomparekeys(multi->timetree->key, now) > 0) { /* some time left before expiration */ - *timeout_ms = (long)curlx_tvdiff(multi->timetree->key, now); - if(!*timeout_ms) + timediff_t diff = Curl_timediff(multi->timetree->key, now); + if(diff <= 0) /* * Since we only provide millisecond resolution on the returned value * and the diff might be less than one millisecond here, we don't @@ -2795,7 +2763,11 @@ * processors while the diff is still present but less than one * millisecond! instead we return 1 until the time is ripe. */ - *timeout_ms=1; + *timeout_ms = 1; + else + /* this should be safe even on 64 bit archs, as we don't use that + overly long timeouts */ + *timeout_ms = (long)diff; } else /* 0 means immediately */ @@ -2831,7 +2803,7 @@ return -1; } if(timeout_ms < 0) { - static const struct curltime none={0, 0}; + static const struct curltime none = {0, 0}; if(Curl_splaycomparekeys(none, multi->timer_lastcall)) { multi->timer_lastcall = none; /* there's no timeout now but there was one previously, tell the app to @@ -2902,7 +2874,7 @@ /* find the correct spot in the list */ for(e = timeoutlist->head; e; e = e->next) { struct time_node *check = (struct time_node *)e->ptr; - time_t diff = curlx_tvdiff(check->time, node->time); + timediff_t diff = Curl_timediff(check->time, node->time); if(diff > 0) break; prev = e; @@ -2941,7 +2913,7 @@ DEBUGASSERT(id < EXPIRE_LAST); - set = Curl_tvnow(); + set = Curl_now(); set.tv_sec += milli/1000; set.tv_usec += (unsigned int)(milli%1000)*1000; @@ -2961,7 +2933,7 @@ /* This means that the struct is added as a node in the splay tree. Compare if the new time is earlier, and only remove-old/add-new if it is. */ - time_t diff = curlx_tvdiff(set, *nowp); + timediff_t diff = Curl_timediff(set, *nowp); if(diff > 0) { /* The current splay tree entry is sooner than this new expiry time. @@ -3115,13 +3087,13 @@ int i; fprintf(stderr, "* Multi status: %d handles, %d alive\n", multi->num_easy, multi->num_alive); - for(data=multi->easyp; data; data = data->next) { + for(data = multi->easyp; data; data = data->next) { if(data->mstate < CURLM_STATE_COMPLETED) { /* only display handles that are not completed */ fprintf(stderr, "handle %p, state %s, %d sockets\n", (void *)data, statename[data->mstate], data->numsocks); - for(i=0; i < data->numsocks; i++) { + for(i = 0; i < data->numsocks; i++) { curl_socket_t s = data->sockets[i]; struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); diff -Nru curl-7.55.1/lib/multihandle.h curl-7.57.0/lib/multihandle.h --- curl-7.55.1/lib/multihandle.h 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/multihandle.h 2017-11-26 13:19:01.000000000 +0000 @@ -114,10 +114,6 @@ /* Shared connection cache (bundles)*/ struct conncache conn_cache; - /* This handle will be used for closing the cached connections in - curl_multi_cleanup() */ - struct Curl_easy *closure_handle; - long maxconnects; /* if >0, a fixed limit of the maximum number of entries we're allowed to grow the connection cache to */ diff -Nru curl-7.55.1/lib/netrc.c curl-7.57.0/lib/netrc.c --- curl-7.55.1/lib/netrc.c 2017-08-12 13:00:31.000000000 +0000 +++ curl-7.57.0/lib/netrc.c 2017-11-09 22:40:36.000000000 +0000 @@ -56,14 +56,15 @@ char *netrcfile) { FILE *file; - int retcode=1; + int retcode = 1; int specific_login = (*loginp && **loginp != 0); bool netrc_alloc = FALSE; - enum host_lookup_state state=NOTHING; + enum host_lookup_state state = NOTHING; - char state_login=0; /* Found a login keyword */ - char state_password=0; /* Found a password keyword */ - int state_our_login=FALSE; /* With specific_login, found *our* login name */ + char state_login = 0; /* Found a login keyword */ + char state_password = 0; /* Found a password keyword */ + int state_our_login = FALSE; /* With specific_login, found *our* login + name */ #define NETRC DOT_CHAR "netrc" @@ -88,7 +89,7 @@ } else { struct passwd *pw; - pw= getpwuid(geteuid()); + pw = getpwuid(geteuid()); if(pw) { home = pw->pw_dir; } @@ -113,19 +114,19 @@ if(file) { char *tok; char *tok_buf; - bool done=FALSE; + bool done = FALSE; char netrcbuffer[256]; int netrcbuffsize = (int)sizeof(netrcbuffer); while(!done && fgets(netrcbuffer, netrcbuffsize, file)) { - tok=strtok_r(netrcbuffer, " \t\n", &tok_buf); + tok = strtok_r(netrcbuffer, " \t\n", &tok_buf); if(tok && *tok == '#') /* treat an initial hash as a comment line */ continue; while(!done && tok) { if((*loginp && **loginp) && (*passwordp && **passwordp)) { - done=TRUE; + done = TRUE; break; } @@ -136,22 +137,22 @@ delimiter that starts the stuff entered for this machine, after this we need to search for 'login' and 'password'. */ - state=HOSTFOUND; + state = HOSTFOUND; } else if(strcasecompare("default", tok)) { - state=HOSTVALID; - retcode=0; /* we did find our host */ + state = HOSTVALID; + retcode = 0; /* we did find our host */ } break; case HOSTFOUND: if(strcasecompare(host, tok)) { /* and yes, this is our host! */ - state=HOSTVALID; - retcode=0; /* we did find our host */ + state = HOSTVALID; + retcode = 0; /* we did find our host */ } else /* not our host */ - state=NOTHING; + state = NOTHING; break; case HOSTVALID: /* we are now parsing sub-keywords concerning "our" host */ @@ -167,7 +168,7 @@ goto out; } } - state_login=0; + state_login = 0; } else if(state_password) { if(state_our_login || !specific_login) { @@ -178,12 +179,12 @@ goto out; } } - state_password=0; + state_password = 0; } else if(strcasecompare("login", tok)) - state_login=1; + state_login = 1; else if(strcasecompare("password", tok)) - state_password=1; + state_password = 1; else if(strcasecompare("machine", tok)) { /* ok, there's machine here go => */ state = HOSTFOUND; diff -Nru curl-7.55.1/lib/non-ascii.c curl-7.57.0/lib/non-ascii.c --- curl-7.55.1/lib/non-ascii.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/non-ascii.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -82,7 +82,7 @@ CURLcode Curl_convert_to_network(struct Curl_easy *data, char *buffer, size_t length) { - if(data->set.convtonetwork) { + if(data && data->set.convtonetwork) { /* use translation callback */ CURLcode result = data->set.convtonetwork(buffer, length); if(result) { @@ -96,14 +96,18 @@ else { #ifdef HAVE_ICONV /* do the translation ourselves */ + iconv_t tmpcd = (iconv_t) -1; + iconv_t *cd = &tmpcd; char *input_ptr, *output_ptr; size_t in_bytes, out_bytes, rc; /* open an iconv conversion descriptor if necessary */ - if(data->outbound_cd == (iconv_t)-1) { - data->outbound_cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK, - CURL_ICONV_CODESET_OF_HOST); - if(data->outbound_cd == (iconv_t)-1) { + if(data) + cd = &data->outbound_cd; + if(*cd == (iconv_t)-1) { + *cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK, + CURL_ICONV_CODESET_OF_HOST); + if(*cd == (iconv_t)-1) { failf(data, "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", CURL_ICONV_CODESET_OF_NETWORK, @@ -115,8 +119,10 @@ /* call iconv */ input_ptr = output_ptr = buffer; in_bytes = out_bytes = length; - rc = iconv(data->outbound_cd, (const char **)&input_ptr, &in_bytes, + rc = iconv(*cd, &input_ptr, &in_bytes, &output_ptr, &out_bytes); + if(!data) + iconv_close(tmpcd); if((rc == ICONV_ERROR) || (in_bytes != 0)) { failf(data, "The Curl_convert_to_network iconv call failed with errno %i: %s", @@ -139,7 +145,7 @@ CURLcode Curl_convert_from_network(struct Curl_easy *data, char *buffer, size_t length) { - if(data->set.convfromnetwork) { + if(data && data->set.convfromnetwork) { /* use translation callback */ CURLcode result = data->set.convfromnetwork(buffer, length); if(result) { @@ -153,14 +159,18 @@ else { #ifdef HAVE_ICONV /* do the translation ourselves */ + iconv_t tmpcd = (iconv_t) -1; + iconv_t *cd = &tmpcd; char *input_ptr, *output_ptr; size_t in_bytes, out_bytes, rc; /* open an iconv conversion descriptor if necessary */ - if(data->inbound_cd == (iconv_t)-1) { - data->inbound_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_OF_NETWORK); - if(data->inbound_cd == (iconv_t)-1) { + if(data) + cd = &data->inbound_cd; + if(*cd == (iconv_t)-1) { + *cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, + CURL_ICONV_CODESET_OF_NETWORK); + if(*cd == (iconv_t)-1) { failf(data, "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", CURL_ICONV_CODESET_OF_HOST, @@ -172,8 +182,10 @@ /* call iconv */ input_ptr = output_ptr = buffer; in_bytes = out_bytes = length; - rc = iconv(data->inbound_cd, (const char **)&input_ptr, &in_bytes, + rc = iconv(*cd, &input_ptr, &in_bytes, &output_ptr, &out_bytes); + if(!data) + iconv_close(tmpcd); if((rc == ICONV_ERROR) || (in_bytes != 0)) { failf(data, "Curl_convert_from_network iconv call failed with errno %i: %s", @@ -196,7 +208,7 @@ CURLcode Curl_convert_from_utf8(struct Curl_easy *data, char *buffer, size_t length) { - if(data->set.convfromutf8) { + if(data && data->set.convfromutf8) { /* use translation callback */ CURLcode result = data->set.convfromutf8(buffer, length); if(result) { @@ -210,15 +222,19 @@ else { #ifdef HAVE_ICONV /* do the translation ourselves */ - const char *input_ptr; + iconv_t tmpcd = (iconv_t) -1; + iconv_t *cd = &tmpcd; + char *input_ptr; char *output_ptr; size_t in_bytes, out_bytes, rc; /* open an iconv conversion descriptor if necessary */ - if(data->utf8_cd == (iconv_t)-1) { - data->utf8_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_FOR_UTF8); - if(data->utf8_cd == (iconv_t)-1) { + if(data) + cd = &data->utf8_cd; + if(*cd == (iconv_t)-1) { + *cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, + CURL_ICONV_CODESET_FOR_UTF8); + if(*cd == (iconv_t)-1) { failf(data, "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", CURL_ICONV_CODESET_OF_HOST, @@ -230,8 +246,10 @@ /* call iconv */ input_ptr = output_ptr = buffer; in_bytes = out_bytes = length; - rc = iconv(data->utf8_cd, &input_ptr, &in_bytes, + rc = iconv(*cd, &input_ptr, &in_bytes, &output_ptr, &out_bytes); + if(!data) + iconv_close(tmpcd); if((rc == ICONV_ERROR) || (in_bytes != 0)) { failf(data, "The Curl_convert_from_utf8 iconv call failed with errno %i: %s", @@ -301,29 +319,4 @@ #endif /* HAVE_ICONV */ } -/* - * Curl_convert_form() is used from http.c, this converts any form items that - need to be sent in the network encoding. Returns CURLE_OK on success. - */ -CURLcode Curl_convert_form(struct Curl_easy *data, struct FormData *form) -{ - CURLcode result; - - if(!data) - return CURLE_BAD_FUNCTION_ARGUMENT; - - while(form) { - if(form->type == FORM_DATA) { - result = Curl_convert_to_network(data, form->line, form->length); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) - return result; - } - - form = form->next; - } - - return CURLE_OK; -} - #endif /* CURL_DOES_CONVERSIONS */ diff -Nru curl-7.55.1/lib/non-ascii.h curl-7.57.0/lib/non-ascii.h --- curl-7.55.1/lib/non-ascii.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/non-ascii.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -48,7 +48,6 @@ char *buffer, size_t length); CURLcode Curl_convert_from_utf8(struct Curl_easy *data, char *buffer, size_t length); -CURLcode Curl_convert_form(struct Curl_easy *data, struct FormData *form); #else #define Curl_convert_clone(a,b,c,d) ((void)a, CURLE_OK) #define Curl_convert_init(x) Curl_nop_stmt @@ -57,7 +56,6 @@ #define Curl_convert_to_network(a,b,c) ((void)a, CURLE_OK) #define Curl_convert_from_network(a,b,c) ((void)a, CURLE_OK) #define Curl_convert_from_utf8(a,b,c) ((void)a, CURLE_OK) -#define Curl_convert_form(a,b) CURLE_OK #endif #endif /* HEADER_CURL_NON_ASCII_H */ diff -Nru curl-7.55.1/lib/openldap.c curl-7.57.0/lib/openldap.c --- curl-7.55.1/lib/openldap.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/openldap.c 2017-11-10 16:47:30.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2010, Howard Chu, + * Copyright (C) 2010, 2017, Howard Chu, * Copyright (C) 2011 - 2016, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which @@ -152,7 +152,7 @@ { ldapconninfo *li; LDAPURLDesc *lud; - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; int rc, proto; CURLcode status; @@ -198,7 +198,7 @@ (void)done; strcpy(hosturl, "ldap"); - ptr = hosturl+4; + ptr = hosturl + 4; if(conn->handler->flags & PROTOPT_SSL) *ptr++ = 's'; snprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s:%d", @@ -354,7 +354,7 @@ int rc = 0; LDAPURLDesc *ludp = NULL; int msgid; - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; connkeep(conn, "OpenLDAP do"); @@ -519,7 +519,7 @@ else binary = 0; - for(i=0; bvals[i].bv_val != NULL; i++) { + for(i = 0; bvals[i].bv_val != NULL; i++) { int binval = 0; writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1); if(writeerr) { @@ -549,7 +549,7 @@ else { /* check for unprintable characters */ unsigned int j; - for(j=0; jrecv(conn, FIRSTSOCKET, buf, len, &err); + ret = (li->recv)(conn, FIRSTSOCKET, buf, len, &err); if(ret < 0 && err == CURLE_AGAIN) { SET_SOCKERRNO(EWOULDBLOCK); } @@ -692,7 +692,7 @@ ber_slen_t ret; CURLcode err = CURLE_SEND_ERROR; - ret = li->send(conn, FIRSTSOCKET, buf, len, &err); + ret = (li->send)(conn, FIRSTSOCKET, buf, len, &err); if(ret < 0 && err == CURLE_AGAIN) { SET_SOCKERRNO(EWOULDBLOCK); } diff -Nru curl-7.55.1/lib/parsedate.c curl-7.57.0/lib/parsedate.c --- curl-7.55.1/lib/parsedate.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/parsedate.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -167,20 +167,20 @@ RFC 1123) had their signs wrong. Here we use the correct signs to match actual military usage. */ - {"A", +1 * 60}, /* Alpha */ - {"B", +2 * 60}, /* Bravo */ - {"C", +3 * 60}, /* Charlie */ - {"D", +4 * 60}, /* Delta */ - {"E", +5 * 60}, /* Echo */ - {"F", +6 * 60}, /* Foxtrot */ - {"G", +7 * 60}, /* Golf */ - {"H", +8 * 60}, /* Hotel */ - {"I", +9 * 60}, /* India */ + {"A", 1 * 60}, /* Alpha */ + {"B", 2 * 60}, /* Bravo */ + {"C", 3 * 60}, /* Charlie */ + {"D", 4 * 60}, /* Delta */ + {"E", 5 * 60}, /* Echo */ + {"F", 6 * 60}, /* Foxtrot */ + {"G", 7 * 60}, /* Golf */ + {"H", 8 * 60}, /* Hotel */ + {"I", 9 * 60}, /* India */ /* "J", Juliet is not used as a timezone, to indicate the observer's local time */ - {"K", +10 * 60}, /* Kilo */ - {"L", +11 * 60}, /* Lima */ - {"M", +12 * 60}, /* Mike */ + {"K", 10 * 60}, /* Kilo */ + {"L", 11 * 60}, /* Lima */ + {"M", 12 * 60}, /* Mike */ {"N", -1 * 60}, /* November */ {"O", -2 * 60}, /* Oscar */ {"P", -3 * 60}, /* Papa */ @@ -205,14 +205,14 @@ { int i; const char * const *what; - bool found= FALSE; + bool found = FALSE; if(len > 3) what = &weekday[0]; else what = &Curl_wkday[0]; - for(i=0; i<7; i++) { + for(i = 0; i<7; i++) { if(strcasecompare(check, what[0])) { - found=TRUE; + found = TRUE; break; } what++; @@ -224,12 +224,12 @@ { int i; const char * const *what; - bool found= FALSE; + bool found = FALSE; what = &Curl_month[0]; - for(i=0; i<12; i++) { + for(i = 0; i<12; i++) { if(strcasecompare(check, what[0])) { - found=TRUE; + found = TRUE; break; } what++; @@ -244,12 +244,12 @@ { unsigned int i; const struct tzinfo *what; - bool found= FALSE; + bool found = FALSE; what = tz; - for(i=0; i< sizeof(tz)/sizeof(tz[0]); i++) { + for(i = 0; i< sizeof(tz)/sizeof(tz[0]); i++) { if(strcasecompare(check, what->name)) { - found=TRUE; + found = TRUE; break; } what++; @@ -331,21 +331,21 @@ static int parsedate(const char *date, time_t *output) { time_t t = 0; - int wdaynum=-1; /* day of the week number, 0-6 (mon-sun) */ - int monnum=-1; /* month of the year number, 0-11 */ - int mdaynum=-1; /* day of month, 1 - 31 */ - int hournum=-1; - int minnum=-1; - int secnum=-1; - int yearnum=-1; - int tzoff=-1; + int wdaynum = -1; /* day of the week number, 0-6 (mon-sun) */ + int monnum = -1; /* month of the year number, 0-11 */ + int mdaynum = -1; /* day of month, 1 - 31 */ + int hournum = -1; + int minnum = -1; + int secnum = -1; + int yearnum = -1; + int tzoff = -1; struct my_tm tm; enum assume dignext = DATE_MDAY; const char *indate = date; /* save the original pointer */ int part = 0; /* max 6 parts */ while(*date && (part < 6)) { - bool found=FALSE; + bool found = FALSE; skip(&date); @@ -386,7 +386,7 @@ /* a digit */ int val; char *end; - int len=0; + int len = 0; if((secnum == -1) && (3 == sscanf(date, "%02d:%02d:%02d%n", &hournum, &minnum, &secnum, &len))) { diff -Nru curl-7.55.1/lib/pingpong.c curl-7.57.0/lib/pingpong.c --- curl-7.55.1/lib/pingpong.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/pingpong.c 2017-11-26 13:19:01.000000000 +0000 @@ -47,10 +47,10 @@ time_t Curl_pp_state_timeout(struct pingpong *pp) { struct connectdata *conn = pp->conn; - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; time_t timeout_ms; /* in milliseconds */ time_t timeout2_ms; /* in milliseconds */ - long response_time= (data->set.server_response_timeout)? + long response_time = (data->set.server_response_timeout)? data->set.server_response_timeout: pp->response_time; /* if CURLOPT_SERVER_RESPONSE_TIMEOUT is set, use that to determine @@ -61,12 +61,12 @@ /* Without a requested timeout, we only wait 'response_time' seconds for the full response to arrive before we bail out */ timeout_ms = response_time - - Curl_tvdiff(Curl_tvnow(), pp->response); /* spent time */ + Curl_timediff(Curl_now(), pp->response); /* spent time */ if(data->set.timeout) { /* if timeout is requested, find out how much remaining time we have */ timeout2_ms = data->set.timeout - /* timeout time */ - Curl_tvdiff(Curl_tvnow(), conn->now); /* spent time */ + Curl_timediff(Curl_now(), conn->now); /* spent time */ /* pick the lowest number */ timeout_ms = CURLMIN(timeout_ms, timeout2_ms); @@ -85,10 +85,10 @@ int rc; time_t interval_ms; time_t timeout_ms = Curl_pp_state_timeout(pp); - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; CURLcode result = CURLE_OK; - if(timeout_ms <=0) { + if(timeout_ms <= 0) { failf(data, "server response timeout"); return CURLE_OPERATION_TIMEDOUT; /* already too little time */ } @@ -120,7 +120,7 @@ if(Curl_pgrsUpdate(conn)) result = CURLE_ABORTED_BY_CALLBACK; else - result = Curl_speedcheck(data, Curl_tvnow()); + result = Curl_speedcheck(data, Curl_now()); if(result) return result; @@ -143,7 +143,7 @@ pp->nread_resp = 0; pp->linestart_resp = conn->data->state.buffer; pp->pending_resp = TRUE; - pp->response = Curl_tvnow(); /* start response time-out now! */ + pp->response = Curl_now(); /* start response time-out now! */ } @@ -168,16 +168,22 @@ char *s; CURLcode result; struct connectdata *conn = pp->conn; - struct Curl_easy *data = conn->data; + struct Curl_easy *data; #ifdef HAVE_GSSAPI - enum protection_level data_sec = conn->data_prot; + enum protection_level data_sec; #endif DEBUGASSERT(pp->sendleft == 0); DEBUGASSERT(pp->sendsize == 0); DEBUGASSERT(pp->sendthis == NULL); + if(!conn) + /* can't send without a connection! */ + return CURLE_SEND_ERROR; + + data = conn->data; + fmt_crlf = aprintf("%s\r\n", fmt); /* append a trailing CRLF */ if(!fmt_crlf) return CURLE_OUT_OF_MEMORY; @@ -205,6 +211,7 @@ result = Curl_write(conn, conn->sock[FIRSTSOCKET], s, write_len, &bytes_written); #ifdef HAVE_GSSAPI + data_sec = conn->data_prot; DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST); conn->data_prot = data_sec; #endif @@ -228,7 +235,7 @@ free(s); pp->sendthis = NULL; pp->sendleft = pp->sendsize = 0; - pp->response = Curl_tvnow(); + pp->response = Curl_now(); } return CURLE_OK; @@ -270,7 +277,7 @@ size_t *size) /* size of the response */ { ssize_t perline; /* count bytes per line */ - bool keepon=TRUE; + bool keepon = TRUE; ssize_t gotbytes; char *ptr; struct connectdata *conn = pp->conn; @@ -281,7 +288,7 @@ *code = 0; /* 0 for errors or not done */ *size = 0; - ptr=buf + pp->nread_resp; + ptr = buf + pp->nread_resp; /* number of bytes in the current line, so far */ perline = (ssize_t)(ptr-pp->linestart_resp); @@ -297,7 +304,7 @@ * it would have been populated with something of size int to begin * with, even though its datatype may be larger than an int. */ - DEBUGASSERT((ptr+pp->cache_size) <= (buf+data->set.buffer_size+1)); + DEBUGASSERT((ptr + pp->cache_size) <= (buf + data->set.buffer_size + 1)); memcpy(ptr, pp->cache, pp->cache_size); gotbytes = (ssize_t)pp->cache_size; free(pp->cache); /* free the cache */ @@ -351,7 +358,7 @@ pp->nread_resp += gotbytes; for(i = 0; i < gotbytes; ptr++, i++) { perline++; - if(*ptr=='\n') { + if(*ptr == '\n') { /* a newline is CRLF in pp-talk, so the CR is ignored as the line isn't really terminated until the LF comes */ @@ -378,17 +385,17 @@ start of the buffer and zero terminate, for old times sake */ size_t n = ptr - pp->linestart_resp; memmove(buf, pp->linestart_resp, n); - buf[n]=0; /* zero terminate */ - keepon=FALSE; - pp->linestart_resp = ptr+1; /* advance pointer */ + buf[n] = 0; /* zero terminate */ + keepon = FALSE; + pp->linestart_resp = ptr + 1; /* advance pointer */ i++; /* skip this before getting out */ *size = pp->nread_resp; /* size of the response */ pp->nread_resp = 0; /* restart */ break; } - perline=0; /* line starts over here */ - pp->linestart_resp = ptr+1; + perline = 0; /* line starts over here */ + pp->linestart_resp = ptr + 1; } } @@ -490,9 +497,9 @@ } else { free(pp->sendthis); - pp->sendthis=NULL; + pp->sendthis = NULL; pp->sendleft = pp->sendsize = 0; - pp->response = Curl_tvnow(); + pp->response = Curl_now(); } return CURLE_OK; } diff -Nru curl-7.55.1/lib/pingpong.h curl-7.57.0/lib/pingpong.h --- curl-7.55.1/lib/pingpong.h 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/pingpong.h 2017-11-26 13:19:01.000000000 +0000 @@ -58,8 +58,8 @@ server */ size_t sendleft; /* number of bytes left to send from the sendthis buffer */ size_t sendsize; /* total size of the sendthis buffer */ - struct curltime response; /* set to Curl_tvnow() when a command has been sent - off, used to time-out response reading */ + struct curltime response; /* set to Curl_now() when a command has been sent + off, used to time-out response reading */ long response_time; /* When no timeout is given, this is the amount of milliseconds we await for a server response. */ diff -Nru curl-7.55.1/lib/progress.c curl-7.57.0/lib/progress.c --- curl-7.55.1/lib/progress.c 2017-08-12 13:34:41.000000000 +0000 +++ curl-7.57.0/lib/progress.c 2017-11-26 13:19:01.000000000 +0000 @@ -134,7 +134,7 @@ { int rc; struct Curl_easy *data = conn->data; - data->progress.lastshow=0; + data->progress.lastshow = 0; rc = Curl_pgrsUpdate(conn); /* the final (forced) update */ if(rc) return rc; @@ -149,14 +149,9 @@ return 0; } -/* reset all times except redirect, and reset the known transfer sizes */ -void Curl_pgrsResetTimesSizes(struct Curl_easy *data) +/* reset the known transfer sizes */ +void Curl_pgrsResetTransferSizes(struct Curl_easy *data) { - data->progress.t_nslookup = 0; - data->progress.t_connect = 0; - data->progress.t_pretransfer = 0; - data->progress.t_starttransfer = 0; - Curl_pgrsSetDownloadSize(data, -1); Curl_pgrsSetUploadSize(data, -1); } @@ -166,7 +161,7 @@ */ void Curl_pgrsTime(struct Curl_easy *data, timerid timer) { - struct curltime now = Curl_tvnow(); + struct curltime now = Curl_now(); time_t *delta = NULL; switch(timer) { @@ -181,6 +176,7 @@ case TIMER_STARTSINGLE: /* This is set at the start of each single fetch */ data->progress.t_startsingle = now; + data->progress.is_t_startransfer_set = false; break; case TIMER_STARTACCEPT: data->progress.t_acceptdata = now; @@ -205,31 +201,33 @@ * This prevents repeated invocations of the function from incorrectly * changing the t_starttransfer time. */ - if (*delta > data->progress.t_redirect) { + if(data->progress.is_t_startransfer_set) { return; } else { + data->progress.is_t_startransfer_set = true; break; } case TIMER_POSTRANSFER: /* this is the normal end-of-transfer thing */ break; case TIMER_REDIRECT: - data->progress.t_redirect = Curl_tvdiff_us(now, data->progress.start); + data->progress.t_redirect = Curl_timediff_us(now, data->progress.start); break; } if(delta) { - time_t us = Curl_tvdiff_us(now, data->progress.t_startsingle); - if(!us) - us++; /* make sure at least one microsecond passed */ - *delta = us; + timediff_t us = Curl_timediff_us(now, data->progress.t_startsingle); + if(us < 1) + us = 1; /* make sure at least one microsecond passed */ + *delta += us; } } void Curl_pgrsStartNow(struct Curl_easy *data) { data->progress.speeder_c = 0; /* reset the progress meter display */ - data->progress.start = Curl_tvnow(); + data->progress.start = Curl_now(); + data->progress.is_t_startransfer_set = false; data->progress.ul_limit_start.tv_sec = 0; data->progress.ul_limit_start.tv_usec = 0; data->progress.dl_limit_start.tv_sec = 0; @@ -276,7 +274,7 @@ return -1; minimum = (time_t) (CURL_OFF_T_C(1000) * size / limit); - actual = Curl_tvdiff(now, start); + actual = Curl_timediff(now, start); if(actual < minimum) /* this is a conversion on some systems (64bit time_t => 32bit long) */ @@ -287,7 +285,7 @@ void Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size) { - struct curltime now = Curl_tvnow(); + struct curltime now = Curl_now(); data->progress.downloaded = size; @@ -305,7 +303,7 @@ void Curl_pgrsSetUploadCounter(struct Curl_easy *data, curl_off_t size) { - struct curltime now = Curl_tvnow(); + struct curltime now = Curl_now(); data->progress.uploaded = size; @@ -354,9 +352,9 @@ struct curltime now; int result; char max5[6][10]; - curl_off_t dlpercen=0; - curl_off_t ulpercen=0; - curl_off_t total_percen=0; + curl_off_t dlpercen = 0; + curl_off_t ulpercen = 0; + curl_off_t total_percen = 0; curl_off_t total_transfer; curl_off_t total_expected_transfer; curl_off_t timespent; @@ -367,15 +365,15 @@ char time_left[10]; char time_total[10]; char time_spent[10]; - curl_off_t ulestimate=0; - curl_off_t dlestimate=0; + curl_off_t ulestimate = 0; + curl_off_t dlestimate = 0; curl_off_t total_estimate; - bool shownow=FALSE; + bool shownow = FALSE; - now = Curl_tvnow(); /* what time is it */ + now = Curl_now(); /* what time is it */ /* The time spent so far (from the start) */ - data->progress.timespent = Curl_tvdiff_us(now, data->progress.start); + data->progress.timespent = Curl_timediff_us(now, data->progress.start); timespent = (curl_off_t)data->progress.timespent/1000000; /* seconds */ /* The average download speed this far */ @@ -410,24 +408,24 @@ array. With N_ENTRIES filled in, we have about N_ENTRIES-1 seconds of transfer. Imagine, after one second we have filled in two entries, after two seconds we've filled in three entries etc. */ - countindex = ((data->progress.speeder_c>=CURR_TIME)? + countindex = ((data->progress.speeder_c >= CURR_TIME)? CURR_TIME:data->progress.speeder_c) - 1; /* first of all, we don't do this if there's no counted seconds yet */ if(countindex) { - time_t span_ms; + timediff_t span_ms; /* Get the index position to compare with the 'nowindex' position. Get the oldest entry possible. While we have less than CURR_TIME entries, the first entry will remain the oldest. */ - checkindex = (data->progress.speeder_c>=CURR_TIME)? + checkindex = (data->progress.speeder_c >= CURR_TIME)? data->progress.speeder_c%CURR_TIME:0; /* Figure out the exact time for the time span */ - span_ms = Curl_tvdiff(now, - data->progress.speeder_time[checkindex]); + span_ms = Curl_timediff(now, + data->progress.speeder_time[checkindex]); if(0 == span_ms) - span_ms=1; /* at least one millisecond MUST have passed */ + span_ms = 1; /* at least one millisecond MUST have passed */ /* Calculate the average speed the last 'span_ms' milliseconds */ { @@ -457,22 +455,22 @@ if(data->set.fxferinfo) { /* There's a callback set, call that */ - result= data->set.fxferinfo(data->set.progress_client, - data->progress.size_dl, - data->progress.downloaded, - data->progress.size_ul, - data->progress.uploaded); + result = data->set.fxferinfo(data->set.progress_client, + data->progress.size_dl, + data->progress.downloaded, + data->progress.size_ul, + data->progress.uploaded); if(result) failf(data, "Callback aborted"); return result; } if(data->set.fprogress) { /* The older deprecated callback is set, call that */ - result= data->set.fprogress(data->set.progress_client, - (double)data->progress.size_dl, - (double)data->progress.downloaded, - (double)data->progress.size_ul, - (double)data->progress.uploaded); + result = data->set.fprogress(data->set.progress_client, + (double)data->progress.size_dl, + (double)data->progress.downloaded, + (double)data->progress.size_ul, + (double)data->progress.uploaded); if(result) failf(data, "Callback aborted"); return result; diff -Nru curl-7.55.1/lib/progress.h curl-7.57.0/lib/progress.h --- curl-7.55.1/lib/progress.h 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/progress.h 2017-11-09 22:40:36.000000000 +0000 @@ -47,7 +47,7 @@ void Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size); void Curl_pgrsSetUploadCounter(struct Curl_easy *data, curl_off_t size); int Curl_pgrsUpdate(struct connectdata *); -void Curl_pgrsResetTimesSizes(struct Curl_easy *data); +void Curl_pgrsResetTransferSizes(struct Curl_easy *data); void Curl_pgrsTime(struct Curl_easy *data, timerid timer); long Curl_pgrsLimitWaitTime(curl_off_t cursize, curl_off_t startsize, diff -Nru curl-7.55.1/lib/rand.c curl-7.57.0/lib/rand.c --- curl-7.55.1/lib/rand.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/rand.c 2017-11-26 13:19:01.000000000 +0000 @@ -86,7 +86,7 @@ #endif if(!seeded) { - struct curltime now = curlx_tvnow(); + struct curltime now = Curl_now(); infof(data, "WARNING: Using weak random seed\n"); randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec; randseed = randseed * 1103515245 + 12345; diff -Nru curl-7.55.1/lib/rtsp.c curl-7.57.0/lib/rtsp.c --- curl-7.55.1/lib/rtsp.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/rtsp.c 2017-11-09 22:40:36.000000000 +0000 @@ -250,7 +250,7 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done) { struct Curl_easy *data = conn->data; - CURLcode result=CURLE_OK; + CURLcode result = CURLE_OK; Curl_RtspReq rtspreq = data->set.rtspreq; struct RTSP *rtsp = data->req.protop; struct HTTP *http; @@ -749,14 +749,28 @@ struct Curl_easy *data = conn->data; size_t wrote; curl_write_callback writeit; + void *user_ptr; if(len == 0) { failf(data, "Cannot write a 0 size RTP packet."); return CURLE_WRITE_ERROR; } - writeit = data->set.fwrite_rtp?data->set.fwrite_rtp:data->set.fwrite_func; - wrote = writeit(ptr, 1, len, data->set.rtp_out); + /* If the user has configured CURLOPT_INTERLEAVEFUNCTION then use that + function and any configured CURLOPT_INTERLEAVEDATA to write out the RTP + data. Otherwise, use the CURLOPT_WRITEFUNCTION with the CURLOPT_WRITEDATA + pointer to write out the RTP data. */ + if(data->set.fwrite_rtp) { + writeit = data->set.fwrite_rtp; + user_ptr = data->set.rtp_out; + } + else + { + writeit = data->set.fwrite_func; + user_ptr = data->set.out; + } + + wrote = writeit(ptr, 1, len, user_ptr); if(CURL_WRITEFUNC_PAUSE == wrote) { failf(data, "Cannot pause RTP"); diff -Nru curl-7.55.1/lib/security.c curl-7.57.0/lib/security.c --- curl-7.55.1/lib/security.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/security.c 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * rewrite to work around the paragraph 2 in the BSD licenses as explained * below. * - * Copyright (c) 1998, 1999 Kungliga Tekniska Hgskolan + * Copyright (c) 1998, 1999, 2017 Kungliga Tekniska Hgskolan * (Royal Institute of Technology, Stockholm, Sweden). * * Copyright (C) 2001 - 2015, Daniel Stenberg, , et al. @@ -115,7 +115,7 @@ static int ftp_send_command(struct connectdata *conn, const char *message, ...) { int ftp_code; - ssize_t nread=0; + ssize_t nread = 0; va_list args; char print_buffer[50]; diff -Nru curl-7.55.1/lib/select.c curl-7.57.0/lib/select.c --- curl-7.55.1/lib/select.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/select.c 2017-11-26 13:19:01.000000000 +0000 @@ -51,7 +51,7 @@ #include "warnless.h" /* Convenience local macros */ -#define ELAPSED_MS() (int)curlx_tvdiff(curlx_tvnow(), initial_tv) +#define ELAPSED_MS() (int)Curl_timediff(Curl_now(), initial_tv) int Curl_ack_eintr = 0; #define ERROR_NOT_EINTR(error) (Curl_ack_eintr || error != EINTR) @@ -96,7 +96,7 @@ Sleep(timeout_ms); #else pending_ms = timeout_ms; - initial_tv = curlx_tvnow(); + initial_tv = Curl_now(); do { #if defined(HAVE_POLL_FINE) r = poll(NULL, 0, pending_ms); @@ -177,14 +177,14 @@ return r; } - /* Avoid initial timestamp, avoid curlx_tvnow() call, when elapsed + /* Avoid initial timestamp, avoid Curl_now() call, when elapsed time in this function does not need to be measured. This happens when function is called with a zero timeout or a negative timeout value indicating a blocking call should be performed. */ if(timeout_ms > 0) { pending_ms = (int)timeout_ms; - initial_tv = curlx_tvnow(); + initial_tv = Curl_now(); } #ifdef HAVE_POLL_FINE @@ -418,14 +418,14 @@ return r; } - /* Avoid initial timestamp, avoid curlx_tvnow() call, when elapsed + /* Avoid initial timestamp, avoid Curl_now() call, when elapsed time in this function does not need to be measured. This happens when function is called with a zero timeout or a negative timeout value indicating a blocking call should be performed. */ if(timeout_ms > 0) { pending_ms = timeout_ms; - initial_tv = curlx_tvnow(); + initial_tv = Curl_now(); } #ifdef HAVE_POLL_FINE diff -Nru curl-7.55.1/lib/sendf.c curl-7.57.0/lib/sendf.c --- curl-7.55.1/lib/sendf.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/sendf.c 2017-11-27 07:50:21.000000000 +0000 @@ -22,6 +22,10 @@ #include "curl_setup.h" +#ifdef HAVE_LINUX_TCP_H +#include +#endif + #include #include "urldata.h" @@ -63,7 +67,7 @@ if(*startPtr == '\n') { /* This block of incoming data starts with the previous block's LF so get rid of it */ - memmove(startPtr, startPtr+1, size-1); + memmove(startPtr, startPtr + 1, size-1); size--; /* and it wasn't a bare CR but a CRLF conversion instead */ data->state.crlf_conversions++; @@ -75,7 +79,7 @@ inPtr = outPtr = memchr(startPtr, '\r', size); if(inPtr) { /* at least one CR, now look for CRLF */ - while(inPtr < (startPtr+size-1)) { + while(inPtr < (startPtr + size-1)) { /* note that it's size-1, so we'll never look past the last byte */ if(memcmp(inPtr, "\r\n", 2) == 0) { /* CRLF found, bump past the CR and copy the NL */ @@ -98,7 +102,7 @@ inPtr++; } /* end of while loop */ - if(inPtr < startPtr+size) { + if(inPtr < startPtr + size) { /* handle last byte */ if(*inPtr == '\r') { /* deal with a CR at the end of the buffer */ @@ -112,7 +116,7 @@ } outPtr++; } - if(outPtr < startPtr+size) + if(outPtr < startPtr + size) /* tidy up by null terminating the now shorter data */ *outPtr = '\0'; @@ -241,25 +245,25 @@ void Curl_failf(struct Curl_easy *data, const char *fmt, ...) { - va_list ap; - size_t len; - char error[CURL_ERROR_SIZE + 2]; - va_start(ap, fmt); - - vsnprintf(error, CURL_ERROR_SIZE, fmt, ap); - len = strlen(error); + if(data->set.verbose || data->set.errorbuffer) { + va_list ap; + size_t len; + char error[CURL_ERROR_SIZE + 2]; + va_start(ap, fmt); + vsnprintf(error, CURL_ERROR_SIZE, fmt, ap); + len = strlen(error); - if(data->set.errorbuffer && !data->state.errorbuf) { - strcpy(data->set.errorbuffer, error); - data->state.errorbuf = TRUE; /* wrote error string */ - } - if(data->set.verbose) { - error[len] = '\n'; - error[++len] = '\0'; - Curl_debug(data, CURLINFO_TEXT, error, len, NULL); + if(data->set.errorbuffer && !data->state.errorbuf) { + strcpy(data->set.errorbuffer, error); + data->state.errorbuf = TRUE; /* wrote error string */ + } + if(data->set.verbose) { + error[len] = '\n'; + error[++len] = '\0'; + Curl_debug(data, CURLINFO_TEXT, error, len, NULL); + } + va_end(ap); } - - va_end(ap); } /* Curl_sendf() sends formatted data to the server */ @@ -279,7 +283,7 @@ if(!s) return CURLE_OUT_OF_MEMORY; /* failure */ - bytes_written=0; + bytes_written = 0; write_len = strlen(s); sptr = s; @@ -360,7 +364,7 @@ available. */ pre_receive_plain(conn, num); -#ifdef MSG_FASTOPEN /* Linux */ +#if defined(MSG_FASTOPEN) && !defined(TCP_FASTOPEN_CONNECT) /* Linux */ if(conn->bits.tcp_fastopen) { bytes_written = sendto(sockfd, mem, len, MSG_FASTOPEN, conn->ip_addr->ai_addr, conn->ip_addr->ai_addrlen); @@ -387,7 +391,7 @@ #endif ) { /* this is just a case of EWOULDBLOCK */ - bytes_written=0; + bytes_written = 0; *code = CURLE_AGAIN; } else { @@ -480,7 +484,7 @@ bool newtype = TRUE; if(s->tempcount) { - for(i=0; i< s->tempcount; i++) { + for(i = 0; i< s->tempcount; i++) { if(s->tempwrite[i].type == type) { /* data for this type exists */ newtype = FALSE; @@ -704,7 +708,7 @@ us use the correct ssl handle. */ int num = (sockfd == conn->sock[SECONDARYSOCKET]); - *n=0; /* reset amount to zero */ + *n = 0; /* reset amount to zero */ /* If session can pipeline, check connection buffer */ if(pipelining) { @@ -823,8 +827,8 @@ int rc; if(data->set.printhost && conn && conn->host.dispname) { char buffer[160]; - const char *t=NULL; - const char *w="Data"; + const char *t = NULL; + const char *w = "Data"; switch(type) { case CURLINFO_HEADER_IN: w = "Header"; diff -Nru curl-7.55.1/lib/setopt.c curl-7.57.0/lib/setopt.c --- curl-7.55.1/lib/setopt.c 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/lib/setopt.c 2017-11-27 07:50:21.000000000 +0000 @@ -0,0 +1,2554 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#ifdef HAVE_LIMITS_H +#include +#endif + +#ifdef HAVE_LINUX_TCP_H +#include +#endif + +#include "urldata.h" +#include "url.h" +#include "progress.h" +#include "content_encoding.h" +#include "strcase.h" +#include "share.h" +#include "vtls/vtls.h" +#include "warnless.h" +#include "sendf.h" +#include "http2.h" +#include "setopt.h" + +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +CURLcode Curl_setstropt(char **charp, const char *s) +{ + /* Release the previous storage at `charp' and replace by a dynamic storage + copy of `s'. Return CURLE_OK or CURLE_OUT_OF_MEMORY. */ + + Curl_safefree(*charp); + + if(s) { + char *str = strdup(s); + + if(!str) + return CURLE_OUT_OF_MEMORY; + + *charp = str; + } + + return CURLE_OK; +} + +static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp) +{ + CURLcode result = CURLE_OK; + char *user = NULL; + char *passwd = NULL; + + /* Parse the login details if specified. It not then we treat NULL as a hint + to clear the existing data */ + if(option) { + result = Curl_parse_login_details(option, strlen(option), + (userp ? &user : NULL), + (passwdp ? &passwd : NULL), + NULL); + } + + if(!result) { + /* Store the username part of option if required */ + if(userp) { + if(!user && option && option[0] == ':') { + /* Allocate an empty string instead of returning NULL as user name */ + user = strdup(""); + if(!user) + result = CURLE_OUT_OF_MEMORY; + } + + Curl_safefree(*userp); + *userp = user; + } + + /* Store the password part of option if required */ + if(passwdp) { + Curl_safefree(*passwdp); + *passwdp = passwd; + } + } + + return result; +} + +#define C_SSLVERSION_VALUE(x) (x & 0xffff) +#define C_SSLVERSION_MAX_VALUE(x) (x & 0xffff0000) + +static CURLcode setopt(struct Curl_easy *data, CURLoption option, + va_list param) +{ + char *argptr; + CURLcode result = CURLE_OK; + long arg; + curl_off_t bigsize; + + switch(option) { + case CURLOPT_DNS_CACHE_TIMEOUT: + arg = va_arg(param, long); + if(arg < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.dns_cache_timeout = arg; + break; + case CURLOPT_DNS_USE_GLOBAL_CACHE: + /* remember we want this enabled */ + arg = va_arg(param, long); + data->set.global_dns_cache = (0 != arg) ? TRUE : FALSE; + break; + case CURLOPT_SSL_CIPHER_LIST: + /* set a list of cipher we want to use in the SSL connection */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_ORIG], + va_arg(param, char *)); + break; + case CURLOPT_PROXY_SSL_CIPHER_LIST: + /* set a list of cipher we want to use in the SSL connection for proxy */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_PROXY], + va_arg(param, char *)); + break; + + case CURLOPT_RANDOM_FILE: + /* + * This is the path name to a file that contains random data to seed + * the random SSL stuff with. The file is only used for reading. + */ + result = Curl_setstropt(&data->set.str[STRING_SSL_RANDOM_FILE], + va_arg(param, char *)); + break; + case CURLOPT_EGDSOCKET: + /* + * The Entropy Gathering Daemon socket pathname + */ + result = Curl_setstropt(&data->set.str[STRING_SSL_EGDSOCKET], + va_arg(param, char *)); + break; + case CURLOPT_MAXCONNECTS: + /* + * Set the absolute number of maximum simultaneous alive connection that + * libcurl is allowed to have. + */ + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.maxconnects = arg; + break; + case CURLOPT_FORBID_REUSE: + /* + * When this transfer is done, it must not be left to be reused by a + * subsequent transfer but shall be closed immediately. + */ + data->set.reuse_forbid = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_FRESH_CONNECT: + /* + * This transfer shall not use a previously cached connection but + * should be made with a fresh new connect! + */ + data->set.reuse_fresh = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_VERBOSE: + /* + * Verbose means infof() calls that give a lot of information about + * the connection and transfer procedures as well as internal choices. + */ + data->set.verbose = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_HEADER: + /* + * Set to include the header in the general data output stream. + */ + data->set.include_header = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_NOPROGRESS: + /* + * Shut off the internal supported progress meter + */ + data->set.hide_progress = (0 != va_arg(param, long)) ? TRUE : FALSE; + if(data->set.hide_progress) + data->progress.flags |= PGRS_HIDE; + else + data->progress.flags &= ~PGRS_HIDE; + break; + case CURLOPT_NOBODY: + /* + * Do not include the body part in the output data stream. + */ + data->set.opt_no_body = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_FAILONERROR: + /* + * Don't output the >=400 error code HTML-page, but instead only + * return error. + */ + data->set.http_fail_on_error = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_KEEP_SENDING_ON_ERROR: + data->set.http_keep_sending_on_error = (0 != va_arg(param, long)) ? + TRUE : FALSE; + break; + case CURLOPT_UPLOAD: + case CURLOPT_PUT: + /* + * We want to sent data to the remote host. If this is HTTP, that equals + * using the PUT request. + */ + data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE; + if(data->set.upload) { + /* If this is HTTP, PUT is what's needed to "upload" */ + data->set.httpreq = HTTPREQ_PUT; + data->set.opt_no_body = FALSE; /* this is implied */ + } + else + /* In HTTP, the opposite of upload is GET (unless NOBODY is true as + then this can be changed to HEAD later on) */ + data->set.httpreq = HTTPREQ_GET; + break; + case CURLOPT_REQUEST_TARGET: + result = Curl_setstropt(&data->set.str[STRING_TARGET], + va_arg(param, char *)); + break; + case CURLOPT_FILETIME: + /* + * Try to get the file time of the remote document. The time will + * later (possibly) become available using curl_easy_getinfo(). + */ + data->set.get_filetime = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_FTP_CREATE_MISSING_DIRS: + /* + * An FTP option that modifies an upload to create missing directories on + * the server. + */ + switch(va_arg(param, long)) { + case 0: + data->set.ftp_create_missing_dirs = 0; + break; + case 1: + data->set.ftp_create_missing_dirs = 1; + break; + case 2: + data->set.ftp_create_missing_dirs = 2; + break; + default: + /* reserve other values for future use */ + result = CURLE_UNKNOWN_OPTION; + break; + } + break; + case CURLOPT_SERVER_RESPONSE_TIMEOUT: + /* + * Option that specifies how quickly an server response must be obtained + * before it is considered failure. For pingpong protocols. + */ + arg = va_arg(param, long); + if((arg >= 0) && (arg < (INT_MAX/1000))) + data->set.server_response_timeout = arg * 1000; + else + return CURLE_BAD_FUNCTION_ARGUMENT; + break; + case CURLOPT_TFTP_NO_OPTIONS: + /* + * Option that prevents libcurl from sending TFTP option requests to the + * server. + */ + data->set.tftp_no_options = va_arg(param, long) != 0; + break; + case CURLOPT_TFTP_BLKSIZE: + /* + * TFTP option that specifies the block size to use for data transmission. + */ + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.tftp_blksize = arg; + break; + case CURLOPT_DIRLISTONLY: + /* + * An option that changes the command to one that asks for a list + * only, no file info details. + */ + data->set.ftp_list_only = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_APPEND: + /* + * We want to upload and append to an existing file. + */ + data->set.ftp_append = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_FTP_FILEMETHOD: + /* + * How do access files over FTP. + */ + arg = va_arg(param, long); + if((arg < CURLFTPMETHOD_DEFAULT) || (arg > CURLFTPMETHOD_SINGLECWD)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.ftp_filemethod = (curl_ftpfile)arg; + break; + case CURLOPT_NETRC: + /* + * Parse the $HOME/.netrc file + */ + arg = va_arg(param, long); + if((arg < CURL_NETRC_IGNORED) || (arg > CURL_NETRC_REQUIRED)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.use_netrc = (enum CURL_NETRC_OPTION)arg; + break; + case CURLOPT_NETRC_FILE: + /* + * Use this file instead of the $HOME/.netrc file + */ + result = Curl_setstropt(&data->set.str[STRING_NETRC_FILE], + va_arg(param, char *)); + break; + case CURLOPT_TRANSFERTEXT: + /* + * This option was previously named 'FTPASCII'. Renamed to work with + * more protocols than merely FTP. + * + * Transfer using ASCII (instead of BINARY). + */ + data->set.prefer_ascii = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_TIMECONDITION: + /* + * Set HTTP time condition. This must be one of the defines in the + * curl/curl.h header file. + */ + arg = va_arg(param, long); + if((arg < CURL_TIMECOND_NONE) || (arg > CURL_TIMECOND_LASTMOD)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.timecondition = (curl_TimeCond)arg; + break; + case CURLOPT_TIMEVALUE: + /* + * This is the value to compare with the remote document with the + * method set with CURLOPT_TIMECONDITION + */ + data->set.timevalue = (time_t)va_arg(param, long); + break; + case CURLOPT_SSLVERSION: + /* + * Set explicit SSL version to try to connect with, as some SSL + * implementations are lame. + */ +#ifdef USE_SSL + arg = va_arg(param, long); + if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.ssl.primary.version = C_SSLVERSION_VALUE(arg); + data->set.ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg); +#else + result = CURLE_UNKNOWN_OPTION; +#endif + break; + case CURLOPT_PROXY_SSLVERSION: + /* + * Set explicit SSL version to try to connect with for proxy, as some SSL + * implementations are lame. + */ +#ifdef USE_SSL + arg = va_arg(param, long); + if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.proxy_ssl.primary.version = C_SSLVERSION_VALUE(arg); + data->set.proxy_ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg); +#else + result = CURLE_UNKNOWN_OPTION; +#endif + break; + +#ifndef CURL_DISABLE_HTTP + case CURLOPT_AUTOREFERER: + /* + * Switch on automatic referer that gets set if curl follows locations. + */ + data->set.http_auto_referer = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_ACCEPT_ENCODING: + /* + * String to use at the value of Accept-Encoding header. + * + * If the encoding is set to "" we use an Accept-Encoding header that + * encompasses all the encodings we support. + * If the encoding is set to NULL we don't send an Accept-Encoding header + * and ignore an received Content-Encoding header. + * + */ + argptr = va_arg(param, char *); + if(argptr && !*argptr) { + argptr = Curl_all_content_encodings(); + if(!argptr) + result = CURLE_OUT_OF_MEMORY; + else { + result = Curl_setstropt(&data->set.str[STRING_ENCODING], argptr); + free(argptr); + } + } + else + result = Curl_setstropt(&data->set.str[STRING_ENCODING], argptr); + break; + + case CURLOPT_TRANSFER_ENCODING: + data->set.http_transfer_encoding = (0 != va_arg(param, long)) ? + TRUE : FALSE; + break; + + case CURLOPT_FOLLOWLOCATION: + /* + * Follow Location: header hints on a HTTP-server. + */ + data->set.http_follow_location = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_UNRESTRICTED_AUTH: + /* + * Send authentication (user+password) when following locations, even when + * hostname changed. + */ + data->set.http_disable_hostname_check_before_authentication = + (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_MAXREDIRS: + /* + * The maximum amount of hops you allow curl to follow Location: + * headers. This should mostly be used to detect never-ending loops. + */ + arg = va_arg(param, long); + if(arg < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.maxredirs = arg; + break; + + case CURLOPT_POSTREDIR: + /* + * Set the behaviour of POST when redirecting + * CURL_REDIR_GET_ALL - POST is changed to GET after 301 and 302 + * CURL_REDIR_POST_301 - POST is kept as POST after 301 + * CURL_REDIR_POST_302 - POST is kept as POST after 302 + * CURL_REDIR_POST_303 - POST is kept as POST after 303 + * CURL_REDIR_POST_ALL - POST is kept as POST after 301, 302 and 303 + * other - POST is kept as POST after 301 and 302 + */ + arg = va_arg(param, long); + if(arg < CURL_REDIR_GET_ALL) + /* no return error on too high numbers since the bitmask could be + extended in a future */ + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.keep_post = arg & CURL_REDIR_POST_ALL; + break; + + case CURLOPT_POST: + /* Does this option serve a purpose anymore? Yes it does, when + CURLOPT_POSTFIELDS isn't used and the POST data is read off the + callback! */ + if(va_arg(param, long)) { + data->set.httpreq = HTTPREQ_POST; + data->set.opt_no_body = FALSE; /* this is implied */ + } + else + data->set.httpreq = HTTPREQ_GET; + break; + + case CURLOPT_COPYPOSTFIELDS: + /* + * A string with POST data. Makes curl HTTP POST. Even if it is NULL. + * If needed, CURLOPT_POSTFIELDSIZE must have been set prior to + * CURLOPT_COPYPOSTFIELDS and not altered later. + */ + argptr = va_arg(param, char *); + + if(!argptr || data->set.postfieldsize == -1) + result = Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], argptr); + else { + /* + * Check that requested length does not overflow the size_t type. + */ + + if((data->set.postfieldsize < 0) || + ((sizeof(curl_off_t) != sizeof(size_t)) && + (data->set.postfieldsize > (curl_off_t)((size_t)-1)))) + result = CURLE_OUT_OF_MEMORY; + else { + char *p; + + (void) Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL); + + /* Allocate even when size == 0. This satisfies the need of possible + later address compare to detect the COPYPOSTFIELDS mode, and + to mark that postfields is used rather than read function or + form data. + */ + p = malloc((size_t)(data->set.postfieldsize? + data->set.postfieldsize:1)); + + if(!p) + result = CURLE_OUT_OF_MEMORY; + else { + if(data->set.postfieldsize) + memcpy(p, argptr, (size_t)data->set.postfieldsize); + + data->set.str[STRING_COPYPOSTFIELDS] = p; + } + } + } + + data->set.postfields = data->set.str[STRING_COPYPOSTFIELDS]; + data->set.httpreq = HTTPREQ_POST; + break; + + case CURLOPT_POSTFIELDS: + /* + * Like above, but use static data instead of copying it. + */ + data->set.postfields = va_arg(param, void *); + /* Release old copied data. */ + (void) Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL); + data->set.httpreq = HTTPREQ_POST; + break; + + case CURLOPT_POSTFIELDSIZE: + /* + * The size of the POSTFIELD data to prevent libcurl to do strlen() to + * figure it out. Enables binary posts. + */ + bigsize = va_arg(param, long); + if(bigsize < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + + if(data->set.postfieldsize < bigsize && + data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) { + /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */ + (void) Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL); + data->set.postfields = NULL; + } + + data->set.postfieldsize = bigsize; + break; + + case CURLOPT_POSTFIELDSIZE_LARGE: + /* + * The size of the POSTFIELD data to prevent libcurl to do strlen() to + * figure it out. Enables binary posts. + */ + bigsize = va_arg(param, curl_off_t); + if(bigsize < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + + if(data->set.postfieldsize < bigsize && + data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) { + /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */ + (void) Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL); + data->set.postfields = NULL; + } + + data->set.postfieldsize = bigsize; + break; + + case CURLOPT_HTTPPOST: + /* + * Set to make us do HTTP POST + */ + data->set.httppost = va_arg(param, struct curl_httppost *); + data->set.httpreq = HTTPREQ_POST_FORM; + data->set.opt_no_body = FALSE; /* this is implied */ + break; +#endif /* CURL_DISABLE_HTTP */ + + case CURLOPT_MIMEPOST: + /* + * Set to make us do MIME/form POST + */ + result = Curl_mime_set_subparts(&data->set.mimepost, + va_arg(param, curl_mime *), FALSE); + if(!result) { + data->set.httpreq = HTTPREQ_POST_MIME; + data->set.opt_no_body = FALSE; /* this is implied */ + } + break; + + case CURLOPT_REFERER: + /* + * String to set in the HTTP Referer: field. + */ + if(data->change.referer_alloc) { + Curl_safefree(data->change.referer); + data->change.referer_alloc = FALSE; + } + result = Curl_setstropt(&data->set.str[STRING_SET_REFERER], + va_arg(param, char *)); + data->change.referer = data->set.str[STRING_SET_REFERER]; + break; + + case CURLOPT_USERAGENT: + /* + * String to use in the HTTP User-Agent field + */ + result = Curl_setstropt(&data->set.str[STRING_USERAGENT], + va_arg(param, char *)); + break; + + case CURLOPT_HTTPHEADER: + /* + * Set a list with HTTP headers to use (or replace internals with) + */ + data->set.headers = va_arg(param, struct curl_slist *); + break; + +#ifndef CURL_DISABLE_HTTP + case CURLOPT_PROXYHEADER: + /* + * Set a list with proxy headers to use (or replace internals with) + * + * Since CURLOPT_HTTPHEADER was the only way to set HTTP headers for a + * long time we remain doing it this way until CURLOPT_PROXYHEADER is + * used. As soon as this option has been used, if set to anything but + * NULL, custom headers for proxies are only picked from this list. + * + * Set this option to NULL to restore the previous behavior. + */ + data->set.proxyheaders = va_arg(param, struct curl_slist *); + break; + + case CURLOPT_HEADEROPT: + /* + * Set header option. + */ + arg = va_arg(param, long); + data->set.sep_headers = (arg & CURLHEADER_SEPARATE)? TRUE: FALSE; + break; + + case CURLOPT_HTTP200ALIASES: + /* + * Set a list of aliases for HTTP 200 in response header + */ + data->set.http200aliases = va_arg(param, struct curl_slist *); + break; + +#if !defined(CURL_DISABLE_COOKIES) + case CURLOPT_COOKIE: + /* + * Cookie string to send to the remote server in the request. + */ + result = Curl_setstropt(&data->set.str[STRING_COOKIE], + va_arg(param, char *)); + break; + + case CURLOPT_COOKIEFILE: + /* + * Set cookie file to read and parse. Can be used multiple times. + */ + argptr = (char *)va_arg(param, void *); + if(argptr) { + struct curl_slist *cl; + /* append the cookie file name to the list of file names, and deal with + them later */ + cl = curl_slist_append(data->change.cookielist, argptr); + if(!cl) { + curl_slist_free_all(data->change.cookielist); + data->change.cookielist = NULL; + return CURLE_OUT_OF_MEMORY; + } + data->change.cookielist = cl; /* store the list for later use */ + } + break; + + case CURLOPT_COOKIEJAR: + /* + * Set cookie file name to dump all cookies to when we're done. + */ + { + struct CookieInfo *newcookies; + result = Curl_setstropt(&data->set.str[STRING_COOKIEJAR], + va_arg(param, char *)); + + /* + * Activate the cookie parser. This may or may not already + * have been made. + */ + newcookies = Curl_cookie_init(data, NULL, data->cookies, + data->set.cookiesession); + if(!newcookies) + result = CURLE_OUT_OF_MEMORY; + data->cookies = newcookies; + } + break; + + case CURLOPT_COOKIESESSION: + /* + * Set this option to TRUE to start a new "cookie session". It will + * prevent the forthcoming read-cookies-from-file actions to accept + * cookies that are marked as being session cookies, as they belong to a + * previous session. + * + * In the original Netscape cookie spec, "session cookies" are cookies + * with no expire date set. RFC2109 describes the same action if no + * 'Max-Age' is set and RFC2965 includes the RFC2109 description and adds + * a 'Discard' action that can enforce the discard even for cookies that + * have a Max-Age. + * + * We run mostly with the original cookie spec, as hardly anyone implements + * anything else. + */ + data->set.cookiesession = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_COOKIELIST: + argptr = va_arg(param, char *); + + if(argptr == NULL) + break; + + if(strcasecompare(argptr, "ALL")) { + /* clear all cookies */ + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + Curl_cookie_clearall(data->cookies); + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); + } + else if(strcasecompare(argptr, "SESS")) { + /* clear session cookies */ + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + Curl_cookie_clearsess(data->cookies); + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); + } + else if(strcasecompare(argptr, "FLUSH")) { + /* flush cookies to file, takes care of the locking */ + Curl_flush_cookies(data, 0); + } + else if(strcasecompare(argptr, "RELOAD")) { + /* reload cookies from file */ + Curl_cookie_loadfiles(data); + break; + } + else { + if(!data->cookies) + /* if cookie engine was not running, activate it */ + data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE); + + argptr = strdup(argptr); + if(!argptr || !data->cookies) { + result = CURLE_OUT_OF_MEMORY; + free(argptr); + } + else { + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + + if(checkprefix("Set-Cookie:", argptr)) + /* HTTP Header format line */ + Curl_cookie_add(data, data->cookies, TRUE, argptr + 11, NULL, NULL); + + else + /* Netscape format line */ + Curl_cookie_add(data, data->cookies, FALSE, argptr, NULL, NULL); + + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); + free(argptr); + } + } + + break; +#endif /* !CURL_DISABLE_COOKIES */ + + case CURLOPT_HTTPGET: + /* + * Set to force us do HTTP GET + */ + if(va_arg(param, long)) { + data->set.httpreq = HTTPREQ_GET; + data->set.upload = FALSE; /* switch off upload */ + data->set.opt_no_body = FALSE; /* this is implied */ + } + break; + + case CURLOPT_HTTP_VERSION: + /* + * This sets a requested HTTP version to be used. The value is one of + * the listed enums in curl/curl.h. + */ + arg = va_arg(param, long); + if(arg < CURL_HTTP_VERSION_NONE) + return CURLE_BAD_FUNCTION_ARGUMENT; +#ifndef USE_NGHTTP2 + if(arg >= CURL_HTTP_VERSION_2) + return CURLE_UNSUPPORTED_PROTOCOL; +#else + if(arg > CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE) + return CURLE_UNSUPPORTED_PROTOCOL; +#endif + data->set.httpversion = arg; + break; + + case CURLOPT_EXPECT_100_TIMEOUT_MS: + /* + * Time to wait for a response to a HTTP request containing an + * Expect: 100-continue header before sending the data anyway. + */ + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.expect_100_timeout = arg; + break; + +#endif /* CURL_DISABLE_HTTP */ + + case CURLOPT_HTTPAUTH: + /* + * Set HTTP Authentication type BITMASK. + */ + { + int bitcheck; + bool authbits; + unsigned long auth = va_arg(param, unsigned long); + + if(auth == CURLAUTH_NONE) { + data->set.httpauth = auth; + break; + } + + /* the DIGEST_IE bit is only used to set a special marker, for all the + rest we need to handle it as normal DIGEST */ + data->state.authhost.iestyle = (auth & CURLAUTH_DIGEST_IE) ? TRUE : FALSE; + + if(auth & CURLAUTH_DIGEST_IE) { + auth |= CURLAUTH_DIGEST; /* set standard digest bit */ + auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */ + } + + /* switch off bits we can't support */ +#ifndef USE_NTLM + auth &= ~CURLAUTH_NTLM; /* no NTLM support */ + auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */ +#elif !defined(NTLM_WB_ENABLED) + auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */ +#endif +#ifndef USE_SPNEGO + auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without + GSS-API or SSPI */ +#endif + + /* check if any auth bit lower than CURLAUTH_ONLY is still set */ + bitcheck = 0; + authbits = FALSE; + while(bitcheck < 31) { + if(auth & (1UL << bitcheck++)) { + authbits = TRUE; + break; + } + } + if(!authbits) + return CURLE_NOT_BUILT_IN; /* no supported types left! */ + + data->set.httpauth = auth; + } + break; + + case CURLOPT_CUSTOMREQUEST: + /* + * Set a custom string to use as request + */ + result = Curl_setstropt(&data->set.str[STRING_CUSTOMREQUEST], + va_arg(param, char *)); + + /* we don't set + data->set.httpreq = HTTPREQ_CUSTOM; + here, we continue as if we were using the already set type + and this just changes the actual request keyword */ + break; + +#ifndef CURL_DISABLE_PROXY + case CURLOPT_HTTPPROXYTUNNEL: + /* + * Tunnel operations through the proxy instead of normal proxy use + */ + data->set.tunnel_thru_httpproxy = (0 != va_arg(param, long)) ? + TRUE : FALSE; + break; + + case CURLOPT_PROXYPORT: + /* + * Explicitly set HTTP proxy port number. + */ + arg = va_arg(param, long); + if((arg < 0) || (arg > 65535)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.proxyport = arg; + break; + + case CURLOPT_PROXYAUTH: + /* + * Set HTTP Authentication type BITMASK. + */ + { + int bitcheck; + bool authbits; + unsigned long auth = va_arg(param, unsigned long); + + if(auth == CURLAUTH_NONE) { + data->set.proxyauth = auth; + break; + } + + /* the DIGEST_IE bit is only used to set a special marker, for all the + rest we need to handle it as normal DIGEST */ + data->state.authproxy.iestyle = (auth & CURLAUTH_DIGEST_IE) ? TRUE : FALSE; + + if(auth & CURLAUTH_DIGEST_IE) { + auth |= CURLAUTH_DIGEST; /* set standard digest bit */ + auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */ + } + /* switch off bits we can't support */ +#ifndef USE_NTLM + auth &= ~CURLAUTH_NTLM; /* no NTLM support */ + auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */ +#elif !defined(NTLM_WB_ENABLED) + auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */ +#endif +#ifndef USE_SPNEGO + auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without + GSS-API or SSPI */ +#endif + + /* check if any auth bit lower than CURLAUTH_ONLY is still set */ + bitcheck = 0; + authbits = FALSE; + while(bitcheck < 31) { + if(auth & (1UL << bitcheck++)) { + authbits = TRUE; + break; + } + } + if(!authbits) + return CURLE_NOT_BUILT_IN; /* no supported types left! */ + + data->set.proxyauth = auth; + } + break; + + case CURLOPT_PROXY: + /* + * Set proxy server:port to use as proxy. + * + * If the proxy is set to "" (and CURLOPT_SOCKS_PROXY is set to "" or NULL) + * we explicitly say that we don't want to use a proxy + * (even though there might be environment variables saying so). + * + * Setting it to NULL, means no proxy but allows the environment variables + * to decide for us (if CURLOPT_SOCKS_PROXY setting it to NULL). + */ + result = Curl_setstropt(&data->set.str[STRING_PROXY], + va_arg(param, char *)); + break; + + case CURLOPT_PRE_PROXY: + /* + * Set proxy server:port to use as SOCKS proxy. + * + * If the proxy is set to "" or NULL we explicitly say that we don't want + * to use the socks proxy. + */ + result = Curl_setstropt(&data->set.str[STRING_PRE_PROXY], + va_arg(param, char *)); + break; + + case CURLOPT_PROXYTYPE: + /* + * Set proxy type. HTTP/HTTP_1_0/SOCKS4/SOCKS4a/SOCKS5/SOCKS5_HOSTNAME + */ + arg = va_arg(param, long); + if((arg < CURLPROXY_HTTP) || (arg > CURLPROXY_SOCKS5_HOSTNAME)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.proxytype = (curl_proxytype)arg; + break; + + case CURLOPT_PROXY_TRANSFER_MODE: + /* + * set transfer mode (;type=) when doing FTP via an HTTP proxy + */ + switch(va_arg(param, long)) { + case 0: + data->set.proxy_transfer_mode = FALSE; + break; + case 1: + data->set.proxy_transfer_mode = TRUE; + break; + default: + /* reserve other values for future use */ + result = CURLE_UNKNOWN_OPTION; + break; + } + break; +#endif /* CURL_DISABLE_PROXY */ + + case CURLOPT_SOCKS5_AUTH: + data->set.socks5auth = va_arg(param, unsigned long); + if(data->set.socks5auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) + result = CURLE_NOT_BUILT_IN; + break; +#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) + case CURLOPT_SOCKS5_GSSAPI_NEC: + /* + * Set flag for NEC SOCK5 support + */ + data->set.socks5_gssapi_nec = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_SOCKS5_GSSAPI_SERVICE: + case CURLOPT_PROXY_SERVICE_NAME: + /* + * Set proxy authentication service name for Kerberos 5 and SPNEGO + */ + result = Curl_setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME], + va_arg(param, char *)); + break; +#endif + +#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \ + defined(USE_SPNEGO) + case CURLOPT_SERVICE_NAME: + /* + * Set authentication service name for DIGEST-MD5, Kerberos 5 and SPNEGO + */ + result = Curl_setstropt(&data->set.str[STRING_SERVICE_NAME], + va_arg(param, char *)); + break; + +#endif + + case CURLOPT_HEADERDATA: + /* + * Custom pointer to pass the header write callback function + */ + data->set.writeheader = (void *)va_arg(param, void *); + break; + case CURLOPT_ERRORBUFFER: + /* + * Error buffer provided by the caller to get the human readable + * error string in. + */ + data->set.errorbuffer = va_arg(param, char *); + break; + case CURLOPT_WRITEDATA: + /* + * FILE pointer to write to. Or possibly + * used as argument to the write callback. + */ + data->set.out = va_arg(param, void *); + break; + case CURLOPT_FTPPORT: + /* + * Use FTP PORT, this also specifies which IP address to use + */ + result = Curl_setstropt(&data->set.str[STRING_FTPPORT], + va_arg(param, char *)); + data->set.ftp_use_port = (data->set.str[STRING_FTPPORT]) ? TRUE : FALSE; + break; + + case CURLOPT_FTP_USE_EPRT: + data->set.ftp_use_eprt = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_FTP_USE_EPSV: + data->set.ftp_use_epsv = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_FTP_USE_PRET: + data->set.ftp_use_pret = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_FTP_SSL_CCC: + arg = va_arg(param, long); + if((arg < CURLFTPSSL_CCC_NONE) || (arg > CURLFTPSSL_CCC_ACTIVE)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.ftp_ccc = (curl_ftpccc)arg; + break; + + case CURLOPT_FTP_SKIP_PASV_IP: + /* + * Enable or disable FTP_SKIP_PASV_IP, which will disable/enable the + * bypass of the IP address in PASV responses. + */ + data->set.ftp_skip_ip = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_READDATA: + /* + * FILE pointer to read the file to be uploaded from. Or possibly + * used as argument to the read callback. + */ + data->set.in_set = va_arg(param, void *); + break; + case CURLOPT_INFILESIZE: + /* + * If known, this should inform curl about the file size of the + * to-be-uploaded file. + */ + arg = va_arg(param, long); + if(arg < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.filesize = arg; + break; + case CURLOPT_INFILESIZE_LARGE: + /* + * If known, this should inform curl about the file size of the + * to-be-uploaded file. + */ + bigsize = va_arg(param, curl_off_t); + if(bigsize < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.filesize = bigsize; + break; + case CURLOPT_LOW_SPEED_LIMIT: + /* + * The low speed limit that if transfers are below this for + * CURLOPT_LOW_SPEED_TIME, the transfer is aborted. + */ + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.low_speed_limit = arg; + break; + case CURLOPT_MAX_SEND_SPEED_LARGE: + /* + * When transfer uploads are faster then CURLOPT_MAX_SEND_SPEED_LARGE + * bytes per second the transfer is throttled.. + */ + bigsize = va_arg(param, curl_off_t); + if(bigsize < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.max_send_speed = bigsize; + break; + case CURLOPT_MAX_RECV_SPEED_LARGE: + /* + * When receiving data faster than CURLOPT_MAX_RECV_SPEED_LARGE bytes per + * second the transfer is throttled.. + */ + bigsize = va_arg(param, curl_off_t); + if(bigsize < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.max_recv_speed = bigsize; + break; + case CURLOPT_LOW_SPEED_TIME: + /* + * The low speed time that if transfers are below the set + * CURLOPT_LOW_SPEED_LIMIT during this time, the transfer is aborted. + */ + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.low_speed_time = arg; + break; + case CURLOPT_URL: + /* + * The URL to fetch. + */ + if(data->change.url_alloc) { + /* the already set URL is allocated, free it first! */ + Curl_safefree(data->change.url); + data->change.url_alloc = FALSE; + } + result = Curl_setstropt(&data->set.str[STRING_SET_URL], + va_arg(param, char *)); + data->change.url = data->set.str[STRING_SET_URL]; + break; + case CURLOPT_PORT: + /* + * The port number to use when getting the URL + */ + arg = va_arg(param, long); + if((arg < 0) || (arg > 65535)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.use_port = arg; + break; + case CURLOPT_TIMEOUT: + /* + * The maximum time you allow curl to use for a single transfer + * operation. + */ + arg = va_arg(param, long); + if((arg >= 0) && (arg < (INT_MAX/1000))) + data->set.timeout = arg * 1000; + else + return CURLE_BAD_FUNCTION_ARGUMENT; + break; + + case CURLOPT_TIMEOUT_MS: + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.timeout = arg; + break; + + case CURLOPT_CONNECTTIMEOUT: + /* + * The maximum time you allow curl to use to connect. + */ + arg = va_arg(param, long); + if((arg >= 0) && (arg < (INT_MAX/1000))) + data->set.connecttimeout = arg * 1000; + else + return CURLE_BAD_FUNCTION_ARGUMENT; + break; + + case CURLOPT_CONNECTTIMEOUT_MS: + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.connecttimeout = arg; + break; + + case CURLOPT_ACCEPTTIMEOUT_MS: + /* + * The maximum time you allow curl to wait for server connect + */ + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.accepttimeout = arg; + break; + + case CURLOPT_USERPWD: + /* + * user:password to use in the operation + */ + result = setstropt_userpwd(va_arg(param, char *), + &data->set.str[STRING_USERNAME], + &data->set.str[STRING_PASSWORD]); + break; + + case CURLOPT_USERNAME: + /* + * authentication user name to use in the operation + */ + result = Curl_setstropt(&data->set.str[STRING_USERNAME], + va_arg(param, char *)); + break; + + case CURLOPT_PASSWORD: + /* + * authentication password to use in the operation + */ + result = Curl_setstropt(&data->set.str[STRING_PASSWORD], + va_arg(param, char *)); + break; + + case CURLOPT_LOGIN_OPTIONS: + /* + * authentication options to use in the operation + */ + result = Curl_setstropt(&data->set.str[STRING_OPTIONS], + va_arg(param, char *)); + break; + + case CURLOPT_XOAUTH2_BEARER: + /* + * OAuth 2.0 bearer token to use in the operation + */ + result = Curl_setstropt(&data->set.str[STRING_BEARER], + va_arg(param, char *)); + break; + + case CURLOPT_POSTQUOTE: + /* + * List of RAW FTP commands to use after a transfer + */ + data->set.postquote = va_arg(param, struct curl_slist *); + break; + case CURLOPT_PREQUOTE: + /* + * List of RAW FTP commands to use prior to RETR (Wesley Laxton) + */ + data->set.prequote = va_arg(param, struct curl_slist *); + break; + case CURLOPT_QUOTE: + /* + * List of RAW FTP commands to use before a transfer + */ + data->set.quote = va_arg(param, struct curl_slist *); + break; + case CURLOPT_RESOLVE: + /* + * List of NAME:[address] names to populate the DNS cache with + * Prefix the NAME with dash (-) to _remove_ the name from the cache. + * + * Names added with this API will remain in the cache until explicitly + * removed or the handle is cleaned up. + * + * This API can remove any name from the DNS cache, but only entries + * that aren't actually in use right now will be pruned immediately. + */ + data->set.resolve = va_arg(param, struct curl_slist *); + data->change.resolve = data->set.resolve; + break; + case CURLOPT_PROGRESSFUNCTION: + /* + * Progress callback function + */ + data->set.fprogress = va_arg(param, curl_progress_callback); + if(data->set.fprogress) + data->progress.callback = TRUE; /* no longer internal */ + else + data->progress.callback = FALSE; /* NULL enforces internal */ + break; + + case CURLOPT_XFERINFOFUNCTION: + /* + * Transfer info callback function + */ + data->set.fxferinfo = va_arg(param, curl_xferinfo_callback); + if(data->set.fxferinfo) + data->progress.callback = TRUE; /* no longer internal */ + else + data->progress.callback = FALSE; /* NULL enforces internal */ + + break; + + case CURLOPT_PROGRESSDATA: + /* + * Custom client data to pass to the progress callback + */ + data->set.progress_client = va_arg(param, void *); + break; + +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXYUSERPWD: + /* + * user:password needed to use the proxy + */ + result = setstropt_userpwd(va_arg(param, char *), + &data->set.str[STRING_PROXYUSERNAME], + &data->set.str[STRING_PROXYPASSWORD]); + break; + case CURLOPT_PROXYUSERNAME: + /* + * authentication user name to use in the operation + */ + result = Curl_setstropt(&data->set.str[STRING_PROXYUSERNAME], + va_arg(param, char *)); + break; + case CURLOPT_PROXYPASSWORD: + /* + * authentication password to use in the operation + */ + result = Curl_setstropt(&data->set.str[STRING_PROXYPASSWORD], + va_arg(param, char *)); + break; + case CURLOPT_NOPROXY: + /* + * proxy exception list + */ + result = Curl_setstropt(&data->set.str[STRING_NOPROXY], + va_arg(param, char *)); + break; +#endif + + case CURLOPT_RANGE: + /* + * What range of the file you want to transfer + */ + result = Curl_setstropt(&data->set.str[STRING_SET_RANGE], + va_arg(param, char *)); + break; + case CURLOPT_RESUME_FROM: + /* + * Resume transfer at the given file position + */ + arg = va_arg(param, long); + if(arg < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.set_resume_from = arg; + break; + case CURLOPT_RESUME_FROM_LARGE: + /* + * Resume transfer at the given file position + */ + bigsize = va_arg(param, curl_off_t); + if(bigsize < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.set_resume_from = bigsize; + break; + case CURLOPT_DEBUGFUNCTION: + /* + * stderr write callback. + */ + data->set.fdebug = va_arg(param, curl_debug_callback); + /* + * if the callback provided is NULL, it'll use the default callback + */ + break; + case CURLOPT_DEBUGDATA: + /* + * Set to a void * that should receive all error writes. This + * defaults to CURLOPT_STDERR for normal operations. + */ + data->set.debugdata = va_arg(param, void *); + break; + case CURLOPT_STDERR: + /* + * Set to a FILE * that should receive all error writes. This + * defaults to stderr for normal operations. + */ + data->set.err = va_arg(param, FILE *); + if(!data->set.err) + data->set.err = stderr; + break; + case CURLOPT_HEADERFUNCTION: + /* + * Set header write callback + */ + data->set.fwrite_header = va_arg(param, curl_write_callback); + break; + case CURLOPT_WRITEFUNCTION: + /* + * Set data write callback + */ + data->set.fwrite_func = va_arg(param, curl_write_callback); + if(!data->set.fwrite_func) { + data->set.is_fwrite_set = 0; + /* When set to NULL, reset to our internal default function */ + data->set.fwrite_func = (curl_write_callback)fwrite; + } + else + data->set.is_fwrite_set = 1; + break; + case CURLOPT_READFUNCTION: + /* + * Read data callback + */ + data->set.fread_func_set = va_arg(param, curl_read_callback); + if(!data->set.fread_func_set) { + data->set.is_fread_set = 0; + /* When set to NULL, reset to our internal default function */ + data->set.fread_func_set = (curl_read_callback)fread; + } + else + data->set.is_fread_set = 1; + break; + case CURLOPT_SEEKFUNCTION: + /* + * Seek callback. Might be NULL. + */ + data->set.seek_func = va_arg(param, curl_seek_callback); + break; + case CURLOPT_SEEKDATA: + /* + * Seek control callback. Might be NULL. + */ + data->set.seek_client = va_arg(param, void *); + break; + case CURLOPT_CONV_FROM_NETWORK_FUNCTION: + /* + * "Convert from network encoding" callback + */ + data->set.convfromnetwork = va_arg(param, curl_conv_callback); + break; + case CURLOPT_CONV_TO_NETWORK_FUNCTION: + /* + * "Convert to network encoding" callback + */ + data->set.convtonetwork = va_arg(param, curl_conv_callback); + break; + case CURLOPT_CONV_FROM_UTF8_FUNCTION: + /* + * "Convert from UTF-8 encoding" callback + */ + data->set.convfromutf8 = va_arg(param, curl_conv_callback); + break; + case CURLOPT_IOCTLFUNCTION: + /* + * I/O control callback. Might be NULL. + */ + data->set.ioctl_func = va_arg(param, curl_ioctl_callback); + break; + case CURLOPT_IOCTLDATA: + /* + * I/O control data pointer. Might be NULL. + */ + data->set.ioctl_client = va_arg(param, void *); + break; + case CURLOPT_SSLCERT: + /* + * String that holds file name of the SSL certificate to use + */ + result = Curl_setstropt(&data->set.str[STRING_CERT_ORIG], + va_arg(param, char *)); + break; + case CURLOPT_PROXY_SSLCERT: + /* + * String that holds file name of the SSL certificate to use for proxy + */ + result = Curl_setstropt(&data->set.str[STRING_CERT_PROXY], + va_arg(param, char *)); + break; + case CURLOPT_SSLCERTTYPE: + /* + * String that holds file type of the SSL certificate to use + */ + result = Curl_setstropt(&data->set.str[STRING_CERT_TYPE_ORIG], + va_arg(param, char *)); + break; + case CURLOPT_PROXY_SSLCERTTYPE: + /* + * String that holds file type of the SSL certificate to use for proxy + */ + result = Curl_setstropt(&data->set.str[STRING_CERT_TYPE_PROXY], + va_arg(param, char *)); + break; + case CURLOPT_SSLKEY: + /* + * String that holds file name of the SSL key to use + */ + result = Curl_setstropt(&data->set.str[STRING_KEY_ORIG], + va_arg(param, char *)); + break; + case CURLOPT_PROXY_SSLKEY: + /* + * String that holds file name of the SSL key to use for proxy + */ + result = Curl_setstropt(&data->set.str[STRING_KEY_PROXY], + va_arg(param, char *)); + break; + case CURLOPT_SSLKEYTYPE: + /* + * String that holds file type of the SSL key to use + */ + result = Curl_setstropt(&data->set.str[STRING_KEY_TYPE_ORIG], + va_arg(param, char *)); + break; + case CURLOPT_PROXY_SSLKEYTYPE: + /* + * String that holds file type of the SSL key to use for proxy + */ + result = Curl_setstropt(&data->set.str[STRING_KEY_TYPE_PROXY], + va_arg(param, char *)); + break; + case CURLOPT_KEYPASSWD: + /* + * String that holds the SSL or SSH private key password. + */ + result = Curl_setstropt(&data->set.str[STRING_KEY_PASSWD_ORIG], + va_arg(param, char *)); + break; + case CURLOPT_PROXY_KEYPASSWD: + /* + * String that holds the SSL private key password for proxy. + */ + result = Curl_setstropt(&data->set.str[STRING_KEY_PASSWD_PROXY], + va_arg(param, char *)); + break; + case CURLOPT_SSLENGINE: + /* + * String that holds the SSL crypto engine. + */ + argptr = va_arg(param, char *); + if(argptr && argptr[0]) + result = Curl_ssl_set_engine(data, argptr); + break; + + case CURLOPT_SSLENGINE_DEFAULT: + /* + * flag to set engine as default. + */ + result = Curl_ssl_set_engine_default(data); + break; + case CURLOPT_CRLF: + /* + * Kludgy option to enable CRLF conversions. Subject for removal. + */ + data->set.crlf = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_INTERFACE: + /* + * Set what interface or address/hostname to bind the socket to when + * performing an operation and thus what from-IP your connection will use. + */ + result = Curl_setstropt(&data->set.str[STRING_DEVICE], + va_arg(param, char *)); + break; + case CURLOPT_LOCALPORT: + /* + * Set what local port to bind the socket to when performing an operation. + */ + arg = va_arg(param, long); + if((arg < 0) || (arg > 65535)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.localport = curlx_sltous(arg); + break; + case CURLOPT_LOCALPORTRANGE: + /* + * Set number of local ports to try, starting with CURLOPT_LOCALPORT. + */ + arg = va_arg(param, long); + if((arg < 0) || (arg > 65535)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.localportrange = curlx_sltosi(arg); + break; + case CURLOPT_KRBLEVEL: + /* + * A string that defines the kerberos security level. + */ + result = Curl_setstropt(&data->set.str[STRING_KRB_LEVEL], + va_arg(param, char *)); + data->set.krb = (data->set.str[STRING_KRB_LEVEL]) ? TRUE : FALSE; + break; + case CURLOPT_GSSAPI_DELEGATION: + /* + * GSS-API credential delegation bitmask + */ + arg = va_arg(param, long); + if(arg < CURLGSSAPI_DELEGATION_NONE) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.gssapi_delegation = arg; + break; + case CURLOPT_SSL_VERIFYPEER: + /* + * Enable peer SSL verifying. + */ + data->set.ssl.primary.verifypeer = (0 != va_arg(param, long)) ? + TRUE : FALSE; + + /* Update the current connection ssl_config. */ + if(data->easy_conn) { + data->easy_conn->ssl_config.verifypeer = + data->set.ssl.primary.verifypeer; + } + break; + case CURLOPT_PROXY_SSL_VERIFYPEER: + /* + * Enable peer SSL verifying for proxy. + */ + data->set.proxy_ssl.primary.verifypeer = + (0 != va_arg(param, long))?TRUE:FALSE; + + /* Update the current connection proxy_ssl_config. */ + if(data->easy_conn) { + data->easy_conn->proxy_ssl_config.verifypeer = + data->set.proxy_ssl.primary.verifypeer; + } + break; + case CURLOPT_SSL_VERIFYHOST: + /* + * Enable verification of the host name in the peer certificate + */ + arg = va_arg(param, long); + + /* Obviously people are not reading documentation and too many thought + this argument took a boolean when it wasn't and misused it. We thus ban + 1 as a sensible input and we warn about its use. Then we only have the + 2 action internally stored as TRUE. */ + + if(1 == arg) { + failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!"); + return CURLE_BAD_FUNCTION_ARGUMENT; + } + + data->set.ssl.primary.verifyhost = (0 != arg) ? TRUE : FALSE; + + /* Update the current connection ssl_config. */ + if(data->easy_conn) { + data->easy_conn->ssl_config.verifyhost = + data->set.ssl.primary.verifyhost; + } + break; + case CURLOPT_PROXY_SSL_VERIFYHOST: + /* + * Enable verification of the host name in the peer certificate for proxy + */ + arg = va_arg(param, long); + + /* Obviously people are not reading documentation and too many thought + this argument took a boolean when it wasn't and misused it. We thus ban + 1 as a sensible input and we warn about its use. Then we only have the + 2 action internally stored as TRUE. */ + + if(1 == arg) { + failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!"); + return CURLE_BAD_FUNCTION_ARGUMENT; + } + + data->set.proxy_ssl.primary.verifyhost = (0 != arg)?TRUE:FALSE; + + /* Update the current connection proxy_ssl_config. */ + if(data->easy_conn) { + data->easy_conn->proxy_ssl_config.verifyhost = + data->set.proxy_ssl.primary.verifyhost; + } + break; + case CURLOPT_SSL_VERIFYSTATUS: + /* + * Enable certificate status verifying. + */ + if(!Curl_ssl_cert_status_request()) { + result = CURLE_NOT_BUILT_IN; + break; + } + + data->set.ssl.primary.verifystatus = (0 != va_arg(param, long)) ? + TRUE : FALSE; + + /* Update the current connection ssl_config. */ + if(data->easy_conn) { + data->easy_conn->ssl_config.verifystatus = + data->set.ssl.primary.verifystatus; + } + break; + case CURLOPT_SSL_CTX_FUNCTION: + /* + * Set a SSL_CTX callback + */ +#ifdef USE_SSL + if(Curl_ssl->have_ssl_ctx) + data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback); + else +#endif + result = CURLE_NOT_BUILT_IN; + break; + case CURLOPT_SSL_CTX_DATA: + /* + * Set a SSL_CTX callback parameter pointer + */ +#ifdef USE_SSL + if(Curl_ssl->have_ssl_ctx) + data->set.ssl.fsslctxp = va_arg(param, void *); + else +#endif + result = CURLE_NOT_BUILT_IN; + break; + case CURLOPT_SSL_FALSESTART: + /* + * Enable TLS false start. + */ + if(!Curl_ssl_false_start()) { + result = CURLE_NOT_BUILT_IN; + break; + } + + data->set.ssl.falsestart = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_CERTINFO: +#ifdef USE_SSL + if(Curl_ssl->have_certinfo) + data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE; + else +#endif + result = CURLE_NOT_BUILT_IN; + break; + case CURLOPT_PINNEDPUBLICKEY: + /* + * Set pinned public key for SSL connection. + * Specify file name of the public key in DER format. + */ +#ifdef USE_SSL + if(Curl_ssl->have_pinnedpubkey) + result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG], + va_arg(param, char *)); + else +#endif + result = CURLE_NOT_BUILT_IN; + break; + case CURLOPT_PROXY_PINNEDPUBLICKEY: + /* + * Set pinned public key for SSL connection. + * Specify file name of the public key in DER format. + */ +#ifdef USE_SSL + if(Curl_ssl->have_pinnedpubkey) + result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY], + va_arg(param, char *)); + else +#endif + result = CURLE_NOT_BUILT_IN; + break; + case CURLOPT_CAINFO: + /* + * Set CA info for SSL connection. Specify file name of the CA certificate + */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_ORIG], + va_arg(param, char *)); + break; + case CURLOPT_PROXY_CAINFO: + /* + * Set CA info SSL connection for proxy. Specify file name of the + * CA certificate + */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_PROXY], + va_arg(param, char *)); + break; + case CURLOPT_CAPATH: + /* + * Set CA path info for SSL connection. Specify directory name of the CA + * certificates which have been prepared using openssl c_rehash utility. + */ +#ifdef USE_SSL + if(Curl_ssl->have_ca_path) + /* This does not work on windows. */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG], + va_arg(param, char *)); + else +#endif + result = CURLE_NOT_BUILT_IN; + break; + case CURLOPT_PROXY_CAPATH: + /* + * Set CA path info for SSL connection proxy. Specify directory name of the + * CA certificates which have been prepared using openssl c_rehash utility. + */ +#ifdef USE_SSL + if(Curl_ssl->have_ca_path) + /* This does not work on windows. */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY], + va_arg(param, char *)); + else +#endif + result = CURLE_NOT_BUILT_IN; + break; + case CURLOPT_CRLFILE: + /* + * Set CRL file info for SSL connection. Specify file name of the CRL + * to check certificates revocation + */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE_ORIG], + va_arg(param, char *)); + break; + case CURLOPT_PROXY_CRLFILE: + /* + * Set CRL file info for SSL connection for proxy. Specify file name of the + * CRL to check certificates revocation + */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE_PROXY], + va_arg(param, char *)); + break; + case CURLOPT_ISSUERCERT: + /* + * Set Issuer certificate file + * to check certificates issuer + */ + result = Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT_ORIG], + va_arg(param, char *)); + break; + case CURLOPT_TELNETOPTIONS: + /* + * Set a linked list of telnet options + */ + data->set.telnet_options = va_arg(param, struct curl_slist *); + break; + + case CURLOPT_BUFFERSIZE: + /* + * The application kindly asks for a differently sized receive buffer. + * If it seems reasonable, we'll use it. + */ + arg = va_arg(param, long); + + if(arg > READBUFFER_MAX) + arg = READBUFFER_MAX; + else if(arg < 1) + arg = READBUFFER_SIZE; + else if(arg < READBUFFER_MIN) + arg = READBUFFER_MIN; + + /* Resize if new size */ + if(arg != data->set.buffer_size) { + char *newbuff = realloc(data->state.buffer, arg + 1); + if(!newbuff) { + DEBUGF(fprintf(stderr, "Error: realloc of buffer failed\n")); + result = CURLE_OUT_OF_MEMORY; + } + else + data->state.buffer = newbuff; + } + data->set.buffer_size = arg; + + break; + + case CURLOPT_NOSIGNAL: + /* + * The application asks not to set any signal() or alarm() handlers, + * even when using a timeout. + */ + data->set.no_signal = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_SHARE: + { + struct Curl_share *set; + set = va_arg(param, struct Curl_share *); + + /* disconnect from old share, if any */ + if(data->share) { + Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE); + + if(data->dns.hostcachetype == HCACHE_SHARED) { + data->dns.hostcache = NULL; + data->dns.hostcachetype = HCACHE_NONE; + } + +#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) + if(data->share->cookies == data->cookies) + data->cookies = NULL; +#endif + + if(data->share->sslsession == data->state.session) + data->state.session = NULL; + + data->share->dirty--; + + Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); + data->share = NULL; + } + + /* use new share if it set */ + data->share = set; + if(data->share) { + + Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE); + + data->share->dirty++; + + if(data->share->specifier & (1<< CURL_LOCK_DATA_DNS)) { + /* use shared host cache */ + data->dns.hostcache = &data->share->hostcache; + data->dns.hostcachetype = HCACHE_SHARED; + } +#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) + if(data->share->cookies) { + /* use shared cookie list, first free own one if any */ + Curl_cookie_cleanup(data->cookies); + /* enable cookies since we now use a share that uses cookies! */ + data->cookies = data->share->cookies; + } +#endif /* CURL_DISABLE_HTTP */ + if(data->share->sslsession) { + data->set.general_ssl.max_ssl_sessions = data->share->max_ssl_sessions; + data->state.session = data->share->sslsession; + } + Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); + + } + /* check for host cache not needed, + * it will be done by curl_easy_perform */ + } + break; + + case CURLOPT_PRIVATE: + /* + * Set private data pointer. + */ + data->set.private_data = va_arg(param, void *); + break; + + case CURLOPT_MAXFILESIZE: + /* + * Set the maximum size of a file to download. + */ + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.max_filesize = arg; + break; + +#ifdef USE_SSL + case CURLOPT_USE_SSL: + /* + * Make transfers attempt to use SSL/TLS. + */ + arg = va_arg(param, long); + if((arg < CURLUSESSL_NONE) || (arg > CURLUSESSL_ALL)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.use_ssl = (curl_usessl)arg; + break; + + case CURLOPT_SSL_OPTIONS: + arg = va_arg(param, long); + data->set.ssl.enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE; + data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); + break; + + case CURLOPT_PROXY_SSL_OPTIONS: + arg = va_arg(param, long); + data->set.proxy_ssl.enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE; + data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); + break; + +#endif + case CURLOPT_FTPSSLAUTH: + /* + * Set a specific auth for FTP-SSL transfers. + */ + arg = va_arg(param, long); + if((arg < CURLFTPAUTH_DEFAULT) || (arg > CURLFTPAUTH_TLS)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.ftpsslauth = (curl_ftpauth)arg; + break; + + case CURLOPT_IPRESOLVE: + arg = va_arg(param, long); + if((arg < CURL_IPRESOLVE_WHATEVER) || (arg > CURL_IPRESOLVE_V6)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.ipver = arg; + break; + + case CURLOPT_MAXFILESIZE_LARGE: + /* + * Set the maximum size of a file to download. + */ + bigsize = va_arg(param, curl_off_t); + if(bigsize < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.max_filesize = bigsize; + break; + + case CURLOPT_TCP_NODELAY: + /* + * Enable or disable TCP_NODELAY, which will disable/enable the Nagle + * algorithm + */ + data->set.tcp_nodelay = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_FTP_ACCOUNT: + result = Curl_setstropt(&data->set.str[STRING_FTP_ACCOUNT], + va_arg(param, char *)); + break; + + case CURLOPT_IGNORE_CONTENT_LENGTH: + data->set.ignorecl = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_CONNECT_ONLY: + /* + * No data transfer, set up connection and let application use the socket + */ + data->set.connect_only = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_FTP_ALTERNATIVE_TO_USER: + result = Curl_setstropt(&data->set.str[STRING_FTP_ALTERNATIVE_TO_USER], + va_arg(param, char *)); + break; + + case CURLOPT_SOCKOPTFUNCTION: + /* + * socket callback function: called after socket() but before connect() + */ + data->set.fsockopt = va_arg(param, curl_sockopt_callback); + break; + + case CURLOPT_SOCKOPTDATA: + /* + * socket callback data pointer. Might be NULL. + */ + data->set.sockopt_client = va_arg(param, void *); + break; + + case CURLOPT_OPENSOCKETFUNCTION: + /* + * open/create socket callback function: called instead of socket(), + * before connect() + */ + data->set.fopensocket = va_arg(param, curl_opensocket_callback); + break; + + case CURLOPT_OPENSOCKETDATA: + /* + * socket callback data pointer. Might be NULL. + */ + data->set.opensocket_client = va_arg(param, void *); + break; + + case CURLOPT_CLOSESOCKETFUNCTION: + /* + * close socket callback function: called instead of close() + * when shutting down a connection + */ + data->set.fclosesocket = va_arg(param, curl_closesocket_callback); + break; + + case CURLOPT_CLOSESOCKETDATA: + /* + * socket callback data pointer. Might be NULL. + */ + data->set.closesocket_client = va_arg(param, void *); + break; + + case CURLOPT_SSL_SESSIONID_CACHE: + data->set.ssl.primary.sessionid = (0 != va_arg(param, long)) ? + TRUE : FALSE; + data->set.proxy_ssl.primary.sessionid = data->set.ssl.primary.sessionid; + break; + +#ifdef USE_LIBSSH2 + /* we only include SSH options if explicitly built to support SSH */ + case CURLOPT_SSH_AUTH_TYPES: + data->set.ssh_auth_types = va_arg(param, long); + break; + + case CURLOPT_SSH_PUBLIC_KEYFILE: + /* + * Use this file instead of the $HOME/.ssh/id_dsa.pub file + */ + result = Curl_setstropt(&data->set.str[STRING_SSH_PUBLIC_KEY], + va_arg(param, char *)); + break; + + case CURLOPT_SSH_PRIVATE_KEYFILE: + /* + * Use this file instead of the $HOME/.ssh/id_dsa file + */ + result = Curl_setstropt(&data->set.str[STRING_SSH_PRIVATE_KEY], + va_arg(param, char *)); + break; + case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5: + /* + * Option to allow for the MD5 of the host public key to be checked + * for validation purposes. + */ + result = Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5], + va_arg(param, char *)); + break; +#ifdef HAVE_LIBSSH2_KNOWNHOST_API + case CURLOPT_SSH_KNOWNHOSTS: + /* + * Store the file name to read known hosts from. + */ + result = Curl_setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS], + va_arg(param, char *)); + break; + + case CURLOPT_SSH_KEYFUNCTION: + /* setting to NULL is fine since the ssh.c functions themselves will + then rever to use the internal default */ + data->set.ssh_keyfunc = va_arg(param, curl_sshkeycallback); + break; + + case CURLOPT_SSH_KEYDATA: + /* + * Custom client data to pass to the SSH keyfunc callback + */ + data->set.ssh_keyfunc_userp = va_arg(param, void *); + break; +#endif /* HAVE_LIBSSH2_KNOWNHOST_API */ + +#endif /* USE_LIBSSH2 */ + + case CURLOPT_HTTP_TRANSFER_DECODING: + /* + * disable libcurl transfer encoding is used + */ + data->set.http_te_skip = (0 == va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_HTTP_CONTENT_DECODING: + /* + * raw data passed to the application when content encoding is used + */ + data->set.http_ce_skip = (0 == va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_NEW_FILE_PERMS: + /* + * Uses these permissions instead of 0644 + */ + arg = va_arg(param, long); + if((arg < 0) || (arg > 0777)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.new_file_perms = arg; + break; + + case CURLOPT_NEW_DIRECTORY_PERMS: + /* + * Uses these permissions instead of 0755 + */ + arg = va_arg(param, long); + if((arg < 0) || (arg > 0777)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.new_directory_perms = arg; + break; + + case CURLOPT_ADDRESS_SCOPE: + /* + * We always get longs when passed plain numericals, but for this value we + * know that an unsigned int will always hold the value so we blindly + * typecast to this type + */ + arg = va_arg(param, long); + if((arg < 0) || (arg > 0xf)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.scope_id = curlx_sltoui(arg); + break; + + case CURLOPT_PROTOCOLS: + /* set the bitmask for the protocols that are allowed to be used for the + transfer, which thus helps the app which takes URLs from users or other + external inputs and want to restrict what protocol(s) to deal + with. Defaults to CURLPROTO_ALL. */ + data->set.allowed_protocols = va_arg(param, long); + break; + + case CURLOPT_REDIR_PROTOCOLS: + /* set the bitmask for the protocols that libcurl is allowed to follow to, + as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs + to be set in both bitmasks to be allowed to get redirected to. Defaults + to all protocols except FILE and SCP. */ + data->set.redir_protocols = va_arg(param, long); + break; + + case CURLOPT_DEFAULT_PROTOCOL: + /* Set the protocol to use when the URL doesn't include any protocol */ + result = Curl_setstropt(&data->set.str[STRING_DEFAULT_PROTOCOL], + va_arg(param, char *)); + break; + + case CURLOPT_MAIL_FROM: + /* Set the SMTP mail originator */ + result = Curl_setstropt(&data->set.str[STRING_MAIL_FROM], + va_arg(param, char *)); + break; + + case CURLOPT_MAIL_AUTH: + /* Set the SMTP auth originator */ + result = Curl_setstropt(&data->set.str[STRING_MAIL_AUTH], + va_arg(param, char *)); + break; + + case CURLOPT_MAIL_RCPT: + /* Set the list of mail recipients */ + data->set.mail_rcpt = va_arg(param, struct curl_slist *); + break; + + case CURLOPT_SASL_IR: + /* Enable/disable SASL initial response */ + data->set.sasl_ir = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + + case CURLOPT_RTSP_REQUEST: + { + /* + * Set the RTSP request method (OPTIONS, SETUP, PLAY, etc...) + * Would this be better if the RTSPREQ_* were just moved into here? + */ + long curl_rtspreq = va_arg(param, long); + Curl_RtspReq rtspreq = RTSPREQ_NONE; + switch(curl_rtspreq) { + case CURL_RTSPREQ_OPTIONS: + rtspreq = RTSPREQ_OPTIONS; + break; + + case CURL_RTSPREQ_DESCRIBE: + rtspreq = RTSPREQ_DESCRIBE; + break; + + case CURL_RTSPREQ_ANNOUNCE: + rtspreq = RTSPREQ_ANNOUNCE; + break; + + case CURL_RTSPREQ_SETUP: + rtspreq = RTSPREQ_SETUP; + break; + + case CURL_RTSPREQ_PLAY: + rtspreq = RTSPREQ_PLAY; + break; + + case CURL_RTSPREQ_PAUSE: + rtspreq = RTSPREQ_PAUSE; + break; + + case CURL_RTSPREQ_TEARDOWN: + rtspreq = RTSPREQ_TEARDOWN; + break; + + case CURL_RTSPREQ_GET_PARAMETER: + rtspreq = RTSPREQ_GET_PARAMETER; + break; + + case CURL_RTSPREQ_SET_PARAMETER: + rtspreq = RTSPREQ_SET_PARAMETER; + break; + + case CURL_RTSPREQ_RECORD: + rtspreq = RTSPREQ_RECORD; + break; + + case CURL_RTSPREQ_RECEIVE: + rtspreq = RTSPREQ_RECEIVE; + break; + default: + rtspreq = RTSPREQ_NONE; + } + + data->set.rtspreq = rtspreq; + break; + } + + + case CURLOPT_RTSP_SESSION_ID: + /* + * Set the RTSP Session ID manually. Useful if the application is + * resuming a previously established RTSP session + */ + result = Curl_setstropt(&data->set.str[STRING_RTSP_SESSION_ID], + va_arg(param, char *)); + break; + + case CURLOPT_RTSP_STREAM_URI: + /* + * Set the Stream URI for the RTSP request. Unless the request is + * for generic server options, the application will need to set this. + */ + result = Curl_setstropt(&data->set.str[STRING_RTSP_STREAM_URI], + va_arg(param, char *)); + break; + + case CURLOPT_RTSP_TRANSPORT: + /* + * The content of the Transport: header for the RTSP request + */ + result = Curl_setstropt(&data->set.str[STRING_RTSP_TRANSPORT], + va_arg(param, char *)); + break; + + case CURLOPT_RTSP_CLIENT_CSEQ: + /* + * Set the CSEQ number to issue for the next RTSP request. Useful if the + * application is resuming a previously broken connection. The CSEQ + * will increment from this new number henceforth. + */ + data->state.rtsp_next_client_CSeq = va_arg(param, long); + break; + + case CURLOPT_RTSP_SERVER_CSEQ: + /* Same as the above, but for server-initiated requests */ + data->state.rtsp_next_client_CSeq = va_arg(param, long); + break; + + case CURLOPT_INTERLEAVEDATA: + data->set.rtp_out = va_arg(param, void *); + break; + case CURLOPT_INTERLEAVEFUNCTION: + /* Set the user defined RTP write function */ + data->set.fwrite_rtp = va_arg(param, curl_write_callback); + break; + + case CURLOPT_WILDCARDMATCH: + data->set.wildcard_enabled = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_CHUNK_BGN_FUNCTION: + data->set.chunk_bgn = va_arg(param, curl_chunk_bgn_callback); + break; + case CURLOPT_CHUNK_END_FUNCTION: + data->set.chunk_end = va_arg(param, curl_chunk_end_callback); + break; + case CURLOPT_FNMATCH_FUNCTION: + data->set.fnmatch = va_arg(param, curl_fnmatch_callback); + break; + case CURLOPT_CHUNK_DATA: + data->wildcard.customptr = va_arg(param, void *); + break; + case CURLOPT_FNMATCH_DATA: + data->set.fnmatch_data = va_arg(param, void *); + break; +#ifdef USE_TLS_SRP + case CURLOPT_TLSAUTH_USERNAME: + result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_ORIG], + va_arg(param, char *)); + if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] && !data->set.ssl.authtype) + data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ + break; + case CURLOPT_PROXY_TLSAUTH_USERNAME: + result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], + va_arg(param, char *)); + if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && + !data->set.proxy_ssl.authtype) + data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ + break; + case CURLOPT_TLSAUTH_PASSWORD: + result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_ORIG], + va_arg(param, char *)); + if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] && !data->set.ssl.authtype) + data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ + break; + case CURLOPT_PROXY_TLSAUTH_PASSWORD: + result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], + va_arg(param, char *)); + if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && + !data->set.proxy_ssl.authtype) + data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ + break; + case CURLOPT_TLSAUTH_TYPE: + argptr = va_arg(param, char *); + if(!argptr || + strncasecompare(argptr, "SRP", strlen("SRP"))) + data->set.ssl.authtype = CURL_TLSAUTH_SRP; + else + data->set.ssl.authtype = CURL_TLSAUTH_NONE; + break; + case CURLOPT_PROXY_TLSAUTH_TYPE: + argptr = va_arg(param, char *); + if(!argptr || + strncasecompare(argptr, "SRP", strlen("SRP"))) + data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; + else + data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE; + break; +#endif + case CURLOPT_DNS_SERVERS: + result = Curl_set_dns_servers(data, va_arg(param, char *)); + break; + case CURLOPT_DNS_INTERFACE: + result = Curl_set_dns_interface(data, va_arg(param, char *)); + break; + case CURLOPT_DNS_LOCAL_IP4: + result = Curl_set_dns_local_ip4(data, va_arg(param, char *)); + break; + case CURLOPT_DNS_LOCAL_IP6: + result = Curl_set_dns_local_ip6(data, va_arg(param, char *)); + break; + + case CURLOPT_TCP_KEEPALIVE: + data->set.tcp_keepalive = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_TCP_KEEPIDLE: + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.tcp_keepidle = arg; + break; + case CURLOPT_TCP_KEEPINTVL: + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.tcp_keepintvl = arg; + break; + case CURLOPT_TCP_FASTOPEN: +#if defined(CONNECT_DATA_IDEMPOTENT) || defined(MSG_FASTOPEN) || \ + defined(TCP_FASTOPEN_CONNECT) + data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE; +#else + result = CURLE_NOT_BUILT_IN; +#endif + break; + case CURLOPT_SSL_ENABLE_NPN: + data->set.ssl_enable_npn = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_SSL_ENABLE_ALPN: + data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + +#ifdef USE_UNIX_SOCKETS + case CURLOPT_UNIX_SOCKET_PATH: + data->set.abstract_unix_socket = FALSE; + result = Curl_setstropt(&data->set.str[STRING_UNIX_SOCKET_PATH], + va_arg(param, char *)); + break; + case CURLOPT_ABSTRACT_UNIX_SOCKET: + data->set.abstract_unix_socket = TRUE; + result = Curl_setstropt(&data->set.str[STRING_UNIX_SOCKET_PATH], + va_arg(param, char *)); + break; +#endif + + case CURLOPT_PATH_AS_IS: + data->set.path_as_is = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_PIPEWAIT: + data->set.pipewait = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; + case CURLOPT_STREAM_WEIGHT: +#ifndef USE_NGHTTP2 + return CURLE_NOT_BUILT_IN; +#else + arg = va_arg(param, long); + if((arg >= 1) && (arg <= 256)) + data->set.stream_weight = (int)arg; + break; +#endif + case CURLOPT_STREAM_DEPENDS: + case CURLOPT_STREAM_DEPENDS_E: + { +#ifndef USE_NGHTTP2 + return CURLE_NOT_BUILT_IN; +#else + struct Curl_easy *dep = va_arg(param, struct Curl_easy *); + if(!dep || GOOD_EASY_HANDLE(dep)) { + if(data->set.stream_depends_on) { + Curl_http2_remove_child(data->set.stream_depends_on, data); + } + Curl_http2_add_child(dep, data, (option == CURLOPT_STREAM_DEPENDS_E)); + } + break; +#endif + } + case CURLOPT_CONNECT_TO: + data->set.connect_to = va_arg(param, struct curl_slist *); + break; + case CURLOPT_SUPPRESS_CONNECT_HEADERS: + data->set.suppress_connect_headers = (0 != va_arg(param, long))?TRUE:FALSE; + break; + case CURLOPT_SSH_COMPRESSION: + data->set.ssh_compression = (0 != va_arg(param, long))?TRUE:FALSE; + break; + default: + /* unknown tag and its companion, just ignore: */ + result = CURLE_UNKNOWN_OPTION; + break; + } + + return result; +} + +/* + * curl_easy_setopt() is the external interface for setting options on an + * easy handle. + */ + +#undef curl_easy_setopt +CURLcode curl_easy_setopt(struct Curl_easy *data, CURLoption tag, ...) +{ + va_list arg; + CURLcode result; + + if(!data) + return CURLE_BAD_FUNCTION_ARGUMENT; + + va_start(arg, tag); + + result = setopt(data, tag, arg); + + va_end(arg); + return result; +} + diff -Nru curl-7.55.1/lib/setopt.h curl-7.57.0/lib/setopt.h --- curl-7.55.1/lib/setopt.h 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/lib/setopt.h 2017-11-26 13:19:01.000000000 +0000 @@ -0,0 +1,27 @@ +#ifndef HEADER_CURL_SETOPT_H +#define HEADER_CURL_SETOPT_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +CURLcode Curl_setstropt(char **charp, const char *s); + +#endif /* HEADER_CURL_SETOPT_H */ diff -Nru curl-7.55.1/lib/sha256.c curl-7.57.0/lib/sha256.c --- curl-7.55.1/lib/sha256.c 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.57.0/lib/sha256.c 2017-11-26 13:19:01.000000000 +0000 @@ -0,0 +1,262 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2016, Florin Petriuc, + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#ifndef CURL_DISABLE_CRYPTO_AUTH + +#include "warnless.h" +#include "curl_sha256.h" + +#if defined(USE_OPENSSL) + +/* When OpenSSL is available we use the SHA256-function from OpenSSL */ +#include + +#else + +/* When no other crypto library is available we use this code segment */ + +/* ===== start - public domain SHA256 implementation ===== */ +/* This is based on SHA256 implementation in LibTomCrypt that was released into + * public domain by Tom St Denis. */ + +#define WPA_GET_BE32(a) ((((unsigned long)(a)[0]) << 24) | \ + (((unsigned long)(a)[1]) << 16) | \ + (((unsigned long)(a)[2]) << 8) | \ + ((unsigned long)(a)[3])) +#define WPA_PUT_BE32(a, val) \ +do { \ + (a)[0] = (unsigned char)((((unsigned long) (val)) >> 24) & 0xff); \ + (a)[1] = (unsigned char)((((unsigned long) (val)) >> 16) & 0xff); \ + (a)[2] = (unsigned char)((((unsigned long) (val)) >> 8) & 0xff); \ + (a)[3] = (unsigned char)(((unsigned long) (val)) & 0xff); \ +} while(0) + +#ifdef HAVE_LONGLONG +#define WPA_PUT_BE64(a, val) \ +do { \ + (a)[0] = (unsigned char)(((unsigned long long)(val)) >> 56); \ + (a)[1] = (unsigned char)(((unsigned long long)(val)) >> 48); \ + (a)[2] = (unsigned char)(((unsigned long long)(val)) >> 40); \ + (a)[3] = (unsigned char)(((unsigned long long)(val)) >> 32); \ + (a)[4] = (unsigned char)(((unsigned long long)(val)) >> 24); \ + (a)[5] = (unsigned char)(((unsigned long long)(val)) >> 16); \ + (a)[6] = (unsigned char)(((unsigned long long)(val)) >> 8); \ + (a)[7] = (unsigned char)(((unsigned long long)(val)) & 0xff); \ +} while(0) +#else +#define WPA_PUT_BE64(a, val) \ +do { \ + (a)[0] = (unsigned char)(((unsigned __int64)(val)) >> 56); \ + (a)[1] = (unsigned char)(((unsigned __int64)(val)) >> 48); \ + (a)[2] = (unsigned char)(((unsigned __int64)(val)) >> 40); \ + (a)[3] = (unsigned char)(((unsigned __int64)(val)) >> 32); \ + (a)[4] = (unsigned char)(((unsigned __int64)(val)) >> 24); \ + (a)[5] = (unsigned char)(((unsigned __int64)(val)) >> 16); \ + (a)[6] = (unsigned char)(((unsigned __int64)(val)) >> 8); \ + (a)[7] = (unsigned char)(((unsigned __int64)(val)) & 0xff); \ +} while(0) +#endif + +typedef struct sha256_state { +#ifdef HAVE_LONGLONG + unsigned long long length; +#else + unsigned __int64 length; +#endif + unsigned long state[8], curlen; + unsigned char buf[64]; +} SHA256_CTX; +/* the K array */ +static const unsigned long K[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, + 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, + 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, + 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, + 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, + 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, + 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, + 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, + 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, + 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; +/* Various logical functions */ +#define RORc(x, y) \ +(((((unsigned long)(x) & 0xFFFFFFFFUL) >> (unsigned long)((y) & 31)) | \ + ((unsigned long)(x) << (unsigned long)(32 - ((y) & 31)))) & 0xFFFFFFFFUL) +#define Ch(x,y,z) (z ^ (x & (y ^ z))) +#define Maj(x,y,z) (((x | y) & z) | (x & y)) +#define S(x, n) RORc((x), (n)) +#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) +#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) +#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) +#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) +#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) +#ifndef MIN +#define MIN(x, y) (((x) < (y)) ? (x) : (y)) +#endif +/* compress 512-bits */ +static int sha256_compress(struct sha256_state *md, + unsigned char *buf) +{ + unsigned long S[8], W[64], t0, t1; + unsigned long t; + int i; + /* copy state into S */ + for(i = 0; i < 8; i++) { + S[i] = md->state[i]; + } + /* copy the state into 512-bits into W[0..15] */ + for(i = 0; i < 16; i++) + W[i] = WPA_GET_BE32(buf + (4 * i)); + /* fill W[16..63] */ + for(i = 16; i < 64; i++) { + W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + + W[i - 16]; + } + /* Compress */ +#define RND(a,b,c,d,e,f,g,h,i) \ + t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ + t1 = Sigma0(a) + Maj(a, b, c); \ + d += t0; \ + h = t0 + t1; + for(i = 0; i < 64; ++i) { + RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i); + t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; + S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; + } + /* feedback */ + for(i = 0; i < 8; i++) { + md->state[i] = md->state[i] + S[i]; + } + return 0; +} +/* Initialize the hash state */ +static void SHA256_Init(struct sha256_state *md) +{ + md->curlen = 0; + md->length = 0; + md->state[0] = 0x6A09E667UL; + md->state[1] = 0xBB67AE85UL; + md->state[2] = 0x3C6EF372UL; + md->state[3] = 0xA54FF53AUL; + md->state[4] = 0x510E527FUL; + md->state[5] = 0x9B05688CUL; + md->state[6] = 0x1F83D9ABUL; + md->state[7] = 0x5BE0CD19UL; +} +/** + Process a block of memory though the hash + @param md The hash state + @param in The data to hash + @param inlen The length of the data (octets) + @return CRYPT_OK if successful +*/ +static int SHA256_Update(struct sha256_state *md, + const unsigned char *in, + unsigned long inlen) +{ + unsigned long n; +#define block_size 64 + if(md->curlen > sizeof(md->buf)) + return -1; + while(inlen > 0) { + if(md->curlen == 0 && inlen >= block_size) { + if(sha256_compress(md, (unsigned char *)in) < 0) + return -1; + md->length += block_size * 8; + in += block_size; + inlen -= block_size; + } + else { + n = MIN(inlen, (block_size - md->curlen)); + memcpy(md->buf + md->curlen, in, n); + md->curlen += n; + in += n; + inlen -= n; + if(md->curlen == block_size) { + if(sha256_compress(md, md->buf) < 0) + return -1; + md->length += 8 * block_size; + md->curlen = 0; + } + } + } + return 0; +} +/** + Terminate the hash to get the digest + @param md The hash state + @param out [out] The destination of the hash (32 bytes) + @return CRYPT_OK if successful +*/ +static int SHA256_Final(unsigned char *out, + struct sha256_state *md) +{ + int i; + if(md->curlen >= sizeof(md->buf)) + return -1; + /* increase the length of the message */ + md->length += md->curlen * 8; + /* append the '1' bit */ + md->buf[md->curlen++] = (unsigned char)0x80; + /* if the length is currently above 56 bytes we append zeros + * then compress. Then we can fall back to padding zeros and length + * encoding like normal. + */ + if(md->curlen > 56) { + while(md->curlen < 64) { + md->buf[md->curlen++] = (unsigned char)0; + } + sha256_compress(md, md->buf); + md->curlen = 0; + } + /* pad upto 56 bytes of zeroes */ + while(md->curlen < 56) { + md->buf[md->curlen++] = (unsigned char)0; + } + /* store length */ + WPA_PUT_BE64(md->buf + 56, md->length); + sha256_compress(md, md->buf); + /* copy output */ + for(i = 0; i < 8; i++) + WPA_PUT_BE32(out + (4 * i), md->state[i]); + return 0; +} +/* ===== end - public domain SHA256 implementation ===== */ + +#endif + +void Curl_sha256it(unsigned char *outbuffer, /* 32 unsigned chars */ + const unsigned char *input) +{ + SHA256_CTX ctx; + SHA256_Init(&ctx); + SHA256_Update(&ctx, input, curlx_uztoui(strlen((char *)input))); + SHA256_Final(outbuffer, &ctx); +} + +#endif /* CURL_DISABLE_CRYPTO_AUTH */ diff -Nru curl-7.55.1/lib/share.c curl-7.57.0/lib/share.c --- curl-7.55.1/lib/share.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/share.c 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -102,6 +102,8 @@ break; case CURL_LOCK_DATA_CONNECT: /* not supported (yet) */ + if(Curl_conncache_init(&share->conn_cache, 103)) + res = CURLSHE_NOMEM; break; default: @@ -186,6 +188,8 @@ return CURLSHE_IN_USE; } + Curl_conncache_close_all_connections(&share->conn_cache); + Curl_conncache_destroy(&share->conn_cache); Curl_hash_destroy(&share->hostcache); #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) diff -Nru curl-7.55.1/lib/share.h curl-7.57.0/lib/share.h --- curl-7.55.1/lib/share.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/share.h 2017-11-26 13:19:01.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,6 +26,7 @@ #include #include "cookie.h" #include "urldata.h" +#include "conncache.h" /* SalfordC says "A structure member may not be volatile". Hence: */ @@ -43,7 +44,7 @@ curl_lock_function lockfunc; curl_unlock_function unlockfunc; void *clientdata; - + struct conncache conn_cache; struct curl_hash hostcache; #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) struct CookieInfo *cookies; diff -Nru curl-7.55.1/lib/smb.c curl-7.57.0/lib/smb.c --- curl-7.55.1/lib/smb.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/smb.c 2017-11-26 13:19:01.000000000 +0000 @@ -648,7 +648,7 @@ if(smbc->state == SMB_CONNECTING) { #ifdef USE_SSL if((conn->handler->flags & PROTOPT_SSL)) { - bool ssl_done; + bool ssl_done = FALSE; result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &ssl_done); if(result && result != CURLE_AGAIN) return result; diff -Nru curl-7.55.1/lib/smtp.c curl-7.57.0/lib/smtp.c --- curl-7.55.1/lib/smtp.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/smtp.c 2017-11-28 15:23:39.000000000 +0000 @@ -67,6 +67,7 @@ #include "transfer.h" #include "escape.h" #include "http.h" /* for HTTP proxy tunnel stuff */ +#include "mime.h" #include "socks.h" #include "smtp.h" #include "strtoofft.h" @@ -530,8 +531,40 @@ } } + /* Prepare the mime data if some. */ + if(data->set.mimepost.kind != MIMEKIND_NONE) { + /* Use the whole structure as data. */ + data->set.mimepost.flags &= ~MIME_BODY_ONLY; + + /* Add external headers and mime version. */ + curl_mime_headers(&data->set.mimepost, data->set.headers, 0); + result = Curl_mime_prepare_headers(&data->set.mimepost, NULL, + NULL, MIMESTRATEGY_MAIL); + + if(!result) + if(!Curl_checkheaders(conn, "Mime-Version")) + result = Curl_mime_add_header(&data->set.mimepost.curlheaders, + "Mime-Version: 1.0"); + + /* Make sure we will read the entire mime structure. */ + if(!result) + result = Curl_mime_rewind(&data->set.mimepost); + + if(result) { + free(from); + free(auth); + return result; + } + + data->state.infilesize = Curl_mime_size(&data->set.mimepost); + + /* Read from mime structure. */ + data->state.fread_func = (curl_read_callback) Curl_mime_read; + data->state.in = (void *) &data->set.mimepost; + } + /* Calculate the optional SIZE parameter */ - if(conn->proto.smtpc.size_supported && conn->data->state.infilesize > 0) { + if(conn->proto.smtpc.size_supported && data->state.infilesize > 0) { size = aprintf("%" CURL_FORMAT_CURL_OFF_T, data->state.infilesize); if(!size) { @@ -1155,11 +1188,15 @@ if(!smtp || !pp->conn) return CURLE_OK; + /* Cleanup our per-request based variables */ + Curl_safefree(smtp->custom); + if(status) { connclose(conn, "SMTP done with bad status"); /* marked for closure */ result = status; /* use the already set error code */ } - else if(!data->set.connect_only && data->set.upload && data->set.mail_rcpt) { + else if(!data->set.connect_only && data->set.mail_rcpt && + (data->set.upload || data->set.mimepost.kind)) { /* Calculate the EOB taking into account any terminating CRLF from the previous line of the email or the CRLF of the DATA command when there is "no mail data". RFC-5321, sect. 4.1.1.4. @@ -1196,7 +1233,7 @@ } else { /* Successfully sent so adjust the response timeout relative to now */ - pp->response = Curl_tvnow(); + pp->response = Curl_now(); free(eob); } @@ -1212,9 +1249,6 @@ result = smtp_block_statemach(conn); } - /* Cleanup our per-request based variables */ - Curl_safefree(smtp->custom); - /* Clear the transfer mode for the next request */ smtp->transfer = FTPTRANSFER_BODY; @@ -1249,7 +1283,7 @@ smtp->rcpt = data->set.mail_rcpt; /* Start the first command in the DO phase */ - if(data->set.upload && data->set.mail_rcpt) + if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt) /* MAIL transfer */ result = smtp_perform_mail(conn); else diff -Nru curl-7.55.1/lib/socks.c curl-7.57.0/lib/socks.c --- curl-7.55.1/lib/socks.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/socks.c 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -57,7 +57,7 @@ ssize_t nread; ssize_t allread = 0; int result; - time_t timeleft; + timediff_t timeleft; *n = 0; for(;;) { timeleft = Curl_timeleft(conn->data, NULL, TRUE); @@ -154,7 +154,7 @@ /* DNS resolve only for SOCKS4, not SOCKS4a */ if(!protocol4a) { struct Curl_dns_entry *dns; - Curl_addrinfo *hp=NULL; + Curl_addrinfo *hp = NULL; int rc; rc = Curl_resolv(conn, hostname, remote_port, &dns); @@ -171,7 +171,7 @@ * returns a Curl_addrinfo pointer that may not always look the same. */ if(dns) - hp=dns->addr; + hp = dns->addr; if(hp) { char buf[64]; Curl_printable_address(hp, buf, sizeof(buf)); @@ -213,7 +213,7 @@ return CURLE_COULDNT_CONNECT; } /* copy the proxy name WITH trailing zero */ - memcpy(socksreq + 8, proxy_user, plen+1); + memcpy(socksreq + 8, proxy_user, plen + 1); } /* @@ -306,7 +306,7 @@ ", request rejected or failed.", (unsigned char)socksreq[4], (unsigned char)socksreq[5], (unsigned char)socksreq[6], (unsigned char)socksreq[7], - (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]), + (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), (unsigned char)socksreq[1]); return CURLE_COULDNT_CONNECT; case 92: @@ -316,7 +316,7 @@ "identd on the client.", (unsigned char)socksreq[4], (unsigned char)socksreq[5], (unsigned char)socksreq[6], (unsigned char)socksreq[7], - (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]), + (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), (unsigned char)socksreq[1]); return CURLE_COULDNT_CONNECT; case 93: @@ -326,7 +326,7 @@ "report different user-ids.", (unsigned char)socksreq[4], (unsigned char)socksreq[5], (unsigned char)socksreq[6], (unsigned char)socksreq[7], - (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]), + (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), (unsigned char)socksreq[1]); return CURLE_COULDNT_CONNECT; default: @@ -335,7 +335,7 @@ ", Unknown.", (unsigned char)socksreq[4], (unsigned char)socksreq[5], (unsigned char)socksreq[6], (unsigned char)socksreq[7], - (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]), + (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), (unsigned char)socksreq[1]); return CURLE_COULDNT_CONNECT; } @@ -382,7 +382,7 @@ CURLcode code; curl_socket_t sock = conn->sock[sockindex]; struct Curl_easy *data = conn->data; - time_t timeout; + timediff_t timeout; bool socks5_resolve_local = (conn->socks_proxy.proxytype == CURLPROXY_SOCKS5) ? TRUE : FALSE; const size_t hostname_len = strlen(hostname); @@ -483,7 +483,7 @@ (void)curlx_nonblock(sock, FALSE); - result=Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread); + result = Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread); if(result || (actualread != 2)) { failf(data, "Unable to receive initial SOCKS5 response."); return CURLE_COULDNT_CONNECT; @@ -542,7 +542,7 @@ return CURLE_COULDNT_CONNECT; } - result=Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread); + result = Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread); if(result || (actualread != 2)) { failf(data, "Unable to receive SOCKS5 sub-negotiation response."); return CURLE_COULDNT_CONNECT; @@ -615,7 +615,7 @@ * returns a Curl_addrinfo pointer that may not always look the same. */ if(dns) - hp=dns->addr; + hp = dns->addr; if(hp) { int i; char buf[64]; diff -Nru curl-7.55.1/lib/socks_gssapi.c curl-7.57.0/lib/socks_gssapi.c --- curl-7.55.1/lib/socks_gssapi.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/socks_gssapi.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,8 +5,8 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2009, 2011, Markus Moeller, - * Copyright (C) 2012 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 2009, Markus Moeller, + * Copyright (C) 2012 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -65,7 +65,7 @@ &msg_ctx, &status_string); if(maj_stat == GSS_S_COMPLETE) { if(sizeof(buf) > len + status_string.length + 1) { - strcpy(buf+len, (char *) status_string.value); + strcpy(buf + len, (char *) status_string.value); len += status_string.length; } gss_release_buffer(&min_stat, &status_string); @@ -74,7 +74,7 @@ gss_release_buffer(&min_stat, &status_string); } if(sizeof(buf) > len + 3) { - strcpy(buf+len, ".\n"); + strcpy(buf + len, ".\n"); len += 2; } msg_ctx = 0; @@ -86,7 +86,7 @@ &msg_ctx, &status_string); if(maj_stat == GSS_S_COMPLETE) { if(sizeof(buf) > len + status_string.length) - strcpy(buf+len, (char *) status_string.value); + strcpy(buf + len, (char *) status_string.value); gss_release_buffer(&min_stat, &status_string); break; } @@ -119,7 +119,7 @@ gss_name_t server = GSS_C_NO_NAME; gss_name_t gss_client_name = GSS_C_NO_NAME; unsigned short us_length; - char *user=NULL; + char *user = NULL; unsigned char socksreq[4]; /* room for GSS-API exchange header only */ const char *serviceptr = data->set.str[STRING_PROXY_SERVICE_NAME] ? data->set.str[STRING_PROXY_SERVICE_NAME] : "rcmd"; @@ -146,11 +146,12 @@ } else { service.value = malloc(serviceptr_length + - strlen(conn->socks_proxy.host.name)+2); + strlen(conn->socks_proxy.host.name) + 2); if(!service.value) return CURLE_OUT_OF_MEMORY; - service.length = serviceptr_length + strlen(conn->socks_proxy.host.name)+1; - snprintf(service.value, service.length+1, "%s@%s", + service.length = serviceptr_length + + strlen(conn->socks_proxy.host.name) + 1; + snprintf(service.value, service.length + 1, "%s@%s", serviceptr, conn->socks_proxy.host.name); gss_major_status = gss_import_name(&gss_minor_status, &service, @@ -196,7 +197,7 @@ socksreq[0] = 1; /* GSS-API subnegotiation version */ socksreq[1] = 1; /* authentication message type */ us_length = htons((short)gss_send_token.length); - memcpy(socksreq+2, &us_length, sizeof(short)); + memcpy(socksreq + 2, &us_length, sizeof(short)); code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written); if(code || (4 != written)) { @@ -236,7 +237,7 @@ * +----+------+-----+----------------+ */ - result=Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread); + result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread); if(result || (actualread != 4)) { failf(data, "Failed to receive GSS-API authentication response."); gss_release_name(&gss_status, &server); @@ -261,11 +262,11 @@ return CURLE_COULDNT_CONNECT; } - memcpy(&us_length, socksreq+2, sizeof(short)); + memcpy(&us_length, socksreq + 2, sizeof(short)); us_length = ntohs(us_length); - gss_recv_token.length=us_length; - gss_recv_token.value=malloc(us_length); + gss_recv_token.length = us_length; + gss_recv_token.value = malloc(us_length); if(!gss_recv_token.value) { failf(data, "Could not allocate memory for GSS-API authentication " @@ -275,8 +276,8 @@ return CURLE_OUT_OF_MEMORY; } - result=Curl_blockread_all(conn, sock, (char *)gss_recv_token.value, - gss_recv_token.length, &actualread); + result = Curl_blockread_all(conn, sock, (char *)gss_recv_token.value, + gss_recv_token.length, &actualread); if(result || (actualread != us_length)) { failf(data, "Failed to receive GSS-API authentication token."); @@ -312,7 +313,7 @@ failf(data, "Failed to determine user name."); return CURLE_COULDNT_CONNECT; } - user=malloc(gss_send_token.length+1); + user = malloc(gss_send_token.length + 1); if(!user) { gss_delete_sec_context(&gss_status, &gss_context, NULL); gss_release_name(&gss_status, &gss_client_name); @@ -326,7 +327,7 @@ gss_release_buffer(&gss_status, &gss_send_token); infof(data, "SOCKS5 server authencticated user %s with GSS-API.\n",user); free(user); - user=NULL; + user = NULL; /* Do encryption */ socksreq[0] = 1; /* GSS-API subnegotiation version */ @@ -341,7 +342,7 @@ gss_enc = 1; infof(data, "SOCKS5 server supports GSS-API %s data protection.\n", - (gss_enc==0)?"no":((gss_enc==1)?"integrity":"confidentiality")); + (gss_enc == 0)?"no":((gss_enc==1)?"integrity":"confidentiality")); /* force for the moment to no data protection */ gss_enc = 0; /* @@ -376,7 +377,7 @@ */ if(data->set.socks5_gssapi_nec) { us_length = htons((short)1); - memcpy(socksreq+2, &us_length, sizeof(short)); + memcpy(socksreq + 2, &us_length, sizeof(short)); } else { gss_send_token.length = 1; @@ -401,7 +402,7 @@ gss_release_buffer(&gss_status, &gss_send_token); us_length = htons((short)gss_w_token.length); - memcpy(socksreq+2, &us_length, sizeof(short)); + memcpy(socksreq + 2, &us_length, sizeof(short)); } code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written); @@ -433,7 +434,7 @@ gss_release_buffer(&gss_status, &gss_w_token); } - result=Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread); + result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread); if(result || (actualread != 4)) { failf(data, "Failed to receive GSS-API encryption response."); gss_delete_sec_context(&gss_status, &gss_context, NULL); @@ -455,17 +456,17 @@ return CURLE_COULDNT_CONNECT; } - memcpy(&us_length, socksreq+2, sizeof(short)); + memcpy(&us_length, socksreq + 2, sizeof(short)); us_length = ntohs(us_length); - gss_recv_token.length= us_length; - gss_recv_token.value=malloc(gss_recv_token.length); + gss_recv_token.length = us_length; + gss_recv_token.value = malloc(gss_recv_token.length); if(!gss_recv_token.value) { gss_delete_sec_context(&gss_status, &gss_context, NULL); return CURLE_OUT_OF_MEMORY; } - result=Curl_blockread_all(conn, sock, (char *)gss_recv_token.value, - gss_recv_token.length, &actualread); + result = Curl_blockread_all(conn, sock, (char *)gss_recv_token.value, + gss_recv_token.length, &actualread); if(result || (actualread != us_length)) { failf(data, "Failed to receive GSS-API encryptrion type."); @@ -513,8 +514,8 @@ } infof(data, "SOCKS5 access with%s protection granted.\n", - (socksreq[0]==0)?"out GSS-API data": - ((socksreq[0]==1)?" GSS-API integrity":" GSS-API confidentiality")); + (socksreq[0] == 0)?"out GSS-API data": + ((socksreq[0] == 1)?" GSS-API integrity":" GSS-API confidentiality")); conn->socks5_gssapi_enctype = socksreq[0]; if(socksreq[0] == 0) diff -Nru curl-7.55.1/lib/socks_sspi.c curl-7.57.0/lib/socks_sspi.c --- curl-7.55.1/lib/socks_sspi.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/socks_sspi.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 2012 - 2017, Daniel Stenberg, , et al. * Copyright (C) 2009, 2011, Markus Moeller, * * This software is licensed as described in the file COPYING, which @@ -108,7 +108,7 @@ if(!service_name) return CURLE_OUT_OF_MEMORY; snprintf(service_name, service_length + - strlen(conn->socks_proxy.host.name)+2, "%s/%s", + strlen(conn->socks_proxy.host.name) + 2, "%s/%s", service, conn->socks_proxy.host.name); } @@ -199,7 +199,7 @@ socksreq[0] = 1; /* GSS-API subnegotiation version */ socksreq[1] = 1; /* authentication message type */ us_length = htons((short)sspi_send_token.cbBuffer); - memcpy(socksreq+2, &us_length, sizeof(short)); + memcpy(socksreq + 2, &us_length, sizeof(short)); code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written); if(code || (4 != written)) { @@ -283,7 +283,7 @@ return CURLE_COULDNT_CONNECT; } - memcpy(&us_length, socksreq+2, sizeof(short)); + memcpy(&us_length, socksreq + 2, sizeof(short)); us_length = ntohs(us_length); sspi_recv_token.cbBuffer = us_length; @@ -341,7 +341,7 @@ gss_enc = 1; infof(data, "SOCKS5 server supports GSS-API %s data protection.\n", - (gss_enc==0)?"no":((gss_enc==1)?"integrity":"confidentiality") ); + (gss_enc == 0)?"no":((gss_enc == 1)?"integrity":"confidentiality") ); /* force to no data protection, avoid encryption/decryption for now */ gss_enc = 0; /* @@ -377,7 +377,7 @@ if(data->set.socks5_gssapi_nec) { us_length = htons((short)1); - memcpy(socksreq+2, &us_length, sizeof(short)); + memcpy(socksreq + 2, &us_length, sizeof(short)); } else { status = s_pSecFn->QueryContextAttributes(&sspi_context, @@ -445,8 +445,8 @@ memcpy((PUCHAR) sspi_send_token.pvBuffer +(int)sspi_w_token[0].cbBuffer, sspi_w_token[1].pvBuffer, sspi_w_token[1].cbBuffer); memcpy((PUCHAR) sspi_send_token.pvBuffer - +sspi_w_token[0].cbBuffer - +sspi_w_token[1].cbBuffer, + + sspi_w_token[0].cbBuffer + + sspi_w_token[1].cbBuffer, sspi_w_token[2].pvBuffer, sspi_w_token[2].cbBuffer); s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); @@ -460,7 +460,7 @@ sspi_w_token[2].cbBuffer = 0; us_length = htons((short)sspi_send_token.cbBuffer); - memcpy(socksreq+2, &us_length, sizeof(short)); + memcpy(socksreq + 2, &us_length, sizeof(short)); } code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written); @@ -517,7 +517,7 @@ return CURLE_COULDNT_CONNECT; } - memcpy(&us_length, socksreq+2, sizeof(short)); + memcpy(&us_length, socksreq + 2, sizeof(short)); us_length = ntohs(us_length); sspi_w_token[0].cbBuffer = us_length; @@ -588,8 +588,8 @@ } infof(data, "SOCKS5 access with%s protection granted.\n", - (socksreq[0]==0)?"out GSS-API data": - ((socksreq[0]==1)?" GSS-API integrity":" GSS-API confidentiality")); + (socksreq[0] == 0)?"out GSS-API data": + ((socksreq[0] == 1)?" GSS-API integrity":" GSS-API confidentiality")); /* For later use if encryption is required conn->socks5_gssapi_enctype = socksreq[0]; diff -Nru curl-7.55.1/lib/speedcheck.c curl-7.57.0/lib/speedcheck.c --- curl-7.55.1/lib/speedcheck.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/speedcheck.c 2017-11-26 13:19:01.000000000 +0000 @@ -46,7 +46,7 @@ data->state.keeps_speed = now; else { /* how long has it been under the limit */ - time_t howlong = Curl_tvdiff(now, data->state.keeps_speed); + timediff_t howlong = Curl_timediff(now, data->state.keeps_speed); if(howlong >= data->set.low_speed_time * 1000) { /* too long */ diff -Nru curl-7.55.1/lib/splay.c curl-7.57.0/lib/splay.c --- curl-7.55.1/lib/splay.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/splay.c 2017-11-09 22:40:36.000000000 +0000 @@ -110,7 +110,7 @@ if(t != NULL) { t = Curl_splay(i, t); - if(compare(i, t->key)==0) { + if(compare(i, t->key) == 0) { /* There already exists a node in the tree with the very same key. Build a doubly-linked circular list of nodes. We add the new 'node' struct to the end of this list. */ diff -Nru curl-7.55.1/lib/splay.h curl-7.57.0/lib/splay.h --- curl-7.55.1/lib/splay.h 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/lib/splay.h 2017-11-09 22:40:36.000000000 +0000 @@ -54,8 +54,8 @@ struct Curl_tree *removenode, struct Curl_tree **newroot); -#define Curl_splaycomparekeys(i,j) ( ((i.tv_sec) < (j.tv_sec)) ? -1 : \ - ( ((i.tv_sec) > (j.tv_sec)) ? 1 : \ +#define Curl_splaycomparekeys(i,j) ( ((i.tv_sec) < (j.tv_sec)) ? -1 : \ + ( ((i.tv_sec) > (j.tv_sec)) ? 1 : \ ( ((i.tv_usec) < (j.tv_usec)) ? -1 : \ ( ((i.tv_usec) > (j.tv_usec)) ? 1 : 0)))) diff -Nru curl-7.55.1/lib/ssh.c curl-7.57.0/lib/ssh.c --- curl-7.55.1/lib/ssh.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/ssh.c 2017-11-27 07:50:21.000000000 +0000 @@ -428,14 +428,14 @@ /* Check for /~/, indicating relative to the user's home directory */ if(conn->handler->protocol & CURLPROTO_SCP) { - real_path = malloc(working_path_len+1); + real_path = malloc(working_path_len + 1); if(real_path == NULL) { free(working_path); return CURLE_OUT_OF_MEMORY; } if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) /* It is referenced to the home directory, so strip the leading '/~/' */ - memcpy(real_path, working_path+3, 4 + working_path_len-3); + memcpy(real_path, working_path + 3, 4 + working_path_len-3); else memcpy(real_path, working_path, 1 + working_path_len); } @@ -451,19 +451,19 @@ leading '/' */ memcpy(real_path, homedir, homelen); real_path[homelen] = '/'; - real_path[homelen+1] = '\0'; + real_path[homelen + 1] = '\0'; if(working_path_len > 3) { - memcpy(real_path+homelen+1, working_path + 3, + memcpy(real_path + homelen + 1, working_path + 3, 1 + working_path_len -3); } } else { - real_path = malloc(working_path_len+1); + real_path = malloc(working_path_len + 1); if(real_path == NULL) { free(working_path); return CURLE_OUT_OF_MEMORY; } - memcpy(real_path, working_path, 1+working_path_len); + memcpy(real_path, working_path, 1 + working_path_len); } } @@ -1813,7 +1813,7 @@ zero even though libssh2_sftp_open() failed previously! We need to work around that! */ sshc->actualcode = CURLE_SSH; - err=-1; + err = -1; } failf(data, "Upload failed: %s (%d/%d)", err>= LIBSSH2_FX_OK?sftp_libssh2_strerror(err):"ssh error", @@ -1831,7 +1831,7 @@ } if(seekerr != CURL_SEEKFUNC_OK) { - curl_off_t passed=0; + curl_off_t passed = 0; if(seekerr != CURL_SEEKFUNC_CANTSEEK) { failf(data, "Could not seek stream"); @@ -1983,13 +1983,13 @@ sshc->actualcode = result?result:CURLE_SSH; break; } - sshc->readdir_filename = malloc(PATH_MAX+1); + sshc->readdir_filename = malloc(PATH_MAX + 1); if(!sshc->readdir_filename) { state(conn, SSH_SFTP_CLOSE); sshc->actualcode = CURLE_OUT_OF_MEMORY; break; } - sshc->readdir_longentry = malloc(PATH_MAX+1); + sshc->readdir_longentry = malloc(PATH_MAX + 1); if(!sshc->readdir_longentry) { Curl_safefree(sshc->readdir_filename); state(conn, SSH_SFTP_CLOSE); @@ -2023,7 +2023,7 @@ break; } result = Curl_client_write(conn, CLIENTWRITE_BODY, - tmpLine, sshc->readdir_len+1); + tmpLine, sshc->readdir_len + 1); free(tmpLine); if(result) { @@ -2032,7 +2032,7 @@ } /* since this counts what we send to the client, we include the newline in this counter */ - data->req.bytecount += sshc->readdir_len+1; + data->req.bytecount += sshc->readdir_len + 1; /* output debug output if that is requested */ if(data->set.verbose) { @@ -2233,18 +2233,25 @@ curl_off_t from, to; char *ptr; char *ptr2; + CURLofft to_t; + CURLofft from_t; - from=curlx_strtoofft(conn->data->state.range, &ptr, 0); - while(*ptr && (ISSPACE(*ptr) || (*ptr=='-'))) + from_t = curlx_strtoofft(conn->data->state.range, &ptr, 0, &from); + if(from_t == CURL_OFFT_FLOW) + return CURLE_RANGE_ERROR; + while(*ptr && (ISSPACE(*ptr) || (*ptr == '-'))) ptr++; - to=curlx_strtoofft(ptr, &ptr2, 0); - if((ptr == ptr2) /* no "to" value given */ + to_t = curlx_strtoofft(ptr, &ptr2, 0, &to); + if(to_t == CURL_OFFT_FLOW) + return CURLE_RANGE_ERROR; + if((to_t == CURL_OFFT_INVAL) /* no "to" value given */ || (to >= size)) { to = size - 1; } - if(from < 0) { + if(from_t) { /* from is relative to end of file */ - from += size; + from = size - to; + to = size - 1; } if(from > size) { failf(data, "Offset (%" @@ -2340,8 +2347,8 @@ } sshc->sftp_handle = NULL; } - if(sftp_scp) - Curl_safefree(sftp_scp->path); + + Curl_safefree(sftp_scp->path); DEBUGF(infof(data, "SFTP DONE done\n")); @@ -2826,8 +2833,8 @@ while((sshc->state != SSH_STOP) && !result) { bool block; - time_t left = 1000; - struct curltime now = Curl_tvnow(); + timediff_t left = 1000; + struct curltime now = Curl_now(); result = ssh_statemach_act(conn, &block); if(result) @@ -2935,6 +2942,13 @@ return CURLE_FAILED_INIT; } + if(data->set.ssh_compression) { +#if LIBSSH2_VERSION_NUM >= 0x010208 + if(libssh2_session_flag(ssh->ssh_session, LIBSSH2_FLAG_COMPRESS, 1) < 0) +#endif + infof(data, "Failed to enable compression for ssh session\n"); + } + #ifdef HAVE_LIBSSH2_KNOWNHOST_API if(data->set.str[STRING_SSH_KNOWNHOSTS]) { int rc; @@ -3031,8 +3045,8 @@ data->req.size = -1; /* make sure this is unknown at this point */ sshc->actualcode = CURLE_OK; /* reset error code */ - sshc->secondCreateDirs =0; /* reset the create dir attempt state - variable */ + sshc->secondCreateDirs = 0; /* reset the create dir attempt state + variable */ Curl_pgrsSetUploadCounter(data, 0); Curl_pgrsSetDownloadCounter(data, 0); diff -Nru curl-7.55.1/lib/strcase.c curl-7.57.0/lib/strcase.c --- curl-7.55.1/lib/strcase.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/strcase.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -94,10 +94,11 @@ } /* - * Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant - * to be locale independent and only compare strings we know are safe for - * this. See https://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for - * some further explanation to why this function is necessary. + * Curl_strcasecompare() is for doing "raw" case insensitive strings. This is + * meant to be locale independent and only compare strings we know are safe + * for this. See + * https://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for some + * further explanation to why this function is necessary. * * The function is capable of comparing a-z case insensitively even for * non-ascii. diff -Nru curl-7.55.1/lib/strdup.c curl-7.57.0/lib/strdup.c --- curl-7.55.1/lib/strdup.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/strdup.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -44,11 +44,11 @@ if(len >= ((size_t)-1) / sizeof(char)) return (char *)NULL; - newstr = malloc((len+1)*sizeof(char)); + newstr = malloc((len + 1)*sizeof(char)); if(!newstr) return (char *)NULL; - memcpy(newstr, str, (len+1)*sizeof(char)); + memcpy(newstr, str, (len + 1)*sizeof(char)); return newstr; diff -Nru curl-7.55.1/lib/strtoofft.c curl-7.57.0/lib/strtoofft.c --- curl-7.55.1/lib/strtoofft.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/strtoofft.c 2017-11-10 16:47:30.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -20,6 +20,7 @@ * ***************************************************************************/ +#include #include "curl_setup.h" #include "strtoofft.h" @@ -32,7 +33,29 @@ * https://www.opengroup.org/onlinepubs/009695399/functions/strtoimax.html */ -#ifdef NEED_CURL_STRTOLL +#if (SIZEOF_CURL_OFF_T > SIZEOF_LONG) +# ifdef HAVE_STRTOLL +# define strtooff strtoll +# else +# if defined(_MSC_VER) && (_MSC_VER >= 1300) && (_INTEGRAL_MAX_BITS >= 64) +# if defined(_SAL_VERSION) + _Check_return_ _CRTIMP __int64 __cdecl _strtoi64( + _In_z_ const char *_String, + _Out_opt_ _Deref_post_z_ char **_EndPtr, _In_ int _Radix); +# else + _CRTIMP __int64 __cdecl _strtoi64(const char *_String, + char **_EndPtr, int _Radix); +# endif +# define strtooff _strtoi64 +# else +# define PRIVATE_STRTOOFF 1 +# endif +# endif +#else +# define strtooff strtol +#endif + +#ifdef PRIVATE_STRTOOFF /* Range tests can be used for alphanum decoding if characters are consecutive, like in ASCII. Else an array is scanned. Determine this condition now. */ @@ -48,11 +71,10 @@ static int get_char(char c, int base); /** - * Emulated version of the strtoll function. This extracts a long long + * Custom version of the strtooff function. This extracts a curl_off_t * value from the given input string and returns it. */ -curl_off_t -curlx_strtoll(const char *nptr, char **endptr, int base) +static curl_off_t strtooff(const char *nptr, char **endptr, int base) { char *end; int is_negative = 0; @@ -186,3 +208,37 @@ return value; } #endif /* Only present if we need strtoll, but don't have it. */ + +/* + * Parse a *positive* up to 64 bit number written in ascii. + */ +CURLofft curlx_strtoofft(const char *str, char **endp, int base, + curl_off_t *num) +{ + char *end; + curl_off_t number; + errno = 0; + *num = 0; /* clear by default */ + + DEBUGASSERT(str); + + while(*str && ISSPACE(*str)) + str++; + if('-' == *str) { + if(endp) + *endp = (char *)str; /* didn't actually move */ + return CURL_OFFT_INVAL; /* nothing parsed */ + } + number = strtooff(str, &end, base); + if(endp) + *endp = end; + if(errno == ERANGE) + /* overflow/underflow */ + return CURL_OFFT_FLOW; + else if(str == end) + /* nothing parsed */ + return CURL_OFFT_INVAL; + + *num = number; + return CURL_OFFT_OK; +} diff -Nru curl-7.55.1/lib/strtoofft.h curl-7.57.0/lib/strtoofft.h --- curl-7.55.1/lib/strtoofft.h 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/lib/strtoofft.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,31 +40,7 @@ * of 'long' the conversion function to use is strtol(). */ -#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG) -# ifdef HAVE_STRTOLL -# define curlx_strtoofft strtoll -# else -# if defined(_MSC_VER) && (_MSC_VER >= 1300) && (_INTEGRAL_MAX_BITS >= 64) -# if defined(_SAL_VERSION) - _Check_return_ _CRTIMP __int64 __cdecl _strtoi64( - _In_z_ const char *_String, - _Out_opt_ _Deref_post_z_ char **_EndPtr, _In_ int _Radix); -# else - _CRTIMP __int64 __cdecl _strtoi64(const char *_String, - char **_EndPtr, int _Radix); -# endif -# define curlx_strtoofft _strtoi64 -# else - curl_off_t curlx_strtoll(const char *nptr, char **endptr, int base); -# define curlx_strtoofft curlx_strtoll -# define NEED_CURL_STRTOLL 1 -# endif -# endif -#else -# define curlx_strtoofft strtol -#endif - -#if (CURL_SIZEOF_CURL_OFF_T == 4) +#if (SIZEOF_CURL_OFF_T == 4) # define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFF) #else /* assume CURL_SIZEOF_CURL_OFF_T == 8 */ @@ -72,4 +48,13 @@ #endif #define CURL_OFF_T_MIN (-CURL_OFF_T_MAX - CURL_OFF_T_C(1)) +typedef enum { + CURL_OFFT_OK, /* parsed fine */ + CURL_OFFT_FLOW, /* over or underflow */ + CURL_OFFT_INVAL /* nothing was parsed */ +} CURLofft; + +CURLofft curlx_strtoofft(const char *str, char **endp, int base, + curl_off_t *num); + #endif /* HEADER_CURL_STRTOOFFT_H */ diff -Nru curl-7.55.1/lib/telnet.c curl-7.57.0/lib/telnet.c --- curl-7.55.1/lib/telnet.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/telnet.c 2017-11-26 13:19:01.000000000 +0000 @@ -76,7 +76,7 @@ } WHILE_FALSE #define CURL_SB_ACCUM(x,c) \ do { \ - if(x->subpointer < (x->subbuffer+sizeof x->subbuffer)) \ + if(x->subpointer < (x->subbuffer + sizeof x->subbuffer)) \ *x->subpointer++ = (c); \ } WHILE_FALSE @@ -295,8 +295,8 @@ int i; struct TELNET *tn = (struct TELNET *) conn->data->req.protop; - for(i = 0;i < CURL_NTELOPTS;i++) { - if(i==CURL_TELOPT_ECHO) + for(i = 0; i < CURL_NTELOPTS; i++) { + if(i == CURL_TELOPT_ECHO) continue; if(tn->us_preferred[i] == CURL_YES) @@ -792,7 +792,7 @@ case CURL_TELOPT_NEW_ENVIRON: if(pointer[1] == CURL_TELQUAL_IS) { infof(data, " "); - for(i = 3;i < length;i++) { + for(i = 3; i < length; i++) { switch(pointer[i]) { case CURL_NEW_ENV_VAR: infof(data, ", "); @@ -843,7 +843,7 @@ tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES; } - for(head = data->set.telnet_options; head; head=head->next) { + for(head = data->set.telnet_options; head; head = head->next) { if(sscanf(head->data, "%127[^= ]%*[ =]%255s", option_keyword, option_arg) == 2) { @@ -890,8 +890,8 @@ /* To take care or not of the 8th bit in data exchange */ if(strcasecompare(option_keyword, "BINARY")) { - binary_option=atoi(option_arg); - if(binary_option!=1) { + binary_option = atoi(option_arg); + if(binary_option != 1) { tn->us_preferred[CURL_TELOPT_BINARY] = CURL_NO; tn->him_preferred[CURL_TELOPT_BINARY] = CURL_NO; } @@ -935,7 +935,7 @@ struct Curl_easy *data = conn->data; struct TELNET *tn = (struct TELNET *)data->req.protop; - printsub(data, '<', (unsigned char *)tn->subbuffer, CURL_SB_LEN(tn)+2); + printsub(data, '<', (unsigned char *)tn->subbuffer, CURL_SB_LEN(tn) + 2); switch(CURL_SB_GET(tn)) { case CURL_TELOPT_TTYPE: len = strlen(tn->subopt_ttype) + 4 + 2; @@ -967,7 +967,7 @@ CURL_TELQUAL_IS); len = 4; - for(v = tn->telnet_vars;v;v = v->next) { + for(v = tn->telnet_vars; v; v = v->next) { tmplen = (strlen(v->data) + 1); /* Add the variable only if it fits */ if(len + tmplen < (int)sizeof(temp)-6) { @@ -1019,8 +1019,8 @@ CURL_SB_ACCUM(tn, CURL_TELOPT_NAWS); /* We must deal either with litte or big endian processors */ /* Window size must be sent according to the 'network order' */ - x=htons(tn->subopt_wsx); - y=htons(tn->subopt_wsy); + x = htons(tn->subopt_wsx); + y = htons(tn->subopt_wsy); uc1 = (unsigned char *)&x; uc2 = (unsigned char *)&y; CURL_SB_ACCUM(tn, uc1[0]); @@ -1033,7 +1033,7 @@ CURL_SB_TERM(tn); /* data suboption is now ready */ - printsub(data, '>', (unsigned char *)tn->subbuffer+2, + printsub(data, '>', (unsigned char *)tn->subbuffer + 2, CURL_SB_LEN(tn)-2); /* we send the header of the suboption... */ @@ -1044,9 +1044,9 @@ } /* ... then the window size with the send_telnet_data() function to deal with 0xFF cases ... */ - send_telnet_data(conn, (char *)tn->subbuffer+3, 4); + send_telnet_data(conn, (char *)tn->subbuffer + 3, 4); /* ... and the footer */ - bytes_written = swrite(conn->sock[FIRSTSOCKET], tn->subbuffer+7, 2); + bytes_written = swrite(conn->sock[FIRSTSOCKET], tn->subbuffer + 7, 2); if(bytes_written < 0) { err = SOCKERRNO; failf(data, "Sending data failed (%d)", err); @@ -1064,7 +1064,7 @@ unsigned char c; CURLcode result; int in = 0; - int startwrite=-1; + int startwrite = -1; struct Curl_easy *data = conn->data; struct TELNET *tn = (struct TELNET *)data->req.protop; @@ -1560,8 +1560,8 @@ } if(data->set.timeout) { - now = Curl_tvnow(); - if(Curl_tvdiff(now, conn->created) >= data->set.timeout) { + now = Curl_now(); + if(Curl_timediff(now, conn->created) >= data->set.timeout) { failf(data, "Time-out"); result = CURLE_OPERATION_TIMEDOUT; keepon = FALSE; @@ -1678,8 +1678,8 @@ } /* poll switch statement */ if(data->set.timeout) { - now = Curl_tvnow(); - if(Curl_tvdiff(now, conn->created) >= data->set.timeout) { + now = Curl_now(); + if(Curl_timediff(now, conn->created) >= data->set.timeout) { failf(data, "Time-out"); result = CURLE_OPERATION_TIMEDOUT; keepon = FALSE; diff -Nru curl-7.55.1/lib/tftp.c curl-7.57.0/lib/tftp.c --- curl-7.55.1/lib/tftp.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/tftp.c 2017-11-26 13:19:01.000000000 +0000 @@ -76,12 +76,12 @@ #define TFTP_OPTION_INTERVAL "timeout" typedef enum { - TFTP_MODE_NETASCII=0, + TFTP_MODE_NETASCII = 0, TFTP_MODE_OCTET } tftp_mode_t; typedef enum { - TFTP_STATE_START=0, + TFTP_STATE_START = 0, TFTP_STATE_RX, TFTP_STATE_TX, TFTP_STATE_FIN @@ -100,7 +100,7 @@ } tftp_event_t; typedef enum { - TFTP_ERR_UNDEF=0, + TFTP_ERR_UNDEF = 0, TFTP_ERR_NOTFOUND, TFTP_ERR_PERM, TFTP_ERR_DISKFULL, @@ -200,7 +200,7 @@ static CURLcode tftp_set_timeouts(tftp_state_data_t *state) { time_t maxtime, timeout; - time_t timeout_ms; + timediff_t timeout_ms; bool start = (state->state == TFTP_STATE_START) ? TRUE : FALSE; time(&state->start_time); @@ -217,7 +217,7 @@ if(start) { maxtime = (time_t)(timeout_ms + 500) / 1000; - state->max_time = state->start_time+maxtime; + state->max_time = state->start_time + maxtime; /* Set per-block timeout to total */ timeout = maxtime; @@ -232,7 +232,7 @@ /* Compute the re-start interval to suit the timeout */ state->retry_time = (int)timeout/state->retry_max; if(state->retry_time<1) - state->retry_time=1; + state->retry_time = 1; } else { @@ -241,7 +241,7 @@ else maxtime = 3600; - state->max_time = state->start_time+maxtime; + state->max_time = state->start_time + maxtime; /* Set per-block timeout to total */ timeout = maxtime; @@ -251,15 +251,15 @@ } /* But bound the total number */ if(state->retry_max<3) - state->retry_max=3; + state->retry_max = 3; if(state->retry_max>50) - state->retry_max=50; + state->retry_max = 50; /* Compute the re-ACK interval to suit the timeout */ state->retry_time = (int)(timeout/state->retry_max); if(state->retry_time<1) - state->retry_time=1; + state->retry_time = 1; infof(state->conn->data, "set timeouts for state %d; Total %ld, retry %d maxtry %d\n", @@ -321,7 +321,7 @@ return NULL; *option = buf; - loc += Curl_strnlen(buf+loc, len-loc); + loc += Curl_strnlen(buf + loc, len-loc); loc++; /* NULL term */ if(loc > len) @@ -475,7 +475,7 @@ /* If we are uploading, send an WRQ */ setpacketevent(&state->spacket, TFTP_EVENT_WRQ); state->conn->data->req.upload_fromhere = - (char *)state->spacket.data+4; + (char *)state->spacket.data + 4; if(data->state.infilesize != -1) Curl_pgrsSetUploadSize(data, data->state.infilesize); } @@ -493,10 +493,11 @@ if(strlen(filename) > (state->blksize - strlen(mode) - 4)) { failf(data, "TFTP file name too long\n"); + free(filename); return CURLE_TFTP_ILLEGAL; /* too long file name field */ } - snprintf((char *)state->spacket.data+2, + snprintf((char *)state->spacket.data + 2, state->blksize, "%s%c%s%c", filename, '\0', mode, '\0'); sbytes = 4 + strlen(filename) + strlen(mode); @@ -511,25 +512,25 @@ strcpy(buf, "0"); /* the destination is large enough */ sbytes += tftp_option_add(state, sbytes, - (char *)state->spacket.data+sbytes, + (char *)state->spacket.data + sbytes, TFTP_OPTION_TSIZE); sbytes += tftp_option_add(state, sbytes, - (char *)state->spacket.data+sbytes, buf); + (char *)state->spacket.data + sbytes, buf); /* add blksize option */ snprintf(buf, sizeof(buf), "%d", state->requested_blksize); sbytes += tftp_option_add(state, sbytes, - (char *)state->spacket.data+sbytes, + (char *)state->spacket.data + sbytes, TFTP_OPTION_BLKSIZE); sbytes += tftp_option_add(state, sbytes, - (char *)state->spacket.data+sbytes, buf); + (char *)state->spacket.data + sbytes, buf); /* add timeout option */ snprintf(buf, sizeof(buf), "%d", state->retry_time); sbytes += tftp_option_add(state, sbytes, - (char *)state->spacket.data+sbytes, + (char *)state->spacket.data + sbytes, TFTP_OPTION_INTERVAL); sbytes += tftp_option_add(state, sbytes, - (char *)state->spacket.data+sbytes, buf); + (char *)state->spacket.data + sbytes, buf); } /* the typecase for the 3rd argument is mostly for systems that do @@ -575,7 +576,7 @@ /* the next blocknum is x + 1 but it needs to wrap at an unsigned 16bit boundary */ -#define NEXT_BLOCKNUM(x) (((x)+1)&0xffff) +#define NEXT_BLOCKNUM(x) (((x) + 1)&0xffff) /********************************************************** * @@ -626,7 +627,7 @@ } /* Check if completed (That is, a less than full packet is received) */ - if(state->rbytes < (ssize_t)state->blksize+4) { + if(state->rbytes < (ssize_t)state->blksize + 4) { state->state = TFTP_STATE_FIN; } else { @@ -742,7 +743,7 @@ else { /* Re-send the data packet */ sbytes = sendto(state->sockfd, (void *)state->spacket.data, - 4+state->sbytes, SEND_4TH_ARG, + 4 + state->sbytes, SEND_4TH_ARG, (struct sockaddr *)&state->remote_addr, state->remote_addrlen); /* Check all sbytes were sent */ @@ -775,7 +776,7 @@ * data block. * */ state->sbytes = 0; - state->conn->data->req.upload_fromhere = (char *)state->spacket.data+4; + state->conn->data->req.upload_fromhere = (char *)state->spacket.data + 4; do { result = Curl_fillreadbuffer(state->conn, state->blksize - state->sbytes, &cb); @@ -812,7 +813,7 @@ else { /* Re-send the data packet */ sbytes = sendto(state->sockfd, (void *)state->spacket.data, - 4+state->sbytes, SEND_4TH_ARG, + 4 + state->sbytes, SEND_4TH_ARG, (struct sockaddr *)&state->remote_addr, state->remote_addrlen); /* Check all sbytes were sent */ @@ -1108,11 +1109,11 @@ fromlen = sizeof(fromaddr); state->rbytes = (int)recvfrom(state->sockfd, (void *)state->rpacket.data, - state->blksize+4, + state->blksize + 4, 0, (struct sockaddr *)&fromaddr, &fromlen); - if(state->remote_addrlen==0) { + if(state->remote_addrlen == 0) { memcpy(&state->remote_addr, &fromaddr, fromlen); state->remote_addrlen = fromlen; } @@ -1134,7 +1135,7 @@ if(state->rbytes > 4 && (NEXT_BLOCKNUM(state->block) == getrpacketblock(&state->rpacket))) { result = Curl_client_write(conn, CLIENTWRITE_BODY, - (char *)state->rpacket.data+4, + (char *)state->rpacket.data + 4, state->rbytes-4); if(result) { tftp_state_machine(state, TFTP_EVENT_ERROR); @@ -1148,14 +1149,14 @@ { unsigned short error = getrpacketblock(&state->rpacket); state->error = (tftp_error_t)error; - infof(data, "%s\n", (const char *)state->rpacket.data+4); + infof(data, "%s\n", (const char *)state->rpacket.data + 4); break; } case TFTP_EVENT_ACK: break; case TFTP_EVENT_OACK: result = tftp_parse_option_ack(state, - (const char *)state->rpacket.data+2, + (const char *)state->rpacket.data + 2, state->rbytes-2); if(result) return result; @@ -1199,7 +1200,7 @@ state->state = TFTP_STATE_FIN; return 0; } - if(current > state->rx_time+state->retry_time) { + if(current > state->rx_time + state->retry_time) { if(event) *event = TFTP_EVENT_TIMEOUT; time(&state->rx_time); /* update even though we received nothing */ @@ -1292,7 +1293,7 @@ if(Curl_pgrsUpdate(conn)) result = CURLE_ABORTED_BY_CALLBACK; else - result = Curl_speedcheck(conn->data, Curl_tvnow()); + result = Curl_speedcheck(conn->data, Curl_now()); } return result; } diff -Nru curl-7.55.1/lib/timeval.c curl-7.57.0/lib/timeval.c --- curl-7.55.1/lib/timeval.c 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/lib/timeval.c 2017-11-26 13:19:01.000000000 +0000 @@ -24,7 +24,7 @@ #if defined(WIN32) && !defined(MSDOS) -struct curltime curlx_tvnow(void) +struct curltime Curl_now(void) { /* ** GetTickCount() is available on _all_ Windows versions from W95 up @@ -48,7 +48,7 @@ #elif defined(HAVE_CLOCK_GETTIME_MONOTONIC) -struct curltime curlx_tvnow(void) +struct curltime Curl_now(void) { /* ** clock_gettime() is granted to be increased monotonically when the @@ -84,9 +84,40 @@ return cnow; } +#elif defined(HAVE_MACH_ABSOLUTE_TIME) + +#include +#include + +struct curltime Curl_now(void) +{ + /* + ** Monotonic timer on Mac OS is provided by mach_absolute_time(), which + ** returns time in Mach "absolute time units," which are platform-dependent. + ** To convert to nanoseconds, one must use conversion factors specified by + ** mach_timebase_info(). + */ + static mach_timebase_info_data_t timebase; + struct curltime cnow; + uint64_t usecs; + + if(0 == timebase.denom) + (void) mach_timebase_info(&timebase); + + usecs = mach_absolute_time(); + usecs *= timebase.numer; + usecs /= timebase.denom; + usecs /= 1000; + + cnow.tv_sec = usecs / 1000000; + cnow.tv_usec = usecs % 1000000; + + return cnow; +} + #elif defined(HAVE_GETTIMEOFDAY) -struct curltime curlx_tvnow(void) +struct curltime Curl_now(void) { /* ** gettimeofday() is not granted to be increased monotonically, due to @@ -103,7 +134,7 @@ #else -struct curltime curlx_tvnow(void) +struct curltime Curl_now(void) { /* ** time() returns the value of time in seconds since the Epoch. @@ -116,47 +147,40 @@ #endif +#if SIZEOF_TIME_T < 8 +#define TIME_MAX INT_MAX +#define TIME_MIN INT_MIN +#else +#define TIME_MAX 9223372036854775807LL +#define TIME_MIN -9223372036854775807LL +#endif + /* - * Make sure that the first argument is the more recent time, as otherwise - * we'll get a weird negative time-diff back... - * - * Returns: the time difference in number of milliseconds. For large diffs it - * returns 0x7fffffff on 32bit time_t systems. + * Returns: time difference in number of milliseconds. For too large diffs it + * returns max value. * * @unittest: 1323 */ -time_t curlx_tvdiff(struct curltime newer, struct curltime older) +timediff_t Curl_timediff(struct curltime newer, struct curltime older) { -#if SIZEOF_TIME_T < 8 - /* for 32bit time_t systems, add a precaution to avoid overflow for really - big time differences */ - time_t diff = newer.tv_sec-older.tv_sec; - if(diff >= (0x7fffffff/1000)) - return 0x7fffffff; -#endif - return (newer.tv_sec-older.tv_sec)*1000+ - (int)(newer.tv_usec-older.tv_usec)/1000; + timediff_t diff = newer.tv_sec-older.tv_sec; + if(diff >= (TIME_MAX/1000)) + return TIME_MAX; + else if(diff <= (TIME_MIN/1000)) + return TIME_MIN; + return diff * 1000 + (newer.tv_usec-older.tv_usec)/1000; } /* - * Make sure that the first argument is the more recent time, as otherwise - * we'll get a weird negative time-diff back... - * - * Returns: the time difference in number of microseconds. For too large diffs - * it returns max value. + * Returns: time difference in number of microseconds. For too large diffs it + * returns max value. */ -time_t Curl_tvdiff_us(struct curltime newer, struct curltime older) +timediff_t Curl_timediff_us(struct curltime newer, struct curltime older) { - time_t diff = newer.tv_sec-older.tv_sec; -#if SIZEOF_TIME_T < 8 - /* for 32bit time_t systems */ - if(diff >= (0x7fffffff/1000000)) - return 0x7fffffff; -#else - /* for 64bit time_t systems */ - if(diff >= (0x7fffffffffffffffLL/1000000)) - return 0x7fffffffffffffffLL; -#endif - return (newer.tv_sec-older.tv_sec)*1000000+ - (int)(newer.tv_usec-older.tv_usec); + timediff_t diff = newer.tv_sec-older.tv_sec; + if(diff >= (TIME_MAX/1000000)) + return TIME_MAX; + else if(diff <= (TIME_MIN/1000000)) + return TIME_MIN; + return diff * 1000000 + newer.tv_usec-older.tv_usec; } diff -Nru curl-7.55.1/lib/timeval.h curl-7.57.0/lib/timeval.h --- curl-7.55.1/lib/timeval.h 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/timeval.h 2017-11-26 13:19:01.000000000 +0000 @@ -22,19 +22,20 @@ * ***************************************************************************/ -/* - * CAUTION: this header is designed to work when included by the app-side - * as well as the library. Do not mix with library internals! - */ - #include "curl_setup.h" +#if SIZEOF_TIME_T < 8 +typedef int timediff_t; +#else +typedef curl_off_t timediff_t; +#endif + struct curltime { - time_t tv_sec; /* seconds */ - unsigned int tv_usec; /* microseconds */ + time_t tv_sec; /* seconds */ + int tv_usec; /* microseconds */ }; -struct curltime curlx_tvnow(void); +struct curltime Curl_now(void); /* * Make sure that the first argument (t1) is the more recent time and t2 is @@ -42,7 +43,7 @@ * * Returns: the time difference in number of milliseconds. */ -time_t curlx_tvdiff(struct curltime t1, struct curltime t2); +timediff_t Curl_timediff(struct curltime t1, struct curltime t2); /* * Make sure that the first argument (t1) is the more recent time and t2 is @@ -50,12 +51,6 @@ * * Returns: the time difference in number of microseconds. */ -time_t Curl_tvdiff_us(struct curltime newer, struct curltime older); - -/* These two defines below exist to provide the older API for library - internals only. */ -#define Curl_tvnow() curlx_tvnow() -#define Curl_tvdiff(x,y) curlx_tvdiff(x,y) +timediff_t Curl_timediff_us(struct curltime newer, struct curltime older); #endif /* HEADER_CURL_TIMEVAL_H */ - diff -Nru curl-7.55.1/lib/transfer.c curl-7.57.0/lib/transfer.c --- curl-7.55.1/lib/transfer.c 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/lib/transfer.c 2017-11-26 13:19:01.000000000 +0000 @@ -73,12 +73,38 @@ #include "connect.h" #include "non-ascii.h" #include "http2.h" +#include "mime.h" +#include "strcase.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" +#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_SMTP) || \ + !defined(CURL_DISABLE_IMAP) +/* + * checkheaders() checks the linked list of custom headers for a + * particular header (prefix). + * + * Returns a pointer to the first matching header or NULL if none matched. + */ +char *Curl_checkheaders(const struct connectdata *conn, + const char *thisheader) +{ + struct curl_slist *head; + size_t thislen = strlen(thisheader); + struct Curl_easy *data = conn->data; + + for(head = data->set.headers; head; head = head->next) { + if(strncasecompare(head->data, thisheader, thislen)) + return head->data; + } + + return NULL; +} +#endif + /* * This function will call the read callback to fill our buffer with data * to upload. @@ -195,27 +221,30 @@ strlen(endofline_network)); #ifdef CURL_DOES_CONVERSIONS - CURLcode result; - int length; - if(data->set.prefer_ascii) { - /* translate the protocol and data */ - length = nread; - } - else { - /* just translate the protocol portion */ - length = strlen(hexbuffer); + { + CURLcode result; + int length; + if(data->set.prefer_ascii) + /* translate the protocol and data */ + length = nread; + else + /* just translate the protocol portion */ + length = (int)strlen(hexbuffer); + result = Curl_convert_to_network(data, data->req.upload_fromhere, + length); + /* Curl_convert_to_network calls failf if unsuccessful */ + if(result) + return result; } - result = Curl_convert_to_network(data, data->req.upload_fromhere, length); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) - return result; #endif /* CURL_DOES_CONVERSIONS */ - if((nread - hexlen) == 0) + if((nread - hexlen) == 0) { /* mark this as done once this chunk is transferred */ data->req.upload_done = TRUE; + infof(data, "Signaling end of chunked upload via terminating chunk.\n"); + } - nread+=(int)strlen(endofline_native); /* for the added end of line */ + nread += (int)strlen(endofline_native); /* for the added end of line */ } #ifdef CURL_DOES_CONVERSIONS else if((data->set.prefer_ascii) && (!sending_http_headers)) { @@ -241,6 +270,7 @@ CURLcode Curl_readrewind(struct connectdata *conn) { struct Curl_easy *data = conn->data; + curl_mimepart *mimepart = &data->set.mimepost; conn->bits.rewindaftersend = FALSE; /* we rewind now */ @@ -253,9 +283,21 @@ /* We have sent away data. If not using CURLOPT_POSTFIELDS or CURLOPT_HTTPPOST, call app to rewind */ - if(data->set.postfields || - (data->set.httpreq == HTTPREQ_POST_FORM)) + if(conn->handler->protocol & PROTO_FAMILY_HTTP) { + struct HTTP *http = data->req.protop; + + if(http->sendit) + mimepart = http->sendit; + } + if(data->set.postfields) ; /* do nothing */ + else if(data->set.httpreq == HTTPREQ_POST_MIME || + data->set.httpreq == HTTPREQ_POST_FORM) { + if(Curl_mime_rewind(mimepart)) { + failf(data, "Cannot rewind mime/post data"); + return CURLE_SEND_FAIL_REWIND; + } + } else { if(data->set.seek_func) { int err; @@ -450,7 +492,7 @@ Curl_pgrsTime(data, TIMER_STARTTRANSFER); if(k->exp100 > EXP100_SEND_DATA) /* set time stamp to compare with when waiting for the 100 */ - k->start100 = Curl_tvnow(); + k->start100 = Curl_now(); } *didwhat |= KEEP_RECV; @@ -560,7 +602,7 @@ infof(data, "Ignoring the response-body\n"); } if(data->state.resume_from && !k->content_range && - (data->set.httpreq==HTTPREQ_GET) && + (data->set.httpreq == HTTPREQ_GET) && !k->ignorebody) { if(k->size == data->state.resume_from) { @@ -737,48 +779,19 @@ in http_chunks.c. Make sure that ALL_CONTENT_ENCODINGS contains all the encodings handled here. */ -#ifdef HAVE_LIBZ - switch(conn->data->set.http_ce_skip ? - IDENTITY : k->auto_decoding) { - case IDENTITY: -#endif - /* This is the default when the server sends no - Content-Encoding header. See Curl_readwrite_init; the - memset() call initializes k->auto_decoding to zero. */ + if(conn->data->set.http_ce_skip || !k->writer_stack) { if(!k->ignorebody) { - #ifndef CURL_DISABLE_POP3 - if(conn->handler->protocol&PROTO_FAMILY_POP3) + if(conn->handler->protocol & PROTO_FAMILY_POP3) result = Curl_pop3_write(conn, k->str, nread); else #endif /* CURL_DISABLE_POP3 */ - result = Curl_client_write(conn, CLIENTWRITE_BODY, k->str, nread); } -#ifdef HAVE_LIBZ - break; - - case DEFLATE: - /* Assume CLIENTWRITE_BODY; headers are not encoded. */ - if(!k->ignorebody) - result = Curl_unencode_deflate_write(conn, k, nread); - break; - - case GZIP: - /* Assume CLIENTWRITE_BODY; headers are not encoded. */ - if(!k->ignorebody) - result = Curl_unencode_gzip_write(conn, k, nread); - break; - - default: - failf(data, "Unrecognized content encoding type. " - "libcurl understands `identity', `deflate' and `gzip' " - "content encodings."); - result = CURLE_BAD_CONTENT_ENCODING; - break; } -#endif + else + result = Curl_unencode_write(conn, k->writer_stack, k->str, nread); } k->badheader = HEADER_NORMAL; /* taken care of now */ @@ -885,7 +898,7 @@ go into the Expect: 100 state and await such a header */ k->exp100 = EXP100_AWAITING_CONTINUE; /* wait for the header */ k->keepon &= ~KEEP_SEND; /* disable writing */ - k->start100 = Curl_tvnow(); /* timeout count starts now */ + k->start100 = Curl_now(); /* timeout count starts now */ *didwhat &= ~KEEP_SEND; /* we didn't write anything actually */ /* set a timeout for the multi interface */ @@ -915,7 +928,7 @@ /* this is a paused transfer */ break; } - if(nread<=0) { + if(nread <= 0) { result = done_sending(conn, k); if(result) return result; @@ -1006,7 +1019,8 @@ k->writebytecount += bytes_written; - if(k->writebytecount == data->state.infilesize) { + if((!k->upload_chunky || k->forbidchunk) && + (k->writebytecount == data->state.infilesize)) { /* we have sent all data we were supposed to */ k->upload_done = TRUE; infof(data, "We are completely uploaded and fine\n"); @@ -1055,7 +1069,7 @@ { struct SingleRequest *k = &data->req; CURLcode result; - int didwhat=0; + int didwhat = 0; curl_socket_t fd_read; curl_socket_t fd_write; @@ -1110,7 +1124,7 @@ return result; } - k->now = Curl_tvnow(); + k->now = Curl_now(); if(didwhat) { /* Update read/write counters */ if(k->bytecountp) @@ -1134,7 +1148,7 @@ */ - time_t ms = Curl_tvdiff(k->now, k->start100); + timediff_t ms = Curl_timediff(k->now, k->start100); if(ms >= data->set.expect_100_timeout) { /* we've waited long enough, continue anyway */ k->exp100 = EXP100_SEND_DATA; @@ -1158,13 +1172,14 @@ failf(data, "Operation timed out after %ld milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %" CURL_FORMAT_CURL_OFF_T " bytes received", - Curl_tvdiff(k->now, data->progress.t_startsingle), k->bytecount, - k->size); + Curl_timediff(k->now, data->progress.t_startsingle), + k->bytecount, k->size); } else { failf(data, "Operation timed out after %ld milliseconds with %" CURL_FORMAT_CURL_OFF_T " bytes received", - Curl_tvdiff(k->now, data->progress.t_startsingle), k->bytecount); + Curl_timediff(k->now, data->progress.t_startsingle), + k->bytecount); } return CURLE_OPERATION_TIMEDOUT; } @@ -1303,7 +1318,8 @@ if(result) return result; - data->set.followlocation=0; /* reset the location-follow counter */ + data->state.wildcardmatch = data->set.wildcard_enabled; + data->set.followlocation = 0; /* reset the location-follow counter */ data->state.this_is_a_follow = FALSE; /* reset this */ data->state.errorbuf = FALSE; /* no error has occurred */ data->state.httpversion = 0; /* don't assume any particular server version */ @@ -1345,7 +1361,7 @@ #endif Curl_initinfo(data); /* reset session-specific information "variables" */ - Curl_pgrsResetTimesSizes(data); + Curl_pgrsResetTransferSizes(data); Curl_pgrsStartNow(data); if(data->set.timeout) @@ -1360,7 +1376,7 @@ data->state.authhost.picked &= data->state.authhost.want; data->state.authproxy.picked &= data->state.authproxy.want; - if(data->set.wildcardmatch) { + if(data->state.wildcardmatch) { struct WildcardData *wc = &data->wildcard; if(wc->state < CURLWC_INIT) { result = Curl_wildcard_init(wc); /* init wildcard structures */ @@ -1427,14 +1443,14 @@ static size_t strlen_url(const char *url, bool relative) { const unsigned char *ptr; - size_t newlen=0; - bool left=TRUE; /* left side of the ? */ + size_t newlen = 0; + bool left = TRUE; /* left side of the ? */ const unsigned char *host_sep = (const unsigned char *) url; if(!relative) host_sep = (const unsigned char *) find_host_sep(url); - for(ptr=(unsigned char *)url; *ptr; ptr++) { + for(ptr = (unsigned char *)url; *ptr; ptr++) { if(ptr < host_sep) { ++newlen; @@ -1443,7 +1459,7 @@ switch(*ptr) { case '?': - left=FALSE; + left = FALSE; /* fall through */ default: if(*ptr >= 0x80) @@ -1452,7 +1468,7 @@ break; case ' ': if(left) - newlen+=3; + newlen += 3; else newlen++; break; @@ -1469,7 +1485,7 @@ static void strcpy_url(char *output, const char *url, bool relative) { /* we must add this with whitespace-replacing */ - bool left=TRUE; + bool left = TRUE; const unsigned char *iptr; char *optr = output; const unsigned char *host_sep = (const unsigned char *) url; @@ -1488,7 +1504,7 @@ switch(*iptr) { case '?': - left=FALSE; + left = FALSE; /* fall through */ default: if(*iptr >= 0x80) { @@ -1509,7 +1525,7 @@ break; } } - *optr=0; /* zero terminate output buffer */ + *optr = 0; /* zero terminate output buffer */ } @@ -1548,26 +1564,26 @@ /* we must make our own copy of the URL to play with, as it may point to read-only data */ - char *url_clone=strdup(base); + char *url_clone = strdup(base); if(!url_clone) return NULL; /* skip out of this NOW */ /* protsep points to the start of the host name */ - protsep=strstr(url_clone, "//"); + protsep = strstr(url_clone, "//"); if(!protsep) - protsep=url_clone; + protsep = url_clone; else - protsep+=2; /* pass the slashes */ + protsep += 2; /* pass the slashes */ if('/' != relurl[0]) { - int level=0; + int level = 0; /* First we need to find out if there's a ?-letter in the URL, and cut it and the right-side of that off */ pathsep = strchr(protsep, '?'); if(pathsep) - *pathsep=0; + *pathsep = 0; /* we have a relative path to append to the last slash if there's one available, or if the new URL is just a query string (starts with a @@ -1576,14 +1592,14 @@ if(useurl[0] != '?') { pathsep = strrchr(protsep, '/'); if(pathsep) - *pathsep=0; + *pathsep = 0; } /* Check if there's any slash after the host name, and if so, remember that position instead */ pathsep = strchr(protsep, '/'); if(pathsep) - protsep = pathsep+1; + protsep = pathsep + 1; else protsep = NULL; @@ -1591,13 +1607,13 @@ and act accordingly */ if((useurl[0] == '.') && (useurl[1] == '/')) - useurl+=2; /* just skip the "./" */ + useurl += 2; /* just skip the "./" */ while((useurl[0] == '.') && (useurl[1] == '.') && (useurl[2] == '/')) { level++; - useurl+=3; /* pass the "../" */ + useurl += 3; /* pass the "../" */ } if(protsep) { @@ -1605,9 +1621,9 @@ /* cut off one more level from the right of the original URL */ pathsep = strrchr(protsep, '/'); if(pathsep) - *pathsep=0; + *pathsep = 0; else { - *protsep=0; + *protsep = 0; break; } } @@ -1619,7 +1635,7 @@ if((relurl[0] == '/') && (relurl[1] == '/')) { /* the new URL starts with //, just keep the protocol part from the original one */ - *protsep=0; + *protsep = 0; useurl = &relurl[2]; /* we keep the slashes from the original, so we skip the new ones */ host_changed = TRUE; @@ -1635,7 +1651,7 @@ char *sep = strchr(protsep, '?'); if(sep && (sep < pathsep)) pathsep = sep; - *pathsep=0; + *pathsep = 0; } else { /* There was no slash. Now, since we might be operating on a badly @@ -1644,7 +1660,7 @@ ?-letter as well! */ pathsep = strchr(protsep, '?'); if(pathsep) - *pathsep=0; + *pathsep = 0; } } } @@ -1735,7 +1751,7 @@ } } - if(!is_absolute_url(newurl)) { + if(!is_absolute_url(newurl)) { /*** *DANG* this is an RFC 2068 violation. The URL is supposed to be absolute and this doesn't seem to be that! @@ -1754,7 +1770,7 @@ /* This is an absolute URL, don't allow the custom port number */ disallowport = TRUE; - newest = malloc(newlen+1); /* get memory for this */ + newest = malloc(newlen + 1); /* get memory for this */ if(!newest) return CURLE_OUT_OF_MEMORY; @@ -1826,7 +1842,8 @@ * can be overridden with CURLOPT_POSTREDIR. */ if((data->set.httpreq == HTTPREQ_POST - || data->set.httpreq == HTTPREQ_POST_FORM) + || data->set.httpreq == HTTPREQ_POST_FORM + || data->set.httpreq == HTTPREQ_POST_MIME) && !(data->set.keep_post & CURL_REDIR_POST_301)) { infof(data, "Switch from POST to GET\n"); data->set.httpreq = HTTPREQ_GET; @@ -1850,7 +1867,8 @@ * can be overridden with CURLOPT_POSTREDIR. */ if((data->set.httpreq == HTTPREQ_POST - || data->set.httpreq == HTTPREQ_POST_FORM) + || data->set.httpreq == HTTPREQ_POST_FORM + || data->set.httpreq == HTTPREQ_POST_MIME) && !(data->set.keep_post & CURL_REDIR_POST_302)) { infof(data, "Switch from POST to GET\n"); data->set.httpreq = HTTPREQ_GET; @@ -1883,7 +1901,7 @@ break; } Curl_pgrsTime(data, TIMER_REDIRECT); - Curl_pgrsResetTimesSizes(data); + Curl_pgrsResetTransferSizes(data); return CURLE_OK; #endif /* CURL_DISABLE_HTTP */ @@ -2007,7 +2025,7 @@ (http->sending == HTTPSEND_BODY)) { /* wait with write until we either got 100-continue or a timeout */ k->exp100 = EXP100_AWAITING_CONTINUE; - k->start100 = Curl_tvnow(); + k->start100 = Curl_now(); /* Set a timeout for the multi interface. Add the inaccuracy margin so that we don't fire slightly too early and get denied to run. */ diff -Nru curl-7.55.1/lib/transfer.h curl-7.57.0/lib/transfer.h --- curl-7.55.1/lib/transfer.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/transfer.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,6 +22,9 @@ * ***************************************************************************/ +char *Curl_checkheaders(const struct connectdata *conn, + const char *thisheader); + void Curl_init_CONNECT(struct Curl_easy *data); CURLcode Curl_pretransfer(struct Curl_easy *data); diff -Nru curl-7.55.1/lib/url.c curl-7.57.0/lib/url.c --- curl-7.55.1/lib/url.c 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/lib/url.c 2017-11-27 12:50:52.000000000 +0000 @@ -71,6 +71,7 @@ #include "netrc.h" #include "formdata.h" +#include "mime.h" #include "vtls/vtls.h" #include "hostip.h" #include "transfer.h" @@ -119,6 +120,8 @@ #include "pipeline.h" #include "dotdot.h" #include "strdup.h" +#include "setopt.h" + /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -135,15 +138,8 @@ struct connectdata *conn, char **userptr, char **passwdptr, char **optionsptr); -static CURLcode parse_login_details(const char *login, const size_t len, - char **userptr, char **passwdptr, - char **optionsptr); static unsigned int get_protocol_family(unsigned int protocol); -#define READBUFFER_SIZE CURL_MAX_WRITE_SIZE -#define READBUFFER_MAX CURL_MAX_READ_SIZE -#define READBUFFER_MIN 1024 - /* Some parts of the code (e.g. chunked encoding) assume this buffer has at * more than just a few bytes to play with. Don't let it become too small or * bad things will happen. @@ -284,7 +280,7 @@ { /* Free all dynamic strings stored in the data->set substructure. */ enum dupstring i; - for(i=(enum dupstring)0; i < STRING_LAST; i++) { + for(i = (enum dupstring)0; i < STRING_LAST; i++) { Curl_safefree(data->set.str[i]); } @@ -300,98 +296,6 @@ data->change.url = NULL; } -static CURLcode setstropt(char **charp, const char *s) -{ - /* Release the previous storage at `charp' and replace by a dynamic storage - copy of `s'. Return CURLE_OK or CURLE_OUT_OF_MEMORY. */ - - Curl_safefree(*charp); - - if(s) { - char *str = strdup(s); - - if(!str) - return CURLE_OUT_OF_MEMORY; - - *charp = str; - } - - return CURLE_OK; -} - -static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp) -{ - CURLcode result = CURLE_OK; - char *user = NULL; - char *passwd = NULL; - - /* Parse the login details if specified. It not then we treat NULL as a hint - to clear the existing data */ - if(option) { - result = parse_login_details(option, strlen(option), - (userp ? &user : NULL), - (passwdp ? &passwd : NULL), - NULL); - } - - if(!result) { - /* Store the username part of option if required */ - if(userp) { - if(!user && option && option[0] == ':') { - /* Allocate an empty string instead of returning NULL as user name */ - user = strdup(""); - if(!user) - result = CURLE_OUT_OF_MEMORY; - } - - Curl_safefree(*userp); - *userp = user; - } - - /* Store the password part of option if required */ - if(passwdp) { - Curl_safefree(*passwdp); - *passwdp = passwd; - } - } - - return result; -} - -CURLcode Curl_dupset(struct Curl_easy *dst, struct Curl_easy *src) -{ - CURLcode result = CURLE_OK; - enum dupstring i; - - /* Copy src->set into dst->set first, then deal with the strings - afterwards */ - dst->set = src->set; - - /* clear all string pointers first */ - memset(dst->set.str, 0, STRING_LAST * sizeof(char *)); - - /* duplicate all strings */ - for(i=(enum dupstring)0; i< STRING_LASTZEROTERMINATED; i++) { - result = setstropt(&dst->set.str[i], src->set.str[i]); - if(result) - return result; - } - - /* duplicate memory areas pointed to */ - i = STRING_COPYPOSTFIELDS; - if(src->set.postfieldsize && src->set.str[i]) { - /* postfieldsize is curl_off_t, Curl_memdup() takes a size_t ... */ - dst->set.str[i] = Curl_memdup(src->set.str[i], - curlx_sotouz(src->set.postfieldsize)); - if(!dst->set.str[i]) - return CURLE_OUT_OF_MEMORY; - /* point to the new copy */ - dst->set.postfields = dst->set.str[i]; - } - - return CURLE_OK; -} - /* * This is the internal function curl_easy_cleanup() calls. This should * cleanup and free all resources associated with this sessionhandle. @@ -479,6 +383,8 @@ Curl_http2_cleanup_dependencies(data); Curl_convert_close(data); + Curl_mime_cleanpart(&data->set.mimepost); + /* No longer a dirty share, if it exists */ if(data->share) { Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE); @@ -486,12 +392,8 @@ Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); } - if(data->set.wildcardmatch) { - /* destruct wildcard structures if it is needed */ - struct WildcardData *wc = &data->wildcard; - Curl_wildcard_dtor(wc); - } - + /* destruct wildcard structures if it is needed */ + Curl_wildcard_dtor(&data->wildcard); Curl_freeset(data); free(data); return CURLE_OK; @@ -556,2391 +458,154 @@ * libcurl 7.10 introduced SSL verification *by default*! This needs to be * switched off unless wanted. */ - set->ssl.primary.verifypeer = TRUE; - set->ssl.primary.verifyhost = TRUE; -#ifdef USE_TLS_SRP - set->ssl.authtype = CURL_TLSAUTH_NONE; -#endif - set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth - type */ - set->ssl.primary.sessionid = TRUE; /* session ID caching enabled by - default */ - set->proxy_ssl = set->ssl; - - set->new_file_perms = 0644; /* Default permissions */ - set->new_directory_perms = 0755; /* Default permissions */ - - /* for the *protocols fields we don't use the CURLPROTO_ALL convenience - define since we internally only use the lower 16 bits for the passed - in bitmask to not conflict with the private bits */ - set->allowed_protocols = CURLPROTO_ALL; - set->redir_protocols = CURLPROTO_ALL & /* All except FILE, SCP and SMB */ - ~(CURLPROTO_FILE | CURLPROTO_SCP | CURLPROTO_SMB | - CURLPROTO_SMBS); - -#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) - /* - * disallow unprotected protection negotiation NEC reference implementation - * seem not to follow rfc1961 section 4.3/4.4 - */ - set->socks5_gssapi_nec = FALSE; -#endif - - /* This is our preferred CA cert bundle/path since install time */ -#if defined(CURL_CA_BUNDLE) - result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE); - if(result) - return result; - - result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE); - if(result) - return result; -#endif -#if defined(CURL_CA_PATH) - result = setstropt(&set->str[STRING_SSL_CAPATH_ORIG], CURL_CA_PATH); - if(result) - return result; - - result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH); - if(result) - return result; -#endif - - set->wildcardmatch = FALSE; - set->chunk_bgn = ZERO_NULL; - set->chunk_end = ZERO_NULL; - - /* tcp keepalives are disabled by default, but provide reasonable values for - * the interval and idle times. - */ - set->tcp_keepalive = FALSE; - set->tcp_keepintvl = 60; - set->tcp_keepidle = 60; - set->tcp_fastopen = FALSE; - set->tcp_nodelay = TRUE; - - set->ssl_enable_npn = TRUE; - set->ssl_enable_alpn = TRUE; - - set->expect_100_timeout = 1000L; /* Wait for a second by default. */ - set->sep_headers = TRUE; /* separated header lists by default */ - set->buffer_size = READBUFFER_SIZE; - - Curl_http2_init_userset(set); - return result; -} - -/** - * Curl_open() - * - * @param curl is a pointer to a sessionhandle pointer that gets set by this - * function. - * @return CURLcode - */ - -CURLcode Curl_open(struct Curl_easy **curl) -{ - CURLcode result; - struct Curl_easy *data; - - /* Very simple start-up: alloc the struct, init it with zeroes and return */ - data = calloc(1, sizeof(struct Curl_easy)); - if(!data) { - /* this is a very serious error */ - DEBUGF(fprintf(stderr, "Error: calloc of Curl_easy failed\n")); - return CURLE_OUT_OF_MEMORY; - } - - data->magic = CURLEASY_MAGIC_NUMBER; - - result = Curl_resolver_init(&data->state.resolver); - if(result) { - DEBUGF(fprintf(stderr, "Error: resolver_init failed\n")); - free(data); - return result; - } - - /* We do some initial setup here, all those fields that can't be just 0 */ - - data->state.buffer = malloc(READBUFFER_SIZE + 1); - if(!data->state.buffer) { - DEBUGF(fprintf(stderr, "Error: malloc of buffer failed\n")); - result = CURLE_OUT_OF_MEMORY; - } - - data->state.headerbuff = malloc(HEADERSIZE); - if(!data->state.headerbuff) { - DEBUGF(fprintf(stderr, "Error: malloc of headerbuff failed\n")); - result = CURLE_OUT_OF_MEMORY; - } - else { - result = Curl_init_userdefined(&data->set); - - data->state.headersize=HEADERSIZE; - - Curl_convert_init(data); - - Curl_initinfo(data); - - /* most recent connection is not yet defined */ - data->state.lastconnect = NULL; - - data->progress.flags |= PGRS_HIDE; - data->state.current_speed = -1; /* init to negative == impossible */ - data->set.fnmatch = ZERO_NULL; - data->set.maxconnects = DEFAULT_CONNCACHE_SIZE; /* for easy handles */ - - Curl_http2_init_state(&data->state); - } - - if(result) { - Curl_resolver_cleanup(data->state.resolver); - free(data->state.buffer); - free(data->state.headerbuff); - Curl_freeset(data); - free(data); - data = NULL; - } - else - *curl = data; - - return result; -} - -#define C_SSLVERSION_VALUE(x) (x & 0xffff) -#define C_SSLVERSION_MAX_VALUE(x) (x & 0xffff0000) - -CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option, - va_list param) -{ - char *argptr; - CURLcode result = CURLE_OK; - long arg; -#ifndef CURL_DISABLE_HTTP - curl_off_t bigsize; -#endif - - switch(option) { - case CURLOPT_DNS_CACHE_TIMEOUT: - data->set.dns_cache_timeout = va_arg(param, long); - break; - case CURLOPT_DNS_USE_GLOBAL_CACHE: - /* remember we want this enabled */ - arg = va_arg(param, long); - data->set.global_dns_cache = (0 != arg) ? TRUE : FALSE; - break; - case CURLOPT_SSL_CIPHER_LIST: - /* set a list of cipher we want to use in the SSL connection */ - result = setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_ORIG], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_SSL_CIPHER_LIST: - /* set a list of cipher we want to use in the SSL connection for proxy */ - result = setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_PROXY], - va_arg(param, char *)); - break; - - case CURLOPT_RANDOM_FILE: - /* - * This is the path name to a file that contains random data to seed - * the random SSL stuff with. The file is only used for reading. - */ - result = setstropt(&data->set.str[STRING_SSL_RANDOM_FILE], - va_arg(param, char *)); - break; - case CURLOPT_EGDSOCKET: - /* - * The Entropy Gathering Daemon socket pathname - */ - result = setstropt(&data->set.str[STRING_SSL_EGDSOCKET], - va_arg(param, char *)); - break; - case CURLOPT_MAXCONNECTS: - /* - * Set the absolute number of maximum simultaneous alive connection that - * libcurl is allowed to have. - */ - data->set.maxconnects = va_arg(param, long); - break; - case CURLOPT_FORBID_REUSE: - /* - * When this transfer is done, it must not be left to be reused by a - * subsequent transfer but shall be closed immediately. - */ - data->set.reuse_forbid = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_FRESH_CONNECT: - /* - * This transfer shall not use a previously cached connection but - * should be made with a fresh new connect! - */ - data->set.reuse_fresh = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_VERBOSE: - /* - * Verbose means infof() calls that give a lot of information about - * the connection and transfer procedures as well as internal choices. - */ - data->set.verbose = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_HEADER: - /* - * Set to include the header in the general data output stream. - */ - data->set.include_header = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_NOPROGRESS: - /* - * Shut off the internal supported progress meter - */ - data->set.hide_progress = (0 != va_arg(param, long)) ? TRUE : FALSE; - if(data->set.hide_progress) - data->progress.flags |= PGRS_HIDE; - else - data->progress.flags &= ~PGRS_HIDE; - break; - case CURLOPT_NOBODY: - /* - * Do not include the body part in the output data stream. - */ - data->set.opt_no_body = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_FAILONERROR: - /* - * Don't output the >=400 error code HTML-page, but instead only - * return error. - */ - data->set.http_fail_on_error = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_KEEP_SENDING_ON_ERROR: - data->set.http_keep_sending_on_error = (0 != va_arg(param, long)) ? - TRUE : FALSE; - break; - case CURLOPT_UPLOAD: - case CURLOPT_PUT: - /* - * We want to sent data to the remote host. If this is HTTP, that equals - * using the PUT request. - */ - data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE; - if(data->set.upload) { - /* If this is HTTP, PUT is what's needed to "upload" */ - data->set.httpreq = HTTPREQ_PUT; - data->set.opt_no_body = FALSE; /* this is implied */ - } - else - /* In HTTP, the opposite of upload is GET (unless NOBODY is true as - then this can be changed to HEAD later on) */ - data->set.httpreq = HTTPREQ_GET; - break; - case CURLOPT_REQUEST_TARGET: - result = setstropt(&data->set.str[STRING_TARGET], - va_arg(param, char *)); - break; - case CURLOPT_FILETIME: - /* - * Try to get the file time of the remote document. The time will - * later (possibly) become available using curl_easy_getinfo(). - */ - data->set.get_filetime = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_FTP_CREATE_MISSING_DIRS: - /* - * An FTP option that modifies an upload to create missing directories on - * the server. - */ - switch(va_arg(param, long)) { - case 0: - data->set.ftp_create_missing_dirs = 0; - break; - case 1: - data->set.ftp_create_missing_dirs = 1; - break; - case 2: - data->set.ftp_create_missing_dirs = 2; - break; - default: - /* reserve other values for future use */ - result = CURLE_UNKNOWN_OPTION; - break; - } - break; - case CURLOPT_SERVER_RESPONSE_TIMEOUT: - /* - * Option that specifies how quickly an server response must be obtained - * before it is considered failure. For pingpong protocols. - */ - data->set.server_response_timeout = va_arg(param, long) * 1000; - break; - case CURLOPT_TFTP_NO_OPTIONS: - /* - * Option that prevents libcurl from sending TFTP option requests to the - * server. - */ - data->set.tftp_no_options = va_arg(param, long) != 0; - break; - case CURLOPT_TFTP_BLKSIZE: - /* - * TFTP option that specifies the block size to use for data transmission. - */ - data->set.tftp_blksize = va_arg(param, long); - break; - case CURLOPT_DIRLISTONLY: - /* - * An option that changes the command to one that asks for a list - * only, no file info details. - */ - data->set.ftp_list_only = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_APPEND: - /* - * We want to upload and append to an existing file. - */ - data->set.ftp_append = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_FTP_FILEMETHOD: - /* - * How do access files over FTP. - */ - data->set.ftp_filemethod = (curl_ftpfile)va_arg(param, long); - break; - case CURLOPT_NETRC: - /* - * Parse the $HOME/.netrc file - */ - data->set.use_netrc = (enum CURL_NETRC_OPTION)va_arg(param, long); - break; - case CURLOPT_NETRC_FILE: - /* - * Use this file instead of the $HOME/.netrc file - */ - result = setstropt(&data->set.str[STRING_NETRC_FILE], - va_arg(param, char *)); - break; - case CURLOPT_TRANSFERTEXT: - /* - * This option was previously named 'FTPASCII'. Renamed to work with - * more protocols than merely FTP. - * - * Transfer using ASCII (instead of BINARY). - */ - data->set.prefer_ascii = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_TIMECONDITION: - /* - * Set HTTP time condition. This must be one of the defines in the - * curl/curl.h header file. - */ - data->set.timecondition = (curl_TimeCond)va_arg(param, long); - break; - case CURLOPT_TIMEVALUE: - /* - * This is the value to compare with the remote document with the - * method set with CURLOPT_TIMECONDITION - */ - data->set.timevalue = (time_t)va_arg(param, long); - break; - case CURLOPT_SSLVERSION: - /* - * Set explicit SSL version to try to connect with, as some SSL - * implementations are lame. - */ -#ifdef USE_SSL - arg = va_arg(param, long); - data->set.ssl.primary.version = C_SSLVERSION_VALUE(arg); - data->set.ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg); -#else - result = CURLE_UNKNOWN_OPTION; -#endif - break; - case CURLOPT_PROXY_SSLVERSION: - /* - * Set explicit SSL version to try to connect with for proxy, as some SSL - * implementations are lame. - */ -#ifdef USE_SSL - arg = va_arg(param, long); - data->set.proxy_ssl.primary.version = C_SSLVERSION_VALUE(arg); - data->set.proxy_ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg); -#else - result = CURLE_UNKNOWN_OPTION; -#endif - break; - -#ifndef CURL_DISABLE_HTTP - case CURLOPT_AUTOREFERER: - /* - * Switch on automatic referer that gets set if curl follows locations. - */ - data->set.http_auto_referer = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_ACCEPT_ENCODING: - /* - * String to use at the value of Accept-Encoding header. - * - * If the encoding is set to "" we use an Accept-Encoding header that - * encompasses all the encodings we support. - * If the encoding is set to NULL we don't send an Accept-Encoding header - * and ignore an received Content-Encoding header. - * - */ - argptr = va_arg(param, char *); - result = setstropt(&data->set.str[STRING_ENCODING], - (argptr && !*argptr)? - ALL_CONTENT_ENCODINGS: argptr); - break; - - case CURLOPT_TRANSFER_ENCODING: - data->set.http_transfer_encoding = (0 != va_arg(param, long)) ? - TRUE : FALSE; - break; - - case CURLOPT_FOLLOWLOCATION: - /* - * Follow Location: header hints on a HTTP-server. - */ - data->set.http_follow_location = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_UNRESTRICTED_AUTH: - /* - * Send authentication (user+password) when following locations, even when - * hostname changed. - */ - data->set.http_disable_hostname_check_before_authentication = - (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_MAXREDIRS: - /* - * The maximum amount of hops you allow curl to follow Location: - * headers. This should mostly be used to detect never-ending loops. - */ - data->set.maxredirs = va_arg(param, long); - break; - - case CURLOPT_POSTREDIR: - { - /* - * Set the behaviour of POST when redirecting - * CURL_REDIR_GET_ALL - POST is changed to GET after 301 and 302 - * CURL_REDIR_POST_301 - POST is kept as POST after 301 - * CURL_REDIR_POST_302 - POST is kept as POST after 302 - * CURL_REDIR_POST_303 - POST is kept as POST after 303 - * CURL_REDIR_POST_ALL - POST is kept as POST after 301, 302 and 303 - * other - POST is kept as POST after 301 and 302 - */ - arg = va_arg(param, long); - data->set.keep_post = arg & CURL_REDIR_POST_ALL; - } - break; - - case CURLOPT_POST: - /* Does this option serve a purpose anymore? Yes it does, when - CURLOPT_POSTFIELDS isn't used and the POST data is read off the - callback! */ - if(va_arg(param, long)) { - data->set.httpreq = HTTPREQ_POST; - data->set.opt_no_body = FALSE; /* this is implied */ - } - else - data->set.httpreq = HTTPREQ_GET; - break; - - case CURLOPT_COPYPOSTFIELDS: - /* - * A string with POST data. Makes curl HTTP POST. Even if it is NULL. - * If needed, CURLOPT_POSTFIELDSIZE must have been set prior to - * CURLOPT_COPYPOSTFIELDS and not altered later. - */ - argptr = va_arg(param, char *); - - if(!argptr || data->set.postfieldsize == -1) - result = setstropt(&data->set.str[STRING_COPYPOSTFIELDS], argptr); - else { - /* - * Check that requested length does not overflow the size_t type. - */ - - if((data->set.postfieldsize < 0) || - ((sizeof(curl_off_t) != sizeof(size_t)) && - (data->set.postfieldsize > (curl_off_t)((size_t)-1)))) - result = CURLE_OUT_OF_MEMORY; - else { - char *p; - - (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL); - - /* Allocate even when size == 0. This satisfies the need of possible - later address compare to detect the COPYPOSTFIELDS mode, and - to mark that postfields is used rather than read function or - form data. - */ - p = malloc((size_t)(data->set.postfieldsize? - data->set.postfieldsize:1)); - - if(!p) - result = CURLE_OUT_OF_MEMORY; - else { - if(data->set.postfieldsize) - memcpy(p, argptr, (size_t)data->set.postfieldsize); - - data->set.str[STRING_COPYPOSTFIELDS] = p; - } - } - } - - data->set.postfields = data->set.str[STRING_COPYPOSTFIELDS]; - data->set.httpreq = HTTPREQ_POST; - break; - - case CURLOPT_POSTFIELDS: - /* - * Like above, but use static data instead of copying it. - */ - data->set.postfields = va_arg(param, void *); - /* Release old copied data. */ - (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL); - data->set.httpreq = HTTPREQ_POST; - break; - - case CURLOPT_POSTFIELDSIZE: - /* - * The size of the POSTFIELD data to prevent libcurl to do strlen() to - * figure it out. Enables binary posts. - */ - bigsize = va_arg(param, long); - - if(data->set.postfieldsize < bigsize && - data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) { - /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */ - (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL); - data->set.postfields = NULL; - } - - data->set.postfieldsize = bigsize; - break; - - case CURLOPT_POSTFIELDSIZE_LARGE: - /* - * The size of the POSTFIELD data to prevent libcurl to do strlen() to - * figure it out. Enables binary posts. - */ - bigsize = va_arg(param, curl_off_t); - - if(data->set.postfieldsize < bigsize && - data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) { - /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */ - (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL); - data->set.postfields = NULL; - } - - data->set.postfieldsize = bigsize; - break; - - case CURLOPT_HTTPPOST: - /* - * Set to make us do HTTP POST - */ - data->set.httppost = va_arg(param, struct curl_httppost *); - data->set.httpreq = HTTPREQ_POST_FORM; - data->set.opt_no_body = FALSE; /* this is implied */ - break; - - case CURLOPT_REFERER: - /* - * String to set in the HTTP Referer: field. - */ - if(data->change.referer_alloc) { - Curl_safefree(data->change.referer); - data->change.referer_alloc = FALSE; - } - result = setstropt(&data->set.str[STRING_SET_REFERER], - va_arg(param, char *)); - data->change.referer = data->set.str[STRING_SET_REFERER]; - break; - - case CURLOPT_USERAGENT: - /* - * String to use in the HTTP User-Agent field - */ - result = setstropt(&data->set.str[STRING_USERAGENT], - va_arg(param, char *)); - break; - - case CURLOPT_HTTPHEADER: - /* - * Set a list with HTTP headers to use (or replace internals with) - */ - data->set.headers = va_arg(param, struct curl_slist *); - break; - - case CURLOPT_PROXYHEADER: - /* - * Set a list with proxy headers to use (or replace internals with) - * - * Since CURLOPT_HTTPHEADER was the only way to set HTTP headers for a - * long time we remain doing it this way until CURLOPT_PROXYHEADER is - * used. As soon as this option has been used, if set to anything but - * NULL, custom headers for proxies are only picked from this list. - * - * Set this option to NULL to restore the previous behavior. - */ - data->set.proxyheaders = va_arg(param, struct curl_slist *); - break; - - case CURLOPT_HEADEROPT: - /* - * Set header option. - */ - arg = va_arg(param, long); - data->set.sep_headers = (arg & CURLHEADER_SEPARATE)? TRUE: FALSE; - break; - - case CURLOPT_HTTP200ALIASES: - /* - * Set a list of aliases for HTTP 200 in response header - */ - data->set.http200aliases = va_arg(param, struct curl_slist *); - break; - -#if !defined(CURL_DISABLE_COOKIES) - case CURLOPT_COOKIE: - /* - * Cookie string to send to the remote server in the request. - */ - result = setstropt(&data->set.str[STRING_COOKIE], - va_arg(param, char *)); - break; - - case CURLOPT_COOKIEFILE: - /* - * Set cookie file to read and parse. Can be used multiple times. - */ - argptr = (char *)va_arg(param, void *); - if(argptr) { - struct curl_slist *cl; - /* append the cookie file name to the list of file names, and deal with - them later */ - cl = curl_slist_append(data->change.cookielist, argptr); - if(!cl) { - curl_slist_free_all(data->change.cookielist); - data->change.cookielist = NULL; - return CURLE_OUT_OF_MEMORY; - } - data->change.cookielist = cl; /* store the list for later use */ - } - break; - - case CURLOPT_COOKIEJAR: - /* - * Set cookie file name to dump all cookies to when we're done. - */ - { - struct CookieInfo *newcookies; - result = setstropt(&data->set.str[STRING_COOKIEJAR], - va_arg(param, char *)); - - /* - * Activate the cookie parser. This may or may not already - * have been made. - */ - newcookies = Curl_cookie_init(data, NULL, data->cookies, - data->set.cookiesession); - if(!newcookies) - result = CURLE_OUT_OF_MEMORY; - data->cookies = newcookies; - } - break; - - case CURLOPT_COOKIESESSION: - /* - * Set this option to TRUE to start a new "cookie session". It will - * prevent the forthcoming read-cookies-from-file actions to accept - * cookies that are marked as being session cookies, as they belong to a - * previous session. - * - * In the original Netscape cookie spec, "session cookies" are cookies - * with no expire date set. RFC2109 describes the same action if no - * 'Max-Age' is set and RFC2965 includes the RFC2109 description and adds - * a 'Discard' action that can enforce the discard even for cookies that - * have a Max-Age. - * - * We run mostly with the original cookie spec, as hardly anyone implements - * anything else. - */ - data->set.cookiesession = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_COOKIELIST: - argptr = va_arg(param, char *); - - if(argptr == NULL) - break; - - if(strcasecompare(argptr, "ALL")) { - /* clear all cookies */ - Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); - Curl_cookie_clearall(data->cookies); - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); - } - else if(strcasecompare(argptr, "SESS")) { - /* clear session cookies */ - Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); - Curl_cookie_clearsess(data->cookies); - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); - } - else if(strcasecompare(argptr, "FLUSH")) { - /* flush cookies to file, takes care of the locking */ - Curl_flush_cookies(data, 0); - } - else if(strcasecompare(argptr, "RELOAD")) { - /* reload cookies from file */ - Curl_cookie_loadfiles(data); - break; - } - else { - if(!data->cookies) - /* if cookie engine was not running, activate it */ - data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE); - - argptr = strdup(argptr); - if(!argptr || !data->cookies) { - result = CURLE_OUT_OF_MEMORY; - free(argptr); - } - else { - Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); - - if(checkprefix("Set-Cookie:", argptr)) - /* HTTP Header format line */ - Curl_cookie_add(data, data->cookies, TRUE, argptr + 11, NULL, NULL); - - else - /* Netscape format line */ - Curl_cookie_add(data, data->cookies, FALSE, argptr, NULL, NULL); - - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); - free(argptr); - } - } - - break; -#endif /* CURL_DISABLE_COOKIES */ - - case CURLOPT_HTTPGET: - /* - * Set to force us do HTTP GET - */ - if(va_arg(param, long)) { - data->set.httpreq = HTTPREQ_GET; - data->set.upload = FALSE; /* switch off upload */ - data->set.opt_no_body = FALSE; /* this is implied */ - } - break; - - case CURLOPT_HTTP_VERSION: - /* - * This sets a requested HTTP version to be used. The value is one of - * the listed enums in curl/curl.h. - */ - arg = va_arg(param, long); -#ifndef USE_NGHTTP2 - if(arg >= CURL_HTTP_VERSION_2) - return CURLE_UNSUPPORTED_PROTOCOL; -#endif - data->set.httpversion = arg; - break; - - case CURLOPT_HTTPAUTH: - /* - * Set HTTP Authentication type BITMASK. - */ - { - int bitcheck; - bool authbits; - unsigned long auth = va_arg(param, unsigned long); - - if(auth == CURLAUTH_NONE) { - data->set.httpauth = auth; - break; - } - - /* the DIGEST_IE bit is only used to set a special marker, for all the - rest we need to handle it as normal DIGEST */ - data->state.authhost.iestyle = (auth & CURLAUTH_DIGEST_IE) ? TRUE : FALSE; - - if(auth & CURLAUTH_DIGEST_IE) { - auth |= CURLAUTH_DIGEST; /* set standard digest bit */ - auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */ - } - - /* switch off bits we can't support */ -#ifndef USE_NTLM - auth &= ~CURLAUTH_NTLM; /* no NTLM support */ - auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */ -#elif !defined(NTLM_WB_ENABLED) - auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */ -#endif -#ifndef USE_SPNEGO - auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without - GSS-API or SSPI */ -#endif - - /* check if any auth bit lower than CURLAUTH_ONLY is still set */ - bitcheck = 0; - authbits = FALSE; - while(bitcheck < 31) { - if(auth & (1UL << bitcheck++)) { - authbits = TRUE; - break; - } - } - if(!authbits) - return CURLE_NOT_BUILT_IN; /* no supported types left! */ - - data->set.httpauth = auth; - } - break; - - case CURLOPT_EXPECT_100_TIMEOUT_MS: - /* - * Time to wait for a response to a HTTP request containing an - * Expect: 100-continue header before sending the data anyway. - */ - data->set.expect_100_timeout = va_arg(param, long); - break; - -#endif /* CURL_DISABLE_HTTP */ - - case CURLOPT_CUSTOMREQUEST: - /* - * Set a custom string to use as request - */ - result = setstropt(&data->set.str[STRING_CUSTOMREQUEST], - va_arg(param, char *)); - - /* we don't set - data->set.httpreq = HTTPREQ_CUSTOM; - here, we continue as if we were using the already set type - and this just changes the actual request keyword */ - break; - -#ifndef CURL_DISABLE_PROXY - case CURLOPT_HTTPPROXYTUNNEL: - /* - * Tunnel operations through the proxy instead of normal proxy use - */ - data->set.tunnel_thru_httpproxy = (0 != va_arg(param, long)) ? - TRUE : FALSE; - break; - - case CURLOPT_PROXYPORT: - /* - * Explicitly set HTTP proxy port number. - */ - data->set.proxyport = va_arg(param, long); - break; - - case CURLOPT_PROXYAUTH: - /* - * Set HTTP Authentication type BITMASK. - */ - { - int bitcheck; - bool authbits; - unsigned long auth = va_arg(param, unsigned long); - - if(auth == CURLAUTH_NONE) { - data->set.proxyauth = auth; - break; - } - - /* the DIGEST_IE bit is only used to set a special marker, for all the - rest we need to handle it as normal DIGEST */ - data->state.authproxy.iestyle = (auth & CURLAUTH_DIGEST_IE) ? TRUE : FALSE; - - if(auth & CURLAUTH_DIGEST_IE) { - auth |= CURLAUTH_DIGEST; /* set standard digest bit */ - auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */ - } - /* switch off bits we can't support */ -#ifndef USE_NTLM - auth &= ~CURLAUTH_NTLM; /* no NTLM support */ - auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */ -#elif !defined(NTLM_WB_ENABLED) - auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */ -#endif -#ifndef USE_SPNEGO - auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without - GSS-API or SSPI */ -#endif - - /* check if any auth bit lower than CURLAUTH_ONLY is still set */ - bitcheck = 0; - authbits = FALSE; - while(bitcheck < 31) { - if(auth & (1UL << bitcheck++)) { - authbits = TRUE; - break; - } - } - if(!authbits) - return CURLE_NOT_BUILT_IN; /* no supported types left! */ - - data->set.proxyauth = auth; - } - break; - - case CURLOPT_PROXY: - /* - * Set proxy server:port to use as proxy. - * - * If the proxy is set to "" (and CURLOPT_SOCKS_PROXY is set to "" or NULL) - * we explicitly say that we don't want to use a proxy - * (even though there might be environment variables saying so). - * - * Setting it to NULL, means no proxy but allows the environment variables - * to decide for us (if CURLOPT_SOCKS_PROXY setting it to NULL). - */ - result = setstropt(&data->set.str[STRING_PROXY], - va_arg(param, char *)); - break; - - case CURLOPT_PRE_PROXY: - /* - * Set proxy server:port to use as SOCKS proxy. - * - * If the proxy is set to "" or NULL we explicitly say that we don't want - * to use the socks proxy. - */ - result = setstropt(&data->set.str[STRING_PRE_PROXY], - va_arg(param, char *)); - break; - - case CURLOPT_PROXYTYPE: - /* - * Set proxy type. HTTP/HTTP_1_0/SOCKS4/SOCKS4a/SOCKS5/SOCKS5_HOSTNAME - */ - data->set.proxytype = (curl_proxytype)va_arg(param, long); - break; - - case CURLOPT_PROXY_TRANSFER_MODE: - /* - * set transfer mode (;type=) when doing FTP via an HTTP proxy - */ - switch(va_arg(param, long)) { - case 0: - data->set.proxy_transfer_mode = FALSE; - break; - case 1: - data->set.proxy_transfer_mode = TRUE; - break; - default: - /* reserve other values for future use */ - result = CURLE_UNKNOWN_OPTION; - break; - } - break; -#endif /* CURL_DISABLE_PROXY */ - - case CURLOPT_SOCKS5_AUTH: - data->set.socks5auth = va_arg(param, unsigned long); - if(data->set.socks5auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) - result = CURLE_NOT_BUILT_IN; - break; -#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) - case CURLOPT_SOCKS5_GSSAPI_NEC: - /* - * Set flag for NEC SOCK5 support - */ - data->set.socks5_gssapi_nec = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_SOCKS5_GSSAPI_SERVICE: - case CURLOPT_PROXY_SERVICE_NAME: - /* - * Set proxy authentication service name for Kerberos 5 and SPNEGO - */ - result = setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME], - va_arg(param, char *)); - break; -#endif - -#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \ - defined(USE_SPNEGO) - case CURLOPT_SERVICE_NAME: - /* - * Set authentication service name for DIGEST-MD5, Kerberos 5 and SPNEGO - */ - result = setstropt(&data->set.str[STRING_SERVICE_NAME], - va_arg(param, char *)); - break; - -#endif - - case CURLOPT_HEADERDATA: - /* - * Custom pointer to pass the header write callback function - */ - data->set.writeheader = (void *)va_arg(param, void *); - break; - case CURLOPT_ERRORBUFFER: - /* - * Error buffer provided by the caller to get the human readable - * error string in. - */ - data->set.errorbuffer = va_arg(param, char *); - break; - case CURLOPT_WRITEDATA: - /* - * FILE pointer to write to. Or possibly - * used as argument to the write callback. - */ - data->set.out = va_arg(param, void *); - break; - case CURLOPT_FTPPORT: - /* - * Use FTP PORT, this also specifies which IP address to use - */ - result = setstropt(&data->set.str[STRING_FTPPORT], - va_arg(param, char *)); - data->set.ftp_use_port = (data->set.str[STRING_FTPPORT]) ? TRUE : FALSE; - break; - - case CURLOPT_FTP_USE_EPRT: - data->set.ftp_use_eprt = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_FTP_USE_EPSV: - data->set.ftp_use_epsv = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_FTP_USE_PRET: - data->set.ftp_use_pret = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_FTP_SSL_CCC: - data->set.ftp_ccc = (curl_ftpccc)va_arg(param, long); - break; - - case CURLOPT_FTP_SKIP_PASV_IP: - /* - * Enable or disable FTP_SKIP_PASV_IP, which will disable/enable the - * bypass of the IP address in PASV responses. - */ - data->set.ftp_skip_ip = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_READDATA: - /* - * FILE pointer to read the file to be uploaded from. Or possibly - * used as argument to the read callback. - */ - data->set.in_set = va_arg(param, void *); - break; - case CURLOPT_INFILESIZE: - /* - * If known, this should inform curl about the file size of the - * to-be-uploaded file. - */ - data->set.filesize = va_arg(param, long); - break; - case CURLOPT_INFILESIZE_LARGE: - /* - * If known, this should inform curl about the file size of the - * to-be-uploaded file. - */ - data->set.filesize = va_arg(param, curl_off_t); - break; - case CURLOPT_LOW_SPEED_LIMIT: - /* - * The low speed limit that if transfers are below this for - * CURLOPT_LOW_SPEED_TIME, the transfer is aborted. - */ - data->set.low_speed_limit=va_arg(param, long); - break; - case CURLOPT_MAX_SEND_SPEED_LARGE: - /* - * When transfer uploads are faster then CURLOPT_MAX_SEND_SPEED_LARGE - * bytes per second the transfer is throttled.. - */ - data->set.max_send_speed=va_arg(param, curl_off_t); - break; - case CURLOPT_MAX_RECV_SPEED_LARGE: - /* - * When receiving data faster than CURLOPT_MAX_RECV_SPEED_LARGE bytes per - * second the transfer is throttled.. - */ - data->set.max_recv_speed=va_arg(param, curl_off_t); - break; - case CURLOPT_LOW_SPEED_TIME: - /* - * The low speed time that if transfers are below the set - * CURLOPT_LOW_SPEED_LIMIT during this time, the transfer is aborted. - */ - data->set.low_speed_time=va_arg(param, long); - break; - case CURLOPT_URL: - /* - * The URL to fetch. - */ - if(data->change.url_alloc) { - /* the already set URL is allocated, free it first! */ - Curl_safefree(data->change.url); - data->change.url_alloc = FALSE; - } - result = setstropt(&data->set.str[STRING_SET_URL], - va_arg(param, char *)); - data->change.url = data->set.str[STRING_SET_URL]; - break; - case CURLOPT_PORT: - /* - * The port number to use when getting the URL - */ - data->set.use_port = va_arg(param, long); - break; - case CURLOPT_TIMEOUT: - /* - * The maximum time you allow curl to use for a single transfer - * operation. - */ - data->set.timeout = va_arg(param, long) * 1000L; - break; - - case CURLOPT_TIMEOUT_MS: - data->set.timeout = va_arg(param, long); - break; - - case CURLOPT_CONNECTTIMEOUT: - /* - * The maximum time you allow curl to use to connect. - */ - data->set.connecttimeout = va_arg(param, long) * 1000L; - break; - - case CURLOPT_CONNECTTIMEOUT_MS: - data->set.connecttimeout = va_arg(param, long); - break; - - case CURLOPT_ACCEPTTIMEOUT_MS: - /* - * The maximum time you allow curl to wait for server connect - */ - data->set.accepttimeout = va_arg(param, long); - break; - - case CURLOPT_USERPWD: - /* - * user:password to use in the operation - */ - result = setstropt_userpwd(va_arg(param, char *), - &data->set.str[STRING_USERNAME], - &data->set.str[STRING_PASSWORD]); - break; - - case CURLOPT_USERNAME: - /* - * authentication user name to use in the operation - */ - result = setstropt(&data->set.str[STRING_USERNAME], - va_arg(param, char *)); - break; - - case CURLOPT_PASSWORD: - /* - * authentication password to use in the operation - */ - result = setstropt(&data->set.str[STRING_PASSWORD], - va_arg(param, char *)); - break; - - case CURLOPT_LOGIN_OPTIONS: - /* - * authentication options to use in the operation - */ - result = setstropt(&data->set.str[STRING_OPTIONS], - va_arg(param, char *)); - break; - - case CURLOPT_XOAUTH2_BEARER: - /* - * OAuth 2.0 bearer token to use in the operation - */ - result = setstropt(&data->set.str[STRING_BEARER], - va_arg(param, char *)); - break; - - case CURLOPT_POSTQUOTE: - /* - * List of RAW FTP commands to use after a transfer - */ - data->set.postquote = va_arg(param, struct curl_slist *); - break; - case CURLOPT_PREQUOTE: - /* - * List of RAW FTP commands to use prior to RETR (Wesley Laxton) - */ - data->set.prequote = va_arg(param, struct curl_slist *); - break; - case CURLOPT_QUOTE: - /* - * List of RAW FTP commands to use before a transfer - */ - data->set.quote = va_arg(param, struct curl_slist *); - break; - case CURLOPT_RESOLVE: - /* - * List of NAME:[address] names to populate the DNS cache with - * Prefix the NAME with dash (-) to _remove_ the name from the cache. - * - * Names added with this API will remain in the cache until explicitly - * removed or the handle is cleaned up. - * - * This API can remove any name from the DNS cache, but only entries - * that aren't actually in use right now will be pruned immediately. - */ - data->set.resolve = va_arg(param, struct curl_slist *); - data->change.resolve = data->set.resolve; - break; - case CURLOPT_PROGRESSFUNCTION: - /* - * Progress callback function - */ - data->set.fprogress = va_arg(param, curl_progress_callback); - if(data->set.fprogress) - data->progress.callback = TRUE; /* no longer internal */ - else - data->progress.callback = FALSE; /* NULL enforces internal */ - break; - - case CURLOPT_XFERINFOFUNCTION: - /* - * Transfer info callback function - */ - data->set.fxferinfo = va_arg(param, curl_xferinfo_callback); - if(data->set.fxferinfo) - data->progress.callback = TRUE; /* no longer internal */ - else - data->progress.callback = FALSE; /* NULL enforces internal */ - - break; - - case CURLOPT_PROGRESSDATA: - /* - * Custom client data to pass to the progress callback - */ - data->set.progress_client = va_arg(param, void *); - break; - -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXYUSERPWD: - /* - * user:password needed to use the proxy - */ - result = setstropt_userpwd(va_arg(param, char *), - &data->set.str[STRING_PROXYUSERNAME], - &data->set.str[STRING_PROXYPASSWORD]); - break; - case CURLOPT_PROXYUSERNAME: - /* - * authentication user name to use in the operation - */ - result = setstropt(&data->set.str[STRING_PROXYUSERNAME], - va_arg(param, char *)); - break; - case CURLOPT_PROXYPASSWORD: - /* - * authentication password to use in the operation - */ - result = setstropt(&data->set.str[STRING_PROXYPASSWORD], - va_arg(param, char *)); - break; - case CURLOPT_NOPROXY: - /* - * proxy exception list - */ - result = setstropt(&data->set.str[STRING_NOPROXY], - va_arg(param, char *)); - break; -#endif - - case CURLOPT_RANGE: - /* - * What range of the file you want to transfer - */ - result = setstropt(&data->set.str[STRING_SET_RANGE], - va_arg(param, char *)); - break; - case CURLOPT_RESUME_FROM: - /* - * Resume transfer at the give file position - */ - data->set.set_resume_from = va_arg(param, long); - break; - case CURLOPT_RESUME_FROM_LARGE: - /* - * Resume transfer at the give file position - */ - data->set.set_resume_from = va_arg(param, curl_off_t); - break; - case CURLOPT_DEBUGFUNCTION: - /* - * stderr write callback. - */ - data->set.fdebug = va_arg(param, curl_debug_callback); - /* - * if the callback provided is NULL, it'll use the default callback - */ - break; - case CURLOPT_DEBUGDATA: - /* - * Set to a void * that should receive all error writes. This - * defaults to CURLOPT_STDERR for normal operations. - */ - data->set.debugdata = va_arg(param, void *); - break; - case CURLOPT_STDERR: - /* - * Set to a FILE * that should receive all error writes. This - * defaults to stderr for normal operations. - */ - data->set.err = va_arg(param, FILE *); - if(!data->set.err) - data->set.err = stderr; - break; - case CURLOPT_HEADERFUNCTION: - /* - * Set header write callback - */ - data->set.fwrite_header = va_arg(param, curl_write_callback); - break; - case CURLOPT_WRITEFUNCTION: - /* - * Set data write callback - */ - data->set.fwrite_func = va_arg(param, curl_write_callback); - if(!data->set.fwrite_func) { - data->set.is_fwrite_set = 0; - /* When set to NULL, reset to our internal default function */ - data->set.fwrite_func = (curl_write_callback)fwrite; - } - else - data->set.is_fwrite_set = 1; - break; - case CURLOPT_READFUNCTION: - /* - * Read data callback - */ - data->set.fread_func_set = va_arg(param, curl_read_callback); - if(!data->set.fread_func_set) { - data->set.is_fread_set = 0; - /* When set to NULL, reset to our internal default function */ - data->set.fread_func_set = (curl_read_callback)fread; - } - else - data->set.is_fread_set = 1; - break; - case CURLOPT_SEEKFUNCTION: - /* - * Seek callback. Might be NULL. - */ - data->set.seek_func = va_arg(param, curl_seek_callback); - break; - case CURLOPT_SEEKDATA: - /* - * Seek control callback. Might be NULL. - */ - data->set.seek_client = va_arg(param, void *); - break; - case CURLOPT_CONV_FROM_NETWORK_FUNCTION: - /* - * "Convert from network encoding" callback - */ - data->set.convfromnetwork = va_arg(param, curl_conv_callback); - break; - case CURLOPT_CONV_TO_NETWORK_FUNCTION: - /* - * "Convert to network encoding" callback - */ - data->set.convtonetwork = va_arg(param, curl_conv_callback); - break; - case CURLOPT_CONV_FROM_UTF8_FUNCTION: - /* - * "Convert from UTF-8 encoding" callback - */ - data->set.convfromutf8 = va_arg(param, curl_conv_callback); - break; - case CURLOPT_IOCTLFUNCTION: - /* - * I/O control callback. Might be NULL. - */ - data->set.ioctl_func = va_arg(param, curl_ioctl_callback); - break; - case CURLOPT_IOCTLDATA: - /* - * I/O control data pointer. Might be NULL. - */ - data->set.ioctl_client = va_arg(param, void *); - break; - case CURLOPT_SSLCERT: - /* - * String that holds file name of the SSL certificate to use - */ - result = setstropt(&data->set.str[STRING_CERT_ORIG], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_SSLCERT: - /* - * String that holds file name of the SSL certificate to use for proxy - */ - result = setstropt(&data->set.str[STRING_CERT_PROXY], - va_arg(param, char *)); - break; - case CURLOPT_SSLCERTTYPE: - /* - * String that holds file type of the SSL certificate to use - */ - result = setstropt(&data->set.str[STRING_CERT_TYPE_ORIG], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_SSLCERTTYPE: - /* - * String that holds file type of the SSL certificate to use for proxy - */ - result = setstropt(&data->set.str[STRING_CERT_TYPE_PROXY], - va_arg(param, char *)); - break; - case CURLOPT_SSLKEY: - /* - * String that holds file name of the SSL key to use - */ - result = setstropt(&data->set.str[STRING_KEY_ORIG], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_SSLKEY: - /* - * String that holds file name of the SSL key to use for proxy - */ - result = setstropt(&data->set.str[STRING_KEY_PROXY], - va_arg(param, char *)); - break; - case CURLOPT_SSLKEYTYPE: - /* - * String that holds file type of the SSL key to use - */ - result = setstropt(&data->set.str[STRING_KEY_TYPE_ORIG], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_SSLKEYTYPE: - /* - * String that holds file type of the SSL key to use for proxy - */ - result = setstropt(&data->set.str[STRING_KEY_TYPE_PROXY], - va_arg(param, char *)); - break; - case CURLOPT_KEYPASSWD: - /* - * String that holds the SSL or SSH private key password. - */ - result = setstropt(&data->set.str[STRING_KEY_PASSWD_ORIG], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_KEYPASSWD: - /* - * String that holds the SSL private key password for proxy. - */ - result = setstropt(&data->set.str[STRING_KEY_PASSWD_PROXY], - va_arg(param, char *)); - break; - case CURLOPT_SSLENGINE: - /* - * String that holds the SSL crypto engine. - */ - argptr = va_arg(param, char *); - if(argptr && argptr[0]) - result = Curl_ssl_set_engine(data, argptr); - break; - - case CURLOPT_SSLENGINE_DEFAULT: - /* - * flag to set engine as default. - */ - result = Curl_ssl_set_engine_default(data); - break; - case CURLOPT_CRLF: - /* - * Kludgy option to enable CRLF conversions. Subject for removal. - */ - data->set.crlf = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_INTERFACE: - /* - * Set what interface or address/hostname to bind the socket to when - * performing an operation and thus what from-IP your connection will use. - */ - result = setstropt(&data->set.str[STRING_DEVICE], - va_arg(param, char *)); - break; - case CURLOPT_LOCALPORT: - /* - * Set what local port to bind the socket to when performing an operation. - */ - arg = va_arg(param, long); - if((arg < 0) || (arg > 65535)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.localport = curlx_sltous(arg); - break; - case CURLOPT_LOCALPORTRANGE: - /* - * Set number of local ports to try, starting with CURLOPT_LOCALPORT. - */ - arg = va_arg(param, long); - if((arg < 0) || (arg > 65535)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.localportrange = curlx_sltosi(arg); - break; - case CURLOPT_KRBLEVEL: - /* - * A string that defines the kerberos security level. - */ - result = setstropt(&data->set.str[STRING_KRB_LEVEL], - va_arg(param, char *)); - data->set.krb = (data->set.str[STRING_KRB_LEVEL]) ? TRUE : FALSE; - break; - case CURLOPT_GSSAPI_DELEGATION: - /* - * GSS-API credential delegation - */ - data->set.gssapi_delegation = va_arg(param, long); - break; - case CURLOPT_SSL_VERIFYPEER: - /* - * Enable peer SSL verifying. - */ - data->set.ssl.primary.verifypeer = (0 != va_arg(param, long)) ? - TRUE : FALSE; - break; - case CURLOPT_PROXY_SSL_VERIFYPEER: - /* - * Enable peer SSL verifying for proxy. - */ - data->set.proxy_ssl.primary.verifypeer = - (0 != va_arg(param, long))?TRUE:FALSE; - break; - case CURLOPT_SSL_VERIFYHOST: - /* - * Enable verification of the host name in the peer certificate - */ - arg = va_arg(param, long); - - /* Obviously people are not reading documentation and too many thought - this argument took a boolean when it wasn't and misused it. We thus ban - 1 as a sensible input and we warn about its use. Then we only have the - 2 action internally stored as TRUE. */ - - if(1 == arg) { - failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!"); - return CURLE_BAD_FUNCTION_ARGUMENT; - } - - data->set.ssl.primary.verifyhost = (0 != arg) ? TRUE : FALSE; - break; - case CURLOPT_PROXY_SSL_VERIFYHOST: - /* - * Enable verification of the host name in the peer certificate for proxy - */ - arg = va_arg(param, long); - - /* Obviously people are not reading documentation and too many thought - this argument took a boolean when it wasn't and misused it. We thus ban - 1 as a sensible input and we warn about its use. Then we only have the - 2 action internally stored as TRUE. */ - - if(1 == arg) { - failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!"); - return CURLE_BAD_FUNCTION_ARGUMENT; - } - - data->set.proxy_ssl.primary.verifyhost = (0 != arg)?TRUE:FALSE; - break; - case CURLOPT_SSL_VERIFYSTATUS: - /* - * Enable certificate status verifying. - */ - if(!Curl_ssl_cert_status_request()) { - result = CURLE_NOT_BUILT_IN; - break; - } - - data->set.ssl.primary.verifystatus = (0 != va_arg(param, long)) ? - TRUE : FALSE; - break; - case CURLOPT_SSL_CTX_FUNCTION: -#ifdef have_curlssl_ssl_ctx - /* - * Set a SSL_CTX callback - */ - data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback); -#else - result = CURLE_NOT_BUILT_IN; -#endif - break; - case CURLOPT_SSL_CTX_DATA: -#ifdef have_curlssl_ssl_ctx - /* - * Set a SSL_CTX callback parameter pointer - */ - data->set.ssl.fsslctxp = va_arg(param, void *); -#else - result = CURLE_NOT_BUILT_IN; -#endif - break; - case CURLOPT_SSL_FALSESTART: - /* - * Enable TLS false start. - */ - if(!Curl_ssl_false_start()) { - result = CURLE_NOT_BUILT_IN; - break; - } - - data->set.ssl.falsestart = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_CERTINFO: -#ifdef have_curlssl_certinfo - data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE; -#else - result = CURLE_NOT_BUILT_IN; -#endif - break; - case CURLOPT_PINNEDPUBLICKEY: -#ifdef have_curlssl_pinnedpubkey /* only by supported backends */ - /* - * Set pinned public key for SSL connection. - * Specify file name of the public key in DER format. - */ - result = setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG], - va_arg(param, char *)); -#else - result = CURLE_NOT_BUILT_IN; -#endif - break; - case CURLOPT_PROXY_PINNEDPUBLICKEY: -#ifdef have_curlssl_pinnedpubkey /* only by supported backends */ - /* - * Set pinned public key for SSL connection. - * Specify file name of the public key in DER format. - */ - result = setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY], - va_arg(param, char *)); -#else - result = CURLE_NOT_BUILT_IN; -#endif - break; - case CURLOPT_CAINFO: - /* - * Set CA info for SSL connection. Specify file name of the CA certificate - */ - result = setstropt(&data->set.str[STRING_SSL_CAFILE_ORIG], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_CAINFO: - /* - * Set CA info SSL connection for proxy. Specify file name of the - * CA certificate - */ - result = setstropt(&data->set.str[STRING_SSL_CAFILE_PROXY], - va_arg(param, char *)); - break; - case CURLOPT_CAPATH: -#ifdef have_curlssl_ca_path /* not supported by all backends */ - /* - * Set CA path info for SSL connection. Specify directory name of the CA - * certificates which have been prepared using openssl c_rehash utility. - */ - /* This does not work on windows. */ - result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG], - va_arg(param, char *)); -#else - result = CURLE_NOT_BUILT_IN; -#endif - break; - case CURLOPT_PROXY_CAPATH: -#ifdef have_curlssl_ca_path /* not supported by all backends */ - /* - * Set CA path info for SSL connection proxy. Specify directory name of the - * CA certificates which have been prepared using openssl c_rehash utility. - */ - /* This does not work on windows. */ - result = setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY], - va_arg(param, char *)); -#else - result = CURLE_NOT_BUILT_IN; -#endif - break; - case CURLOPT_CRLFILE: - /* - * Set CRL file info for SSL connection. Specify file name of the CRL - * to check certificates revocation - */ - result = setstropt(&data->set.str[STRING_SSL_CRLFILE_ORIG], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_CRLFILE: - /* - * Set CRL file info for SSL connection for proxy. Specify file name of the - * CRL to check certificates revocation - */ - result = setstropt(&data->set.str[STRING_SSL_CRLFILE_PROXY], - va_arg(param, char *)); - break; - case CURLOPT_ISSUERCERT: - /* - * Set Issuer certificate file - * to check certificates issuer - */ - result = setstropt(&data->set.str[STRING_SSL_ISSUERCERT_ORIG], - va_arg(param, char *)); - break; - case CURLOPT_TELNETOPTIONS: - /* - * Set a linked list of telnet options - */ - data->set.telnet_options = va_arg(param, struct curl_slist *); - break; - - case CURLOPT_BUFFERSIZE: - /* - * The application kindly asks for a differently sized receive buffer. - * If it seems reasonable, we'll use it. - */ - arg = va_arg(param, long); - - if(arg > READBUFFER_MAX) - arg = READBUFFER_MAX; - else if(arg < 1) - arg = READBUFFER_SIZE; - else if(arg < READBUFFER_MIN) - arg = READBUFFER_MIN; - - /* Resize if new size */ - if(arg != data->set.buffer_size) { - char *newbuff = realloc(data->state.buffer, arg + 1); - if(!newbuff) { - DEBUGF(fprintf(stderr, "Error: realloc of buffer failed\n")); - result = CURLE_OUT_OF_MEMORY; - } - else - data->state.buffer = newbuff; - } - data->set.buffer_size = arg; - - break; - - case CURLOPT_NOSIGNAL: - /* - * The application asks not to set any signal() or alarm() handlers, - * even when using a timeout. - */ - data->set.no_signal = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_SHARE: - { - struct Curl_share *set; - set = va_arg(param, struct Curl_share *); - - /* disconnect from old share, if any */ - if(data->share) { - Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE); - - if(data->dns.hostcachetype == HCACHE_SHARED) { - data->dns.hostcache = NULL; - data->dns.hostcachetype = HCACHE_NONE; - } - -#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) - if(data->share->cookies == data->cookies) - data->cookies = NULL; -#endif - - if(data->share->sslsession == data->state.session) - data->state.session = NULL; - - data->share->dirty--; - - Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); - data->share = NULL; - } - - /* use new share if it set */ - data->share = set; - if(data->share) { - - Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE); - - data->share->dirty++; - - if(data->share->specifier & (1<< CURL_LOCK_DATA_DNS)) { - /* use shared host cache */ - data->dns.hostcache = &data->share->hostcache; - data->dns.hostcachetype = HCACHE_SHARED; - } -#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) - if(data->share->cookies) { - /* use shared cookie list, first free own one if any */ - Curl_cookie_cleanup(data->cookies); - /* enable cookies since we now use a share that uses cookies! */ - data->cookies = data->share->cookies; - } -#endif /* CURL_DISABLE_HTTP */ - if(data->share->sslsession) { - data->set.general_ssl.max_ssl_sessions = data->share->max_ssl_sessions; - data->state.session = data->share->sslsession; - } - Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); - - } - /* check for host cache not needed, - * it will be done by curl_easy_perform */ - } - break; - - case CURLOPT_PRIVATE: - /* - * Set private data pointer. - */ - data->set.private_data = va_arg(param, void *); - break; - - case CURLOPT_MAXFILESIZE: - /* - * Set the maximum size of a file to download. - */ - data->set.max_filesize = va_arg(param, long); - break; - -#ifdef USE_SSL - case CURLOPT_USE_SSL: - /* - * Make transfers attempt to use SSL/TLS. - */ - data->set.use_ssl = (curl_usessl)va_arg(param, long); - break; - - case CURLOPT_SSL_OPTIONS: - arg = va_arg(param, long); - data->set.ssl.enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE; - data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); - break; - - case CURLOPT_PROXY_SSL_OPTIONS: - arg = va_arg(param, long); - data->set.proxy_ssl.enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE; - data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); - break; - -#endif - case CURLOPT_FTPSSLAUTH: - /* - * Set a specific auth for FTP-SSL transfers. - */ - data->set.ftpsslauth = (curl_ftpauth)va_arg(param, long); - break; - - case CURLOPT_IPRESOLVE: - data->set.ipver = va_arg(param, long); - break; - - case CURLOPT_MAXFILESIZE_LARGE: - /* - * Set the maximum size of a file to download. - */ - data->set.max_filesize = va_arg(param, curl_off_t); - break; - - case CURLOPT_TCP_NODELAY: - /* - * Enable or disable TCP_NODELAY, which will disable/enable the Nagle - * algorithm - */ - data->set.tcp_nodelay = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_FTP_ACCOUNT: - result = setstropt(&data->set.str[STRING_FTP_ACCOUNT], - va_arg(param, char *)); - break; - - case CURLOPT_IGNORE_CONTENT_LENGTH: - data->set.ignorecl = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_CONNECT_ONLY: - /* - * No data transfer, set up connection and let application use the socket - */ - data->set.connect_only = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - - case CURLOPT_FTP_ALTERNATIVE_TO_USER: - result = setstropt(&data->set.str[STRING_FTP_ALTERNATIVE_TO_USER], - va_arg(param, char *)); - break; - - case CURLOPT_SOCKOPTFUNCTION: - /* - * socket callback function: called after socket() but before connect() - */ - data->set.fsockopt = va_arg(param, curl_sockopt_callback); - break; - - case CURLOPT_SOCKOPTDATA: - /* - * socket callback data pointer. Might be NULL. - */ - data->set.sockopt_client = va_arg(param, void *); - break; - - case CURLOPT_OPENSOCKETFUNCTION: - /* - * open/create socket callback function: called instead of socket(), - * before connect() - */ - data->set.fopensocket = va_arg(param, curl_opensocket_callback); - break; - - case CURLOPT_OPENSOCKETDATA: - /* - * socket callback data pointer. Might be NULL. - */ - data->set.opensocket_client = va_arg(param, void *); - break; - - case CURLOPT_CLOSESOCKETFUNCTION: - /* - * close socket callback function: called instead of close() - * when shutting down a connection - */ - data->set.fclosesocket = va_arg(param, curl_closesocket_callback); - break; - - case CURLOPT_CLOSESOCKETDATA: - /* - * socket callback data pointer. Might be NULL. - */ - data->set.closesocket_client = va_arg(param, void *); - break; - - case CURLOPT_SSL_SESSIONID_CACHE: - data->set.ssl.primary.sessionid = (0 != va_arg(param, long)) ? - TRUE : FALSE; - data->set.proxy_ssl.primary.sessionid = data->set.ssl.primary.sessionid; - break; - -#ifdef USE_LIBSSH2 - /* we only include SSH options if explicitly built to support SSH */ - case CURLOPT_SSH_AUTH_TYPES: - data->set.ssh_auth_types = va_arg(param, long); - break; - - case CURLOPT_SSH_PUBLIC_KEYFILE: - /* - * Use this file instead of the $HOME/.ssh/id_dsa.pub file - */ - result = setstropt(&data->set.str[STRING_SSH_PUBLIC_KEY], - va_arg(param, char *)); - break; - - case CURLOPT_SSH_PRIVATE_KEYFILE: - /* - * Use this file instead of the $HOME/.ssh/id_dsa file - */ - result = setstropt(&data->set.str[STRING_SSH_PRIVATE_KEY], - va_arg(param, char *)); - break; - case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5: - /* - * Option to allow for the MD5 of the host public key to be checked - * for validation purposes. - */ - result = setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5], - va_arg(param, char *)); - break; -#ifdef HAVE_LIBSSH2_KNOWNHOST_API - case CURLOPT_SSH_KNOWNHOSTS: - /* - * Store the file name to read known hosts from. - */ - result = setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS], - va_arg(param, char *)); - break; - - case CURLOPT_SSH_KEYFUNCTION: - /* setting to NULL is fine since the ssh.c functions themselves will - then rever to use the internal default */ - data->set.ssh_keyfunc = va_arg(param, curl_sshkeycallback); - break; + set->ssl.primary.verifypeer = TRUE; + set->ssl.primary.verifyhost = TRUE; +#ifdef USE_TLS_SRP + set->ssl.authtype = CURL_TLSAUTH_NONE; +#endif + set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth + type */ + set->ssl.primary.sessionid = TRUE; /* session ID caching enabled by + default */ + set->proxy_ssl = set->ssl; - case CURLOPT_SSH_KEYDATA: - /* - * Custom client data to pass to the SSH keyfunc callback - */ - data->set.ssh_keyfunc_userp = va_arg(param, void *); - break; -#endif /* HAVE_LIBSSH2_KNOWNHOST_API */ + set->new_file_perms = 0644; /* Default permissions */ + set->new_directory_perms = 0755; /* Default permissions */ -#endif /* USE_LIBSSH2 */ + /* for the *protocols fields we don't use the CURLPROTO_ALL convenience + define since we internally only use the lower 16 bits for the passed + in bitmask to not conflict with the private bits */ + set->allowed_protocols = CURLPROTO_ALL; + set->redir_protocols = CURLPROTO_ALL & /* All except FILE, SCP and SMB */ + ~(CURLPROTO_FILE | CURLPROTO_SCP | CURLPROTO_SMB | + CURLPROTO_SMBS); - case CURLOPT_HTTP_TRANSFER_DECODING: - /* - * disable libcurl transfer encoding is used - */ - data->set.http_te_skip = (0 == va_arg(param, long)) ? TRUE : FALSE; - break; +#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) + /* + * disallow unprotected protection negotiation NEC reference implementation + * seem not to follow rfc1961 section 4.3/4.4 + */ + set->socks5_gssapi_nec = FALSE; +#endif - case CURLOPT_HTTP_CONTENT_DECODING: - /* - * raw data passed to the application when content encoding is used - */ - data->set.http_ce_skip = (0 == va_arg(param, long)) ? TRUE : FALSE; - break; + /* This is our preferred CA cert bundle/path since install time */ +#if defined(CURL_CA_BUNDLE) + result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE); + if(result) + return result; - case CURLOPT_NEW_FILE_PERMS: - /* - * Uses these permissions instead of 0644 - */ - data->set.new_file_perms = va_arg(param, long); - break; + result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE); + if(result) + return result; +#endif +#if defined(CURL_CA_PATH) + result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_ORIG], CURL_CA_PATH); + if(result) + return result; - case CURLOPT_NEW_DIRECTORY_PERMS: - /* - * Uses these permissions instead of 0755 - */ - data->set.new_directory_perms = va_arg(param, long); - break; + result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH); + if(result) + return result; +#endif - case CURLOPT_ADDRESS_SCOPE: - /* - * We always get longs when passed plain numericals, but for this value we - * know that an unsigned int will always hold the value so we blindly - * typecast to this type - */ - arg = va_arg(param, long); - if((arg < 0) || (arg > 0xf)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.scope_id = curlx_sltoui(arg); - break; - - case CURLOPT_PROTOCOLS: - /* set the bitmask for the protocols that are allowed to be used for the - transfer, which thus helps the app which takes URLs from users or other - external inputs and want to restrict what protocol(s) to deal - with. Defaults to CURLPROTO_ALL. */ - data->set.allowed_protocols = va_arg(param, long); - break; - - case CURLOPT_REDIR_PROTOCOLS: - /* set the bitmask for the protocols that libcurl is allowed to follow to, - as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs - to be set in both bitmasks to be allowed to get redirected to. Defaults - to all protocols except FILE and SCP. */ - data->set.redir_protocols = va_arg(param, long); - break; - - case CURLOPT_DEFAULT_PROTOCOL: - /* Set the protocol to use when the URL doesn't include any protocol */ - result = setstropt(&data->set.str[STRING_DEFAULT_PROTOCOL], - va_arg(param, char *)); - break; - - case CURLOPT_MAIL_FROM: - /* Set the SMTP mail originator */ - result = setstropt(&data->set.str[STRING_MAIL_FROM], - va_arg(param, char *)); - break; - - case CURLOPT_MAIL_AUTH: - /* Set the SMTP auth originator */ - result = setstropt(&data->set.str[STRING_MAIL_AUTH], - va_arg(param, char *)); - break; - - case CURLOPT_MAIL_RCPT: - /* Set the list of mail recipients */ - data->set.mail_rcpt = va_arg(param, struct curl_slist *); - break; - - case CURLOPT_SASL_IR: - /* Enable/disable SASL initial response */ - data->set.sasl_ir = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; + set->wildcard_enabled = FALSE; + set->chunk_bgn = ZERO_NULL; + set->chunk_end = ZERO_NULL; - case CURLOPT_RTSP_REQUEST: - { - /* - * Set the RTSP request method (OPTIONS, SETUP, PLAY, etc...) - * Would this be better if the RTSPREQ_* were just moved into here? - */ - long curl_rtspreq = va_arg(param, long); - Curl_RtspReq rtspreq = RTSPREQ_NONE; - switch(curl_rtspreq) { - case CURL_RTSPREQ_OPTIONS: - rtspreq = RTSPREQ_OPTIONS; - break; + /* tcp keepalives are disabled by default, but provide reasonable values for + * the interval and idle times. + */ + set->tcp_keepalive = FALSE; + set->tcp_keepintvl = 60; + set->tcp_keepidle = 60; + set->tcp_fastopen = FALSE; + set->tcp_nodelay = TRUE; - case CURL_RTSPREQ_DESCRIBE: - rtspreq = RTSPREQ_DESCRIBE; - break; + set->ssl_enable_npn = TRUE; + set->ssl_enable_alpn = TRUE; - case CURL_RTSPREQ_ANNOUNCE: - rtspreq = RTSPREQ_ANNOUNCE; - break; + set->expect_100_timeout = 1000L; /* Wait for a second by default. */ + set->sep_headers = TRUE; /* separated header lists by default */ + set->buffer_size = READBUFFER_SIZE; - case CURL_RTSPREQ_SETUP: - rtspreq = RTSPREQ_SETUP; - break; + Curl_http2_init_userset(set); + return result; +} - case CURL_RTSPREQ_PLAY: - rtspreq = RTSPREQ_PLAY; - break; +/** + * Curl_open() + * + * @param curl is a pointer to a sessionhandle pointer that gets set by this + * function. + * @return CURLcode + */ - case CURL_RTSPREQ_PAUSE: - rtspreq = RTSPREQ_PAUSE; - break; +CURLcode Curl_open(struct Curl_easy **curl) +{ + CURLcode result; + struct Curl_easy *data; - case CURL_RTSPREQ_TEARDOWN: - rtspreq = RTSPREQ_TEARDOWN; - break; + /* Very simple start-up: alloc the struct, init it with zeroes and return */ + data = calloc(1, sizeof(struct Curl_easy)); + if(!data) { + /* this is a very serious error */ + DEBUGF(fprintf(stderr, "Error: calloc of Curl_easy failed\n")); + return CURLE_OUT_OF_MEMORY; + } - case CURL_RTSPREQ_GET_PARAMETER: - rtspreq = RTSPREQ_GET_PARAMETER; - break; + data->magic = CURLEASY_MAGIC_NUMBER; - case CURL_RTSPREQ_SET_PARAMETER: - rtspreq = RTSPREQ_SET_PARAMETER; - break; + result = Curl_resolver_init(&data->state.resolver); + if(result) { + DEBUGF(fprintf(stderr, "Error: resolver_init failed\n")); + free(data); + return result; + } - case CURL_RTSPREQ_RECORD: - rtspreq = RTSPREQ_RECORD; - break; + /* We do some initial setup here, all those fields that can't be just 0 */ - case CURL_RTSPREQ_RECEIVE: - rtspreq = RTSPREQ_RECEIVE; - break; - default: - rtspreq = RTSPREQ_NONE; - } + data->state.buffer = malloc(READBUFFER_SIZE + 1); + if(!data->state.buffer) { + DEBUGF(fprintf(stderr, "Error: malloc of buffer failed\n")); + result = CURLE_OUT_OF_MEMORY; + } + else { + Curl_mime_initpart(&data->set.mimepost, data); - data->set.rtspreq = rtspreq; - break; + data->state.headerbuff = malloc(HEADERSIZE); + if(!data->state.headerbuff) { + DEBUGF(fprintf(stderr, "Error: malloc of headerbuff failed\n")); + result = CURLE_OUT_OF_MEMORY; } + else { + result = Curl_init_userdefined(&data->set); + data->state.headersize = HEADERSIZE; + Curl_convert_init(data); + Curl_initinfo(data); - case CURLOPT_RTSP_SESSION_ID: - /* - * Set the RTSP Session ID manually. Useful if the application is - * resuming a previously established RTSP session - */ - result = setstropt(&data->set.str[STRING_RTSP_SESSION_ID], - va_arg(param, char *)); - break; - - case CURLOPT_RTSP_STREAM_URI: - /* - * Set the Stream URI for the RTSP request. Unless the request is - * for generic server options, the application will need to set this. - */ - result = setstropt(&data->set.str[STRING_RTSP_STREAM_URI], - va_arg(param, char *)); - break; - - case CURLOPT_RTSP_TRANSPORT: - /* - * The content of the Transport: header for the RTSP request - */ - result = setstropt(&data->set.str[STRING_RTSP_TRANSPORT], - va_arg(param, char *)); - break; + /* most recent connection is not yet defined */ + data->state.lastconnect = NULL; - case CURLOPT_RTSP_CLIENT_CSEQ: - /* - * Set the CSEQ number to issue for the next RTSP request. Useful if the - * application is resuming a previously broken connection. The CSEQ - * will increment from this new number henceforth. - */ - data->state.rtsp_next_client_CSeq = va_arg(param, long); - break; + data->progress.flags |= PGRS_HIDE; + data->state.current_speed = -1; /* init to negative == impossible */ + data->set.fnmatch = ZERO_NULL; + data->set.maxconnects = DEFAULT_CONNCACHE_SIZE; /* for easy handles */ - case CURLOPT_RTSP_SERVER_CSEQ: - /* Same as the above, but for server-initiated requests */ - data->state.rtsp_next_client_CSeq = va_arg(param, long); - break; - - case CURLOPT_INTERLEAVEDATA: - data->set.rtp_out = va_arg(param, void *); - break; - case CURLOPT_INTERLEAVEFUNCTION: - /* Set the user defined RTP write function */ - data->set.fwrite_rtp = va_arg(param, curl_write_callback); - break; - - case CURLOPT_WILDCARDMATCH: - data->set.wildcardmatch = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_CHUNK_BGN_FUNCTION: - data->set.chunk_bgn = va_arg(param, curl_chunk_bgn_callback); - break; - case CURLOPT_CHUNK_END_FUNCTION: - data->set.chunk_end = va_arg(param, curl_chunk_end_callback); - break; - case CURLOPT_FNMATCH_FUNCTION: - data->set.fnmatch = va_arg(param, curl_fnmatch_callback); - break; - case CURLOPT_CHUNK_DATA: - data->wildcard.customptr = va_arg(param, void *); - break; - case CURLOPT_FNMATCH_DATA: - data->set.fnmatch_data = va_arg(param, void *); - break; -#ifdef USE_TLS_SRP - case CURLOPT_TLSAUTH_USERNAME: - result = setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_ORIG], - va_arg(param, char *)); - if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] && !data->set.ssl.authtype) - data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ - break; - case CURLOPT_PROXY_TLSAUTH_USERNAME: - result = setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], - va_arg(param, char *)); - if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && - !data->set.proxy_ssl.authtype) - data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ - break; - case CURLOPT_TLSAUTH_PASSWORD: - result = setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_ORIG], - va_arg(param, char *)); - if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] && !data->set.ssl.authtype) - data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ - break; - case CURLOPT_PROXY_TLSAUTH_PASSWORD: - result = setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], - va_arg(param, char *)); - if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && - !data->set.proxy_ssl.authtype) - data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ - break; - case CURLOPT_TLSAUTH_TYPE: - argptr = va_arg(param, char *); - if(!argptr || - strncasecompare(argptr, "SRP", strlen("SRP"))) - data->set.ssl.authtype = CURL_TLSAUTH_SRP; - else - data->set.ssl.authtype = CURL_TLSAUTH_NONE; - break; - case CURLOPT_PROXY_TLSAUTH_TYPE: - argptr = va_arg(param, char *); - if(!argptr || - strncasecompare(argptr, "SRP", strlen("SRP"))) - data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; - else - data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE; - break; -#endif - case CURLOPT_DNS_SERVERS: - result = Curl_set_dns_servers(data, va_arg(param, char *)); - break; - case CURLOPT_DNS_INTERFACE: - result = Curl_set_dns_interface(data, va_arg(param, char *)); - break; - case CURLOPT_DNS_LOCAL_IP4: - result = Curl_set_dns_local_ip4(data, va_arg(param, char *)); - break; - case CURLOPT_DNS_LOCAL_IP6: - result = Curl_set_dns_local_ip6(data, va_arg(param, char *)); - break; - - case CURLOPT_TCP_KEEPALIVE: - data->set.tcp_keepalive = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_TCP_KEEPIDLE: - data->set.tcp_keepidle = va_arg(param, long); - break; - case CURLOPT_TCP_KEEPINTVL: - data->set.tcp_keepintvl = va_arg(param, long); - break; - case CURLOPT_TCP_FASTOPEN: -#if defined(CONNECT_DATA_IDEMPOTENT) || defined(MSG_FASTOPEN) - data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE; -#else - result = CURLE_NOT_BUILT_IN; -#endif - break; - case CURLOPT_SSL_ENABLE_NPN: - data->set.ssl_enable_npn = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_SSL_ENABLE_ALPN: - data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; + Curl_http2_init_state(&data->state); + } + } -#ifdef USE_UNIX_SOCKETS - case CURLOPT_UNIX_SOCKET_PATH: - data->set.abstract_unix_socket = FALSE; - result = setstropt(&data->set.str[STRING_UNIX_SOCKET_PATH], - va_arg(param, char *)); - break; - case CURLOPT_ABSTRACT_UNIX_SOCKET: - data->set.abstract_unix_socket = TRUE; - result = setstropt(&data->set.str[STRING_UNIX_SOCKET_PATH], - va_arg(param, char *)); - break; -#endif - - case CURLOPT_PATH_AS_IS: - data->set.path_as_is = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_PIPEWAIT: - data->set.pipewait = (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - case CURLOPT_STREAM_WEIGHT: -#ifndef USE_NGHTTP2 - return CURLE_NOT_BUILT_IN; -#else - arg = va_arg(param, long); - if((arg>=1) && (arg <= 256)) - data->set.stream_weight = (int)arg; - break; -#endif - case CURLOPT_STREAM_DEPENDS: - case CURLOPT_STREAM_DEPENDS_E: - { -#ifndef USE_NGHTTP2 - return CURLE_NOT_BUILT_IN; -#else - struct Curl_easy *dep = va_arg(param, struct Curl_easy *); - if(!dep || GOOD_EASY_HANDLE(dep)) { - if(data->set.stream_depends_on) { - Curl_http2_remove_child(data->set.stream_depends_on, data); - } - Curl_http2_add_child(dep, data, (option == CURLOPT_STREAM_DEPENDS_E)); - } - break; -#endif - } - case CURLOPT_CONNECT_TO: - data->set.connect_to = va_arg(param, struct curl_slist *); - break; - case CURLOPT_SUPPRESS_CONNECT_HEADERS: - data->set.suppress_connect_headers = (0 != va_arg(param, long))?TRUE:FALSE; - break; - default: - /* unknown tag and its companion, just ignore: */ - result = CURLE_UNKNOWN_OPTION; - break; + if(result) { + Curl_resolver_cleanup(data->state.resolver); + free(data->state.buffer); + free(data->state.headerbuff); + Curl_freeset(data); + free(data); + data = NULL; } + else + *curl = data; return result; } @@ -3259,58 +924,6 @@ } } -/* - * This function finds the connection in the connection - * cache that has been unused for the longest time. - * - * Returns the pointer to the oldest idle connection, or NULL if none was - * found. - */ -struct connectdata * -Curl_oldest_idle_connection(struct Curl_easy *data) -{ - struct conncache *bc = data->state.conn_cache; - struct curl_hash_iterator iter; - struct curl_llist_element *curr; - struct curl_hash_element *he; - time_t highscore=-1; - time_t score; - struct curltime now; - struct connectdata *conn_candidate = NULL; - struct connectbundle *bundle; - - now = Curl_tvnow(); - - Curl_hash_start_iterate(&bc->hash, &iter); - - he = Curl_hash_next_element(&iter); - while(he) { - struct connectdata *conn; - - bundle = he->ptr; - - curr = bundle->conn_list.head; - while(curr) { - conn = curr->ptr; - - if(!conn->inuse) { - /* Set higher score for the age passed since the connection was used */ - score = Curl_tvdiff(now, conn->now); - - if(score > highscore) { - highscore = score; - conn_candidate = conn; - } - } - curr = curr->next; - } - - he = Curl_hash_next_element(&iter); - } - - return conn_candidate; -} - static bool proxy_info_matches(const struct proxy_info* data, const struct proxy_info* needle) @@ -3336,15 +949,15 @@ struct connectbundle *bundle) { struct curl_llist_element *curr; - time_t highscore=-1; - time_t score; + timediff_t highscore = -1; + timediff_t score; struct curltime now; struct connectdata *conn_candidate = NULL; struct connectdata *conn; (void)data; - now = Curl_tvnow(); + now = Curl_now(); curr = bundle->conn_list.head; while(curr) { @@ -3352,7 +965,7 @@ if(!conn->inuse) { /* Set higher score for the age passed since the connection was used */ - score = Curl_tvdiff(now, conn->now); + score = Curl_timediff(now, conn->now); if(score > highscore) { highscore = score; @@ -3426,11 +1039,11 @@ */ static void prune_dead_connections(struct Curl_easy *data) { - struct curltime now = Curl_tvnow(); - time_t elapsed = Curl_tvdiff(now, data->state.conn_cache->last_cleanup); + struct curltime now = Curl_now(); + time_t elapsed = Curl_timediff(now, data->state.conn_cache->last_cleanup); if(elapsed >= 1000L) { - Curl_conncache_foreach(data->state.conn_cache, data, + Curl_conncache_foreach(data, data->state.conn_cache, data, call_disconnect_if_dead); data->state.conn_cache->last_cleanup = now; } @@ -3967,7 +1580,7 @@ CURLcode Curl_protocol_connecting(struct connectdata *conn, bool *done) { - CURLcode result=CURLE_OK; + CURLcode result = CURLE_OK; if(conn && conn->handler->connecting) { *done = FALSE; @@ -3986,7 +1599,7 @@ CURLcode Curl_protocol_doing(struct connectdata *conn, bool *done) { - CURLcode result=CURLE_OK; + CURLcode result = CURLE_OK; if(conn && conn->handler->doing) { *done = FALSE; @@ -4006,7 +1619,7 @@ CURLcode Curl_protocol_connect(struct connectdata *conn, bool *protocol_done) { - CURLcode result=CURLE_OK; + CURLcode result = CURLE_OK; *protocol_done = FALSE; @@ -4074,7 +1687,7 @@ /* * Perform any necessary IDN conversion of hostname */ -static void fix_hostname(struct connectdata *conn, struct hostname *host) +static CURLcode fix_hostname(struct connectdata *conn, struct hostname *host) { size_t len; struct Curl_easy *data = conn->data; @@ -4093,7 +1706,7 @@ if(len && (host->name[len-1] == '.')) /* strip off a single trailing dot if present, primarily for SNI but there's no use for it */ - host->name[len-1]=0; + host->name[len-1] = 0; /* Check name for non-ASCII and convert hostname to ACE form if we can */ if(!is_ASCII_name(host->name)) { @@ -4114,9 +1727,11 @@ /* change the name pointer to point to the encoded hostname */ host->name = host->encalloc; } - else - infof(data, "Failed to convert %s to ACE; %s\n", host->name, + else { + failf(data, "Failed to convert %s to ACE; %s\n", host->name, idn2_strerror(rc)); + return CURLE_URL_MALFORMAT; + } } #elif defined(USE_WIN32_IDN) char *ace_hostname = NULL; @@ -4126,12 +1741,24 @@ /* change the name pointer to point to the encoded hostname */ host->name = host->encalloc; } - else - infof(data, "Failed to convert %s to ACE;\n", host->name); + else { + failf(data, "Failed to convert %s to ACE;\n", host->name); + return CURLE_URL_MALFORMAT; + } #else infof(data, "IDN support not present, can't parse Unicode domains\n"); #endif } + { + char *hostp; + for(hostp = host->name; *hostp; hostp++) { + if(*hostp <= 32) { + failf(data, "Host name '%s' contains bad letter", host->name); + return CURLE_URL_MALFORMAT; + } + } + } + return CURLE_OK; } /* @@ -4146,7 +1773,7 @@ host->encalloc = NULL; } #elif defined(USE_WIN32_IDN) - free(host->encalloc); /* must be freed withidn_free() since this was + free(host->encalloc); /* must be freed with free() since this was allocated by curl_win32_idn_to_ascii */ host->encalloc = NULL; #else @@ -4166,10 +1793,41 @@ */ static struct connectdata *allocate_conn(struct Curl_easy *data) { - struct connectdata *conn = calloc(1, sizeof(struct connectdata)); + struct connectdata *conn; + size_t connsize = sizeof(struct connectdata); + +#ifdef USE_SSL +/* SSLBK_MAX_ALIGN: The max byte alignment a CPU would use */ +#define SSLBK_MAX_ALIGN 32 + /* The SSL backend-specific data (ssl_backend_data) objects are allocated as + part of connectdata at the end. To ensure suitable alignment we will + assume a maximum of SSLBK_MAX_ALIGN for alignment. Since calloc returns a + pointer suitably aligned for any variable this will ensure the + ssl_backend_data array has proper alignment, even if that alignment turns + out to be less than SSLBK_MAX_ALIGN. */ + size_t paddingsize = sizeof(struct connectdata) % SSLBK_MAX_ALIGN; + size_t alignsize = paddingsize ? (SSLBK_MAX_ALIGN - paddingsize) : 0; + size_t sslbksize = Curl_ssl->sizeof_ssl_backend_data; + connsize += alignsize + (4 * sslbksize); +#endif + + conn = calloc(1, connsize); if(!conn) return NULL; +#ifdef USE_SSL + /* Point to the ssl_backend_data objects at the end of connectdata. + Note that these backend pointers can be swapped by vtls (eg ssl backend + data becomes proxy backend data). */ + { + char *end = (char *)conn + connsize; + conn->ssl[0].backend = ((void *)(end - (4 * sslbksize))); + conn->ssl[1].backend = ((void *)(end - (3 * sslbksize))); + conn->proxy_ssl[0].backend = ((void *)(end - (2 * sslbksize))); + conn->proxy_ssl[1].backend = ((void *)(end - (1 * sslbksize))); + } +#endif + conn->handler = &Curl_handler_dummy; /* Be sure we have a handler defined already from start to avoid NULL situations and checks */ @@ -4194,7 +1852,7 @@ connclose(conn, "Default to force-close"); /* Store creation time to help future close decision making */ - conn->created = Curl_tvnow(); + conn->created = Curl_now(); conn->data = data; /* Setup the association between this connection and the Curl_easy */ @@ -4390,6 +2048,14 @@ ('A' <= str[0] && str[0] <= 'Z')) && \ (str[1] == ':')) + /* MSDOS/Windows style drive prefix, optionally with + * a '|' instead of ':', followed by a slash or NUL */ +#define STARTS_WITH_URL_DRIVE_PREFIX(str) \ + ((('a' <= (str)[0] && (str)[0] <= 'z') || \ + ('A' <= (str)[0] && (str)[0] <= 'Z')) && \ + ((str)[1] == ':' || (str)[1] == '|') && \ + ((str)[2] == '/' || (str)[2] == 0)) + /* Don't mistake a drive letter for a scheme if the default protocol is file. curld --proto-default file c:/foo/bar.txt */ if(STARTS_WITH_DRIVE_PREFIX(data->change.url) && @@ -4422,63 +2088,90 @@ return CURLE_URL_MALFORMAT; } - if(url_has_scheme && path[0] == '/' && path[1] == '/') { - /* Allow omitted hostname (e.g. file:/). This is not strictly - * speaking a valid file: URL by RFC 1738, but treating file:/ as - * file://localhost/ is similar to how other schemes treat missing - * hostnames. See RFC 1808. */ - - /* This cannot be done with strcpy() in a portable manner, since the - memory areas overlap! */ - memmove(path, path + 2, strlen(path + 2)+1); + if(url_has_scheme && path[0] == '/' && path[1] == '/' && + path[2] == '/' && path[3] == '/') { + /* This appears to be a UNC string (usually indicating a SMB share). + * We don't do SMB in file: URLs. (TODO?) + */ + failf(data, "SMB shares are not supported in file: URLs."); + return CURLE_URL_MALFORMAT; } - /* - * we deal with file:/// differently since it supports no - * hostname other than "localhost" and "127.0.0.1", which is unique among - * the URL protocols specified in RFC 1738 + /* Extra handling URLs with an authority component (i.e. that start with + * "file://") + * + * We allow omitted hostname (e.g. file:/) -- valid according to + * RFC 8089, but not the (current) WHAT-WG URL spec. */ - if(path[0] != '/' && !STARTS_WITH_DRIVE_PREFIX(path)) { - /* the URL includes a host name, it must match "localhost" or - "127.0.0.1" to be valid */ - char *ptr; - if(!checkprefix("localhost/", path) && - !checkprefix("127.0.0.1/", path)) { - failf(data, "Invalid file://hostname/, " - "expected localhost or 127.0.0.1 or none"); - return CURLE_URL_MALFORMAT; - } - ptr = &path[9]; /* now points to the slash after the host */ - - /* there was a host name and slash present - - RFC1738 (section 3.1, page 5) says: - - The rest of the locator consists of data specific to the scheme, - and is known as the "url-path". It supplies the details of how the - specified resource can be accessed. Note that the "/" between the - host (or port) and the url-path is NOT part of the url-path. + if(url_has_scheme && path[0] == '/' && path[1] == '/') { + /* swallow the two slashes */ + char *ptr = &path[2]; - As most agents use file://localhost/foo to get '/foo' although the - slash preceding foo is a separator and not a slash for the path, - a URL as file://localhost//foo must be valid as well, to refer to - the same file with an absolute path. - */ + /* + * According to RFC 8089, a file: URL can be reliably dereferenced if: + * + * o it has no/blank hostname, or + * + * o the hostname matches "localhost" (case-insensitively), or + * + * o the hostname is a FQDN that resolves to this machine. + * + * For brevity, we only consider URLs with empty, "localhost", or + * "127.0.0.1" hostnames as local. + * + * Additionally, there is an exception for URLs with a Windows drive + * letter in the authority (which was accidentally omitted from RFC 8089 + * Appendix E, but believe me, it was meant to be there. --MK) + */ + if(ptr[0] != '/' && !STARTS_WITH_URL_DRIVE_PREFIX(ptr)) { + /* the URL includes a host name, it must match "localhost" or + "127.0.0.1" to be valid */ + if(!checkprefix("localhost/", ptr) && + !checkprefix("127.0.0.1/", ptr)) { + failf(data, "Invalid file://hostname/, " + "expected localhost or 127.0.0.1 or none"); + return CURLE_URL_MALFORMAT; + } + ptr += 9; /* now points to the slash after the host */ + } - if('/' == ptr[1]) - /* if there was two slashes, we skip the first one as that is then - used truly as a separator */ + /* + * RFC 8089, Appendix D, Section D.1, says: + * + * > In a POSIX file system, the root of the file system is represented + * > as a directory with a zero-length name, usually written as "/"; the + * > presence of this root in a file URI can be taken as given by the + * > initial slash in the "path-absolute" rule. + * + * i.e. the first slash is part of the path. + * + * However in RFC 1738 the "/" between the host (or port) and the + * URL-path was NOT part of the URL-path. Any agent that followed the + * older spec strictly, and wanted to refer to a file with an absolute + * path, would have included a second slash. So if there are two + * slashes, swallow one. + */ + if('/' == ptr[1]) /* note: the only way ptr[0]!='/' is if ptr[1]==':' */ ptr++; - /* This cannot be made with strcpy, as the memory chunks overlap! */ - memmove(path, ptr, strlen(ptr)+1); + /* This cannot be done with strcpy, as the memory chunks overlap! */ + memmove(path, ptr, strlen(ptr) + 1); } #if !defined(MSDOS) && !defined(WIN32) && !defined(__CYGWIN__) - if(STARTS_WITH_DRIVE_PREFIX(path)) { + /* Don't allow Windows drive letters when not in Windows. + * This catches both "file:/c:" and "file:c:" */ + if(('/' == path[0] && STARTS_WITH_URL_DRIVE_PREFIX(&path[1])) || + STARTS_WITH_URL_DRIVE_PREFIX(path)) { failf(data, "File drive letters are only accepted in MSDOS/Windows."); return CURLE_URL_MALFORMAT; } +#else + /* If the path starts with a slash and a drive letter, ditch the slash */ + if('/' == path[0] && STARTS_WITH_URL_DRIVE_PREFIX(&path[1])) { + /* This cannot be done with strcpy, as the memory chunks overlap! */ + memmove(path, &path[1], strlen(&path[1]) + 1); + } #endif protop = "file"; /* protocol string */ @@ -4487,7 +2180,7 @@ else { /* clear path */ char slashbuf[4]; - path[0]=0; + path[0] = 0; rc = sscanf(data->change.url, "%15[^\n/:]:%3[/]%[^\n/?#]%[^\n]", @@ -4572,7 +2265,7 @@ */ at = strchr(conn->host.name, '@'); if(at) - query = strchr(at+1, '?'); + query = strchr(at + 1, '?'); else query = strchr(conn->host.name, '?'); @@ -4590,15 +2283,15 @@ /* move the existing path plus the zero byte forward, to make room for the host-name part */ - memmove(path+hostlen+1, path, pathlen+1); + memmove(path + hostlen + 1, path, pathlen + 1); /* now copy the trailing host part in front of the existing path */ - memcpy(path+1, query, hostlen); + memcpy(path + 1, query, hostlen); path[0]='/'; /* prepend the missing slash */ rebuild_url = TRUE; - *query=0; /* now cut off the hostname at the ? */ + *query = 0; /* now cut off the hostname at the ? */ } else if(!path[0]) { /* if there's no path set, use a single slash */ @@ -4614,7 +2307,7 @@ /* We need this function to deal with overlapping memory areas. We know that the memory area 'path' points to is 'urllen' bytes big and that is bigger than the path. Use +1 to move the zero byte too. */ - memmove(&path[1], path, strlen(path)+1); + memmove(&path[1], path, strlen(path) + 1); path[0] = '/'; rebuild_url = TRUE; } @@ -4720,7 +2413,7 @@ if(*endp == ']') { /* The address scope was well formed. Knock it out of the hostname. */ - memmove(percent, endp, strlen(endp)+1); + memmove(percent, endp, strlen(endp) + 1); conn->scope_id = (unsigned int)scope; } else { @@ -4990,7 +2683,7 @@ strcpy(envp, "_proxy"); /* read the protocol proxy: */ - prox=curl_getenv(proxy_env); + prox = curl_getenv(proxy_env); /* * We don't try the uppercase version of HTTP_PROXY because of @@ -5007,7 +2700,7 @@ if(!prox && !strcasecompare("http_proxy", proxy_env)) { /* There was no lowercase variable, try the uppercase version: */ Curl_strntoupper(proxy_env, proxy_env, sizeof(proxy_env)); - prox=curl_getenv(proxy_env); + prox = curl_getenv(proxy_env); } if(prox) @@ -5015,7 +2708,7 @@ else { proxy = curl_getenv("all_proxy"); /* default proxy to use */ if(!proxy) - proxy=curl_getenv("ALL_PROXY"); + proxy = curl_getenv("ALL_PROXY"); } return proxy; @@ -5050,7 +2743,7 @@ /* Parse the protocol part if present */ endofprot = strstr(proxy, "://"); if(endofprot) { - proxyptr = endofprot+3; + proxyptr = endofprot + 3; if(checkprefix("https", proxy)) proxytype = CURLPROXY_HTTPS; else if(checkprefix("socks5h", proxy)) @@ -5072,13 +2765,14 @@ else proxyptr = proxy; /* No xxx:// head: It's a HTTP proxy */ -#ifndef HTTPS_PROXY_SUPPORT - if(proxytype == CURLPROXY_HTTPS) { - failf(data, "Unsupported proxy \'%s\'" - ", libcurl is built without the HTTPS-proxy support.", proxy); - return CURLE_NOT_BUILT_IN; - } +#ifdef USE_SSL + if(!Curl_ssl->support_https_proxy) #endif + if(proxytype == CURLPROXY_HTTPS) { + failf(data, "Unsupported proxy \'%s\', libcurl is built without the " + "HTTPS-proxy support.", proxy); + return CURLE_NOT_BUILT_IN; + } sockstype = proxytype == CURLPROXY_SOCKS5_HOSTNAME || proxytype == CURLPROXY_SOCKS5 || @@ -5089,8 +2783,8 @@ atsign = strchr(proxyptr, '@'); if(atsign) { CURLcode result = - parse_login_details(proxyptr, atsign - proxyptr, - &proxyuser, &proxypasswd, NULL); + Curl_parse_login_details(proxyptr, atsign - proxyptr, + &proxyuser, &proxypasswd, NULL); if(result) return result; proxyptr = atsign + 1; @@ -5299,22 +2993,21 @@ } } - no_proxy = curl_getenv("no_proxy"); - if(!no_proxy) - no_proxy = curl_getenv("NO_PROXY"); - - if(check_noproxy(conn->host.name, data->set.str[STRING_NOPROXY]) || - (!data->set.str[STRING_NOPROXY] && - check_noproxy(conn->host.name, no_proxy))) { + if(!data->set.str[STRING_NOPROXY]) { + no_proxy = curl_getenv("no_proxy"); + if(!no_proxy) + no_proxy = curl_getenv("NO_PROXY"); + } + + if(check_noproxy(conn->host.name, data->set.str[STRING_NOPROXY] ? + data->set.str[STRING_NOPROXY] : no_proxy)) { Curl_safefree(proxy); Curl_safefree(socksproxy); } - else if(!proxy && !socksproxy) #ifndef CURL_DISABLE_HTTP + else if(!proxy && !socksproxy) /* if the host is not in the noproxy list, detect proxy. */ proxy = detect_proxy(conn); -#else /* !CURL_DISABLE_HTTP */ - proxy = NULL; #endif /* CURL_DISABLE_HTTP */ Curl_safefree(no_proxy); @@ -5482,10 +3175,11 @@ /* We could use the login information in the URL so extract it. Only parse options if the handler says we should. */ - result = parse_login_details(login, ptr - login - 1, - &userp, &passwdp, - (conn->handler->flags & PROTOPT_URLOPTIONS)? - &optionsp:NULL); + result = + Curl_parse_login_details(login, ptr - login - 1, + &userp, &passwdp, + (conn->handler->flags & PROTOPT_URLOPTIONS)? + &optionsp:NULL); if(result) goto out; @@ -5541,7 +3235,7 @@ } /* - * parse_login_details() + * Curl_parse_login_details() * * This is used to parse a login string for user name, password and options in * the following formats: @@ -5569,9 +3263,9 @@ * * Returns CURLE_OK on success. */ -static CURLcode parse_login_details(const char *login, const size_t len, - char **userp, char **passwdp, - char **optionsp) +CURLcode Curl_parse_login_details(const char *login, const size_t len, + char **userp, char **passwdp, + char **optionsp) { CURLcode result = CURLE_OK; char *ubuf = NULL; @@ -5700,7 +3394,13 @@ portptr = strchr(conn->host.name, ']'); if(portptr) { *portptr++ = '\0'; /* zero terminate, killing the bracket */ - if(':' != *portptr) + if(*portptr) { + if (*portptr != ':') { + failf(data, "IPv6 closing bracket followed by '%c'", *portptr); + return CURLE_URL_MALFORMAT; + } + } + else portptr = NULL; /* no port number available */ } } @@ -5762,7 +3462,7 @@ char *rest; long port; - port=strtol(portptr+1, &rest, 10); /* Port number must be decimal */ + port = strtol(portptr + 1, &rest, 10); /* Port number must be decimal */ if((port < 0) || (port > 0xffff)) { /* Single unix standard says port numbers are 16 bits long */ @@ -6118,8 +3818,8 @@ struct connectdata *conn, bool *async) { - CURLcode result=CURLE_OK; - time_t timeout_ms = Curl_timeleft(data, NULL, TRUE); + CURLcode result = CURLE_OK; + timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); /************************************************************* * Resolve the name of the server or proxy @@ -6281,11 +3981,10 @@ free_fixed_hostname(&conn->conn_to_host); Curl_safefree(conn->host.rawalloc); Curl_safefree(conn->conn_to_host.rawalloc); - conn->host=old_conn->host; - conn->bits.conn_to_host = old_conn->bits.conn_to_host; + conn->host = old_conn->host; conn->conn_to_host = old_conn->conn_to_host; - conn->bits.conn_to_port = old_conn->bits.conn_to_port; conn->conn_to_port = old_conn->conn_to_port; + conn->remote_port = old_conn->remote_port; /* persist connection info in session handle */ Curl_persistconninfo(conn); @@ -6384,9 +4083,9 @@ * other parts of the code will rely on this fact ***********************************************************/ #define LEAST_PATH_ALLOC 256 - urllen=strlen(data->change.url); + urllen = strlen(data->change.url); if(urllen < LEAST_PATH_ALLOC) - urllen=LEAST_PATH_ALLOC; + urllen = LEAST_PATH_ALLOC; /* * We malloc() the buffers below urllen+2 to make room for 2 possibilities: @@ -6397,14 +4096,14 @@ Curl_safefree(data->state.pathbuffer); data->state.path = NULL; - data->state.pathbuffer = malloc(urllen+2); + data->state.pathbuffer = malloc(urllen + 2); if(NULL == data->state.pathbuffer) { result = CURLE_OUT_OF_MEMORY; /* really bad error */ goto out; } data->state.path = data->state.pathbuffer; - conn->host.rawalloc = malloc(urllen+2); + conn->host.rawalloc = malloc(urllen + 2); if(NULL == conn->host.rawalloc) { Curl_safefree(data->state.pathbuffer); data->state.path = NULL; @@ -6537,13 +4236,24 @@ /************************************************************* * IDN-fix the hostnames *************************************************************/ - fix_hostname(conn, &conn->host); - if(conn->bits.conn_to_host) - fix_hostname(conn, &conn->conn_to_host); - if(conn->bits.httpproxy) - fix_hostname(conn, &conn->http_proxy.host); - if(conn->bits.socksproxy) - fix_hostname(conn, &conn->socks_proxy.host); + result = fix_hostname(conn, &conn->host); + if(result) + goto out; + if(conn->bits.conn_to_host) { + result = fix_hostname(conn, &conn->conn_to_host); + if(result) + goto out; + } + if(conn->bits.httpproxy) { + result = fix_hostname(conn, &conn->http_proxy.host); + if(result) + goto out; + } + if(conn->bits.socksproxy) { + result = fix_hostname(conn, &conn->socks_proxy.host); + if(result) + goto out; + } /************************************************************* * Check whether the host and the "connect to host" are equal. @@ -6786,7 +4496,7 @@ struct connectdata *conn_candidate; /* The cache is full. Let's see if we can kill a connection. */ - conn_candidate = Curl_oldest_idle_connection(data); + conn_candidate = Curl_conncache_oldest_idle(data); if(conn_candidate) { /* Set the connection's owner correctly, then kill it */ @@ -6921,7 +4631,7 @@ /* set start time here for timeout purposes in the connect procedure, it is later set again for the progress meter purpose */ - conn->now = Curl_tvnow(); + conn->now = Curl_now(); if(CURL_SOCKET_BAD == conn->sock[FIRSTSOCKET]) { conn->bits.tcpconnect[FIRSTSOCKET] = FALSE; @@ -6938,7 +4648,7 @@ Curl_verboseconnect(conn); } - conn->now = Curl_tvnow(); /* time this *after* the connect is done, we + conn->now = Curl_now(); /* time this *after* the connect is done, we set this here perhaps a second time */ #ifdef __EMX__ @@ -7011,13 +4721,17 @@ { struct SingleRequest *k = &data->req; - if(conn) - conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to - * use */ + conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to + use */ data->state.done = FALSE; /* *_done() is not called yet */ data->state.expect100header = FALSE; + /* if the protocol used doesn't support wildcards, switch it off */ + if(data->state.wildcardmatch && + !(conn->handler->flags & PROTOPT_WILDCARD)) + data->state.wildcardmatch = FALSE; + if(data->set.opt_no_body) /* in HTTP lingo, no body means using the HEAD request... */ data->set.httpreq = HTTPREQ_HEAD; @@ -7029,7 +4743,7 @@ HTTP. */ data->set.httpreq = HTTPREQ_GET; - k->start = Curl_tvnow(); /* start time */ + k->start = Curl_now(); /* start time */ k->now = k->start; /* current time is now */ k->header = TRUE; /* assume header */ @@ -7037,7 +4751,7 @@ k->buf = data->state.buffer; k->hbufp = data->state.headerbuff; - k->ignorebody=FALSE; + k->ignorebody = FALSE; Curl_speedinit(data); diff -Nru curl-7.55.1/lib/urldata.h curl-7.57.0/lib/urldata.h --- curl-7.55.1/lib/urldata.h 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/lib/urldata.h 2017-11-27 12:50:52.000000000 +0000 @@ -82,89 +82,12 @@ #include "cookie.h" #include "formdata.h" -#ifdef USE_OPENSSL -#include -#ifdef HAVE_OPENSSL_ENGINE_H -#include -#endif -#endif /* USE_OPENSSL */ - -#ifdef USE_GNUTLS -#include -#endif - -#ifdef USE_MBEDTLS - -#include -#include -#include -#include - -#elif defined USE_POLARSSL - -#include -#include -#if POLARSSL_VERSION_NUMBER<0x01010000 -#include -#else -#include -#include -#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */ - -#endif /* USE_POLARSSL */ - -#ifdef USE_CYASSL -#undef OCSP_REQUEST /* avoid cyassl/openssl/ssl.h clash with wincrypt.h */ -#undef OCSP_RESPONSE /* avoid cyassl/openssl/ssl.h clash with wincrypt.h */ -#include -#endif - -#ifdef USE_NSS -#include -#include -#endif - -#ifdef USE_GSKIT -#include -#endif - -#ifdef USE_AXTLS -#include -#include -#undef malloc -#undef calloc -#undef realloc -#endif /* USE_AXTLS */ - -#if defined(USE_SCHANNEL) || defined(USE_WINDOWS_SSPI) -#include "curl_sspi.h" -#endif -#ifdef USE_SCHANNEL -#include -#include -#endif - -#ifdef USE_DARWINSSL -#include -/* For some reason, when building for iOS, the omnibus header above does - * not include SecureTransport.h as of iOS SDK 5.1. */ -#include -#endif - #ifdef HAVE_NETINET_IN_H #include #endif #include "timeval.h" -#ifdef HAVE_ZLIB_H -#include /* for content-encoding */ -#ifdef __SYMBIAN32__ -/* zlib pollutes the namespace with this definition */ -#undef WIN32 -#endif -#endif - #include #include "http_chunks.h" /* for the structs and enum stuff */ @@ -172,6 +95,7 @@ #include "hash.h" #include "splay.h" +#include "mime.h" #include "imap.h" #include "pop3.h" #include "smtp.h" @@ -240,20 +164,6 @@ }; #endif -#ifdef USE_SCHANNEL -/* Structs to store Schannel handles */ -struct curl_schannel_cred { - CredHandle cred_handle; - TimeStamp time_stamp; - int refcount; -}; - -struct curl_schannel_ctxt { - CtxtHandle ctxt_handle; - TimeStamp time_stamp; -}; -#endif - /* enum for the nonblocking SSL connection state machine */ typedef enum { ssl_connect_1, @@ -270,6 +180,9 @@ ssl_connection_complete } ssl_connection_state; +/* SSL backend-specific data; declared differently by each SSL backend */ +struct ssl_backend_data; + /* struct for data related to each SSL connection */ struct ssl_connect_data { /* Use ssl encrypted communications TRUE/FALSE, not necessarily using it atm @@ -278,78 +191,8 @@ bool use; ssl_connection_state state; ssl_connect_state connecting_state; -#if defined(USE_OPENSSL) - /* these ones requires specific SSL-types */ - SSL_CTX* ctx; - SSL* handle; - X509* server_cert; -#elif defined(USE_GNUTLS) - gnutls_session_t session; - gnutls_certificate_credentials_t cred; -#ifdef USE_TLS_SRP - gnutls_srp_client_credentials_t srp_client_cred; -#endif -#elif defined(USE_MBEDTLS) - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - mbedtls_ssl_context ssl; - int server_fd; - mbedtls_x509_crt cacert; - mbedtls_x509_crt clicert; - mbedtls_x509_crl crl; - mbedtls_pk_context pk; - mbedtls_ssl_config config; - const char *protocols[3]; -#elif defined(USE_POLARSSL) - ctr_drbg_context ctr_drbg; - entropy_context entropy; - ssl_context ssl; - int server_fd; - x509_crt cacert; - x509_crt clicert; - x509_crl crl; - rsa_context rsa; -#elif defined(USE_CYASSL) - SSL_CTX* ctx; - SSL* handle; -#elif defined(USE_NSS) - PRFileDesc *handle; - char *client_nickname; - struct Curl_easy *data; - struct curl_llist obj_list; - PK11GenericObject *obj_clicert; -#elif defined(USE_GSKIT) - gsk_handle handle; - int iocport; - int localfd; - int remotefd; -#elif defined(USE_AXTLS) - SSL_CTX* ssl_ctx; - SSL* ssl; -#elif defined(USE_SCHANNEL) - struct curl_schannel_cred *cred; - struct curl_schannel_ctxt *ctxt; - SecPkgContext_StreamSizes stream_sizes; - size_t encdata_length, decdata_length; - size_t encdata_offset, decdata_offset; - unsigned char *encdata_buffer, *decdata_buffer; - /* encdata_is_incomplete: if encdata contains only a partial record that - can't be decrypted without another Curl_read_plain (that is, status is - SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes - more bytes into encdata then set this back to false. */ - bool encdata_is_incomplete; - unsigned long req_flags, ret_flags; - CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */ - bool recv_sspi_close_notify; /* true if connection closed by close_notify */ - bool recv_connection_closed; /* true if connection closed, regardless how */ - bool use_alpn; /* true if ALPN is used for this connection */ -#elif defined(USE_DARWINSSL) - SSLContextRef ssl_ctx; - curl_socket_t ssl_sockfd; - bool ssl_direction; /* true if writing, false if reading */ - size_t ssl_write_buffered_length; -#elif defined(USE_SSL) -#error "SSL backend specific information missing from ssl_connect_data" +#if defined(USE_SSL) + struct ssl_backend_data *backend; #endif }; @@ -359,13 +202,13 @@ bool verifypeer; /* set TRUE if this is desired */ bool verifyhost; /* set TRUE if CN/SAN must match hostname */ bool verifystatus; /* set TRUE if certificate status must be checked */ + bool sessionid; /* cache session IDs or not */ char *CApath; /* certificate dir (doesn't work on windows) */ char *CAfile; /* certificate to verify peer against */ char *clientcert; char *random_file; /* path to file containing "random" data */ char *egdsocket; /* path to file containing the EGD daemon socket */ char *cipher_list; /* list of ciphers to use */ - bool sessionid; /* cache session IDs or not */ }; struct ssl_config_data { @@ -411,6 +254,10 @@ struct ssl_primary_config ssl_config; /* setup for this session */ }; +#ifdef USE_WINDOWS_SSPI +#include "curl_sspi.h" +#endif + /* Struct used for Digest challenge-response authentication */ struct digestdata { #if defined(USE_WINDOWS_SSPI) @@ -431,6 +278,7 @@ char *qop; char *algorithm; int nc; /* nounce count */ + bool userhash; #endif }; @@ -442,10 +290,6 @@ NTLMSTATE_LAST } curlntlm; -#ifdef USE_WINDOWS_SSPI -#include "curl_sspi.h" -#endif - #if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV) #include #endif @@ -612,16 +456,6 @@ #define KEEP_SENDBITS (KEEP_SEND | KEEP_SEND_HOLD | KEEP_SEND_PAUSE) -#ifdef HAVE_LIBZ -typedef enum { - ZLIB_UNINIT, /* uninitialized */ - ZLIB_INIT, /* initialized */ - ZLIB_GZIP_HEADER, /* reading gzip header */ - ZLIB_GZIP_INFLATING, /* inflating gzip stream */ - ZLIB_INIT_GZIP /* initialized in transparent gzip mode */ -} zlibInitState; -#endif - #ifdef CURLRES_ASYNCH struct Curl_async { char *hostname; @@ -709,18 +543,8 @@ enum expect100 exp100; /* expect 100 continue state */ enum upgrade101 upgr101; /* 101 upgrade state */ - int auto_decoding; /* What content encoding. sec 3.5, RFC2616. */ - -#define IDENTITY 0 /* No encoding */ -#define DEFLATE 1 /* zlib deflate [RFC 1950 & 1951] */ -#define GZIP 2 /* gzip algorithm [RFC 1952] */ - -#ifdef HAVE_LIBZ - zlibInitState zlib_init; /* possible zlib init state; - undefined if Content-Encoding header. */ - z_stream z; /* State structure for zlib. */ -#endif - + struct contenc_writer_s *writer_stack; /* Content unencoding stack. */ + /* See sec 3.5, RFC2616. */ time_t timeofdoc; long bodywrites; @@ -868,6 +692,7 @@ #define PROTOPT_PROXY_AS_HTTP (1<<11) /* allow this non-HTTP scheme over a HTTP proxy as HTTP proxies may know this protocol and act as a gateway */ +#define PROTOPT_WILDCARD (1<<12) /* protocol supports wildcard matching */ #define CONNCHECK_NONE 0 /* No checks */ #define CONNCHECK_ISDEAD (1<<0) /* Check if the connection is dead. */ @@ -1259,6 +1084,8 @@ struct curltime t_startop; struct curltime t_acceptdata; + bool is_t_startransfer_set; + /* upload speed limit */ struct curltime ul_limit_start; curl_off_t ul_limit_size; @@ -1266,7 +1093,7 @@ struct curltime dl_limit_start; curl_off_t dl_limit_size; -#define CURR_TIME (5+1) /* 6 entries for 5 seconds */ +#define CURR_TIME (5 + 1) /* 6 entries for 5 seconds */ curl_off_t speeder[ CURR_TIME ]; struct curltime speeder_time[ CURR_TIME ]; @@ -1278,6 +1105,7 @@ HTTPREQ_GET, HTTPREQ_POST, HTTPREQ_POST_FORM, /* we make a difference internally */ + HTTPREQ_POST_MIME, /* we make a difference internally */ HTTPREQ_PUT, HTTPREQ_HEAD, HTTPREQ_OPTIONS, @@ -1387,7 +1215,7 @@ size_t headersize; /* size of the allocation */ char *buffer; /* download buffer */ - char uploadbuffer[UPLOAD_BUFSIZE+1]; /* upload buffer */ + char uploadbuffer[UPLOAD_BUFSIZE + 1]; /* upload buffer */ curl_off_t current_speed; /* the ProgressShow() function sets this, bytes / second */ bool this_is_a_follow; /* this is a followed Location: request */ @@ -1431,7 +1259,8 @@ ares_channel f.e. */ #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) - ENGINE *engine; + /* void instead of ENGINE to avoid bleeding OpenSSL into this header */ + void *engine; #endif /* USE_OPENSSL */ struct curltime expiretime; /* set this with Curl_expire() only */ struct Curl_tree timenode; /* for the splay stuff */ @@ -1443,7 +1272,7 @@ /* set after initial USER failure, to prevent an authentication loop */ bool ftp_trying_alternative; - + bool wildcardmatch; /* enable wildcard matching */ int httpversion; /* the lowest HTTP version*10 reported by any server involved in this request */ bool expect100header; /* TRUE if we added Expect: 100-continue */ @@ -1588,7 +1417,7 @@ STRING_PROXY_SERVICE_NAME, /* Proxy service name */ #endif #if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \ - defined(USE_SPNEGO) + defined(USE_SPNEGO) || defined(HAVE_GSSAPI) STRING_SERVICE_NAME, /* Service name */ #endif STRING_MAIL_FROM, @@ -1694,7 +1523,8 @@ curl_off_t set_resume_from; /* continue [ftp] transfer from here */ struct curl_slist *headers; /* linked list of extra headers */ struct curl_slist *proxyheaders; /* linked list of extra CONNECT headers */ - struct curl_httppost *httppost; /* linked list of POST data */ + struct curl_httppost *httppost; /* linked list of old POST data */ + curl_mimepart mimepost; /* MIME/POST data. */ bool sep_headers; /* handle host and proxy headers separately */ bool cookiesession; /* new cookie session? */ bool crlf; /* convert crlf on ftp upload(?) */ @@ -1740,6 +1570,7 @@ curl_sshkeycallback ssh_keyfunc; /* key matching callback */ void *ssh_keyfunc_userp; /* custom pointer to callback */ + bool ssh_compression; /* enable SSH compression */ /* Here follows boolean settings that define how to behave during this session. They are STATIC, set by libcurl users or at least initially @@ -1805,7 +1636,7 @@ /* Common RTSP header options */ Curl_RtspReq rtspreq; /* RTSP request type */ long rtspversion; /* like httpversion, for RTSP */ - bool wildcardmatch; /* enable wildcard matching */ + bool wildcard_enabled; /* enable wildcard matching */ curl_chunk_bgn_callback chunk_bgn; /* called before part of transfer starts */ curl_chunk_end_callback chunk_end; /* called after part transferring diff -Nru curl-7.55.1/lib/url.h curl-7.57.0/lib/url.h --- curl-7.55.1/lib/url.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/url.h 2017-11-26 13:19:01.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -23,6 +23,10 @@ ***************************************************************************/ #include "curl_setup.h" +#define READBUFFER_SIZE CURL_MAX_WRITE_SIZE +#define READBUFFER_MAX CURL_MAX_READ_SIZE +#define READBUFFER_MIN 1024 + /* * Prototypes for library-wide functions provided by url.c */ @@ -51,14 +55,14 @@ int Curl_doing_getsock(struct connectdata *conn, curl_socket_t *socks, int numsocks); - +CURLcode Curl_parse_login_details(const char *login, const size_t len, + char **userptr, char **passwdptr, + char **optionsptr); bool Curl_isPipeliningEnabled(const struct Curl_easy *handle); CURLcode Curl_addHandleToPipeline(struct Curl_easy *handle, struct curl_llist *pipeline); int Curl_removeHandleFromPipeline(struct Curl_easy *handle, struct curl_llist *pipeline); -struct connectdata * -Curl_oldest_idle_connection(struct Curl_easy *data); /* remove the specified connection from all (possible) pipelines and related queues */ void Curl_getoff_all_pipelines(struct Curl_easy *data, diff -Nru curl-7.55.1/lib/vauth/digest.c curl-7.57.0/lib/vauth/digest.c --- curl-7.55.1/lib/vauth/digest.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vauth/digest.c 2017-11-26 13:19:01.000000000 +0000 @@ -19,6 +19,7 @@ * KIND, either express or implied. * * RFC2831 DIGEST-MD5 authentication + * RFC7616 DIGEST-SHA256, DIGEST-SHA512-256 authentication * ***************************************************************************/ @@ -34,6 +35,7 @@ #include "curl_base64.h" #include "curl_hmac.h" #include "curl_md5.h" +#include "curl_sha256.h" #include "vtls/vtls.h" #include "warnless.h" #include "strtok.h" @@ -144,6 +146,15 @@ snprintf((char *) &dest[i * 2], 3, "%02x", source[i]); } +/* Convert sha256 chunk to RFC7616 -suitable ascii string*/ +static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */ + unsigned char *dest) /* 65 bytes */ +{ + int i; + for(i = 0; i < 32; i++) + snprintf((char *) &dest[i * 2], 3, "%02x", source[i]); +} + /* Perform quoted-string escaping as described in RFC2616 and its errata */ static char *auth_digest_string_quoted(const char *source) { @@ -602,9 +613,22 @@ digest->algo = CURLDIGESTALGO_MD5SESS; else if(strcasecompare(content, "MD5")) digest->algo = CURLDIGESTALGO_MD5; + else if(strcasecompare(content, "SHA-256")) + digest->algo = CURLDIGESTALGO_SHA256; + else if(strcasecompare(content, "SHA-256-SESS")) + digest->algo = CURLDIGESTALGO_SHA256SESS; + else if(strcasecompare(content, "SHA-512-256")) + digest->algo = CURLDIGESTALGO_SHA512_256; + else if(strcasecompare(content, "SHA-512-256-SESS")) + digest->algo = CURLDIGESTALGO_SHA512_256SESS; else return CURLE_BAD_CONTENT_ENCODING; } + else if(strcasecompare(value, "userhash")) { + if(strcasecompare(content, "true")) { + digest->userhash = TRUE; + } + } else { /* Unknown specifier, ignore it! */ } @@ -635,7 +659,7 @@ } /* - * Curl_auth_create_digest_http_message() + * _Curl_auth_create_digest_http_message() * * This is used to generate a HTTP DIGEST response message ready for sending * to the recipient. @@ -654,20 +678,24 @@ * * Returns CURLE_OK on success. */ -CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, - const char *userp, - const char *passwdp, - const unsigned char *request, - const unsigned char *uripath, - struct digestdata *digest, - char **outptr, size_t *outlen) +static CURLcode _Curl_auth_create_digest_http_message( + struct Curl_easy *data, + const char *userp, + const char *passwdp, + const unsigned char *request, + const unsigned char *uripath, + struct digestdata *digest, + char **outptr, size_t *outlen, + void (*convert_to_ascii)(unsigned char *, unsigned char *), + void (*hash)(unsigned char *, const unsigned char *)) { CURLcode result; - unsigned char md5buf[16]; /* 16 bytes/128 bits */ - unsigned char request_digest[33]; - unsigned char *md5this; - unsigned char ha1[33]; /* 32 digits and 1 zero byte */ - unsigned char ha2[33]; /* 32 digits and 1 zero byte */ + unsigned char hashbuf[32]; /* 32 bytes/256 bits */ + unsigned char request_digest[65]; + unsigned char *hashthis; + unsigned char ha1[65]; /* 64 digits and 1 zero byte */ + unsigned char ha2[65]; /* 64 digits and 1 zero byte */ + char userh[65]; char cnoncebuf[33]; char *cnonce = NULL; size_t cnonce_sz = 0; @@ -692,6 +720,17 @@ digest->cnonce = cnonce; } + if(digest->userhash) { + hashthis = (unsigned char *) aprintf("%s:%s", userp, digest->realm); + if(!hashthis) + return CURLE_OUT_OF_MEMORY; + + CURL_OUTPUT_DIGEST_CONV(data, hashthis); + hash(hashbuf, hashthis); + free(hashthis); + convert_to_ascii(hashbuf, (unsigned char *)userh); + } + /* If the algorithm is "MD5" or unspecified (which then defaults to MD5): @@ -703,26 +742,29 @@ unq(nonce-value) ":" unq(cnonce-value) */ - md5this = (unsigned char *) - aprintf("%s:%s:%s", userp, digest->realm, passwdp); - if(!md5this) + hashthis = (unsigned char *) + aprintf("%s:%s:%s", digest->userhash ? userh : userp, + digest->realm, passwdp); + if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ - Curl_md5it(md5buf, md5this); - free(md5this); - auth_digest_md5_to_ascii(md5buf, ha1); - - if(digest->algo == CURLDIGESTALGO_MD5SESS) { + CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ + hash(hashbuf, hashthis); + free(hashthis); + convert_to_ascii(hashbuf, ha1); + + if(digest->algo == CURLDIGESTALGO_MD5SESS || + digest->algo == CURLDIGESTALGO_SHA256SESS || + digest->algo == CURLDIGESTALGO_SHA512_256SESS) { /* nonce and cnonce are OUTSIDE the hash */ tmp = aprintf("%s:%s:%s", ha1, digest->nonce, digest->cnonce); if(!tmp) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */ - Curl_md5it(md5buf, (unsigned char *) tmp); + hash(hashbuf, (unsigned char *) tmp); free(tmp); - auth_digest_md5_to_ascii(md5buf, ha1); + convert_to_ascii(hashbuf, ha1); } /* @@ -738,27 +780,32 @@ 5.1.1 of RFC 2616) */ - md5this = (unsigned char *) aprintf("%s:%s", request, uripath); + hashthis = (unsigned char *) aprintf("%s:%s", request, uripath); if(digest->qop && strcasecompare(digest->qop, "auth-int")) { /* We don't support auth-int for PUT or POST at the moment. - TODO: replace md5 of empty string with entity-body for PUT/POST */ - unsigned char *md5this2 = (unsigned char *) - aprintf("%s:%s", md5this, "d41d8cd98f00b204e9800998ecf8427e"); - free(md5this); - md5this = md5this2; + TODO: replace hash of empty string with entity-body for PUT/POST */ + char hashed[65]; + unsigned char *hashthis2; + + hash(hashbuf, (const unsigned char *)""); + convert_to_ascii(hashbuf, (unsigned char *)hashed); + + hashthis2 = (unsigned char *)aprintf("%s:%s", hashthis, hashed); + free(hashthis); + hashthis = hashthis2; } - if(!md5this) + if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ - Curl_md5it(md5buf, md5this); - free(md5this); - auth_digest_md5_to_ascii(md5buf, ha2); + CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ + hash(hashbuf, hashthis); + free(hashthis); + convert_to_ascii(hashbuf, ha2); if(digest->qop) { - md5this = (unsigned char *) aprintf("%s:%s:%08x:%s:%s:%s", + hashthis = (unsigned char *) aprintf("%s:%s:%08x:%s:%s:%s", ha1, digest->nonce, digest->nc, @@ -767,19 +814,19 @@ ha2); } else { - md5this = (unsigned char *) aprintf("%s:%s:%s", + hashthis = (unsigned char *) aprintf("%s:%s:%s", ha1, digest->nonce, ha2); } - if(!md5this) + if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ - Curl_md5it(md5buf, md5this); - free(md5this); - auth_digest_md5_to_ascii(md5buf, request_digest); + CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ + hash(hashbuf, hashthis); + free(hashthis); + convert_to_ascii(hashbuf, request_digest); /* For test case 64 (snooped from a Mozilla 1.3a request) @@ -794,7 +841,7 @@ characters. algorithm and qop with standard values only contain web-safe characters. */ - userp_quoted = auth_digest_string_quoted(userp); + userp_quoted = auth_digest_string_quoted(digest->userhash ? userh : userp); if(!userp_quoted) return CURLE_OUT_OF_MEMORY; @@ -858,6 +905,16 @@ response = tmp; } + if(digest->userhash) { + /* Append the userhash */ + tmp = aprintf("%s, userhash=true", response); + free(response); + if(!tmp) + return CURLE_OUT_OF_MEMORY; + + response = tmp; + } + /* Return the output */ *outptr = response; *outlen = strlen(response); @@ -866,6 +923,58 @@ } /* + * Curl_auth_create_digest_http_message() + * + * This is used to generate a HTTP DIGEST response message ready for sending + * to the recipient. + * + * Parameters: + * + * data [in] - The session handle. + * userp [in] - The user name. + * passdwp [in] - The user's password. + * request [in] - The HTTP request. + * uripath [in] - The path of the HTTP uri. + * digest [in/out] - The digest data struct being used and modified. + * outptr [in/out] - The address where a pointer to newly allocated memory + * holding the result will be stored upon completion. + * outlen [out] - The length of the output message. + * + * Returns CURLE_OK on success. + */ +CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, + const char *userp, + const char *passwdp, + const unsigned char *request, + const unsigned char *uripath, + struct digestdata *digest, + char **outptr, size_t *outlen) +{ + switch(digest->algo) { + case CURLDIGESTALGO_MD5: + case CURLDIGESTALGO_MD5SESS: + return _Curl_auth_create_digest_http_message(data, userp, passwdp, + request, uripath, digest, + outptr, outlen, + auth_digest_md5_to_ascii, + Curl_md5it); + + case CURLDIGESTALGO_SHA256: + case CURLDIGESTALGO_SHA256SESS: + case CURLDIGESTALGO_SHA512_256: + case CURLDIGESTALGO_SHA512_256SESS: + return _Curl_auth_create_digest_http_message(data, userp, passwdp, + request, uripath, digest, + outptr, outlen, + auth_digest_sha256_to_ascii, + Curl_sha256it); + + default: + return CURLE_UNSUPPORTED_PROTOCOL; + } +} + +/* * Curl_auth_digest_cleanup() * * This is used to clean up the digest specific data. @@ -887,6 +996,7 @@ digest->nc = 0; digest->algo = CURLDIGESTALGO_MD5; /* default algorithm */ digest->stale = FALSE; /* default means normal, not stale */ + digest->userhash = FALSE; } #endif /* !USE_WINDOWS_SSPI */ diff -Nru curl-7.55.1/lib/vauth/digest.h curl-7.57.0/lib/vauth/digest.h --- curl-7.55.1/lib/vauth/digest.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vauth/digest.h 2017-11-26 13:19:01.000000000 +0000 @@ -31,7 +31,11 @@ enum { CURLDIGESTALGO_MD5, - CURLDIGESTALGO_MD5SESS + CURLDIGESTALGO_MD5SESS, + CURLDIGESTALGO_SHA256, + CURLDIGESTALGO_SHA256SESS, + CURLDIGESTALGO_SHA512_256, + CURLDIGESTALGO_SHA512_256SESS }; /* This is used to extract the realm from a challenge message */ diff -Nru curl-7.55.1/lib/vauth/digest_sspi.c curl-7.57.0/lib/vauth/digest_sspi.c --- curl-7.55.1/lib/vauth/digest_sspi.c 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/lib/vauth/digest_sspi.c 2017-11-09 22:40:36.000000000 +0000 @@ -352,8 +352,8 @@ if(!Curl_auth_digest_get_pair(p, value, content, &p)) break; - if(Curl_strcasecompare(value, "stale") - && Curl_strcasecompare(content, "true")) { + if(strcasecompare(value, "stale") && + strcasecompare(content, "true")) { stale = true; break; } diff -Nru curl-7.55.1/lib/vauth/ntlm.c curl-7.57.0/lib/vauth/ntlm.c --- curl-7.55.1/lib/vauth/ntlm.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vauth/ntlm.c 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -44,7 +44,9 @@ #include "rand.h" #include "vtls/vtls.h" -#ifdef USE_NSS +/* SSL backend-specific #if branches in this file must be kept in the order + documented in curl_ntlm_core. */ +#if defined(NTLM_NEEDS_NSS_INIT) #include "vtls/nssg.h" /* for Curl_nss_force_init() */ #endif @@ -272,7 +274,7 @@ unsigned char *type2 = NULL; size_t type2_len = 0; -#if defined(USE_NSS) +#if defined(NTLM_NEEDS_NSS_INIT) /* Make sure the crypto backend is initialized */ result = Curl_nss_force_init(data); if(result) @@ -350,6 +352,7 @@ * * Parameters: * + * data [in] - The session handle. * userp [in] - The user name in the format User or Domain\User. * passdwp [in] - The user's password. * ntlm [in/out] - The NTLM data struct being used and modified. @@ -359,7 +362,8 @@ * * Returns CURLE_OK on success. */ -CURLcode Curl_auth_create_ntlm_type1_message(const char *userp, +CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, + const char *userp, const char *passwdp, struct ntlmdata *ntlm, char **outptr, size_t *outlen) @@ -458,7 +462,7 @@ }); /* Return with binary blob encoded into base64 */ - return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen); + return Curl_base64_encode(data, (char *)ntlmbuf, size, outptr, outlen); } /* @@ -539,8 +543,7 @@ else user = userp; - if(user) - userlen = strlen(user); + userlen = strlen(user); /* Get the machine's un-qualified host name as NTLM doesn't like the fully qualified domain name */ @@ -827,7 +830,7 @@ return CURLE_CONV_FAILED; /* Return with binary blob encoded into base64 */ - result = Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen); + result = Curl_base64_encode(data, (char *)ntlmbuf, size, outptr, outlen); Curl_auth_ntlm_cleanup(ntlm); diff -Nru curl-7.55.1/lib/vauth/ntlm_sspi.c curl-7.57.0/lib/vauth/ntlm_sspi.c --- curl-7.55.1/lib/vauth/ntlm_sspi.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vauth/ntlm_sspi.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -29,6 +29,7 @@ #include "vauth/vauth.h" #include "urldata.h" #include "curl_base64.h" +#include "curl_ntlm_core.h" #include "warnless.h" #include "curl_multibyte.h" #include "sendf.h" @@ -66,6 +67,7 @@ * * Parameters: * + * data [in] - The session handle. * userp [in] - The user name in the format User or Domain\User. * passdwp [in] - The user's password. * ntlm [in/out] - The NTLM data struct being used and modified. @@ -75,7 +77,8 @@ * * Returns CURLE_OK on success. */ -CURLcode Curl_auth_create_ntlm_type1_message(const char *userp, +CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, + const char *userp, const char *passwdp, struct ntlmdata *ntlm, char **outptr, size_t *outlen) @@ -166,7 +169,7 @@ return CURLE_RECV_ERROR; /* Base64 encode the response */ - return Curl_base64_encode(NULL, (char *) ntlm->output_token, + return Curl_base64_encode(data, (char *) ntlm->output_token, type_1_buf.cbBuffer, outptr, outlen); } diff -Nru curl-7.55.1/lib/vauth/vauth.h curl-7.57.0/lib/vauth/vauth.h --- curl-7.55.1/lib/vauth/vauth.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vauth/vauth.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2014 - 2016, Steve Holme, . + * Copyright (C) 2014 - 2017, Steve Holme, . * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -119,7 +119,8 @@ bool Curl_auth_is_ntlm_supported(void); /* This is used to generate a base64 encoded NTLM type-1 message */ -CURLcode Curl_auth_create_ntlm_type1_message(const char *userp, +CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, + const char *userp, const char *passwdp, struct ntlmdata *ntlm, char **outptr, diff -Nru curl-7.55.1/lib/version.c curl-7.57.0/lib/version.c --- curl-7.55.1/lib/version.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/version.c 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -64,6 +64,18 @@ #define CURL_LIBSSH2_VERSION LIBSSH2_VERSION #endif +#ifdef HAVE_ZLIB_H +#include +#ifdef __SYMBIAN32__ +/* zlib pollutes the namespace with this definition */ +#undef WIN32 +#endif +#endif + +#ifdef HAVE_BROTLI +#include +#endif + void Curl_version_init(void); /* For thread safety purposes this function is called by global_init so that @@ -74,6 +86,18 @@ curl_version_info(CURLVERSION_NOW); } +#ifdef HAVE_BROTLI +static size_t brotli_version(char *buf, size_t bufsz) +{ + uint32_t brotli_version = BrotliDecoderVersion(); + unsigned int major = brotli_version >> 24; + unsigned int minor = (brotli_version & 0x00FFFFFF) >> 12; + unsigned int patch = brotli_version & 0x00000FFF; + + return snprintf(buf, bufsz, "%u.%u.%u", major, minor, patch); +} +#endif + char *curl_version(void) { static bool initialized; @@ -105,6 +129,14 @@ left -= len; ptr += len; #endif +#ifdef HAVE_BROTLI + len = snprintf(ptr, left, "%s", " brotli/"); + left -= len; + ptr += len; + len = brotli_version(ptr, left); + left -= len; + ptr += len; +#endif #ifdef USE_ARES /* this function is only present in c-ares, not in the original ares */ len = snprintf(ptr, left, " c-ares/%s", ares_version(NULL)); @@ -324,8 +356,11 @@ #if defined(USE_LIBPSL) | CURL_VERSION_PSL #endif -#if defined(HTTPS_PROXY_SUPPORT) - | CURL_VERSION_HTTPS_PROXY +#if defined(CURL_WITH_MULTI_SSL) + | CURL_VERSION_MULTI_SSL +#endif +#if defined(HAVE_BROTLI) + | CURL_VERSION_BROTLI #endif , NULL, /* ssl_version */ @@ -337,6 +372,8 @@ NULL, /* libidn version */ 0, /* iconv version */ NULL, /* ssh lib version */ + 0, /* brotli_ver_num */ + NULL, /* brotli version */ }; curl_version_info_data *curl_version_info(CURLversion stamp) @@ -348,6 +385,9 @@ #ifdef USE_SSL static char ssl_buffer[80]; #endif +#ifdef HAVE_BROTLI + static char brotli_buffer[80]; +#endif if(initialized) return &version_info; @@ -355,6 +395,10 @@ #ifdef USE_SSL Curl_ssl_version(ssl_buffer, sizeof(ssl_buffer)); version_info.ssl_version = ssl_buffer; + if(Curl_ssl->support_https_proxy) + version_info.features |= CURL_VERSION_HTTPS_PROXY; + else + version_info.features &= ~CURL_VERSION_HTTPS_PROXY; #endif #ifdef HAVE_LIBZ @@ -392,6 +436,12 @@ version_info.libssh_version = ssh_buffer; #endif +#ifdef HAVE_BROTLI + version_info.brotli_ver_num = BrotliDecoderVersion(); + brotli_version(brotli_buffer, sizeof brotli_buffer); + version_info.brotli_version = brotli_buffer; +#endif + (void)stamp; /* avoid compiler warnings, we don't use this */ initialized = true; diff -Nru curl-7.55.1/lib/vtls/axtls.c curl-7.57.0/lib/vtls/axtls.c --- curl-7.55.1/lib/vtls/axtls.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/axtls.c 2017-11-10 16:47:30.000000000 +0000 @@ -47,21 +47,12 @@ #include "curl_memory.h" #include "memdebug.h" +struct ssl_backend_data { + SSL_CTX* ssl_ctx; + SSL* ssl; +}; -/* Global axTLS init, called from Curl_ssl_init() */ -int Curl_axtls_init(void) -{ -/* axTLS has no global init. Everything is done through SSL and SSL_CTX - * structs stored in connectdata structure. Perhaps can move to axtls.h. - */ - return 1; -} - -int Curl_axtls_cleanup(void) -{ - /* axTLS has no global cleanup. Perhaps can move this to axtls.h. */ - return 1; -} +#define BACKEND connssl->backend static CURLcode map_error_to_curl(int axtls_err) { @@ -120,13 +111,13 @@ static void free_ssl_structs(struct ssl_connect_data *connssl) { - if(connssl->ssl) { - ssl_free(connssl->ssl); - connssl->ssl = NULL; - } - if(connssl->ssl_ctx) { - ssl_ctx_free(connssl->ssl_ctx); - connssl->ssl_ctx = NULL; + if(BACKEND->ssl) { + ssl_free(BACKEND->ssl); + BACKEND->ssl = NULL; + } + if(BACKEND->ssl_ctx) { + ssl_ctx_free(BACKEND->ssl_ctx); + BACKEND->ssl_ctx = NULL; } } @@ -137,6 +128,7 @@ */ static CURLcode connect_prep(struct connectdata *conn, int sockindex) { + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct Curl_easy *data = conn->data; SSL_CTX *ssl_ctx; SSL *ssl = NULL; @@ -151,7 +143,7 @@ SSL_SERVER_VERIFY_LATER | SSL_CONNECT_IN_PARTS; - if(conn->ssl[sockindex].state == ssl_connection_complete) + if(connssl->state == ssl_connection_complete) /* to make us tolerant against being called more than once for the same connection */ return CURLE_OK; @@ -185,8 +177,8 @@ return CURLE_SSL_CONNECT_ERROR; } - conn->ssl[sockindex].ssl_ctx = ssl_ctx; - conn->ssl[sockindex].ssl = NULL; + BACKEND->ssl_ctx = ssl_ctx; + BACKEND->ssl = NULL; /* Load the trusted CA cert bundle file */ if(SSL_CONN_CONFIG(CAfile)) { @@ -212,7 +204,7 @@ /* Load client certificate */ if(SSL_SET_OPTION(cert)) { - i=0; + i = 0; /* Instead of trying to analyze cert type here, let axTLS try them all. */ while(cert_types[i] != 0) { ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i], @@ -236,7 +228,7 @@ If a pkcs12 file successfully loaded a cert, then there's nothing to do because the key has already been loaded. */ if(SSL_SET_OPTION(key) && cert_types[i] != SSL_OBJ_PKCS12) { - i=0; + i = 0; /* Instead of trying to analyze key type here, let axTLS try them all. */ while(key_types[i] != 0) { ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i], @@ -281,10 +273,26 @@ if(!ssl) ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], NULL, 0, NULL); - conn->ssl[sockindex].ssl = ssl; + BACKEND->ssl = ssl; return CURLE_OK; } +static void Curl_axtls_close(struct connectdata *conn, int sockindex) +{ + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + + infof(conn->data, " Curl_axtls_close\n"); + + /* line from openssl.c: (void)SSL_shutdown(BACKEND->ssl); + axTLS compat layer does nothing for SSL_shutdown */ + + /* The following line is from openssl.c. There seems to be no axTLS + equivalent. ssl_free and ssl_ctx_free close things. + SSL_set_connect_state(connssl->handle); */ + + free_ssl_structs(connssl); +} + /* * For both blocking and non-blocking connects, this function finalizes the * SSL connection. @@ -292,7 +300,8 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex) { struct Curl_easy *data = conn->data; - SSL *ssl = conn->ssl[sockindex].ssl; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + SSL *ssl = BACKEND->ssl; const char *peer_CN; uint32_t dns_altname_index; const char *dns_altname; @@ -387,7 +396,7 @@ } /* General housekeeping */ - conn->ssl[sockindex].state = ssl_connection_complete; + connssl->state = ssl_connection_complete; conn->recv[sockindex] = axtls_recv; conn->send[sockindex] = axtls_send; @@ -409,11 +418,10 @@ * Use axTLS's non-blocking connection feature to open an SSL connection. * This is called after a TCP connection is already established. */ -CURLcode Curl_axtls_connect_nonblocking( - struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_axtls_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; CURLcode conn_step; int ssl_fcn_return; int i; @@ -421,23 +429,23 @@ *done = FALSE; /* connectdata is calloc'd and connecting_state is only changed in this function, so this is safe, as the state is effectively initialized. */ - if(conn->ssl[sockindex].connecting_state == ssl_connect_1) { + if(connssl->connecting_state == ssl_connect_1) { conn_step = connect_prep(conn, sockindex); if(conn_step != CURLE_OK) { Curl_axtls_close(conn, sockindex); return conn_step; } - conn->ssl[sockindex].connecting_state = ssl_connect_2; + connssl->connecting_state = ssl_connect_2; } - if(conn->ssl[sockindex].connecting_state == ssl_connect_2) { + if(connssl->connecting_state == ssl_connect_2) { /* Check to make sure handshake was ok. */ - if(ssl_handshake_status(conn->ssl[sockindex].ssl) != SSL_OK) { + if(ssl_handshake_status(BACKEND->ssl) != SSL_OK) { /* Loop to perform more work in between sleeps. This is work around the fact that axtls does not expose any knowledge about when work needs to be performed. This can save ~25% of time on SSL handshakes. */ - for(i=0; i<5; i++) { - ssl_fcn_return = ssl_read(conn->ssl[sockindex].ssl, NULL); + for(i = 0; i<5; i++) { + ssl_fcn_return = ssl_read(BACKEND->ssl, NULL); if(ssl_fcn_return < 0) { Curl_axtls_close(conn, sockindex); ssl_display_error(ssl_fcn_return); /* goes to stdout. */ @@ -447,10 +455,10 @@ } } infof(conn->data, "handshake completed successfully\n"); - conn->ssl[sockindex].connecting_state = ssl_connect_3; + connssl->connecting_state = ssl_connect_3; } - if(conn->ssl[sockindex].connecting_state == ssl_connect_3) { + if(connssl->connecting_state == ssl_connect_3) { conn_step = connect_finish(conn, sockindex); if(conn_step != CURLE_OK) { Curl_axtls_close(conn, sockindex); @@ -458,15 +466,15 @@ } /* Reset connect state */ - conn->ssl[sockindex].connecting_state = ssl_connect_1; + connssl->connecting_state = ssl_connect_1; *done = TRUE; return CURLE_OK; } /* Unrecognized state. Things are very bad. */ - conn->ssl[sockindex].state = ssl_connection_none; - conn->ssl[sockindex].connecting_state = ssl_connect_1; + connssl->state = ssl_connection_none; + connssl->connecting_state = ssl_connect_1; /* Return value perhaps not strictly correct, but distinguishes the issue.*/ return CURLE_BAD_FUNCTION_ARGUMENT; } @@ -476,15 +484,13 @@ * This function is called after the TCP connect has completed. Setup the TLS * layer and do all necessary magic for a blocking connect. */ -CURLcode -Curl_axtls_connect(struct connectdata *conn, - int sockindex) - +static CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex) { struct Curl_easy *data = conn->data; CURLcode conn_step = connect_prep(conn, sockindex); int ssl_fcn_return; - SSL *ssl = conn->ssl[sockindex].ssl; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + SSL *ssl = BACKEND->ssl; long timeout_ms; if(conn_step != CURLE_OK) { @@ -530,8 +536,9 @@ size_t len, CURLcode *err) { + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; /* ssl_write() returns 'int' while write() and send() returns 'size_t' */ - int rc = ssl_write(conn->ssl[sockindex].ssl, mem, (int)len); + int rc = ssl_write(BACKEND->ssl, mem, (int)len); infof(conn->data, " axtls_send\n"); @@ -544,27 +551,11 @@ return rc; } -void Curl_axtls_close(struct connectdata *conn, int sockindex) -{ - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - - infof(conn->data, " Curl_axtls_close\n"); - - /* line from openssl.c: (void)SSL_shutdown(connssl->ssl); - axTLS compat layer does nothing for SSL_shutdown */ - - /* The following line is from openssl.c. There seems to be no axTLS - equivalent. ssl_free and ssl_ctx_free close things. - SSL_set_connect_state(connssl->handle); */ - - free_ssl_structs(connssl); -} - /* * This function is called to shut down the SSL layer but keep the * socket open (CCC - Clear Command Channel) */ -int Curl_axtls_shutdown(struct connectdata *conn, int sockindex) +static int Curl_axtls_shutdown(struct connectdata *conn, int sockindex) { /* Outline taken from openssl.c since functions are in axTLS compat layer. axTLS's error set is much smaller, so a lot of error-handling was removed. @@ -584,17 +575,17 @@ /* axTLS compat layer does nothing for SSL_shutdown, so we do nothing too if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE) - (void)SSL_shutdown(connssl->ssl); + (void)SSL_shutdown(BACKEND->ssl); */ - if(connssl->ssl) { + if(BACKEND->ssl) { int what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT); if(what > 0) { /* Something to read, let's do it and hope that it is the close notify alert from the server. buf is managed internally by axTLS and will be released upon calling ssl_free via free_ssl_structs. */ - nread = (ssize_t)ssl_read(connssl->ssl, &buf); + nread = (ssize_t)ssl_read(BACKEND->ssl, &buf); if(nread < SSL_OK) { failf(data, "close notify alert not received during shutdown"); @@ -630,7 +621,7 @@ *err = CURLE_OK; if(connssl) { - ret = ssl_read(connssl->ssl, &read_buf); + ret = ssl_read(BACKEND->ssl, &read_buf); if(ret > SSL_OK) { /* ssl_read returns SSL_OK if there is more data to read, so if it is larger, then all data has been read already. */ @@ -663,9 +654,10 @@ * 0 means the connection has been closed * -1 means the connection status is unknown */ -int Curl_axtls_check_cxn(struct connectdata *conn) +static int Curl_axtls_check_cxn(struct connectdata *conn) { - /* openssl.c line: rc = SSL_peek(conn->ssl[FIRSTSOCKET].ssl, (void*)&buf, 1); + /* openssl.c line: + rc = SSL_peek(conn->ssl[FIRSTSOCKET].backend->ssl, (void*)&buf, 1); axTLS compat layer always returns the last argument, so connection is always alive? */ @@ -673,7 +665,7 @@ return 1; /* connection still in place */ } -void Curl_axtls_session_free(void *ptr) +static void Curl_axtls_session_free(void *ptr) { (void)ptr; /* free the ID */ @@ -681,14 +673,13 @@ compatibility layer does nothing, so we do nothing too. */ } -size_t Curl_axtls_version(char *buffer, size_t size) +static size_t Curl_axtls_version(char *buffer, size_t size) { return snprintf(buffer, size, "axTLS/%s", ssl_version()); } -CURLcode Curl_axtls_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length) +static CURLcode Curl_axtls_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) { static bool ssl_seeded = FALSE; (void)data; @@ -703,4 +694,49 @@ return CURLE_OK; } +static void *Curl_axtls_get_internals(struct ssl_connect_data *connssl, + CURLINFO info UNUSED_PARAM) +{ + (void)info; + return BACKEND->ssl; +} + +const struct Curl_ssl Curl_ssl_axtls = { + { CURLSSLBACKEND_AXTLS, "axtls" }, /* info */ + + 0, /* have_ca_path */ + 0, /* have_certinfo */ + 0, /* have_pinnedpubkey */ + 0, /* have_ssl_ctx */ + 0, /* support_https_proxy */ + + sizeof(struct ssl_backend_data), + + /* + * axTLS has no global init. Everything is done through SSL and SSL_CTX + * structs stored in connectdata structure. + */ + Curl_none_init, /* init */ + /* axTLS has no global cleanup. */ + Curl_none_cleanup, /* cleanup */ + Curl_axtls_version, /* version */ + Curl_axtls_check_cxn, /* check_cxn */ + Curl_axtls_shutdown, /* shutdown */ + Curl_none_data_pending, /* data_pending */ + Curl_axtls_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_axtls_connect, /* connect */ + Curl_axtls_connect_nonblocking, /* connect_nonblocking */ + Curl_axtls_get_internals, /* get_internals */ + Curl_axtls_close, /* close_one */ + Curl_none_close_all, /* close_all */ + Curl_axtls_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start, /* false_start */ + Curl_none_md5sum, /* md5sum */ + NULL /* sha256sum */ +}; + #endif /* USE_AXTLS */ diff -Nru curl-7.55.1/lib/vtls/axtls.h curl-7.57.0/lib/vtls/axtls.h --- curl-7.55.1/lib/vtls/axtls.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/axtls.h 2017-11-09 22:40:36.000000000 +0000 @@ -27,44 +27,7 @@ #include "curl/curl.h" #include "urldata.h" -int Curl_axtls_init(void); -int Curl_axtls_cleanup(void); -CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_axtls_connect_nonblocking( - struct connectdata *conn, - int sockindex, - bool *done); - - /* close a SSL connection */ -void Curl_axtls_close(struct connectdata *conn, int sockindex); - -void Curl_axtls_session_free(void *ptr); -size_t Curl_axtls_version(char *buffer, size_t size); -int Curl_axtls_shutdown(struct connectdata *conn, int sockindex); -int Curl_axtls_check_cxn(struct connectdata *conn); -CURLcode Curl_axtls_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length); - -/* Set the API backend definition to axTLS */ -#define CURL_SSL_BACKEND CURLSSLBACKEND_AXTLS - -/* API setup for axTLS */ -#define curlssl_init Curl_axtls_init -#define curlssl_cleanup Curl_axtls_cleanup -#define curlssl_connect Curl_axtls_connect -#define curlssl_connect_nonblocking Curl_axtls_connect_nonblocking -#define curlssl_session_free(x) Curl_axtls_session_free(x) -#define curlssl_close_all(x) ((void)x) -#define curlssl_close Curl_axtls_close -#define curlssl_shutdown(x,y) Curl_axtls_shutdown(x,y) -#define curlssl_set_engine(x,y) ((void)x, (void)y, CURLE_NOT_BUILT_IN) -#define curlssl_set_engine_default(x) ((void)x, CURLE_NOT_BUILT_IN) -#define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) -#define curlssl_version Curl_axtls_version -#define curlssl_check_cxn(x) Curl_axtls_check_cxn(x) -#define curlssl_data_pending(x,y) ((void)x, (void)y, 0) -#define curlssl_random(x,y,z) Curl_axtls_random(x,y,z) +extern const struct Curl_ssl Curl_ssl_axtls; #endif /* USE_AXTLS */ #endif /* HEADER_CURL_AXTLS_H */ diff -Nru curl-7.55.1/lib/vtls/cyassl.c curl-7.57.0/lib/vtls/cyassl.c --- curl-7.55.1/lib/vtls/cyassl.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/vtls/cyassl.c 2017-11-10 16:47:30.000000000 +0000 @@ -91,6 +91,7 @@ #include "x509asn1.h" #include "curl_printf.h" +#include #include #ifdef HAVE_CYASSL_ERROR_SSL_H #include @@ -110,6 +111,25 @@ #define CYASSL_MAX_ERROR_SZ 80 #endif +/* KEEP_PEER_CERT is a product of the presence of build time symbol + OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is + in wolfSSL's settings.h, and the latter two are build time symbols in + options.h. */ +#ifndef KEEP_PEER_CERT +#if defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) || \ + defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \ + (defined(OPENSSL_EXTRA) && !defined(NO_CERTS)) +#define KEEP_PEER_CERT +#endif +#endif + +struct ssl_backend_data { + SSL_CTX* ctx; + SSL* handle; +}; + +#define BACKEND connssl->backend + static Curl_recv cyassl_recv; static Curl_send cyassl_send; @@ -136,7 +156,7 @@ char error_buffer[CYASSL_MAX_ERROR_SZ]; char *ciphers; struct Curl_easy *data = conn->data; - struct ssl_connect_data* conssl = &conn->ssl[sockindex]; + struct ssl_connect_data* connssl = &conn->ssl[sockindex]; SSL_METHOD* req_method = NULL; curl_socket_t sockfd = conn->sock[sockindex]; #ifdef HAVE_SNI @@ -146,7 +166,7 @@ #define use_sni(x) Curl_nop_stmt #endif - if(conssl->state == ssl_connection_complete) + if(connssl->state == ssl_connection_complete) return CURLE_OK; if(SSL_CONN_CONFIG(version_max) != CURL_SSLVERSION_MAX_NONE) { @@ -205,11 +225,11 @@ return CURLE_OUT_OF_MEMORY; } - if(conssl->ctx) - SSL_CTX_free(conssl->ctx); - conssl->ctx = SSL_CTX_new(req_method); + if(BACKEND->ctx) + SSL_CTX_free(BACKEND->ctx); + BACKEND->ctx = SSL_CTX_new(req_method); - if(!conssl->ctx) { + if(!BACKEND->ctx) { failf(data, "SSL: couldn't create a context!"); return CURLE_OUT_OF_MEMORY; } @@ -225,9 +245,9 @@ version. We use wolfSSL_CTX_SetMinVersion and not CyaSSL_SetMinVersion because only the former will work before the user's CTX callback is called. */ - if((wolfSSL_CTX_SetMinVersion(conssl->ctx, WOLFSSL_TLSV1) != 1) && - (wolfSSL_CTX_SetMinVersion(conssl->ctx, WOLFSSL_TLSV1_1) != 1) && - (wolfSSL_CTX_SetMinVersion(conssl->ctx, WOLFSSL_TLSV1_2) != 1)) { + if((wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1) != 1) && + (wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1_1) != 1) && + (wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1_2) != 1)) { failf(data, "SSL: couldn't set the minimum protocol version"); return CURLE_SSL_CONNECT_ERROR; } @@ -237,7 +257,7 @@ ciphers = SSL_CONN_CONFIG(cipher_list); if(ciphers) { - if(!SSL_CTX_set_cipher_list(conssl->ctx, ciphers)) { + if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) { failf(data, "failed setting cipher list: %s", ciphers); return CURLE_SSL_CIPHER; } @@ -247,7 +267,7 @@ #ifndef NO_FILESYSTEM /* load trusted cacert */ if(SSL_CONN_CONFIG(CAfile)) { - if(1 != SSL_CTX_load_verify_locations(conssl->ctx, + if(1 != SSL_CTX_load_verify_locations(BACKEND->ctx, SSL_CONN_CONFIG(CAfile), SSL_CONN_CONFIG(CApath))) { if(SSL_CONN_CONFIG(verifypeer)) { @@ -284,7 +304,7 @@ if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) { int file_type = do_file_type(SSL_SET_OPTION(cert_type)); - if(SSL_CTX_use_certificate_file(conssl->ctx, SSL_SET_OPTION(cert), + if(SSL_CTX_use_certificate_file(BACKEND->ctx, SSL_SET_OPTION(cert), file_type) != 1) { failf(data, "unable to use client certificate (no key or wrong pass" " phrase?)"); @@ -292,7 +312,7 @@ } file_type = do_file_type(SSL_SET_OPTION(key_type)); - if(SSL_CTX_use_PrivateKey_file(conssl->ctx, SSL_SET_OPTION(key), + if(SSL_CTX_use_PrivateKey_file(BACKEND->ctx, SSL_SET_OPTION(key), file_type) != 1) { failf(data, "unable to set private key"); return CURLE_SSL_CONNECT_ERROR; @@ -304,7 +324,7 @@ * fail to connect if the verification fails, or if it should continue * anyway. In the latter case the result of the verification is checked with * SSL_get_verify_result() below. */ - SSL_CTX_set_verify(conssl->ctx, + SSL_CTX_set_verify(BACKEND->ctx, SSL_CONN_CONFIG(verifypeer)?SSL_VERIFY_PEER: SSL_VERIFY_NONE, NULL); @@ -323,7 +343,7 @@ #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) && #endif - (CyaSSL_CTX_UseSNI(conssl->ctx, CYASSL_SNI_HOST_NAME, hostname, + (CyaSSL_CTX_UseSNI(BACKEND->ctx, CYASSL_SNI_HOST_NAME, hostname, (unsigned short)hostname_len) != 1)) { infof(data, "WARNING: failed to configure server name indication (SNI) " "TLS extension\n"); @@ -336,15 +356,15 @@ https://github.com/wolfSSL/wolfssl/issues/366 The supported curves below are those also supported by OpenSSL 1.0.2 and in the same order. */ - CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x17); /* secp256r1 */ - CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x19); /* secp521r1 */ - CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x18); /* secp384r1 */ + CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x17); /* secp256r1 */ + CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x19); /* secp521r1 */ + CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x18); /* secp384r1 */ #endif /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { CURLcode result = CURLE_OK; - result = (*data->set.ssl.fsslctx)(data, conssl->ctx, + result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx, data->set.ssl.fsslctxp); if(result) { failf(data, "error signaled by ssl ctx callback"); @@ -362,10 +382,10 @@ #endif /* Let's make an SSL structure */ - if(conssl->handle) - SSL_free(conssl->handle); - conssl->handle = SSL_new(conssl->ctx); - if(!conssl->handle) { + if(BACKEND->handle) + SSL_free(BACKEND->handle); + BACKEND->handle = SSL_new(BACKEND->ctx); + if(!BACKEND->handle) { failf(data, "SSL: couldn't create a context (handle)!"); return CURLE_OUT_OF_MEMORY; } @@ -388,7 +408,7 @@ strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1); infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1); - if(wolfSSL_UseALPN(conssl->handle, protocols, + if(wolfSSL_UseALPN(BACKEND->handle, protocols, (unsigned)strlen(protocols), WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) { failf(data, "SSL: failed setting ALPN protocols"); @@ -404,10 +424,10 @@ Curl_ssl_sessionid_lock(conn); if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { /* we got a session id, use it! */ - if(!SSL_set_session(conssl->handle, ssl_sessionid)) { + if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) { Curl_ssl_sessionid_unlock(conn); failf(data, "SSL: SSL_set_session failed: %s", - ERR_error_string(SSL_get_error(conssl->handle, 0), + ERR_error_string(SSL_get_error(BACKEND->handle, 0), error_buffer)); return CURLE_SSL_CONNECT_ERROR; } @@ -418,12 +438,12 @@ } /* pass the raw socket into the SSL layer */ - if(!SSL_set_fd(conssl->handle, (int)sockfd)) { + if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) { failf(data, "SSL: SSL_set_fd failed"); return CURLE_SSL_CONNECT_ERROR; } - conssl->connecting_state = ssl_connect_2; + connssl->connecting_state = ssl_connect_2; return CURLE_OK; } @@ -434,7 +454,7 @@ { int ret = -1; struct Curl_easy *data = conn->data; - struct ssl_connect_data* conssl = &conn->ssl[sockindex]; + struct ssl_connect_data* connssl = &conn->ssl[sockindex]; const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name; const char * const dispname = SSL_IS_PROXY() ? @@ -448,22 +468,22 @@ /* Enable RFC2818 checks */ if(SSL_CONN_CONFIG(verifyhost)) { - ret = CyaSSL_check_domain_name(conssl->handle, hostname); + ret = CyaSSL_check_domain_name(BACKEND->handle, hostname); if(ret == SSL_FAILURE) return CURLE_OUT_OF_MEMORY; } - ret = SSL_connect(conssl->handle); + ret = SSL_connect(BACKEND->handle); if(ret != 1) { char error_buffer[CYASSL_MAX_ERROR_SZ]; - int detail = SSL_get_error(conssl->handle, ret); + int detail = SSL_get_error(BACKEND->handle, ret); if(SSL_ERROR_WANT_READ == detail) { - conssl->connecting_state = ssl_connect_2_reading; + connssl->connecting_state = ssl_connect_2_reading; return CURLE_OK; } else if(SSL_ERROR_WANT_WRITE == detail) { - conssl->connecting_state = ssl_connect_2_writing; + connssl->connecting_state = ssl_connect_2_writing; return CURLE_OK; } /* There is no easy way to override only the CN matching. @@ -524,7 +544,7 @@ curl_asn1Element *pubkey; CURLcode result; - x509 = SSL_get_peer_certificate(conssl->handle); + x509 = SSL_get_peer_certificate(BACKEND->handle); if(!x509) { failf(data, "SSL: failed retrieving server certificate"); return CURLE_SSL_PINNEDPUBKEYNOTMATCH; @@ -566,7 +586,7 @@ char *protocol = NULL; unsigned short protocol_len = 0; - rc = wolfSSL_ALPN_GetProtocol(conssl->handle, &protocol, &protocol_len); + rc = wolfSSL_ALPN_GetProtocol(BACKEND->handle, &protocol, &protocol_len); if(rc == SSL_SUCCESS) { infof(data, "ALPN, server accepted to use %.*s\n", protocol_len, @@ -595,11 +615,11 @@ } #endif /* HAVE_ALPN */ - conssl->connecting_state = ssl_connect_3; + connssl->connecting_state = ssl_connect_3; #if (LIBCYASSL_VERSION_HEX >= 0x03009010) infof(data, "SSL connection using %s / %s\n", - wolfSSL_get_version(conssl->handle), - wolfSSL_get_cipher_name(conssl->handle)); + wolfSSL_get_version(BACKEND->handle), + wolfSSL_get_cipher_name(BACKEND->handle)); #else infof(data, "SSL connected\n"); #endif @@ -623,7 +643,7 @@ SSL_SESSION *our_ssl_sessionid; void *old_ssl_sessionid = NULL; - our_ssl_sessionid = SSL_get_session(connssl->handle); + our_ssl_sessionid = SSL_get_session(BACKEND->handle); Curl_ssl_sessionid_lock(conn); incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, @@ -660,12 +680,13 @@ size_t len, CURLcode *curlcode) { + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; char error_buffer[CYASSL_MAX_ERROR_SZ]; int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; - int rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen); + int rc = SSL_write(BACKEND->handle, mem, memlen); if(rc < 0) { - int err = SSL_get_error(conn->ssl[sockindex].handle, rc); + int err = SSL_get_error(BACKEND->handle, rc); switch(err) { case SSL_ERROR_WANT_READ: @@ -684,18 +705,18 @@ return rc; } -void Curl_cyassl_close(struct connectdata *conn, int sockindex) +static void Curl_cyassl_close(struct connectdata *conn, int sockindex) { - struct ssl_connect_data *conssl = &conn->ssl[sockindex]; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - if(conssl->handle) { - (void)SSL_shutdown(conssl->handle); - SSL_free(conssl->handle); - conssl->handle = NULL; - } - if(conssl->ctx) { - SSL_CTX_free(conssl->ctx); - conssl->ctx = NULL; + if(BACKEND->handle) { + (void)SSL_shutdown(BACKEND->handle); + SSL_free(BACKEND->handle); + BACKEND->handle = NULL; + } + if(BACKEND->ctx) { + SSL_CTX_free(BACKEND->ctx); + BACKEND->ctx = NULL; } } @@ -705,12 +726,13 @@ size_t buffersize, CURLcode *curlcode) { + struct ssl_connect_data *connssl = &conn->ssl[num]; char error_buffer[CYASSL_MAX_ERROR_SZ]; int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; - int nread = SSL_read(conn->ssl[num].handle, buf, buffsize); + int nread = SSL_read(BACKEND->handle, buf, buffsize); if(nread < 0) { - int err = SSL_get_error(conn->ssl[num].handle, nread); + int err = SSL_get_error(BACKEND->handle, nread); switch(err) { case SSL_ERROR_ZERO_RETURN: /* no more data */ @@ -732,14 +754,14 @@ } -void Curl_cyassl_session_free(void *ptr) +static void Curl_cyassl_session_free(void *ptr) { (void)ptr; /* CyaSSL reuses sessions on own, no free */ } -size_t Curl_cyassl_version(char *buffer, size_t size) +static size_t Curl_cyassl_version(char *buffer, size_t size) { #if LIBCYASSL_VERSION_HEX >= 0x03006000 return snprintf(buffer, size, "wolfSSL/%s", wolfSSL_lib_version()); @@ -753,16 +775,18 @@ } -int Curl_cyassl_init(void) +static int Curl_cyassl_init(void) { return (CyaSSL_Init() == SSL_SUCCESS); } -bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex) +static bool Curl_cyassl_data_pending(const struct connectdata* conn, + int connindex) { - if(conn->ssl[connindex].handle) /* SSL is in use */ - return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE; + const struct ssl_connect_data *connssl = &conn->ssl[connindex]; + if(BACKEND->handle) /* SSL is in use */ + return (0 != SSL_pending(BACKEND->handle)) ? TRUE : FALSE; else return FALSE; } @@ -772,14 +796,14 @@ * This function is called to shut down the SSL layer but keep the * socket open (CCC - Clear Command Channel) */ -int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex) +static int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex) { int retval = 0; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - if(connssl->handle) { - SSL_free(connssl->handle); - connssl->handle = NULL; + if(BACKEND->handle) { + SSL_free(BACKEND->handle); + BACKEND->handle = NULL; } return retval; } @@ -804,7 +828,7 @@ return CURLE_OK; } - if(ssl_connect_1==connssl->connecting_state) { + if(ssl_connect_1 == connssl->connecting_state) { /* Find out how much more time we're allowed */ timeout_ms = Curl_timeleft(data, NULL, TRUE); @@ -836,9 +860,9 @@ if(connssl->connecting_state == ssl_connect_2_reading || connssl->connecting_state == ssl_connect_2_writing) { - curl_socket_t writefd = ssl_connect_2_writing== + curl_socket_t writefd = ssl_connect_2_writing == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading== + curl_socket_t readfd = ssl_connect_2_reading == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, @@ -899,18 +923,14 @@ } -CURLcode -Curl_cyassl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return cyassl_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_cyassl_connect(struct connectdata *conn, - int sockindex) +static CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -924,9 +944,8 @@ return CURLE_OK; } -CURLcode Curl_cyassl_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length) +static CURLcode Curl_cyassl_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) { RNG rng; (void)data; @@ -939,10 +958,10 @@ return CURLE_OK; } -void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum /* output */, - size_t unused) +static void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *sha256sum /* output */, + size_t unused) { Sha256 SHA256pw; (void)unused; @@ -951,4 +970,48 @@ Sha256Final(&SHA256pw, sha256sum); } +static void *Curl_cyassl_get_internals(struct ssl_connect_data *connssl, + CURLINFO info UNUSED_PARAM) +{ + (void)info; + return BACKEND->handle; +} + +const struct Curl_ssl Curl_ssl_cyassl = { + { CURLSSLBACKEND_WOLFSSL, "WolfSSL" }, /* info */ + + 0, /* have_ca_path */ + 0, /* have_certinfo */ +#ifdef KEEP_PEER_CERT + 1, /* have_pinnedpubkey */ +#else + 0, /* have_pinnedpubkey */ +#endif + 1, /* have_ssl_ctx */ + 0, /* support_https_proxy */ + + sizeof(struct ssl_backend_data), + + Curl_cyassl_init, /* init */ + Curl_none_cleanup, /* cleanup */ + Curl_cyassl_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_cyassl_shutdown, /* shutdown */ + Curl_cyassl_data_pending, /* data_pending */ + Curl_cyassl_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_cyassl_connect, /* connect */ + Curl_cyassl_connect_nonblocking, /* connect_nonblocking */ + Curl_cyassl_get_internals, /* get_internals */ + Curl_cyassl_close, /* close_one */ + Curl_none_close_all, /* close_all */ + Curl_cyassl_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start, /* false_start */ + Curl_none_md5sum, /* md5sum */ + Curl_cyassl_sha256sum /* sha256sum */ +}; + #endif diff -Nru curl-7.55.1/lib/vtls/cyassl.h curl-7.57.0/lib/vtls/cyassl.h --- curl-7.55.1/lib/vtls/cyassl.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/cyassl.h 2017-11-09 22:40:36.000000000 +0000 @@ -25,68 +25,7 @@ #ifdef USE_CYASSL -/* KEEP_PEER_CERT is a product of the presence of build time symbol - OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is - in wolfSSL's settings.h, and the latter two are build time symbols in - options.h. */ -#ifndef KEEP_PEER_CERT -#if defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) || \ - defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \ - (defined(OPENSSL_EXTRA) && !defined(NO_CERTS)) -#define KEEP_PEER_CERT -#endif -#endif - -CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex); -bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex); -int Curl_cyassl_shutdown(struct connectdata* conn, int sockindex); - - /* close a SSL connection */ -void Curl_cyassl_close(struct connectdata *conn, int sockindex); - -void Curl_cyassl_session_free(void *ptr); -size_t Curl_cyassl_version(char *buffer, size_t size); -int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex); -int Curl_cyassl_init(void); -CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); -CURLcode Curl_cyassl_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length); -void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum, /* output */ - size_t unused); - -/* Set the API backend definition to CyaSSL */ -#define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL - -/* this backend supports CURLOPT_SSL_CTX_* */ -#define have_curlssl_ssl_ctx 1 - -#ifdef KEEP_PEER_CERT -/* this backend supports CURLOPT_PINNEDPUBLICKEY */ -#define have_curlssl_pinnedpubkey 1 -#endif - -/* API setup for CyaSSL */ -#define curlssl_init Curl_cyassl_init -#define curlssl_cleanup() Curl_nop_stmt -#define curlssl_connect Curl_cyassl_connect -#define curlssl_connect_nonblocking Curl_cyassl_connect_nonblocking -#define curlssl_session_free(x) Curl_cyassl_session_free(x) -#define curlssl_close_all(x) ((void)x) -#define curlssl_close Curl_cyassl_close -#define curlssl_shutdown(x,y) Curl_cyassl_shutdown(x,y) -#define curlssl_set_engine(x,y) ((void)x, (void)y, CURLE_NOT_BUILT_IN) -#define curlssl_set_engine_default(x) ((void)x, CURLE_NOT_BUILT_IN) -#define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) -#define curlssl_version Curl_cyassl_version -#define curlssl_check_cxn(x) ((void)x, -1) -#define curlssl_data_pending(x,y) Curl_cyassl_data_pending(x,y) -#define curlssl_random(x,y,z) Curl_cyassl_random(x,y,z) -#define curlssl_sha256sum(a,b,c,d) Curl_cyassl_sha256sum(a,b,c,d) +extern const struct Curl_ssl Curl_ssl_cyassl; #endif /* USE_CYASSL */ #endif /* HEADER_CURL_CYASSL_H */ diff -Nru curl-7.55.1/lib/vtls/darwinssl.c curl-7.57.0/lib/vtls/darwinssl.c --- curl-7.55.1/lib/vtls/darwinssl.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/vtls/darwinssl.c 2017-11-10 16:47:30.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2014, Nick Zitzmann, . + * Copyright (C) 2012 - 2017, Nick Zitzmann, . * Copyright (C) 2012 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which @@ -22,7 +22,7 @@ ***************************************************************************/ /* - * Source file for all iOS and Mac OS X SecureTransport-specific code for the + * Source file for all iOS and macOS SecureTransport-specific code for the * TLS/SSL layer. No code but vtls.c should ever call or use these functions. */ @@ -44,16 +44,20 @@ #endif #include +/* For some reason, when building for iOS, the omnibus header above does + * not include SecureTransport.h as of iOS SDK 5.1. */ #include #include #include -/* The Security framework has changed greatly between iOS and different OS X +/* The Security framework has changed greatly between iOS and different macOS versions, and we will try to support as many of them as we can (back to Leopard and iOS 5) by using macros and weak-linking. - IMPORTANT: If TLS 1.1 and 1.2 support are important for you on OS X, then - you must build this project against the 10.8 SDK or later. */ + In general, you want to build this using the most recent OS SDK, since some + features require curl to be built against the latest SDK. TLS 1.1 and 1.2 + support, for instance, require the macOS 10.8 SDK or later. TLS 1.3 + requires the macOS 10.13 or iOS 11 SDK or later. */ #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) #if MAC_OS_X_VERSION_MAX_ALLOWED < 1050 @@ -62,6 +66,7 @@ #define CURL_BUILD_IOS 0 #define CURL_BUILD_IOS_7 0 +#define CURL_BUILD_IOS_11 0 #define CURL_BUILD_MAC 1 /* This is the maximum API level we are allowed to use when building: */ #define CURL_BUILD_MAC_10_5 MAC_OS_X_VERSION_MAX_ALLOWED >= 1050 @@ -69,10 +74,11 @@ #define CURL_BUILD_MAC_10_7 MAC_OS_X_VERSION_MAX_ALLOWED >= 1070 #define CURL_BUILD_MAC_10_8 MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 #define CURL_BUILD_MAC_10_9 MAC_OS_X_VERSION_MAX_ALLOWED >= 1090 +#define CURL_BUILD_MAC_10_13 MAC_OS_X_VERSION_MAX_ALLOWED >= 101300 /* These macros mean "the following code is present to allow runtime backward compatibility with at least this cat or earlier": - (You set this at build-time by setting the MACOSX_DEPLOYMENT_TARGET - environmental variable.) */ + (You set this at build-time using the compiler command line option + "-mmacos-version-min.") */ #define CURL_SUPPORT_MAC_10_5 MAC_OS_X_VERSION_MIN_REQUIRED <= 1050 #define CURL_SUPPORT_MAC_10_6 MAC_OS_X_VERSION_MIN_REQUIRED <= 1060 #define CURL_SUPPORT_MAC_10_7 MAC_OS_X_VERSION_MIN_REQUIRED <= 1070 @@ -82,11 +88,14 @@ #elif TARGET_OS_EMBEDDED || TARGET_OS_IPHONE #define CURL_BUILD_IOS 1 #define CURL_BUILD_IOS_7 __IPHONE_OS_VERSION_MAX_ALLOWED >= 70000 +#define CURL_BUILD_IOS_11 __IPHONE_OS_VERSION_MAX_ALLOWED >= 110000 #define CURL_BUILD_MAC 0 #define CURL_BUILD_MAC_10_5 0 #define CURL_BUILD_MAC_10_6 0 #define CURL_BUILD_MAC_10_7 0 #define CURL_BUILD_MAC_10_8 0 +#define CURL_BUILD_MAC_10_9 0 +#define CURL_BUILD_MAC_10_13 0 #define CURL_SUPPORT_MAC_10_5 0 #define CURL_SUPPORT_MAC_10_6 0 #define CURL_SUPPORT_MAC_10_7 0 @@ -118,6 +127,33 @@ #define ioErr -36 #define paramErr -50 +struct ssl_backend_data { + SSLContextRef ssl_ctx; + curl_socket_t ssl_sockfd; + bool ssl_direction; /* true if writing, false if reading */ + size_t ssl_write_buffered_length; +}; + +#define BACKEND connssl->backend + +/* pinned public key support tests */ + +/* version 1 supports macOS 10.12+ and iOS 10+ */ +#if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \ + (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200)) +#define DARWIN_SSL_PINNEDPUBKEY_V1 1 +#endif + +/* version 2 supports MacOSX 10.7+ */ +#if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070) +#define DARWIN_SSL_PINNEDPUBKEY_V2 1 +#endif + +#if defined(DARWIN_SSL_PINNEDPUBKEY_V1) || defined(DARWIN_SSL_PINNEDPUBKEY_V2) +/* this backend supports CURLOPT_PINNEDPUBLICKEY */ +#define DARWIN_SSL_PINNEDPUBKEY 1 +#endif /* DARWIN_SSL_PINNEDPUBKEY */ + #ifdef DARWIN_SSL_PINNEDPUBKEY /* both new and old APIs return rsa keys missing the spki header (not DER) */ static const unsigned char rsa4096SpkiHeader[] = { @@ -161,7 +197,7 @@ UInt8 *currData = (UInt8 *)data; /*int sock = *(int *)connection;*/ struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection; - int sock = connssl->ssl_sockfd; + int sock = BACKEND->ssl_sockfd; OSStatus rtn = noErr; size_t bytesRead; ssize_t rrtn; @@ -190,7 +226,7 @@ break; case EAGAIN: rtn = errSSLWouldBlock; - connssl->ssl_direction = false; + BACKEND->ssl_direction = false; break; default: rtn = ioErr; @@ -221,7 +257,7 @@ size_t bytesSent = 0; /*int sock = *(int *)connection;*/ struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection; - int sock = connssl->ssl_sockfd; + int sock = BACKEND->ssl_sockfd; ssize_t length; size_t dataLen = *dataLength; const UInt8 *dataPtr = (UInt8 *)data; @@ -241,7 +277,7 @@ theErr = errno; if(theErr == EAGAIN) { ortn = errSSLWouldBlock; - connssl->ssl_direction = true; + BACKEND->ssl_direction = true; } else { ortn = ioErr; @@ -809,6 +845,30 @@ return "TLS_RSA_PSK_WITH_NULL_SHA384"; break; #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ +#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 + /* New ChaCha20+Poly1305 cipher-suites used by TLS 1.3: */ + case TLS_AES_128_GCM_SHA256: + return "TLS_AES_128_GCM_SHA256"; + break; + case TLS_AES_256_GCM_SHA384: + return "TLS_AES_256_GCM_SHA384"; + break; + case TLS_CHACHA20_POLY1305_SHA256: + return "TLS_CHACHA20_POLY1305_SHA256"; + break; + case TLS_AES_128_CCM_SHA256: + return "TLS_AES_128_CCM_SHA256"; + break; + case TLS_AES_128_CCM_8_SHA256: + return "TLS_AES_128_CCM_8_SHA256"; + break; + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: + return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; + break; + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: + return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; + break; +#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ } return "TLS_NULL_WITH_NULL_NULL"; } @@ -849,7 +909,7 @@ into a string. Some aren't available under iOS or newer cats. So here's a unified function for getting a string describing the certificate that ought to work in all cats starting with Leopard. */ -CF_INLINE CFStringRef CopyCertSubject(SecCertificateRef cert) +CF_INLINE CFStringRef getsubject(SecCertificateRef cert) { CFStringRef server_cert_summary = CFSTR("(null)"); @@ -876,6 +936,54 @@ return server_cert_summary; } +static CURLcode CopyCertSubject(struct Curl_easy *data, + SecCertificateRef cert, char **certp) +{ + CFStringRef c = getsubject(cert); + CURLcode result = CURLE_OK; + const char *direct; + char *cbuf = NULL; + *certp = NULL; + + if(!c) { + failf(data, "SSL: invalid CA certificate subject"); + return CURLE_OUT_OF_MEMORY; + } + + /* If the subject is already available as UTF-8 encoded (ie 'direct') then + use that, else convert it. */ + direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8); + if(direct) { + *certp = strdup(direct); + if(!*certp) { + failf(data, "SSL: out of memory"); + result = CURLE_OUT_OF_MEMORY; + } + } + else { + size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1; + cbuf = calloc(cbuf_size, 1); + if(cbuf) { + if(!CFStringGetCString(c, cbuf, cbuf_size, + kCFStringEncodingUTF8)) { + failf(data, "SSL: invalid CA certificate subject"); + result = CURLE_SSL_CACERT; + } + else + /* pass back the buffer */ + *certp = cbuf; + } + else { + failf(data, "SSL: couldn't allocate %zu bytes of memory", cbuf_size); + result = CURLE_OUT_OF_MEMORY; + } + } + if(result) + free(cbuf); + CFRelease(c); + return result; +} + #if CURL_SUPPORT_MAC_10_6 /* The SecKeychainSearch API was deprecated in Lion, and using it will raise deprecation warnings, so let's not compile this unless it's necessary: */ @@ -968,7 +1076,7 @@ keys_list_count = CFArrayGetCount(keys_list); *out_cert_and_key = NULL; status = 1; - for(i=0; issl[sockindex]; long ssl_version = SSL_CONN_CONFIG(version); long ssl_version_max = SSL_CONN_CONFIG(version_max); + long max_supported_version_by_os; + + /* macOS 10.5-10.7 supported TLS 1.0 only. + macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2. + macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. */ +#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 + if(__builtin_available(macOS 10.13, iOS 11.0, *)) { + max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_3; + } + else { + max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2; + } +#else + max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2; +#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ switch(ssl_version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: ssl_version = CURL_SSLVERSION_TLSv1_0; - ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2; + ssl_version_max = max_supported_version_by_os; break; } @@ -1121,7 +1253,7 @@ ssl_version_max = ssl_version << 16; break; case CURL_SSLVERSION_MAX_DEFAULT: - ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2; + ssl_version_max = max_supported_version_by_os; break; } @@ -1142,35 +1274,35 @@ return result; } - (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, darwin_ver_min); - (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, darwin_ver_max); + (void)SSLSetProtocolVersionMin(BACKEND->ssl_ctx, darwin_ver_min); + (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, darwin_ver_max); return result; } else { #if CURL_SUPPORT_MAC_10_8 long i = ssl_version; - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kSSLProtocolAll, false); for(; i <= (ssl_version_max >> 16); i++) { switch(i) { case CURL_SSLVERSION_TLSv1_0: - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kTLSProtocol1, true); break; case CURL_SSLVERSION_TLSv1_1: - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kTLSProtocol11, true); break; case CURL_SSLVERSION_TLSv1_2: - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kTLSProtocol12, true); break; case CURL_SSLVERSION_TLSv1_3: - failf(data, "DarwinSSL: TLS 1.3 is not yet supported"); + failf(data, "Your version of the OS does not support TLSv1.3"); return CURLE_SSL_CONNECT_ERROR; } } @@ -1211,10 +1343,10 @@ #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS if(SSLCreateContext != NULL) { /* use the newer API if avaialble */ - if(connssl->ssl_ctx) - CFRelease(connssl->ssl_ctx); - connssl->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType); - if(!connssl->ssl_ctx) { + if(BACKEND->ssl_ctx) + CFRelease(BACKEND->ssl_ctx); + BACKEND->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType); + if(!BACKEND->ssl_ctx) { failf(data, "SSL: couldn't create a context!"); return CURLE_OUT_OF_MEMORY; } @@ -1222,9 +1354,9 @@ else { /* The old ST API does not exist under iOS, so don't compile it: */ #if CURL_SUPPORT_MAC_10_8 - if(connssl->ssl_ctx) - (void)SSLDisposeContext(connssl->ssl_ctx); - err = SSLNewContext(false, &(connssl->ssl_ctx)); + if(BACKEND->ssl_ctx) + (void)SSLDisposeContext(BACKEND->ssl_ctx); + err = SSLNewContext(false, &(BACKEND->ssl_ctx)); if(err != noErr) { failf(data, "SSL: couldn't create a context: OSStatus %d", err); return CURLE_OUT_OF_MEMORY; @@ -1232,15 +1364,15 @@ #endif /* CURL_SUPPORT_MAC_10_8 */ } #else - if(connssl->ssl_ctx) - (void)SSLDisposeContext(connssl->ssl_ctx); - err = SSLNewContext(false, &(connssl->ssl_ctx)); + if(BACKEND->ssl_ctx) + (void)SSLDisposeContext(BACKEND->ssl_ctx); + err = SSLNewContext(false, &(BACKEND->ssl_ctx)); if(err != noErr) { failf(data, "SSL: couldn't create a context: OSStatus %d", err); return CURLE_OUT_OF_MEMORY; } #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ - connssl->ssl_write_buffered_length = 0UL; /* reset buffered write length */ + BACKEND->ssl_write_buffered_length = 0UL; /* reset buffered write length */ /* check to see if we've been told to use an explicit SSL/TLS version */ #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS @@ -1248,8 +1380,17 @@ switch(conn->ssl_config.version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: - (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1); - (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12); + (void)SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kTLSProtocol1); +#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 + if(__builtin_available(macOS 10.13, iOS 11.0, *)) { + (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol13); + } + else { + (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol12); + } +#else + (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol12); +#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ break; case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: @@ -1262,20 +1403,20 @@ break; } case CURL_SSLVERSION_SSLv3: - err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3); + err = SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kSSLProtocol3); if(err != noErr) { failf(data, "Your version of the OS does not support SSLv3"); return CURLE_SSL_CONNECT_ERROR; } - (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol3); + (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kSSLProtocol3); break; case CURL_SSLVERSION_SSLv2: - err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol2); + err = SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kSSLProtocol2); if(err != noErr) { failf(data, "Your version of the OS does not support SSLv2"); return CURLE_SSL_CONNECT_ERROR; } - (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol2); + (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kSSLProtocol2); break; default: failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); @@ -1284,19 +1425,19 @@ } else { #if CURL_SUPPORT_MAC_10_8 - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kSSLProtocolAll, false); switch(conn->ssl_config.version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kTLSProtocol1, true); - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kTLSProtocol11, true); - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kTLSProtocol12, true); break; @@ -1311,7 +1452,7 @@ break; } case CURL_SSLVERSION_SSLv3: - err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kSSLProtocol3, true); if(err != noErr) { @@ -1320,7 +1461,7 @@ } break; case CURL_SSLVERSION_SSLv2: - err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kSSLProtocol2, true); if(err != noErr) { @@ -1340,12 +1481,12 @@ " SSL/TLS version"); return CURLE_SSL_CONNECT_ERROR; } - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false); + (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kSSLProtocolAll, false); switch(conn->ssl_config.version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: - (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kTLSProtocol1, true); break; @@ -1359,7 +1500,7 @@ failf(data, "Your version of the OS does not support TLSv1.3"); return CURLE_SSL_CONNECT_ERROR; case CURL_SSLVERSION_SSLv2: - err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kSSLProtocol2, true); if(err != noErr) { @@ -1368,7 +1509,7 @@ } break; case CURL_SSLVERSION_SSLv3: - err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx, + err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kSSLProtocol3, true); if(err != noErr) { @@ -1418,25 +1559,21 @@ /* If we found one, print it out: */ err = SecIdentityCopyCertificate(cert_and_key, &cert); if(err == noErr) { - CFStringRef cert_summary = CopyCertSubject(cert); - char cert_summary_c[128]; - - if(cert_summary) { - memset(cert_summary_c, 0, 128); - if(CFStringGetCString(cert_summary, - cert_summary_c, - 128, - kCFStringEncodingUTF8)) { - infof(data, "Client certificate: %s\n", cert_summary_c); - } - CFRelease(cert_summary); - CFRelease(cert); + char *certp; + CURLcode result = CopyCertSubject(data, cert, &certp); + if(!result) { + infof(data, "Client certificate: %s\n", certp); + free(certp); } + + CFRelease(cert); + if(result) + return result; } certs_c[0] = cert_and_key; certs = CFArrayCreate(NULL, (const void **)certs_c, 1L, &kCFTypeArrayCallBacks); - err = SSLSetCertificate(connssl->ssl_ctx, certs); + err = SSLSetCertificate(BACKEND->ssl_ctx, certs); if(certs) CFRelease(certs); if(err != noErr) { @@ -1499,7 +1636,7 @@ if(SSLSetSessionOption != NULL) { #endif /* CURL_BUILD_MAC */ bool break_on_auth = !conn->ssl_config.verifypeer || ssl_cafile; - err = SSLSetSessionOption(connssl->ssl_ctx, + err = SSLSetSessionOption(BACKEND->ssl_ctx, kSSLSessionOptionBreakOnServerAuth, break_on_auth); if(err != noErr) { @@ -1509,7 +1646,7 @@ } else { #if CURL_SUPPORT_MAC_10_8 - err = SSLSetEnableCertVerify(connssl->ssl_ctx, + err = SSLSetEnableCertVerify(BACKEND->ssl_ctx, conn->ssl_config.verifypeer?true:false); if(err != noErr) { failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err); @@ -1518,7 +1655,7 @@ #endif /* CURL_SUPPORT_MAC_10_8 */ } #else - err = SSLSetEnableCertVerify(connssl->ssl_ctx, + err = SSLSetEnableCertVerify(BACKEND->ssl_ctx, conn->ssl_config.verifypeer?true:false); if(err != noErr) { failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err); @@ -1539,7 +1676,7 @@ * Both hostname check and SNI require SSLSetPeerDomainName(). * Also: the verifyhost setting influences SNI usage */ if(conn->ssl_config.verifyhost) { - err = SSLSetPeerDomainName(connssl->ssl_ctx, hostname, + err = SSLSetPeerDomainName(BACKEND->ssl_ctx, hostname, strlen(hostname)); if(err != noErr) { @@ -1565,11 +1702,11 @@ higher priority, but it's probably better that we not connect at all than to give the user a false sense of security if the server only supports insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) */ - (void)SSLGetNumberSupportedCiphers(connssl->ssl_ctx, &all_ciphers_count); + (void)SSLGetNumberSupportedCiphers(BACKEND->ssl_ctx, &all_ciphers_count); all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite)); allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite)); if(all_ciphers && allowed_ciphers && - SSLGetSupportedCiphers(connssl->ssl_ctx, all_ciphers, + SSLGetSupportedCiphers(BACKEND->ssl_ctx, all_ciphers, &all_ciphers_count) == noErr) { for(i = 0UL ; i < all_ciphers_count ; i++) { #if CURL_BUILD_MAC @@ -1651,7 +1788,7 @@ break; } } - err = SSLSetEnabledCiphers(connssl->ssl_ctx, allowed_ciphers, + err = SSLSetEnabledCiphers(BACKEND->ssl_ctx, allowed_ciphers, allowed_ciphers_count); if(err != noErr) { failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err); @@ -1672,9 +1809,9 @@ specifically doesn't want us doing that: */ if(SSLSetSessionOption != NULL) { /* TODO s/data->set.ssl.enable_beast/SSL_SET_OPTION(enable_beast)/g */ - SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionSendOneByteRecord, + SSLSetSessionOption(BACKEND->ssl_ctx, kSSLSessionOptionSendOneByteRecord, !data->set.ssl.enable_beast); - SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionFalseStart, + SSLSetSessionOption(BACKEND->ssl_ctx, kSSLSessionOptionFalseStart, data->set.ssl.falsestart); /* false start support */ } #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ @@ -1688,7 +1825,7 @@ if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid, &ssl_sessionid_len, sockindex)) { /* we got a session id, use it! */ - err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len); + err = SSLSetPeerID(BACKEND->ssl_ctx, ssl_sessionid, ssl_sessionid_len); Curl_ssl_sessionid_unlock(conn); if(err != noErr) { failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err); @@ -1706,7 +1843,7 @@ verifypeer, SSL_CONN_CONFIG(verifyhost), hostname, port); ssl_sessionid_len = strlen(ssl_sessionid); - err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len); + err = SSLSetPeerID(BACKEND->ssl_ctx, ssl_sessionid, ssl_sessionid_len); if(err != noErr) { Curl_ssl_sessionid_unlock(conn); failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err); @@ -1723,7 +1860,7 @@ } } - err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite); + err = SSLSetIOFuncs(BACKEND->ssl_ctx, SocketRead, SocketWrite); if(err != noErr) { failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err); return CURLE_SSL_CONNECT_ERROR; @@ -1733,8 +1870,8 @@ /* We need to store the FD in a constant memory address, because * SSLSetConnection() will not copy that address. I've found that * conn->sock[sockindex] may change on its own. */ - connssl->ssl_sockfd = sockfd; - err = SSLSetConnection(connssl->ssl_ctx, connssl); + BACKEND->ssl_sockfd = sockfd; + err = SSLSetConnection(BACKEND->ssl_ctx, connssl); if(err != noErr) { failf(data, "SSL: SSLSetConnection() failed: %d", err); return CURLE_SSL_CONNECT_ERROR; @@ -1797,7 +1934,7 @@ { int fd; ssize_t n, len = 0, cap = 512; - unsigned char buf[cap], *data; + unsigned char buf[512], *data; fd = open(file, 0); if(fd < 0) @@ -1875,6 +2012,8 @@ CFMutableArrayRef array) { CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen); + char *certp; + CURLcode result; if(!certdata) { failf(data, "SSL: failed to allocate array for CA certificate"); return CURLE_OUT_OF_MEMORY; @@ -1889,25 +2028,10 @@ } /* Check if cacert is valid. */ - CFStringRef subject = CopyCertSubject(cacert); - if(subject) { - char subject_cbuf[128]; - memset(subject_cbuf, 0, 128); - if(!CFStringGetCString(subject, - subject_cbuf, - 128, - kCFStringEncodingUTF8)) { - CFRelease(cacert); - failf(data, "SSL: invalid CA certificate subject"); - return CURLE_SSL_CACERT; - } - CFRelease(subject); - } - else { - CFRelease(cacert); - failf(data, "SSL: invalid CA certificate"); - return CURLE_SSL_CACERT; - } + result = CopyCertSubject(data, cacert, &certp); + if(result) + return result; + free(certp); CFArrayAppendValue(array, cacert); CFRelease(cacert); @@ -2155,12 +2279,12 @@ || ssl_connect_2_writing == connssl->connecting_state); /* Here goes nothing: */ - err = SSLHandshake(connssl->ssl_ctx); + err = SSLHandshake(BACKEND->ssl_ctx); if(err != noErr) { switch(err) { case errSSLWouldBlock: /* they're not done with us yet */ - connssl->connecting_state = connssl->ssl_direction ? + connssl->connecting_state = BACKEND->ssl_direction ? ssl_connect_2_writing : ssl_connect_2_reading; return CURLE_OK; @@ -2169,7 +2293,7 @@ case -9841: if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) { int res = verify_cert(SSL_CONN_CONFIG(CAfile), data, - connssl->ssl_ctx); + BACKEND->ssl_ctx); if(res != CURLE_OK) return res; } @@ -2247,7 +2371,7 @@ #ifdef DARWIN_SSL_PINNEDPUBKEY if(data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]) { - CURLcode result = pkp_pin_peer_pubkey(data, connssl->ssl_ctx, + CURLcode result = pkp_pin_peer_pubkey(data, BACKEND->ssl_ctx, data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]); if(result) { failf(data, "SSL: public key does not match pinned public key!"); @@ -2257,8 +2381,8 @@ #endif /* DARWIN_SSL_PINNEDPUBKEY */ /* Informational message */ - (void)SSLGetNegotiatedCipher(connssl->ssl_ctx, &cipher); - (void)SSLGetNegotiatedProtocolVersion(connssl->ssl_ctx, &protocol); + (void)SSLGetNegotiatedCipher(BACKEND->ssl_ctx, &cipher); + (void)SSLGetNegotiatedProtocolVersion(BACKEND->ssl_ctx, &protocol); switch(protocol) { case kSSLProtocol2: infof(data, "SSL 2.0 connection using %s\n", @@ -2281,7 +2405,13 @@ infof(data, "TLS 1.2 connection using %s\n", TLSCipherNameForNumber(cipher)); break; -#endif +#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ +#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 + case kTLSProtocol13: + infof(data, "TLS 1.3 connection using %s\n", + TLSCipherNameForNumber(cipher)); + break; +#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ default: infof(data, "Unknown protocol connection\n"); break; @@ -2299,36 +2429,32 @@ { struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - CFStringRef server_cert_summary; - char server_cert_summary_c[128]; CFArrayRef server_certs = NULL; SecCertificateRef server_cert; OSStatus err; CFIndex i, count; SecTrustRef trust = NULL; - if(!connssl->ssl_ctx) + if(!BACKEND->ssl_ctx) return; #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS #if CURL_BUILD_IOS #pragma unused(server_certs) - err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust); + err = SSLCopyPeerTrust(BACKEND->ssl_ctx, &trust); /* For some reason, SSLCopyPeerTrust() can return noErr and yet return a null trust, so be on guard for that: */ if(err == noErr && trust) { count = SecTrustGetCertificateCount(trust); for(i = 0L ; i < count ; i++) { + CURLcode result; + char *certp; server_cert = SecTrustGetCertificateAtIndex(trust, i); - server_cert_summary = CopyCertSubject(server_cert); - memset(server_cert_summary_c, 0, 128); - if(CFStringGetCString(server_cert_summary, - server_cert_summary_c, - 128, - kCFStringEncodingUTF8)) { - infof(data, "Server certificate: %s\n", server_cert_summary_c); + result = CopyCertSubject(data, server_cert, &certp); + if(!result) { + infof(data, "Server certificate: %s\n", certp); + free(certp); } - CFRelease(server_cert_summary); } CFRelease(trust); } @@ -2341,45 +2467,40 @@ Lion or later. */ if(SecTrustEvaluateAsync != NULL) { #pragma unused(server_certs) - err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust); + err = SSLCopyPeerTrust(BACKEND->ssl_ctx, &trust); /* For some reason, SSLCopyPeerTrust() can return noErr and yet return a null trust, so be on guard for that: */ if(err == noErr && trust) { count = SecTrustGetCertificateCount(trust); for(i = 0L ; i < count ; i++) { + char *certp; + CURLcode result; server_cert = SecTrustGetCertificateAtIndex(trust, i); - server_cert_summary = CopyCertSubject(server_cert); - memset(server_cert_summary_c, 0, 128); - if(CFStringGetCString(server_cert_summary, - server_cert_summary_c, - 128, - kCFStringEncodingUTF8)) { - infof(data, "Server certificate: %s\n", server_cert_summary_c); + result = CopyCertSubject(data, server_cert, &certp); + if(!result) { + infof(data, "Server certificate: %s\n", certp); + free(certp); } - CFRelease(server_cert_summary); } CFRelease(trust); } } else { #if CURL_SUPPORT_MAC_10_8 - err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs); + err = SSLCopyPeerCertificates(BACKEND->ssl_ctx, &server_certs); /* Just in case SSLCopyPeerCertificates() returns null too... */ if(err == noErr && server_certs) { count = CFArrayGetCount(server_certs); for(i = 0L ; i < count ; i++) { + char *certp; + CURLcode result; server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i); - - server_cert_summary = CopyCertSubject(server_cert); - memset(server_cert_summary_c, 0, 128); - if(CFStringGetCString(server_cert_summary, - server_cert_summary_c, - 128, - kCFStringEncodingUTF8)) { - infof(data, "Server certificate: %s\n", server_cert_summary_c); + result = CopyCertSubject(data, server_cert, &certp); + if(!result) { + infof(data, "Server certificate: %s\n", certp); + free(certp); } - CFRelease(server_cert_summary); } CFRelease(server_certs); } @@ -2388,20 +2509,18 @@ #endif /* CURL_BUILD_IOS */ #else #pragma unused(trust) - err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs); + err = SSLCopyPeerCertificates(BACKEND->ssl_ctx, &server_certs); if(err == noErr) { count = CFArrayGetCount(server_certs); for(i = 0L ; i < count ; i++) { + CURLcode result; + char *certp; server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i); - server_cert_summary = CopyCertSubject(server_cert); - memset(server_cert_summary_c, 0, 128); - if(CFStringGetCString(server_cert_summary, - server_cert_summary_c, - 128, - kCFStringEncodingUTF8)) { - infof(data, "Server certificate: %s\n", server_cert_summary_c); + result = CopyCertSubject(data, server_cert, &certp); + if(!result) { + infof(data, "Server certificate: %s\n", certp); + free(certp); } - CFRelease(server_cert_summary); } CFRelease(server_certs); } @@ -2450,7 +2569,7 @@ return CURLE_OK; } - if(ssl_connect_1==connssl->connecting_state) { + if(ssl_connect_1 == connssl->connecting_state) { /* Find out how much more time we're allowed */ timeout_ms = Curl_timeleft(data, NULL, TRUE); @@ -2545,17 +2664,13 @@ return CURLE_OK; } -CURLcode -Curl_darwinssl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return darwinssl_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_darwinssl_connect(struct connectdata *conn, - int sockindex) +static CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -2570,28 +2685,28 @@ return CURLE_OK; } -void Curl_darwinssl_close(struct connectdata *conn, int sockindex) +static void Curl_darwinssl_close(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - if(connssl->ssl_ctx) { - (void)SSLClose(connssl->ssl_ctx); + if(BACKEND->ssl_ctx) { + (void)SSLClose(BACKEND->ssl_ctx); #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS if(SSLCreateContext != NULL) - CFRelease(connssl->ssl_ctx); + CFRelease(BACKEND->ssl_ctx); #if CURL_SUPPORT_MAC_10_8 else - (void)SSLDisposeContext(connssl->ssl_ctx); + (void)SSLDisposeContext(BACKEND->ssl_ctx); #endif /* CURL_SUPPORT_MAC_10_8 */ #else - (void)SSLDisposeContext(connssl->ssl_ctx); + (void)SSLDisposeContext(BACKEND->ssl_ctx); #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ - connssl->ssl_ctx = NULL; + BACKEND->ssl_ctx = NULL; } - connssl->ssl_sockfd = 0; + BACKEND->ssl_sockfd = 0; } -int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) +static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct Curl_easy *data = conn->data; @@ -2600,7 +2715,7 @@ int rc; char buf[120]; - if(!connssl->ssl_ctx) + if(!BACKEND->ssl_ctx) return 0; if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE) @@ -2644,7 +2759,7 @@ return rc; } -void Curl_darwinssl_session_free(void *ptr) +static void Curl_darwinssl_session_free(void *ptr) { /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a cached session ID inside the Security framework. There is a private @@ -2655,7 +2770,7 @@ Curl_safefree(ptr); } -size_t Curl_darwinssl_version(char *buffer, size_t size) +static size_t Curl_darwinssl_version(char *buffer, size_t size) { return snprintf(buffer, size, "SecureTransport"); } @@ -2668,14 +2783,14 @@ * 0 means the connection has been closed * -1 means the connection status is unknown */ -int Curl_darwinssl_check_cxn(struct connectdata *conn) +static int Curl_darwinssl_check_cxn(struct connectdata *conn) { struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; OSStatus err; SSLSessionState state; - if(connssl->ssl_ctx) { - err = SSLGetSessionState(connssl->ssl_ctx, &state); + if(BACKEND->ssl_ctx) { + err = SSLGetSessionState(BACKEND->ssl_ctx, &state); if(err == noErr) return state == kSSLConnected || state == kSSLHandshake; return -1; @@ -2683,15 +2798,15 @@ return 0; } -bool Curl_darwinssl_data_pending(const struct connectdata *conn, - int connindex) +static bool Curl_darwinssl_data_pending(const struct connectdata *conn, + int connindex) { const struct ssl_connect_data *connssl = &conn->ssl[connindex]; OSStatus err; size_t buffer; - if(connssl->ssl_ctx) { /* SSL is in use */ - err = SSLGetBufferedReadSize(connssl->ssl_ctx, &buffer); + if(BACKEND->ssl_ctx) { /* SSL is in use */ + err = SSLGetBufferedReadSize(BACKEND->ssl_ctx, &buffer); if(err == noErr) return buffer > 0UL; return false; @@ -2700,14 +2815,16 @@ return false; } -CURLcode Curl_darwinssl_random(unsigned char *entropy, - size_t length) +static CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM, + unsigned char *entropy, size_t length) { /* arc4random_buf() isn't available on cats older than Lion, so let's do this manually for the benefit of the older cats. */ size_t i; u_int32_t random_number = 0; + (void)data; + for(i = 0 ; i < length ; i++) { if(i % sizeof(u_int32_t) == 0) random_number = arc4random(); @@ -2718,25 +2835,26 @@ return CURLE_OK; } -void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *md5sum, /* output */ - size_t md5len) +static CURLcode Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *md5sum, /* output */ + size_t md5len) { (void)md5len; (void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum); + return CURLE_OK; } -void Curl_darwinssl_sha256sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum, /* output */ - size_t sha256len) +static void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *sha256sum, /* output */ + size_t sha256len) { - assert(sha256len >= SHA256_DIGEST_LENGTH); + assert(sha256len >= CURL_SHA256_DIGEST_LENGTH); (void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum); } -bool Curl_darwinssl_false_start(void) +static bool Curl_darwinssl_false_start(void) { #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 if(SSLSetSessionOption != NULL) @@ -2771,15 +2889,15 @@ over again with no new data until it quits returning errSSLWouldBlock. */ /* Do we have buffered data to write from the last time we were called? */ - if(connssl->ssl_write_buffered_length) { + if(BACKEND->ssl_write_buffered_length) { /* Write the buffered data: */ - err = SSLWrite(connssl->ssl_ctx, NULL, 0UL, &processed); + err = SSLWrite(BACKEND->ssl_ctx, NULL, 0UL, &processed); switch(err) { case noErr: /* processed is always going to be 0 because we didn't write to the buffer, so return how much was written to the socket */ - processed = connssl->ssl_write_buffered_length; - connssl->ssl_write_buffered_length = 0UL; + processed = BACKEND->ssl_write_buffered_length; + BACKEND->ssl_write_buffered_length = 0UL; break; case errSSLWouldBlock: /* argh, try again */ *curlcode = CURLE_AGAIN; @@ -2792,13 +2910,13 @@ } else { /* We've got new data to write: */ - err = SSLWrite(connssl->ssl_ctx, mem, len, &processed); + err = SSLWrite(BACKEND->ssl_ctx, mem, len, &processed); if(err != noErr) { switch(err) { case errSSLWouldBlock: /* Data was buffered but not sent, we have to tell the caller to try sending again, and remember how much was buffered */ - connssl->ssl_write_buffered_length = len; + BACKEND->ssl_write_buffered_length = len; *curlcode = CURLE_AGAIN; return -1L; default: @@ -2820,7 +2938,7 @@ /*struct Curl_easy *data = conn->data;*/ struct ssl_connect_data *connssl = &conn->ssl[num]; size_t processed = 0UL; - OSStatus err = SSLRead(connssl->ssl_ctx, buf, buffersize, &processed); + OSStatus err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed); if(err != noErr) { switch(err) { @@ -2851,6 +2969,50 @@ return (ssize_t)processed; } +static void *Curl_darwinssl_get_internals(struct ssl_connect_data *connssl, + CURLINFO info UNUSED_PARAM) +{ + (void)info; + return BACKEND->ssl_ctx; +} + +const struct Curl_ssl Curl_ssl_darwinssl = { + { CURLSSLBACKEND_DARWINSSL, "darwinssl" }, /* info */ + + 0, /* have_ca_path */ + 0, /* have_certinfo */ +#ifdef DARWIN_SSL_PINNEDPUBKEY + 1, /* have_pinnedpubkey */ +#else + 0, /* have_pinnedpubkey */ +#endif /* DARWIN_SSL_PINNEDPUBKEY */ + 0, /* have_ssl_ctx */ + 0, /* support_https_proxy */ + + sizeof(struct ssl_backend_data), + + Curl_none_init, /* init */ + Curl_none_cleanup, /* cleanup */ + Curl_darwinssl_version, /* version */ + Curl_darwinssl_check_cxn, /* check_cxn */ + Curl_darwinssl_shutdown, /* shutdown */ + Curl_darwinssl_data_pending, /* data_pending */ + Curl_darwinssl_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_darwinssl_connect, /* connect */ + Curl_darwinssl_connect_nonblocking, /* connect_nonblocking */ + Curl_darwinssl_get_internals, /* get_internals */ + Curl_darwinssl_close, /* close_one */ + Curl_none_close_all, /* close_all */ + Curl_darwinssl_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_darwinssl_false_start, /* false_start */ + Curl_darwinssl_md5sum, /* md5sum */ + Curl_darwinssl_sha256sum /* sha256sum */ +}; + #ifdef __clang__ #pragma clang diagnostic pop #endif diff -Nru curl-7.55.1/lib/vtls/darwinssl.h curl-7.57.0/lib/vtls/darwinssl.h --- curl-7.55.1/lib/vtls/darwinssl.h 2017-08-12 13:00:31.000000000 +0000 +++ curl-7.57.0/lib/vtls/darwinssl.h 2017-11-09 22:40:36.000000000 +0000 @@ -26,76 +26,7 @@ #ifdef USE_DARWINSSL -CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex); - -CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); - -/* close a SSL connection */ -void Curl_darwinssl_close(struct connectdata *conn, int sockindex); - -void Curl_darwinssl_session_free(void *ptr); -size_t Curl_darwinssl_version(char *buffer, size_t size); -int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex); -int Curl_darwinssl_check_cxn(struct connectdata *conn); -bool Curl_darwinssl_data_pending(const struct connectdata *conn, - int connindex); - -CURLcode Curl_darwinssl_random(unsigned char *entropy, - size_t length); -void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *md5sum, /* output */ - size_t md5len); -void Curl_darwinssl_sha256sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum, /* output */ - size_t sha256len); -bool Curl_darwinssl_false_start(void); - -/* Set the API backend definition to SecureTransport */ -#define CURL_SSL_BACKEND CURLSSLBACKEND_DARWINSSL - -/* pinned public key support tests */ - -/* version 1 supports macOS 10.12+ and iOS 10+ */ -#if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \ - (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200)) -#define DARWIN_SSL_PINNEDPUBKEY_V1 1 -#endif - -/* version 2 supports MacOSX 10.7+ */ -#if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070) -#define DARWIN_SSL_PINNEDPUBKEY_V2 1 -#endif - -#if defined(DARWIN_SSL_PINNEDPUBKEY_V1) || defined(DARWIN_SSL_PINNEDPUBKEY_V2) -/* this backend supports CURLOPT_PINNEDPUBLICKEY */ -#define DARWIN_SSL_PINNEDPUBKEY 1 -#define have_curlssl_pinnedpubkey 1 -#endif /* DARWIN_SSL_PINNEDPUBKEY */ - -/* API setup for SecureTransport */ -#define curlssl_init() (1) -#define curlssl_cleanup() Curl_nop_stmt -#define curlssl_connect Curl_darwinssl_connect -#define curlssl_connect_nonblocking Curl_darwinssl_connect_nonblocking -#define curlssl_session_free(x) Curl_darwinssl_session_free(x) -#define curlssl_close_all(x) ((void)x) -#define curlssl_close Curl_darwinssl_close -#define curlssl_shutdown(x,y) 0 -#define curlssl_set_engine(x,y) ((void)x, (void)y, CURLE_NOT_BUILT_IN) -#define curlssl_set_engine_default(x) ((void)x, CURLE_NOT_BUILT_IN) -#define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) -#define curlssl_version Curl_darwinssl_version -#define curlssl_check_cxn Curl_darwinssl_check_cxn -#define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y) -#define curlssl_random(x,y,z) ((void)x, Curl_darwinssl_random(y,z)) -#define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d) -#define curlssl_sha256sum(a,b,c,d) \ - Curl_darwinssl_sha256sum((unsigned char *)a, b, c, d) -#define curlssl_false_start() Curl_darwinssl_false_start() +extern const struct Curl_ssl Curl_ssl_darwinssl; #endif /* USE_DARWINSSL */ #endif /* HEADER_CURL_DARWINSSL_H */ diff -Nru curl-7.55.1/lib/vtls/gskit.c curl-7.57.0/lib/vtls/gskit.c --- curl-7.55.1/lib/vtls/gskit.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/vtls/gskit.c 2017-11-10 16:47:30.000000000 +0000 @@ -98,6 +98,14 @@ #define CURL_GSKPROTO_TLSV12_MASK (1 << CURL_GSKPROTO_TLSV12) #define CURL_GSKPROTO_LAST 5 +struct ssl_backend_data { + gsk_handle handle; + int iocport; + int localfd; + int remotefd; +}; + +#define BACKEND connssl->backend /* Supported ciphers. */ typedef struct { @@ -427,7 +435,7 @@ } -int Curl_gskit_init(void) +static int Curl_gskit_init(void) { /* No initialisation needed. */ @@ -435,7 +443,7 @@ } -void Curl_gskit_cleanup(void) +static void Curl_gskit_cleanup(void) { /* Nothing to do. */ } @@ -495,14 +503,14 @@ Qso_OverlappedIO_t cstat; if(QsoCancelOperation(conn->sock[sockindex], 0) > 0) - QsoWaitForIOCompletion(connssl->iocport, &cstat, (struct timeval *) NULL); + QsoWaitForIOCompletion(BACKEND->iocport, &cstat, (struct timeval *) NULL); } static void close_async_handshake(struct ssl_connect_data *connssl) { - QsoDestroyIOCompletionPort(connssl->iocport); - connssl->iocport = -1; + QsoDestroyIOCompletionPort(BACKEND->iocport); + BACKEND->iocport = -1; } /* SSL over SSL @@ -620,12 +628,12 @@ FD_ZERO(&fds_write); n = -1; if(directions & SOS_READ) { - FD_SET(connssl->remotefd, &fds_write); - n = connssl->remotefd; + FD_SET(BACKEND->remotefd, &fds_write); + n = BACKEND->remotefd; } if(directions & SOS_WRITE) { - FD_SET(connssl->remotefd, &fds_read); - n = connssl->remotefd; + FD_SET(BACKEND->remotefd, &fds_read); + n = BACKEND->remotefd; FD_SET(conn->sock[sockindex], &fds_write); if(n < conn->sock[sockindex]) n = conn->sock[sockindex]; @@ -634,14 +642,15 @@ if(i < 0) return -1; /* Select error. */ - if(FD_ISSET(connssl->remotefd, &fds_write)) { + if(FD_ISSET(BACKEND->remotefd, &fds_write)) { /* Try getting data from HTTPS proxy and pipe it upstream. */ n = 0; - i = gsk_secure_soc_read(connproxyssl->handle, buf, sizeof buf, &n); + i = gsk_secure_soc_read(connproxyssl->backend->handle, + buf, sizeof buf, &n); switch(i) { case GSK_OK: if(n) { - i = write(connssl->remotefd, buf, n); + i = write(BACKEND->remotefd, buf, n); if(i < 0) return -1; ret = 1; @@ -655,14 +664,14 @@ } } - if(FD_ISSET(connssl->remotefd, &fds_read) && + if(FD_ISSET(BACKEND->remotefd, &fds_read) && FD_ISSET(conn->sock[sockindex], &fds_write)) { /* Pipe data to HTTPS proxy. */ - n = read(connssl->remotefd, buf, sizeof buf); + n = read(BACKEND->remotefd, buf, sizeof buf); if(n < 0) return -1; if(n) { - i = gsk_secure_soc_write(connproxyssl->handle, buf, n, &m); + i = gsk_secure_soc_write(connproxyssl->backend->handle, buf, n, &m); if(i != GSK_OK || n != m) return -1; ret = 1; @@ -676,23 +685,23 @@ static void close_one(struct ssl_connect_data *connssl, struct connectdata *conn, int sockindex) { - if(connssl->handle) { - gskit_status(conn->data, gsk_secure_soc_close(&connssl->handle), + if(BACKEND->handle) { + gskit_status(conn->data, gsk_secure_soc_close(&BACKEND->handle), "gsk_secure_soc_close()", 0); /* Last chance to drain output. */ while(pipe_ssloverssl(conn, sockindex, SOS_WRITE) > 0) ; - connssl->handle = (gsk_handle) NULL; - if(connssl->localfd >= 0) { - close(connssl->localfd); - connssl->localfd = -1; + BACKEND->handle = (gsk_handle) NULL; + if(BACKEND->localfd >= 0) { + close(BACKEND->localfd); + BACKEND->localfd = -1; } - if(connssl->remotefd >= 0) { - close(connssl->remotefd); - connssl->remotefd = -1; + if(BACKEND->remotefd >= 0) { + close(BACKEND->remotefd); + BACKEND->remotefd = -1; } } - if(connssl->iocport >= 0) + if(BACKEND->iocport >= 0) close_async_handshake(connssl); } @@ -700,13 +709,14 @@ static ssize_t gskit_send(struct connectdata *conn, int sockindex, const void *mem, size_t len, CURLcode *curlcode) { + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct Curl_easy *data = conn->data; CURLcode cc = CURLE_SEND_ERROR; int written; if(pipe_ssloverssl(conn, sockindex, SOS_WRITE) >= 0) { cc = gskit_status(data, - gsk_secure_soc_write(conn->ssl[sockindex].handle, + gsk_secure_soc_write(BACKEND->handle, (char *) mem, (int) len, &written), "gsk_secure_soc_write()", CURLE_SEND_ERROR); if(cc == CURLE_OK) @@ -724,6 +734,7 @@ static ssize_t gskit_recv(struct connectdata *conn, int num, char *buf, size_t buffersize, CURLcode *curlcode) { + struct ssl_connect_data *connssl = &conn->ssl[num]; struct Curl_easy *data = conn->data; int buffsize; int nread; @@ -731,7 +742,7 @@ if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) { buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize; - cc = gskit_status(data, gsk_secure_soc_read(conn->ssl[num].handle, + cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle, buf, buffsize, &nread), "gsk_secure_soc_read()", CURLE_RECV_ERROR); } @@ -806,10 +817,10 @@ /* Create SSL environment, start (preferably asynchronous) handshake. */ - connssl->handle = (gsk_handle) NULL; - connssl->iocport = -1; - connssl->localfd = -1; - connssl->remotefd = -1; + BACKEND->handle = (gsk_handle) NULL; + BACKEND->iocport = -1; + BACKEND->localfd = -1; + BACKEND->remotefd = -1; /* GSKit supports two ways of specifying an SSL context: either by * application identifier (that should have been defined at the system @@ -842,7 +853,7 @@ } /* Create secure session. */ - result = gskit_status(data, gsk_secure_soc_open(envir, &connssl->handle), + result = gskit_status(data, gsk_secure_soc_open(envir, &BACKEND->handle), "gsk_secure_soc_open()", CURLE_SSL_CONNECT_ERROR); gsk_environment_close(&envir); if(result) @@ -852,18 +863,18 @@ if(conn->proxy_ssl[sockindex].use) { if(inetsocketpair(sockpair)) return CURLE_SSL_CONNECT_ERROR; - connssl->localfd = sockpair[0]; - connssl->remotefd = sockpair[1]; - setsockopt(connssl->localfd, SOL_SOCKET, SO_RCVBUF, + BACKEND->localfd = sockpair[0]; + BACKEND->remotefd = sockpair[1]; + setsockopt(BACKEND->localfd, SOL_SOCKET, SO_RCVBUF, (void *) sobufsize, sizeof sobufsize); - setsockopt(connssl->remotefd, SOL_SOCKET, SO_RCVBUF, + setsockopt(BACKEND->remotefd, SOL_SOCKET, SO_RCVBUF, (void *) sobufsize, sizeof sobufsize); - setsockopt(connssl->localfd, SOL_SOCKET, SO_SNDBUF, + setsockopt(BACKEND->localfd, SOL_SOCKET, SO_SNDBUF, (void *) sobufsize, sizeof sobufsize); - setsockopt(connssl->remotefd, SOL_SOCKET, SO_SNDBUF, + setsockopt(BACKEND->remotefd, SOL_SOCKET, SO_SNDBUF, (void *) sobufsize, sizeof sobufsize); - curlx_nonblock(connssl->localfd, TRUE); - curlx_nonblock(connssl->remotefd, TRUE); + curlx_nonblock(BACKEND->localfd, TRUE); + curlx_nonblock(BACKEND->remotefd, TRUE); } /* Determine which SSL/TLS version should be enabled. */ @@ -897,7 +908,7 @@ /* Process SNI. Ignore if not supported (on OS400 < V7R1). */ if(sni) { - result = set_buffer(data, connssl->handle, + result = set_buffer(data, BACKEND->handle, GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, TRUE); if(result == CURLE_UNSUPPORTED_PROTOCOL) result = CURLE_OK; @@ -911,34 +922,34 @@ if(timeout < 0) result = CURLE_OPERATION_TIMEDOUT; else - result = set_numeric(data, connssl->handle, GSK_HANDSHAKE_TIMEOUT, + result = set_numeric(data, BACKEND->handle, GSK_HANDSHAKE_TIMEOUT, (timeout + 999) / 1000); } if(!result) - result = set_numeric(data, connssl->handle, GSK_OS400_READ_TIMEOUT, 1); + result = set_numeric(data, BACKEND->handle, GSK_OS400_READ_TIMEOUT, 1); if(!result) - result = set_numeric(data, connssl->handle, GSK_FD, connssl->localfd >= 0? - connssl->localfd: conn->sock[sockindex]); + result = set_numeric(data, BACKEND->handle, GSK_FD, BACKEND->localfd >= 0? + BACKEND->localfd: conn->sock[sockindex]); if(!result) - result = set_ciphers(conn, connssl->handle, &protoflags); + result = set_ciphers(conn, BACKEND->handle, &protoflags); if(!protoflags) { failf(data, "No SSL protocol/cipher combination enabled"); result = CURLE_SSL_CIPHER; } if(!result) - result = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV2, + result = set_enum(data, BACKEND->handle, GSK_PROTOCOL_SSLV2, (protoflags & CURL_GSKPROTO_SSLV2_MASK)? GSK_PROTOCOL_SSLV2_ON: GSK_PROTOCOL_SSLV2_OFF, FALSE); if(!result) - result = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV3, + result = set_enum(data, BACKEND->handle, GSK_PROTOCOL_SSLV3, (protoflags & CURL_GSKPROTO_SSLV3_MASK)? GSK_PROTOCOL_SSLV3_ON: GSK_PROTOCOL_SSLV3_OFF, FALSE); if(!result) - result = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV1, + result = set_enum(data, BACKEND->handle, GSK_PROTOCOL_TLSV1, (protoflags & CURL_GSKPROTO_TLSV10_MASK)? GSK_PROTOCOL_TLSV1_ON: GSK_PROTOCOL_TLSV1_OFF, FALSE); if(!result) { - result = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV11, + result = set_enum(data, BACKEND->handle, GSK_PROTOCOL_TLSV11, (protoflags & CURL_GSKPROTO_TLSV11_MASK)? GSK_TRUE: GSK_FALSE, TRUE); if(result == CURLE_UNSUPPORTED_PROTOCOL) { @@ -950,7 +961,7 @@ } } if(!result) { - result = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV12, + result = set_enum(data, BACKEND->handle, GSK_PROTOCOL_TLSV12, (protoflags & CURL_GSKPROTO_TLSV12_MASK)? GSK_TRUE: GSK_FALSE, TRUE); if(result == CURLE_UNSUPPORTED_PROTOCOL) { @@ -962,18 +973,18 @@ } } if(!result) - result = set_enum(data, connssl->handle, GSK_SERVER_AUTH_TYPE, + result = set_enum(data, BACKEND->handle, GSK_SERVER_AUTH_TYPE, verifypeer? GSK_SERVER_AUTH_FULL: GSK_SERVER_AUTH_PASSTHRU, FALSE); if(!result) { /* Start handshake. Try asynchronous first. */ memset(&commarea, 0, sizeof commarea); - connssl->iocport = QsoCreateIOCompletionPort(); - if(connssl->iocport != -1) { + BACKEND->iocport = QsoCreateIOCompletionPort(); + if(BACKEND->iocport != -1) { result = gskit_status(data, - gsk_secure_soc_startInit(connssl->handle, - connssl->iocport, + gsk_secure_soc_startInit(BACKEND->handle, + BACKEND->iocport, &commarea), "gsk_secure_soc_startInit()", CURLE_SSL_CONNECT_ERROR); @@ -993,7 +1004,7 @@ } else { /* No more completion port available. Use synchronous IO. */ - result = gskit_status(data, gsk_secure_soc_init(connssl->handle), + result = gskit_status(data, gsk_secure_soc_init(BACKEND->handle), "gsk_secure_soc_init()", CURLE_SSL_CONNECT_ERROR); if(!result) { connssl->connecting_state = ssl_connect_3; @@ -1026,7 +1037,7 @@ timeout_ms = 0; stmv.tv_sec = timeout_ms / 1000; stmv.tv_usec = (timeout_ms - stmv.tv_sec * 1000) * 1000; - switch(QsoWaitForIOCompletion(connssl->iocport, &cstat, &stmv)) { + switch(QsoWaitForIOCompletion(BACKEND->iocport, &cstat, &stmv)) { case 1: /* Operation complete. */ break; case -1: /* An error occurred: handshake still in progress. */ @@ -1075,7 +1086,7 @@ /* SSL handshake done: gather certificate info and verify host. */ - if(gskit_status(data, gsk_attribute_get_cert_info(connssl->handle, + if(gskit_status(data, gsk_attribute_get_cert_info(BACKEND->handle, GSK_PARTNER_CERT_INFO, &cdev, &cdec), "gsk_attribute_get_cert_info()", CURLE_SSL_CONNECT_ERROR) == @@ -1216,9 +1227,8 @@ } -CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { CURLcode result; @@ -1229,7 +1239,7 @@ } -CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex) +static CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done; @@ -1245,14 +1255,14 @@ } -void Curl_gskit_close(struct connectdata *conn, int sockindex) +static void Curl_gskit_close(struct connectdata *conn, int sockindex) { close_one(&conn->ssl[sockindex], conn, sockindex); close_one(&conn->proxy_ssl[sockindex], conn, sockindex); } -int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) +static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct Curl_easy *data = conn->data; @@ -1261,7 +1271,7 @@ int rc; char buf[120]; - if(!connssl->handle) + if(!BACKEND->handle) return 0; if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE) @@ -1306,21 +1316,22 @@ } -size_t Curl_gskit_version(char *buffer, size_t size) +static size_t Curl_gskit_version(char *buffer, size_t size) { strncpy(buffer, "GSKit", size); return strlen(buffer); } -int Curl_gskit_check_cxn(struct connectdata *cxn) +static int Curl_gskit_check_cxn(struct connectdata *cxn) { + struct ssl_connect_data *connssl = &cxn->ssl[FIRSTSOCKET]; int err; int errlen; /* The only thing that can be tested here is at the socket level. */ - if(!cxn->ssl[FIRSTSOCKET].handle) + if(!BACKEND->handle) return 0; /* connection has been closed */ err = 0; @@ -1334,4 +1345,46 @@ return -1; /* connection status unknown */ } +static void *Curl_gskit_get_internals(struct ssl_connect_data *connssl, + CURLINFO info UNUSED_PARAM) +{ + (void)info; + return BACKEND->handle; +} + +const struct Curl_ssl Curl_ssl_gskit = { + { CURLSSLBACKEND_GSKIT, "gskit" }, /* info */ + + 0, /* have_ca_path */ + 1, /* have_certinfo */ + 0, /* have_pinnedpubkey */ + 0, /* have_ssl_ctx */ + /* TODO: convert to 1 and fix test #1014 (if need) */ + 0, /* support_https_proxy */ + + sizeof(struct ssl_backend_data), + + Curl_gskit_init, /* init */ + Curl_gskit_cleanup, /* cleanup */ + Curl_gskit_version, /* version */ + Curl_gskit_check_cxn, /* check_cxn */ + Curl_gskit_shutdown, /* shutdown */ + Curl_none_data_pending, /* data_pending */ + Curl_none_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_gskit_connect, /* connect */ + Curl_gskit_connect_nonblocking, /* connect_nonblocking */ + Curl_gskit_get_internals, /* get_internals */ + Curl_gskit_close, /* close_one */ + Curl_none_close_all, /* close_all */ + /* No session handling for GSKit */ + Curl_none_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start, /* false_start */ + Curl_none_md5sum, /* md5sum */ + NULL /* sha256sum */ +}; + #endif /* USE_GSKIT */ diff -Nru curl-7.55.1/lib/vtls/gskit.h curl-7.57.0/lib/vtls/gskit.h --- curl-7.55.1/lib/vtls/gskit.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/gskit.h 2017-11-09 22:40:36.000000000 +0000 @@ -30,44 +30,8 @@ #include "urldata.h" #ifdef USE_GSKIT -int Curl_gskit_init(void); -void Curl_gskit_cleanup(void); -CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn, - int sockindex, bool *done); -void Curl_gskit_close(struct connectdata *conn, int sockindex); -int Curl_gskit_shutdown(struct connectdata *conn, int sockindex); -size_t Curl_gskit_version(char *buffer, size_t size); -int Curl_gskit_check_cxn(struct connectdata *cxn); - -/* Support HTTPS-proxy */ -/* TODO: add '#define HTTPS_PROXY_SUPPORT 1' and fix test #1014 (if need) */ - -/* Set the API backend definition to GSKit */ -#define CURL_SSL_BACKEND CURLSSLBACKEND_GSKIT - -/* this backend supports CURLOPT_CERTINFO */ -#define have_curlssl_certinfo 1 - -/* API setup for GSKit */ -#define curlssl_init Curl_gskit_init -#define curlssl_cleanup Curl_gskit_cleanup -#define curlssl_connect Curl_gskit_connect -#define curlssl_connect_nonblocking Curl_gskit_connect_nonblocking - -/* No session handling for GSKit */ -#define curlssl_session_free(x) Curl_nop_stmt -#define curlssl_close_all(x) ((void)x) -#define curlssl_close Curl_gskit_close -#define curlssl_shutdown(x,y) Curl_gskit_shutdown(x,y) -#define curlssl_set_engine(x,y) CURLE_NOT_BUILT_IN -#define curlssl_set_engine_default(x) CURLE_NOT_BUILT_IN -#define curlssl_engines_list(x) NULL -#define curlssl_version Curl_gskit_version -#define curlssl_check_cxn(x) Curl_gskit_check_cxn(x) -#define curlssl_data_pending(x,y) 0 -#define curlssl_random(x,y,z) (x=x, y=y, z=z, CURLE_NOT_BUILT_IN) +extern const struct Curl_ssl Curl_ssl_gskit; #endif /* USE_GSKIT */ diff -Nru curl-7.55.1/lib/vtls/gtls.c curl-7.57.0/lib/vtls/gtls.c --- curl-7.55.1/lib/vtls/gtls.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/vtls/gtls.c 2017-11-10 16:47:30.000000000 +0000 @@ -107,6 +107,16 @@ # include #endif +struct ssl_backend_data { + gnutls_session_t session; + gnutls_certificate_credentials_t cred; +#ifdef USE_TLS_SRP + gnutls_srp_client_credentials_t srp_client_cred; +#endif +}; + +#define BACKEND connssl->backend + /* * Custom push and pull callback functions used by GNU TLS to read and write * to the socket. These functions are simple wrappers to send() and recv() @@ -186,7 +196,7 @@ * must only be called from within curl_global_init() to keep the thread * situation under control! */ -int Curl_gtls_init(void) +static int Curl_gtls_init(void) { int ret = 1; if(!gtls_inited) { @@ -200,13 +210,12 @@ return ret; } -int Curl_gtls_cleanup(void) +static void Curl_gtls_cleanup(void) { if(gtls_inited) { gnutls_global_deinit(); gtls_inited = FALSE; } - return 1; } #ifndef CURL_DISABLE_VERBOSE_STRINGS @@ -277,7 +286,7 @@ { struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - gnutls_session_t session = conn->ssl[sockindex].session; + gnutls_session_t session = BACKEND->session; curl_socket_t sockfd = conn->sock[sockindex]; time_t timeout_ms; int rc; @@ -297,9 +306,9 @@ if(connssl->connecting_state == ssl_connect_2_reading || connssl->connecting_state == ssl_connect_2_writing) { - curl_socket_t writefd = ssl_connect_2_writing== + curl_socket_t writefd = ssl_connect_2_writing == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading== + curl_socket_t readfd = ssl_connect_2_reading == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, @@ -475,6 +484,7 @@ int sockindex) { struct Curl_easy *data = conn->data; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; unsigned int init_flags; gnutls_session_t session; int rc; @@ -510,7 +520,7 @@ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name; - if(conn->ssl[sockindex].state == ssl_connection_complete) + if(connssl->state == ssl_connection_complete) /* to make us tolerant against being called more than once for the same connection */ return CURLE_OK; @@ -526,7 +536,7 @@ sni = FALSE; /* SSLv3 has no SNI */ /* allocate a cred struct */ - rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred); + rc = gnutls_certificate_allocate_credentials(&BACKEND->cred); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc)); return CURLE_SSL_CONNECT_ERROR; @@ -537,15 +547,14 @@ infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username)); rc = gnutls_srp_allocate_client_credentials( - &conn->ssl[sockindex].srp_client_cred); + &BACKEND->srp_client_cred); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_srp_allocate_client_cred() failed: %s", gnutls_strerror(rc)); return CURLE_OUT_OF_MEMORY; } - rc = gnutls_srp_set_client_credentials(conn->ssl[sockindex]. - srp_client_cred, + rc = gnutls_srp_set_client_credentials(BACKEND->srp_client_cred, SSL_SET_OPTION(username), SSL_SET_OPTION(password)); if(rc != GNUTLS_E_SUCCESS) { @@ -558,10 +567,10 @@ if(SSL_CONN_CONFIG(CAfile)) { /* set the trusted CA cert bundle file */ - gnutls_certificate_set_verify_flags(conn->ssl[sockindex].cred, + gnutls_certificate_set_verify_flags(BACKEND->cred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); - rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred, + rc = gnutls_certificate_set_x509_trust_file(BACKEND->cred, SSL_CONN_CONFIG(CAfile), GNUTLS_X509_FMT_PEM); if(rc < 0) { @@ -578,7 +587,7 @@ #ifdef HAS_CAPATH if(SSL_CONN_CONFIG(CApath)) { /* set the trusted CA cert directory */ - rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred, + rc = gnutls_certificate_set_x509_trust_dir(BACKEND->cred, SSL_CONN_CONFIG(CApath), GNUTLS_X509_FMT_PEM); if(rc < 0) { @@ -597,13 +606,13 @@ /* use system ca certificate store as fallback */ if(SSL_CONN_CONFIG(verifypeer) && !(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath))) { - gnutls_certificate_set_x509_system_trust(conn->ssl[sockindex].cred); + gnutls_certificate_set_x509_system_trust(BACKEND->cred); } #endif if(SSL_SET_OPTION(CRLfile)) { /* set the CRL list file */ - rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred, + rc = gnutls_certificate_set_x509_crl_file(BACKEND->cred, SSL_SET_OPTION(CRLfile), GNUTLS_X509_FMT_PEM); if(rc < 0) { @@ -624,14 +633,14 @@ init_flags |= GNUTLS_NO_TICKETS; #endif - rc = gnutls_init(&conn->ssl[sockindex].session, init_flags); + rc = gnutls_init(&BACKEND->session, init_flags); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_init() failed: %d", rc); return CURLE_SSL_CONNECT_ERROR; } /* convenient assign */ - session = conn->ssl[sockindex].session; + session = BACKEND->session; if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) && #ifdef ENABLE_IPV6 @@ -788,7 +797,7 @@ GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 | GNUTLS_PKCS_USE_PBES2_AES_256; rc = gnutls_certificate_set_x509_key_file2( - conn->ssl[sockindex].cred, + BACKEND->cred, SSL_SET_OPTION(cert), SSL_SET_OPTION(key) ? SSL_SET_OPTION(key) : SSL_SET_OPTION(cert), @@ -808,7 +817,7 @@ } else { if(gnutls_certificate_set_x509_key_file( - conn->ssl[sockindex].cred, + BACKEND->cred, SSL_SET_OPTION(cert), SSL_SET_OPTION(key) ? SSL_SET_OPTION(key) : SSL_SET_OPTION(cert), @@ -824,7 +833,7 @@ /* put the credentials to the current session */ if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP, - conn->ssl[sockindex].srp_client_cred); + BACKEND->srp_client_cred); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc)); return CURLE_SSL_CONNECT_ERROR; @@ -834,7 +843,7 @@ #endif { rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - conn->ssl[sockindex].cred); + BACKEND->cred); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc)); return CURLE_SSL_CONNECT_ERROR; @@ -842,7 +851,7 @@ } if(conn->proxy_ssl[sockindex].use) { - transport_ptr = conn->proxy_ssl[sockindex].session; + transport_ptr = conn->proxy_ssl[sockindex].backend->session; gnutls_transport_push = Curl_gtls_push_ssl; gnutls_transport_pull = Curl_gtls_pull_ssl; } @@ -967,7 +976,8 @@ time_t certclock; const char *ptr; struct Curl_easy *data = conn->data; - gnutls_session_t session = conn->ssl[sockindex].session; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + gnutls_session_t session = BACKEND->session; int rc; #ifdef HAS_ALPN gnutls_datum_t proto; @@ -1198,7 +1208,7 @@ SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none"); } - size=sizeof(certbuf); + size = sizeof(certbuf); rc = gnutls_x509_crt_get_dn_by_oid(x509_cert, GNUTLS_OID_X520_COMMON_NAME, 0, /* the first and only one */ FALSE, @@ -1238,7 +1248,7 @@ #endif if(addrlen) { - for(i=0; ; i++) { + for(i = 0; ; i++) { certaddrlen = sizeof(certaddr); ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr, &certaddrlen, NULL); @@ -1471,7 +1481,7 @@ struct ssl_connect_data *connssl = &conn->ssl[sockindex]; /* Initiate the connection, if not already done */ - if(ssl_connect_1==connssl->connecting_state) { + if(ssl_connect_1 == connssl->connecting_state) { rc = gtls_connect_step1(conn, sockindex); if(rc) return rc; @@ -1483,29 +1493,24 @@ return rc; /* Finish connecting once the handshake is done */ - if(ssl_connect_1==connssl->connecting_state) { + if(ssl_connect_1 == connssl->connecting_state) { rc = gtls_connect_step3(conn, sockindex); if(rc) return rc; } - *done = ssl_connect_1==connssl->connecting_state; + *done = ssl_connect_1 == connssl->connecting_state; return CURLE_OK; } -CURLcode -Curl_gtls_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return gtls_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_gtls_connect(struct connectdata *conn, - int sockindex) - +static CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -1519,15 +1524,18 @@ return CURLE_OK; } -bool Curl_gtls_data_pending(const struct connectdata *conn, int connindex) +static bool Curl_gtls_data_pending(const struct connectdata *conn, + int connindex) { + const struct ssl_connect_data *connssl = &conn->ssl[connindex]; bool res = FALSE; - if(conn->ssl[connindex].session && - 0 != gnutls_record_check_pending(conn->ssl[connindex].session)) + if(BACKEND->session && + 0 != gnutls_record_check_pending(BACKEND->session)) res = TRUE; - if(conn->proxy_ssl[connindex].session && - 0 != gnutls_record_check_pending(conn->proxy_ssl[connindex].session)) + connssl = &conn->proxy_ssl[connindex]; + if(BACKEND->session && + 0 != gnutls_record_check_pending(BACKEND->session)) res = TRUE; return res; @@ -1539,7 +1547,8 @@ size_t len, CURLcode *curlcode) { - ssize_t rc = gnutls_record_send(conn->ssl[sockindex].session, mem, len); + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + ssize_t rc = gnutls_record_send(BACKEND->session, mem, len); if(rc < 0) { *curlcode = (rc == GNUTLS_E_AGAIN) @@ -1552,26 +1561,26 @@ return rc; } -static void close_one(struct ssl_connect_data *ssl) +static void close_one(struct ssl_connect_data *connssl) { - if(ssl->session) { - gnutls_bye(ssl->session, GNUTLS_SHUT_RDWR); - gnutls_deinit(ssl->session); - ssl->session = NULL; - } - if(ssl->cred) { - gnutls_certificate_free_credentials(ssl->cred); - ssl->cred = NULL; + if(BACKEND->session) { + gnutls_bye(BACKEND->session, GNUTLS_SHUT_RDWR); + gnutls_deinit(BACKEND->session); + BACKEND->session = NULL; + } + if(BACKEND->cred) { + gnutls_certificate_free_credentials(BACKEND->cred); + BACKEND->cred = NULL; } #ifdef USE_TLS_SRP - if(ssl->srp_client_cred) { - gnutls_srp_free_client_credentials(ssl->srp_client_cred); - ssl->srp_client_cred = NULL; + if(BACKEND->srp_client_cred) { + gnutls_srp_free_client_credentials(BACKEND->srp_client_cred); + BACKEND->srp_client_cred = NULL; } #endif } -void Curl_gtls_close(struct connectdata *conn, int sockindex) +static void Curl_gtls_close(struct connectdata *conn, int sockindex) { close_one(&conn->ssl[sockindex]); close_one(&conn->proxy_ssl[sockindex]); @@ -1581,8 +1590,9 @@ * This function is called to shut down the SSL layer but keep the * socket open (CCC - Clear Command Channel) */ -int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) +static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) { + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; ssize_t result; int retval = 0; struct Curl_easy *data = conn->data; @@ -1595,16 +1605,16 @@ we do not send one. Let's hope other servers do the same... */ if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE) - gnutls_bye(conn->ssl[sockindex].session, GNUTLS_SHUT_WR); + gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR); - if(conn->ssl[sockindex].session) { + if(BACKEND->session) { while(!done) { int what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT); if(what > 0) { /* Something to read, let's do it and hope that it is the close notify alert from the server */ - result = gnutls_record_recv(conn->ssl[sockindex].session, + result = gnutls_record_recv(BACKEND->session, buf, sizeof(buf)); switch(result) { case 0: @@ -1635,18 +1645,18 @@ done = 1; } } - gnutls_deinit(conn->ssl[sockindex].session); + gnutls_deinit(BACKEND->session); } - gnutls_certificate_free_credentials(conn->ssl[sockindex].cred); + gnutls_certificate_free_credentials(BACKEND->cred); #ifdef USE_TLS_SRP if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP && SSL_SET_OPTION(username) != NULL) - gnutls_srp_free_client_credentials(conn->ssl[sockindex].srp_client_cred); + gnutls_srp_free_client_credentials(BACKEND->srp_client_cred); #endif - conn->ssl[sockindex].cred = NULL; - conn->ssl[sockindex].session = NULL; + BACKEND->cred = NULL; + BACKEND->session = NULL; return retval; } @@ -1657,9 +1667,10 @@ size_t buffersize, /* max amount to read */ CURLcode *curlcode) { + struct ssl_connect_data *connssl = &conn->ssl[num]; ssize_t ret; - ret = gnutls_record_recv(conn->ssl[num].session, buf, buffersize); + ret = gnutls_record_recv(BACKEND->session, buf, buffersize); if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) { *curlcode = CURLE_AGAIN; return -1; @@ -1679,6 +1690,7 @@ if(ret < 0) { failf(conn->data, "GnuTLS recv error (%d): %s", + (int)ret, gnutls_strerror((int)ret)); *curlcode = CURLE_RECV_ERROR; return -1; @@ -1687,12 +1699,12 @@ return ret; } -void Curl_gtls_session_free(void *ptr) +static void Curl_gtls_session_free(void *ptr) { free(ptr); } -size_t Curl_gtls_version(char *buffer, size_t size) +static size_t Curl_gtls_version(char *buffer, size_t size) { return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL)); } @@ -1722,9 +1734,8 @@ #endif /* data might be NULL! */ -CURLcode Curl_gtls_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length) +static CURLcode Curl_gtls_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) { #if defined(USE_GNUTLS_NETTLE) int rc; @@ -1739,10 +1750,10 @@ return CURLE_OK; } -void Curl_gtls_md5sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *md5sum, /* output */ - size_t md5len) +static CURLcode Curl_gtls_md5sum(unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *md5sum, /* output */ + size_t md5len) { #if defined(USE_GNUTLS_NETTLE) struct md5_ctx MD5pw; @@ -1756,12 +1767,13 @@ memcpy(md5sum, gcry_md_read(MD5pw, 0), md5len); gcry_md_close(MD5pw); #endif + return CURLE_OK; } -void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum, /* output */ - size_t sha256len) +static void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *sha256sum, /* output */ + size_t sha256len) { #if defined(USE_GNUTLS_NETTLE) struct sha256_ctx SHA256pw; @@ -1777,7 +1789,7 @@ #endif } -bool Curl_gtls_cert_status_request(void) +static bool Curl_gtls_cert_status_request(void) { #ifdef HAS_OCSP return TRUE; @@ -1786,4 +1798,44 @@ #endif } +static void *Curl_gtls_get_internals(struct ssl_connect_data *connssl, + CURLINFO info UNUSED_PARAM) +{ + (void)info; + return BACKEND->session; +} + +const struct Curl_ssl Curl_ssl_gnutls = { + { CURLSSLBACKEND_GNUTLS, "gnutls" }, /* info */ + + 1, /* have_ca_path */ + 1, /* have_certinfo */ + 1, /* have_pinnedpubkey */ + 0, /* have_ssl_ctx */ + 1, /* support_https_proxy */ + + sizeof(struct ssl_backend_data), + + Curl_gtls_init, /* init */ + Curl_gtls_cleanup, /* cleanup */ + Curl_gtls_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_gtls_shutdown, /* shutdown */ + Curl_gtls_data_pending, /* data_pending */ + Curl_gtls_random, /* random */ + Curl_gtls_cert_status_request, /* cert_status_request */ + Curl_gtls_connect, /* connect */ + Curl_gtls_connect_nonblocking, /* connect_nonblocking */ + Curl_gtls_get_internals, /* get_internals */ + Curl_gtls_close, /* close_one */ + Curl_none_close_all, /* close_all */ + Curl_gtls_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start, /* false_start */ + Curl_gtls_md5sum, /* md5sum */ + Curl_gtls_sha256sum /* sha256sum */ +}; + #endif /* USE_GNUTLS */ diff -Nru curl-7.55.1/lib/vtls/gtls.h curl-7.57.0/lib/vtls/gtls.h --- curl-7.55.1/lib/vtls/gtls.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/gtls.h 2017-11-09 22:40:36.000000000 +0000 @@ -28,69 +28,7 @@ #include "urldata.h" -int Curl_gtls_init(void); -int Curl_gtls_cleanup(void); -CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); -bool Curl_gtls_data_pending(const struct connectdata *conn, - int connindex); - - /* close a SSL connection */ -void Curl_gtls_close(struct connectdata *conn, int sockindex); - -void Curl_gtls_session_free(void *ptr); -size_t Curl_gtls_version(char *buffer, size_t size); -int Curl_gtls_shutdown(struct connectdata *conn, int sockindex); -CURLcode Curl_gtls_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length); -void Curl_gtls_md5sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *md5sum, /* output */ - size_t md5len); -void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum, /* output */ - size_t sha256len); - -bool Curl_gtls_cert_status_request(void); - -/* Support HTTPS-proxy */ -#define HTTPS_PROXY_SUPPORT 1 - -/* Set the API backend definition to GnuTLS */ -#define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS - -/* this backend supports the CAPATH option */ -#define have_curlssl_ca_path 1 - -/* this backend supports CURLOPT_CERTINFO */ -#define have_curlssl_certinfo 1 - -/* this backend supports CURLOPT_PINNEDPUBLICKEY */ -#define have_curlssl_pinnedpubkey 1 - -/* API setup for GnuTLS */ -#define curlssl_init Curl_gtls_init -#define curlssl_cleanup Curl_gtls_cleanup -#define curlssl_connect Curl_gtls_connect -#define curlssl_connect_nonblocking Curl_gtls_connect_nonblocking -#define curlssl_session_free(x) Curl_gtls_session_free(x) -#define curlssl_close_all(x) ((void)x) -#define curlssl_close Curl_gtls_close -#define curlssl_shutdown(x,y) Curl_gtls_shutdown(x,y) -#define curlssl_set_engine(x,y) ((void)x, (void)y, CURLE_NOT_BUILT_IN) -#define curlssl_set_engine_default(x) ((void)x, CURLE_NOT_BUILT_IN) -#define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) -#define curlssl_version Curl_gtls_version -#define curlssl_check_cxn(x) ((void)x, -1) -#define curlssl_data_pending(x,y) Curl_gtls_data_pending(x,y) -#define curlssl_random(x,y,z) Curl_gtls_random(x,y,z) -#define curlssl_md5sum(a,b,c,d) Curl_gtls_md5sum(a,b,c,d) -#define curlssl_sha256sum(a,b,c,d) Curl_gtls_sha256sum(a,b,c,d) -#define curlssl_cert_status_request() Curl_gtls_cert_status_request() +extern const struct Curl_ssl Curl_ssl_gnutls; #endif /* USE_GNUTLS */ #endif /* HEADER_CURL_GTLS_H */ diff -Nru curl-7.55.1/lib/vtls/mbedtls.c curl-7.57.0/lib/vtls/mbedtls.c --- curl-7.55.1/lib/vtls/mbedtls.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/vtls/mbedtls.c 2017-11-10 16:47:30.000000000 +0000 @@ -61,6 +61,21 @@ #include "curl_memory.h" #include "memdebug.h" +struct ssl_backend_data { + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_entropy_context entropy; + mbedtls_ssl_context ssl; + int server_fd; + mbedtls_x509_crt cacert; + mbedtls_x509_crt clicert; + mbedtls_x509_crl crl; + mbedtls_pk_context pk; + mbedtls_ssl_config config; + const char *protocols[3]; +}; + +#define BACKEND connssl->backend + /* apply threading? */ #if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32) #define THREADING_SUPPORT @@ -214,9 +229,9 @@ return result; } - mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3, + mbedtls_ssl_conf_min_version(&BACKEND->config, MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ver_min); - mbedtls_ssl_conf_max_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3, + mbedtls_ssl_conf_max_version(&BACKEND->config, MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ver_max); return result; @@ -238,7 +253,7 @@ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port; int ret = -1; char errorbuf[128]; - errorbuf[0]=0; + errorbuf[0] = 0; /* mbedTLS only supports SSLv3 and TLSv1 */ if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) { @@ -248,9 +263,9 @@ #ifdef THREADING_SUPPORT entropy_init_mutex(&ts_entropy); - mbedtls_ctr_drbg_init(&connssl->ctr_drbg); + mbedtls_ctr_drbg_init(&BACKEND->ctr_drbg); - ret = mbedtls_ctr_drbg_seed(&connssl->ctr_drbg, entropy_func_mutex, + ret = mbedtls_ctr_drbg_seed(&BACKEND->ctr_drbg, entropy_func_mutex, &ts_entropy, NULL, 0); if(ret) { #ifdef MBEDTLS_ERROR_C @@ -260,11 +275,11 @@ -ret, errorbuf); } #else - mbedtls_entropy_init(&connssl->entropy); - mbedtls_ctr_drbg_init(&connssl->ctr_drbg); + mbedtls_entropy_init(&BACKEND->entropy); + mbedtls_ctr_drbg_init(&BACKEND->ctr_drbg); - ret = mbedtls_ctr_drbg_seed(&connssl->ctr_drbg, mbedtls_entropy_func, - &connssl->entropy, NULL, 0); + ret = mbedtls_ctr_drbg_seed(&BACKEND->ctr_drbg, mbedtls_entropy_func, + &BACKEND->entropy, NULL, 0); if(ret) { #ifdef MBEDTLS_ERROR_C mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); @@ -275,10 +290,10 @@ #endif /* THREADING_SUPPORT */ /* Load the trusted CA */ - mbedtls_x509_crt_init(&connssl->cacert); + mbedtls_x509_crt_init(&BACKEND->cacert); if(ssl_cafile) { - ret = mbedtls_x509_crt_parse_file(&connssl->cacert, ssl_cafile); + ret = mbedtls_x509_crt_parse_file(&BACKEND->cacert, ssl_cafile); if(ret<0) { #ifdef MBEDTLS_ERROR_C @@ -293,7 +308,7 @@ } if(ssl_capath) { - ret = mbedtls_x509_crt_parse_path(&connssl->cacert, ssl_capath); + ret = mbedtls_x509_crt_parse_path(&BACKEND->cacert, ssl_capath); if(ret<0) { #ifdef MBEDTLS_ERROR_C @@ -308,10 +323,10 @@ } /* Load the client certificate */ - mbedtls_x509_crt_init(&connssl->clicert); + mbedtls_x509_crt_init(&BACKEND->clicert); if(ssl_cert) { - ret = mbedtls_x509_crt_parse_file(&connssl->clicert, ssl_cert); + ret = mbedtls_x509_crt_parse_file(&BACKEND->clicert, ssl_cert); if(ret) { #ifdef MBEDTLS_ERROR_C @@ -325,12 +340,12 @@ } /* Load the client private key */ - mbedtls_pk_init(&connssl->pk); + mbedtls_pk_init(&BACKEND->pk); if(SSL_SET_OPTION(key)) { - ret = mbedtls_pk_parse_keyfile(&connssl->pk, SSL_SET_OPTION(key), + ret = mbedtls_pk_parse_keyfile(&BACKEND->pk, SSL_SET_OPTION(key), SSL_SET_OPTION(key_passwd)); - if(ret == 0 && !mbedtls_pk_can_do(&connssl->pk, MBEDTLS_PK_RSA)) + if(ret == 0 && !mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA)) ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; if(ret) { @@ -345,10 +360,10 @@ } /* Load the CRL */ - mbedtls_x509_crl_init(&connssl->crl); + mbedtls_x509_crl_init(&BACKEND->crl); if(ssl_crlfile) { - ret = mbedtls_x509_crl_parse_file(&connssl->crl, ssl_crlfile); + ret = mbedtls_x509_crl_parse_file(&BACKEND->crl, ssl_crlfile); if(ret) { #ifdef MBEDTLS_ERROR_C @@ -363,14 +378,14 @@ infof(data, "mbedTLS: Connecting to %s:%d\n", hostname, port); - mbedtls_ssl_config_init(&connssl->config); + mbedtls_ssl_config_init(&BACKEND->config); - mbedtls_ssl_init(&connssl->ssl); - if(mbedtls_ssl_setup(&connssl->ssl, &connssl->config)) { + mbedtls_ssl_init(&BACKEND->ssl); + if(mbedtls_ssl_setup(&BACKEND->ssl, &BACKEND->config)) { failf(data, "mbedTLS: ssl_init failed"); return CURLE_SSL_CONNECT_ERROR; } - ret = mbedtls_ssl_config_defaults(&connssl->config, + ret = mbedtls_ssl_config_defaults(&BACKEND->config, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); @@ -380,20 +395,20 @@ } /* new profile with RSA min key len = 1024 ... */ - mbedtls_ssl_conf_cert_profile(&connssl->config, + mbedtls_ssl_conf_cert_profile(&BACKEND->config, &mbedtls_x509_crt_profile_fr); switch(SSL_CONN_CONFIG(version)) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: - mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3, + mbedtls_ssl_conf_min_version(&BACKEND->config, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1); infof(data, "mbedTLS: Set min SSL version to TLS 1.0\n"); break; case CURL_SSLVERSION_SSLv3: - mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3, + mbedtls_ssl_conf_min_version(&BACKEND->config, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0); - mbedtls_ssl_conf_max_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3, + mbedtls_ssl_conf_max_version(&BACKEND->config, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0); infof(data, "mbedTLS: Set SSL version to SSLv3\n"); break; @@ -412,25 +427,25 @@ return CURLE_SSL_CONNECT_ERROR; } - mbedtls_ssl_conf_authmode(&connssl->config, MBEDTLS_SSL_VERIFY_OPTIONAL); + mbedtls_ssl_conf_authmode(&BACKEND->config, MBEDTLS_SSL_VERIFY_OPTIONAL); - mbedtls_ssl_conf_rng(&connssl->config, mbedtls_ctr_drbg_random, - &connssl->ctr_drbg); - mbedtls_ssl_set_bio(&connssl->ssl, &conn->sock[sockindex], + mbedtls_ssl_conf_rng(&BACKEND->config, mbedtls_ctr_drbg_random, + &BACKEND->ctr_drbg); + mbedtls_ssl_set_bio(&BACKEND->ssl, &conn->sock[sockindex], mbedtls_net_send, mbedtls_net_recv, NULL /* rev_timeout() */); - mbedtls_ssl_conf_ciphersuites(&connssl->config, + mbedtls_ssl_conf_ciphersuites(&BACKEND->config, mbedtls_ssl_list_ciphersuites()); #if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation(&connssl->config, + mbedtls_ssl_conf_renegotiation(&BACKEND->config, MBEDTLS_SSL_RENEGOTIATION_ENABLED); #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_conf_session_tickets(&connssl->config, + mbedtls_ssl_conf_session_tickets(&BACKEND->config, MBEDTLS_SSL_SESSION_TICKETS_DISABLED); #endif @@ -440,7 +455,7 @@ Curl_ssl_sessionid_lock(conn); if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) { - ret = mbedtls_ssl_set_session(&connssl->ssl, old_session); + ret = mbedtls_ssl_set_session(&BACKEND->ssl, old_session); if(ret) { Curl_ssl_sessionid_unlock(conn); failf(data, "mbedtls_ssl_set_session returned -0x%x", -ret); @@ -451,15 +466,15 @@ Curl_ssl_sessionid_unlock(conn); } - mbedtls_ssl_conf_ca_chain(&connssl->config, - &connssl->cacert, - &connssl->crl); + mbedtls_ssl_conf_ca_chain(&BACKEND->config, + &BACKEND->cacert, + &BACKEND->crl); if(SSL_SET_OPTION(key)) { - mbedtls_ssl_conf_own_cert(&connssl->config, - &connssl->clicert, &connssl->pk); + mbedtls_ssl_conf_own_cert(&BACKEND->config, + &BACKEND->clicert, &BACKEND->pk); } - if(mbedtls_ssl_set_hostname(&connssl->ssl, hostname)) { + if(mbedtls_ssl_set_hostname(&BACKEND->ssl, hostname)) { /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks *and* the name to set in the SNI extension. So even if curl connects to a host specified as an IP address, this function must be used. */ @@ -469,7 +484,7 @@ #ifdef HAS_ALPN if(conn->bits.tls_enable_alpn) { - const char **p = &connssl->protocols[0]; + const char **p = &BACKEND->protocols[0]; #ifdef USE_NGHTTP2 if(data->set.httpversion >= CURL_HTTP_VERSION_2) *p++ = NGHTTP2_PROTO_VERSION_ID; @@ -478,19 +493,19 @@ *p = NULL; /* this function doesn't clone the protocols array, which is why we need to keep it around */ - if(mbedtls_ssl_conf_alpn_protocols(&connssl->config, - &connssl->protocols[0])) { + if(mbedtls_ssl_conf_alpn_protocols(&BACKEND->config, + &BACKEND->protocols[0])) { failf(data, "Failed setting ALPN protocols"); return CURLE_SSL_CONNECT_ERROR; } - for(p = &connssl->protocols[0]; *p; ++p) + for(p = &BACKEND->protocols[0]; *p; ++p) infof(data, "ALPN, offering %s\n", *p); } #endif #ifdef MBEDTLS_DEBUG /* In order to make that work in mbedtls MBEDTLS_DEBUG_C must be defined. */ - mbedtls_ssl_conf_dbg(&connssl->config, mbed_debug, data); + mbedtls_ssl_conf_dbg(&BACKEND->config, mbed_debug, data); /* - 0 No debug * - 1 Error * - 2 State change @@ -502,7 +517,7 @@ /* give application a chance to interfere with mbedTLS set up. */ if(data->set.ssl.fsslctx) { - ret = (*data->set.ssl.fsslctx)(data, &connssl->config, + ret = (*data->set.ssl.fsslctx)(data, &BACKEND->config, data->set.ssl.fsslctxp); if(ret) { failf(data, "error signaled by ssl ctx callback"); @@ -537,7 +552,7 @@ conn->recv[sockindex] = mbed_recv; conn->send[sockindex] = mbed_send; - ret = mbedtls_ssl_handshake(&connssl->ssl); + ret = mbedtls_ssl_handshake(&BACKEND->ssl); if(ret == MBEDTLS_ERR_SSL_WANT_READ) { connssl->connecting_state = ssl_connect_2_reading; @@ -557,10 +572,10 @@ } infof(data, "mbedTLS: Handshake complete, cipher is %s\n", - mbedtls_ssl_get_ciphersuite(&conn->ssl[sockindex].ssl) + mbedtls_ssl_get_ciphersuite(&BACKEND->ssl) ); - ret = mbedtls_ssl_get_verify_result(&conn->ssl[sockindex].ssl); + ret = mbedtls_ssl_get_verify_result(&BACKEND->ssl); if(ret && SSL_CONN_CONFIG(verifypeer)) { if(ret & MBEDTLS_X509_BADCERT_EXPIRED) @@ -580,7 +595,7 @@ return CURLE_PEER_FAILED_VERIFICATION; } - peercert = mbedtls_ssl_get_peer_cert(&connssl->ssl); + peercert = mbedtls_ssl_get_peer_cert(&BACKEND->ssl); if(peercert && data->set.verbose) { const size_t bufsize = 16384; @@ -650,7 +665,7 @@ #ifdef HAS_ALPN if(conn->bits.tls_enable_alpn) { - next_protocol = mbedtls_ssl_get_alpn_protocol(&connssl->ssl); + next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl); if(next_protocol) { infof(data, "ALPN, server accepted to use %s\n", next_protocol); @@ -700,7 +715,7 @@ mbedtls_ssl_session_init(our_ssl_sessionid); - ret = mbedtls_ssl_get_session(&connssl->ssl, our_ssl_sessionid); + ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid); if(ret) { free(our_ssl_sessionid); failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret); @@ -730,9 +745,10 @@ const void *mem, size_t len, CURLcode *curlcode) { + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; int ret = -1; - ret = mbedtls_ssl_write(&conn->ssl[sockindex].ssl, + ret = mbedtls_ssl_write(&BACKEND->ssl, (unsigned char *)mem, len); if(ret < 0) { @@ -744,22 +760,23 @@ return ret; } -void Curl_mbedtls_close_all(struct Curl_easy *data) +static void Curl_mbedtls_close_all(struct Curl_easy *data) { (void)data; } -void Curl_mbedtls_close(struct connectdata *conn, int sockindex) +static void Curl_mbedtls_close(struct connectdata *conn, int sockindex) { - mbedtls_pk_free(&conn->ssl[sockindex].pk); - mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert); - mbedtls_x509_crt_free(&conn->ssl[sockindex].cacert); - mbedtls_x509_crl_free(&conn->ssl[sockindex].crl); - mbedtls_ssl_config_free(&conn->ssl[sockindex].config); - mbedtls_ssl_free(&conn->ssl[sockindex].ssl); - mbedtls_ctr_drbg_free(&conn->ssl[sockindex].ctr_drbg); + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + mbedtls_pk_free(&BACKEND->pk); + mbedtls_x509_crt_free(&BACKEND->clicert); + mbedtls_x509_crt_free(&BACKEND->cacert); + mbedtls_x509_crl_free(&BACKEND->crl); + mbedtls_ssl_config_free(&BACKEND->config); + mbedtls_ssl_free(&BACKEND->ssl); + mbedtls_ctr_drbg_free(&BACKEND->ctr_drbg); #ifndef THREADING_SUPPORT - mbedtls_entropy_free(&conn->ssl[sockindex].entropy); + mbedtls_entropy_free(&BACKEND->entropy); #endif /* THREADING_SUPPORT */ } @@ -767,11 +784,12 @@ char *buf, size_t buffersize, CURLcode *curlcode) { + struct ssl_connect_data *connssl = &conn->ssl[num]; int ret = -1; ssize_t len = -1; memset(buf, 0, buffersize); - ret = mbedtls_ssl_read(&conn->ssl[num].ssl, (unsigned char *)buf, + ret = mbedtls_ssl_read(&BACKEND->ssl, (unsigned char *)buf, buffersize); if(ret <= 0) { @@ -788,21 +806,21 @@ return len; } -void Curl_mbedtls_session_free(void *ptr) +static void Curl_mbedtls_session_free(void *ptr) { mbedtls_ssl_session_free(ptr); free(ptr); } -size_t Curl_mbedtls_version(char *buffer, size_t size) +static size_t Curl_mbedtls_version(char *buffer, size_t size) { unsigned int version = mbedtls_version_get_number(); return snprintf(buffer, size, "mbedTLS/%d.%d.%d", version>>24, (version>>16)&0xff, (version>>8)&0xff); } -CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, - size_t length) +static CURLcode Curl_mbedtls_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) { #if defined(MBEDTLS_CTR_DRBG_C) int ret = -1; @@ -811,7 +829,7 @@ mbedtls_ctr_drbg_context ctr_drbg; mbedtls_entropy_init(&ctr_entropy); mbedtls_ctr_drbg_init(&ctr_drbg); - errorbuf[0]=0; + errorbuf[0] = 0; ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &ctr_entropy, NULL, 0); @@ -869,7 +887,7 @@ return CURLE_OK; } - if(ssl_connect_1==connssl->connecting_state) { + if(ssl_connect_1 == connssl->connecting_state) { /* Find out how much more time we're allowed */ timeout_ms = Curl_timeleft(data, NULL, TRUE); @@ -900,9 +918,9 @@ if(connssl->connecting_state == ssl_connect_2_reading || connssl->connecting_state == ssl_connect_2_writing) { - curl_socket_t writefd = ssl_connect_2_writing== + curl_socket_t writefd = ssl_connect_2_writing == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading== + curl_socket_t readfd = ssl_connect_2_reading == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, @@ -942,13 +960,13 @@ } /* repeat step2 until all transactions are done. */ - if(ssl_connect_3==connssl->connecting_state) { + if(ssl_connect_3 == connssl->connecting_state) { retcode = mbed_connect_step3(conn, sockindex); if(retcode) return retcode; } - if(ssl_connect_done==connssl->connecting_state) { + if(ssl_connect_done == connssl->connecting_state) { connssl->state = ssl_connection_complete; conn->recv[sockindex] = mbed_recv; conn->send[sockindex] = mbed_send; @@ -963,18 +981,14 @@ return CURLE_OK; } -CURLcode -Curl_mbedtls_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_mbedtls_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return mbed_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_mbedtls_connect(struct connectdata *conn, - int sockindex) +static CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex) { CURLcode retcode; bool done = FALSE; @@ -992,19 +1006,70 @@ * return 0 error initializing SSL * return 1 SSL initialized successfully */ -int Curl_mbedtls_init(void) +static int Curl_mbedtls_init(void) { return Curl_polarsslthreadlock_thread_setup(); } -void Curl_mbedtls_cleanup(void) +static void Curl_mbedtls_cleanup(void) { (void)Curl_polarsslthreadlock_thread_cleanup(); } -int Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex) +static bool Curl_mbedtls_data_pending(const struct connectdata *conn, + int sockindex) { - return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0; + const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + return mbedtls_ssl_get_bytes_avail(&BACKEND->ssl) != 0; } +static void Curl_mbedtls_sha256sum(const unsigned char *input, + size_t inputlen, + unsigned char *sha256sum, + size_t sha256len UNUSED_PARAM) +{ + (void)sha256len; + mbedtls_sha256(input, inputlen, sha256sum, 0); +} + +static void *Curl_mbedtls_get_internals(struct ssl_connect_data *connssl, + CURLINFO info UNUSED_PARAM) +{ + (void)info; + return &BACKEND->ssl; +} + +const struct Curl_ssl Curl_ssl_mbedtls = { + { CURLSSLBACKEND_MBEDTLS, "mbedtls" }, /* info */ + + 1, /* have_ca_path */ + 0, /* have_certinfo */ + 1, /* have_pinnedpubkey */ + 1, /* have_ssl_ctx */ + 0, /* support_https_proxy */ + + sizeof(struct ssl_backend_data), + + Curl_mbedtls_init, /* init */ + Curl_mbedtls_cleanup, /* cleanup */ + Curl_mbedtls_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_none_shutdown, /* shutdown */ + Curl_mbedtls_data_pending, /* data_pending */ + Curl_mbedtls_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_mbedtls_connect, /* connect */ + Curl_mbedtls_connect_nonblocking, /* connect_nonblocking */ + Curl_mbedtls_get_internals, /* get_internals */ + Curl_mbedtls_close, /* close_one */ + Curl_mbedtls_close_all, /* close_all */ + Curl_mbedtls_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start, /* false_start */ + Curl_none_md5sum, /* md5sum */ + Curl_mbedtls_sha256sum /* sha256sum */ +}; + #endif /* USE_MBEDTLS */ diff -Nru curl-7.55.1/lib/vtls/mbedtls.h curl-7.57.0/lib/vtls/mbedtls.h --- curl-7.55.1/lib/vtls/mbedtls.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/mbedtls.h 2017-11-09 22:40:36.000000000 +0000 @@ -26,57 +26,7 @@ #ifdef USE_MBEDTLS -#include - -/* Called on first use mbedTLS, setup threading if supported */ -int Curl_mbedtls_init(void); -void Curl_mbedtls_cleanup(void); -int Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex); - -CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex); - -CURLcode Curl_mbedtls_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); - -/* tell mbedTLS to close down all open information regarding connections (and - thus session ID caching etc) */ -void Curl_mbedtls_close_all(struct Curl_easy *data); - - /* close a SSL connection */ -void Curl_mbedtls_close(struct connectdata *conn, int sockindex); - -void Curl_mbedtls_session_free(void *ptr); -size_t Curl_mbedtls_version(char *buffer, size_t size); -int Curl_mbedtls_shutdown(struct connectdata *conn, int sockindex); - -CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, - size_t length); - -/* this backends supports CURLOPT_PINNEDPUBLICKEY */ -#define have_curlssl_pinnedpubkey 1 - -/* this backend supports CURLOPT_SSL_CTX_* */ -#define have_curlssl_ssl_ctx 1 - -/* API setup for mbedTLS */ -#define curlssl_init() Curl_mbedtls_init() -#define curlssl_cleanup() Curl_mbedtls_cleanup() -#define curlssl_connect Curl_mbedtls_connect -#define curlssl_connect_nonblocking Curl_mbedtls_connect_nonblocking -#define curlssl_session_free(x) Curl_mbedtls_session_free(x) -#define curlssl_close_all Curl_mbedtls_close_all -#define curlssl_close Curl_mbedtls_close -#define curlssl_shutdown(x,y) 0 -#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN) -#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN) -#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL) -#define curlssl_version Curl_mbedtls_version -#define curlssl_check_cxn(x) (x=x, -1) -#define curlssl_data_pending(x,y) Curl_mbedtls_data_pending(x, y) -#define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS -#define curlssl_sha256sum(a,b,c,d) mbedtls_sha256(a,b,c,0) -#define curlssl_random(x,y,z) Curl_mbedtls_random(x, y, z) +extern const struct Curl_ssl Curl_ssl_mbedtls; #endif /* USE_MBEDTLS */ #endif /* HEADER_CURL_MBEDTLS_H */ diff -Nru curl-7.55.1/lib/vtls/nss.c curl-7.57.0/lib/vtls/nss.c --- curl-7.55.1/lib/vtls/nss.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/vtls/nss.c 2017-11-10 16:47:30.000000000 +0000 @@ -78,6 +78,16 @@ /* enough to fit the string "PEM Token #[0|1]" */ #define SLOTSIZE 13 +struct ssl_backend_data { + PRFileDesc *handle; + char *client_nickname; + struct Curl_easy *data; + struct curl_llist obj_list; + PK11GenericObject *obj_clicert; +}; + +#define BACKEND connssl->backend + static PRLock *nss_initlock = NULL; static PRLock *nss_crllock = NULL; static PRLock *nss_findslot_lock = NULL; @@ -271,7 +281,7 @@ found = PR_FALSE; - for(i=0; iobj_list, obj) != CURLE_OK) { + if(insert_wrapped_ptr(&BACKEND->obj_list, obj) != CURLE_OK) { PK11_DestroyGenericObject(obj); return CURLE_OUT_OF_MEMORY; } if(!cacert && CKO_CERTIFICATE == obj_class) /* store reference to a client certificate */ - ssl->obj_clicert = obj; + BACKEND->obj_clicert = obj; return CURLE_OK; } @@ -992,7 +1002,7 @@ char *issuer_nickname) { CERTCertificate *cert, *cert_issuer, *issuer; - SECStatus res=SECSuccess; + SECStatus res = SECSuccess; void *proto_win = NULL; cert = SSL_PeerCertificate(sock); @@ -1004,7 +1014,7 @@ if((!cert_issuer) || (!issuer)) res = SECFailure; else if(SECITEM_CompareItem(&cert_issuer->derCert, - &issuer->derCert)!=SECEqual) + &issuer->derCert) != SECEqual) res = SECFailure; CERT_DestroyCertificate(cert); @@ -1017,7 +1027,7 @@ const char *pinnedpubkey) { CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; - struct Curl_easy *data = connssl->data; + struct Curl_easy *data = BACKEND->data; CERTCertificate *cert; if(!pinnedpubkey) @@ -1025,7 +1035,7 @@ return CURLE_OK; /* get peer certificate */ - cert = SSL_PeerCertificate(connssl->handle); + cert = SSL_PeerCertificate(BACKEND->handle); if(cert) { /* extract public key from peer certificate */ SECKEYPublicKey *pubkey = CERT_ExtractPublicKey(cert); @@ -1069,11 +1079,11 @@ struct SECKEYPrivateKeyStr **pRetKey) { struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg; - struct Curl_easy *data = connssl->data; - const char *nickname = connssl->client_nickname; + struct Curl_easy *data = BACKEND->data; + const char *nickname = BACKEND->client_nickname; static const char pem_slotname[] = "PEM Token #1"; - if(connssl->obj_clicert) { + if(BACKEND->obj_clicert) { /* use the cert/key provided by PEM reader */ SECItem cert_der = { 0, NULL, 0 }; void *proto_win = SSL_RevealPinArg(sock); @@ -1086,7 +1096,7 @@ return SECFailure; } - if(PK11_ReadRawAttribute(PK11_TypeGeneric, connssl->obj_clicert, CKA_VALUE, + if(PK11_ReadRawAttribute(PK11_TypeGeneric, BACKEND->obj_clicert, CKA_VALUE, &cert_der) != SECSuccess) { failf(data, "NSS: CKA_VALUE not found in PK11 generic object"); PK11_FreeSlot(slot); @@ -1351,7 +1361,7 @@ * @retval 0 error initializing SSL * @retval 1 SSL initialized successfully */ -int Curl_nss_init(void) +static int Curl_nss_init(void) { /* curl_global_init() is not thread-safe so this test is ok */ if(nss_initlock == NULL) { @@ -1386,7 +1396,7 @@ } /* Global cleanup */ -void Curl_nss_cleanup(void) +static void Curl_nss_cleanup(void) { /* This function isn't required to be threadsafe and this is only done * as a safety feature. @@ -1426,14 +1436,14 @@ * 0 means the connection has been closed * -1 means the connection status is unknown */ -int -Curl_nss_check_cxn(struct connectdata *conn) +static int Curl_nss_check_cxn(struct connectdata *conn) { + struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; int rc; char buf; rc = - PR_Recv(conn->ssl[FIRSTSOCKET].handle, (void *)&buf, 1, PR_MSG_PEEK, + PR_Recv(BACKEND->handle, (void *)&buf, 1, PR_MSG_PEEK, PR_SecondsToInterval(1)); if(rc > 0) return 1; /* connection still in place */ @@ -1447,48 +1457,49 @@ static void nss_close(struct ssl_connect_data *connssl) { /* before the cleanup, check whether we are using a client certificate */ - const bool client_cert = (connssl->client_nickname != NULL) - || (connssl->obj_clicert != NULL); + const bool client_cert = (BACKEND->client_nickname != NULL) + || (BACKEND->obj_clicert != NULL); - free(connssl->client_nickname); - connssl->client_nickname = NULL; + free(BACKEND->client_nickname); + BACKEND->client_nickname = NULL; /* destroy all NSS objects in order to avoid failure of NSS shutdown */ - Curl_llist_destroy(&connssl->obj_list, NULL); - connssl->obj_clicert = NULL; + Curl_llist_destroy(&BACKEND->obj_list, NULL); + BACKEND->obj_clicert = NULL; - if(connssl->handle) { + if(BACKEND->handle) { if(client_cert) /* A server might require different authentication based on the * particular path being requested by the client. To support this * scenario, we must ensure that a connection will never reuse the * authentication data from a previous connection. */ - SSL_InvalidateSession(connssl->handle); + SSL_InvalidateSession(BACKEND->handle); - PR_Close(connssl->handle); - connssl->handle = NULL; + PR_Close(BACKEND->handle); + BACKEND->handle = NULL; } } /* * This function is called when an SSL connection is closed. */ -void Curl_nss_close(struct connectdata *conn, int sockindex) +static void Curl_nss_close(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex]; - if(connssl->handle || connssl_proxy->handle) { + if(BACKEND->handle || connssl_proxy->backend->handle) { /* NSS closes the socket we previously handed to it, so we must mark it as closed to avoid double close */ fake_sclose(conn->sock[sockindex]); conn->sock[sockindex] = CURL_SOCKET_BAD; } - if(connssl->handle) - /* nss_close(connssl) will transitively close also connssl_proxy->handle - if both are used. Clear it to avoid a double close leading to crash. */ - connssl_proxy->handle = NULL; + if(BACKEND->handle) + /* nss_close(connssl) will transitively close also + connssl_proxy->backend->handle if both are used. Clear it to avoid + a double close leading to crash. */ + connssl_proxy->backend->handle = NULL; nss_close(connssl); nss_close(connssl_proxy); @@ -1732,7 +1743,7 @@ } /* cleanup on connection failure */ - Curl_llist_destroy(&connssl->obj_list, NULL); + Curl_llist_destroy(&BACKEND->obj_list, NULL); return curlerr; } @@ -1746,7 +1757,7 @@ sock_opt.option = PR_SockOpt_Nonblocking; sock_opt.value.non_blocking = !blocking; - if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS) + if(PR_SetSocketOption(BACKEND->handle, &sock_opt) != PR_SUCCESS) return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR); return CURLE_OK; @@ -1770,10 +1781,10 @@ SSL_LIBRARY_VERSION_TLS_1_0 /* max */ }; - connssl->data = data; + BACKEND->data = data; /* list of all NSS objects we need to destroy in Curl_nss_close() */ - Curl_llist_init(&connssl->obj_list, nss_destroy_object); + Curl_llist_init(&BACKEND->obj_list, nss_destroy_object); /* FIXME. NSS doesn't support multiple databases open at the same time. */ PR_Lock(nss_initlock); @@ -1882,7 +1893,7 @@ char *nickname = dup_nickname(data, SSL_SET_OPTION(cert)); if(nickname) { /* we are not going to use libnsspem.so to read the client cert */ - connssl->obj_clicert = NULL; + BACKEND->obj_clicert = NULL; } else { CURLcode rv = cert_stuff(conn, sockindex, SSL_SET_OPTION(cert), @@ -1895,10 +1906,10 @@ } /* store the nickname for SelectClientCert() called during handshake */ - connssl->client_nickname = nickname; + BACKEND->client_nickname = nickname; } else - connssl->client_nickname = NULL; + BACKEND->client_nickname = NULL; if(SSL_GetClientAuthDataHook(model, SelectClientCert, (void *)connssl) != SECSuccess) { @@ -1908,8 +1919,8 @@ if(conn->proxy_ssl[sockindex].use) { DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); - DEBUGASSERT(conn->proxy_ssl[sockindex].handle != NULL); - nspr_io = conn->proxy_ssl[sockindex].handle; + DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL); + nspr_io = conn->proxy_ssl[sockindex].backend->handle; second_layer = TRUE; } else { @@ -1939,8 +1950,8 @@ } /* import our model socket onto the current I/O stack */ - connssl->handle = SSL_ImportFD(model, nspr_io); - if(!connssl->handle) { + BACKEND->handle = SSL_ImportFD(model, nspr_io); + if(!BACKEND->handle) { if(!second_layer) PR_Close(nspr_io); goto error; @@ -1951,36 +1962,36 @@ /* This is the password associated with the cert that we're using */ if(SSL_SET_OPTION(key_passwd)) { - SSL_SetPKCS11PinArg(connssl->handle, SSL_SET_OPTION(key_passwd)); + SSL_SetPKCS11PinArg(BACKEND->handle, SSL_SET_OPTION(key_passwd)); } #ifdef SSL_ENABLE_OCSP_STAPLING if(SSL_CONN_CONFIG(verifystatus)) { - if(SSL_OptionSet(connssl->handle, SSL_ENABLE_OCSP_STAPLING, PR_TRUE) + if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_OCSP_STAPLING, PR_TRUE) != SECSuccess) goto error; } #endif #ifdef SSL_ENABLE_NPN - if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, conn->bits.tls_enable_npn + if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_NPN, conn->bits.tls_enable_npn ? PR_TRUE : PR_FALSE) != SECSuccess) goto error; #endif #ifdef SSL_ENABLE_ALPN - if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, conn->bits.tls_enable_alpn + if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_ALPN, conn->bits.tls_enable_alpn ? PR_TRUE : PR_FALSE) != SECSuccess) goto error; #endif #if NSSVERNUM >= 0x030f04 /* 3.15.4 */ if(data->set.ssl.falsestart) { - if(SSL_OptionSet(connssl->handle, SSL_ENABLE_FALSE_START, PR_TRUE) + if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_FALSE_START, PR_TRUE) != SECSuccess) goto error; - if(SSL_SetCanFalseStartCallback(connssl->handle, CanFalseStartCallback, + if(SSL_SetCanFalseStartCallback(BACKEND->handle, CanFalseStartCallback, conn) != SECSuccess) goto error; } @@ -2004,24 +2015,24 @@ memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); cur += ALPN_HTTP_1_1_LENGTH; - if(SSL_SetNextProtoNego(connssl->handle, protocols, cur) != SECSuccess) + if(SSL_SetNextProtoNego(BACKEND->handle, protocols, cur) != SECSuccess) goto error; } #endif /* Force handshake on next I/O */ - if(SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE) + if(SSL_ResetHandshake(BACKEND->handle, /* asServer */ PR_FALSE) != SECSuccess) goto error; /* propagate hostname to the TLS layer */ - if(SSL_SetURL(connssl->handle, SSL_IS_PROXY() ? conn->http_proxy.host.name : + if(SSL_SetURL(BACKEND->handle, SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name) != SECSuccess) goto error; /* prevent NSS from re-using the session for a different hostname */ - if(SSL_SetSockPeerID(connssl->handle, SSL_IS_PROXY() ? + if(SSL_SetSockPeerID(BACKEND->handle, SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name) != SECSuccess) goto error; @@ -2058,7 +2069,7 @@ /* Force the handshake now */ timeout = PR_MillisecondsToInterval((PRUint32) time_left); - if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) { + if(SSL_ForceHandshakeWithTimeout(BACKEND->handle, timeout) != SECSuccess) { if(PR_GetError() == PR_WOULD_BLOCK_ERROR) /* blocking direction is updated by nss_update_connecting_state() */ return CURLE_AGAIN; @@ -2069,7 +2080,7 @@ goto error; } - result = display_conn_info(conn, connssl->handle); + result = display_conn_info(conn, BACKEND->handle); if(result) goto error; @@ -2078,7 +2089,7 @@ char *nickname = dup_nickname(data, SSL_SET_OPTION(issuercert)); if(nickname) { /* we support only nicknames in case of issuercert for now */ - ret = check_issuer_cert(connssl->handle, nickname); + ret = check_issuer_cert(BACKEND->handle, nickname); free(nickname); } @@ -2164,13 +2175,13 @@ return CURLE_OK; } -CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) +static CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) { return nss_connect_common(conn, sockindex, /* blocking */ NULL); } -CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn, - int sockindex, bool *done) +static CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return nss_connect_common(conn, sockindex, done); } @@ -2186,9 +2197,9 @@ /* The SelectClientCert() hook uses this for infof() and failf() but the handle stored in nss_setup_connect() could have already been freed. */ - connssl->data = conn->data; + BACKEND->data = conn->data; - rc = PR_Send(connssl->handle, mem, (int)len, 0, PR_INTERVAL_NO_WAIT); + rc = PR_Send(BACKEND->handle, mem, (int)len, 0, PR_INTERVAL_NO_WAIT); if(rc < 0) { PRInt32 err = PR_GetError(); if(err == PR_WOULD_BLOCK_ERROR) @@ -2223,9 +2234,9 @@ /* The SelectClientCert() hook uses this for infof() and failf() but the handle stored in nss_setup_connect() could have already been freed. */ - connssl->data = conn->data; + BACKEND->data = conn->data; - nread = PR_Recv(connssl->handle, buf, (int)buffersize, 0, + nread = PR_Recv(BACKEND->handle, buf, (int)buffersize, 0, PR_INTERVAL_NO_WAIT); if(nread < 0) { /* failed SSL read */ @@ -2252,22 +2263,22 @@ return nread; } -size_t Curl_nss_version(char *buffer, size_t size) +static size_t Curl_nss_version(char *buffer, size_t size) { return snprintf(buffer, size, "NSS/%s", NSS_VERSION); } /* data might be NULL */ -int Curl_nss_seed(struct Curl_easy *data) +static int Curl_nss_seed(struct Curl_easy *data) { /* make sure that NSS is initialized */ return !!Curl_nss_force_init(data); } /* data might be NULL */ -CURLcode Curl_nss_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length) +static CURLcode Curl_nss_random(struct Curl_easy *data, + unsigned char *entropy, + size_t length) { Curl_nss_seed(data); /* Initiate the seed if not already done */ @@ -2278,10 +2289,10 @@ return CURLE_OK; } -void Curl_nss_md5sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *md5sum, /* output */ - size_t md5len) +static CURLcode Curl_nss_md5sum(unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *md5sum, /* output */ + size_t md5len) { PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5); unsigned int MD5out; @@ -2289,12 +2300,14 @@ PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen)); PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len)); PK11_DestroyContext(MD5pw, PR_TRUE); + + return CURLE_OK; } -void Curl_nss_sha256sum(const unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum, /* output */ - size_t sha256len) +static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *sha256sum, /* output */ + size_t sha256len) { PK11Context *SHA256pw = PK11_CreateDigestContext(SEC_OID_SHA256); unsigned int SHA256out; @@ -2304,7 +2317,7 @@ PK11_DestroyContext(SHA256pw, PR_TRUE); } -bool Curl_nss_cert_status_request(void) +static bool Curl_nss_cert_status_request(void) { #ifdef SSL_ENABLE_OCSP_STAPLING return TRUE; @@ -2313,7 +2326,7 @@ #endif } -bool Curl_nss_false_start(void) +static bool Curl_nss_false_start(void) { #if NSSVERNUM >= 0x030f04 /* 3.15.4 */ return TRUE; @@ -2322,4 +2335,46 @@ #endif } +static void *Curl_nss_get_internals(struct ssl_connect_data *connssl, + CURLINFO info UNUSED_PARAM) +{ + (void)info; + return BACKEND->handle; +} + +const struct Curl_ssl Curl_ssl_nss = { + { CURLSSLBACKEND_NSS, "nss" }, /* info */ + + 1, /* have_ca_path */ + 1, /* have_certinfo */ + 1, /* have_pinnedpubkey */ + 0, /* have_ssl_ctx */ + 1, /* support_https_proxy */ + + sizeof(struct ssl_backend_data), + + Curl_nss_init, /* init */ + Curl_nss_cleanup, /* cleanup */ + Curl_nss_version, /* version */ + Curl_nss_check_cxn, /* check_cxn */ + /* NSS has no shutdown function provided and thus always fail */ + Curl_none_shutdown, /* shutdown */ + Curl_none_data_pending, /* data_pending */ + Curl_nss_random, /* random */ + Curl_nss_cert_status_request, /* cert_status_request */ + Curl_nss_connect, /* connect */ + Curl_nss_connect_nonblocking, /* connect_nonblocking */ + Curl_nss_get_internals, /* get_internals */ + Curl_nss_close, /* close_one */ + Curl_none_close_all, /* close_all */ + /* NSS has its own session ID cache */ + Curl_none_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_nss_false_start, /* false_start */ + Curl_nss_md5sum, /* md5sum */ + Curl_nss_sha256sum /* sha256sum */ +}; + #endif /* USE_NSS */ diff -Nru curl-7.55.1/lib/vtls/nssg.h curl-7.57.0/lib/vtls/nssg.h --- curl-7.55.1/lib/vtls/nssg.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/nssg.h 2017-11-09 22:40:36.000000000 +0000 @@ -30,79 +30,10 @@ #include "urldata.h" -CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); -/* close a SSL connection */ -void Curl_nss_close(struct connectdata *conn, int sockindex); - -int Curl_nss_init(void); -void Curl_nss_cleanup(void); - -size_t Curl_nss_version(char *buffer, size_t size); -int Curl_nss_check_cxn(struct connectdata *cxn); -int Curl_nss_seed(struct Curl_easy *data); - /* initialize NSS library if not already */ CURLcode Curl_nss_force_init(struct Curl_easy *data); -CURLcode Curl_nss_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length); - -void Curl_nss_md5sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *md5sum, /* output */ - size_t md5len); - -void Curl_nss_sha256sum(const unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum, /* output */ - size_t sha256len); - -bool Curl_nss_cert_status_request(void); - -bool Curl_nss_false_start(void); - -/* Support HTTPS-proxy */ -#define HTTPS_PROXY_SUPPORT 1 - -/* Set the API backend definition to NSS */ -#define CURL_SSL_BACKEND CURLSSLBACKEND_NSS - -/* this backend supports the CAPATH option */ -#define have_curlssl_ca_path 1 - -/* this backend supports CURLOPT_CERTINFO */ -#define have_curlssl_certinfo 1 - -/* this backends supports CURLOPT_PINNEDPUBLICKEY */ -#define have_curlssl_pinnedpubkey 1 - -/* API setup for NSS */ -#define curlssl_init Curl_nss_init -#define curlssl_cleanup Curl_nss_cleanup -#define curlssl_connect Curl_nss_connect -#define curlssl_connect_nonblocking Curl_nss_connect_nonblocking - -/* NSS has its own session ID cache */ -#define curlssl_session_free(x) Curl_nop_stmt -#define curlssl_close_all(x) ((void)x) -#define curlssl_close Curl_nss_close -/* NSS has no shutdown function provided and thus always fail */ -#define curlssl_shutdown(x,y) ((void)x, (void)y, 1) -#define curlssl_set_engine(x,y) ((void)x, (void)y, CURLE_NOT_BUILT_IN) -#define curlssl_set_engine_default(x) ((void)x, CURLE_NOT_BUILT_IN) -#define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) -#define curlssl_version Curl_nss_version -#define curlssl_check_cxn(x) Curl_nss_check_cxn(x) -#define curlssl_data_pending(x,y) ((void)x, (void)y, 0) -#define curlssl_random(x,y,z) Curl_nss_random(x,y,z) -#define curlssl_md5sum(a,b,c,d) Curl_nss_md5sum(a,b,c,d) -#define curlssl_sha256sum(a,b,c,d) Curl_nss_sha256sum(a,b,c,d) -#define curlssl_cert_status_request() Curl_nss_cert_status_request() -#define curlssl_false_start() Curl_nss_false_start() +extern const struct Curl_ssl Curl_ssl_nss; #endif /* USE_NSS */ #endif /* HEADER_CURL_NSSG_H */ diff -Nru curl-7.55.1/lib/vtls/openssl.c curl-7.57.0/lib/vtls/openssl.c --- curl-7.55.1/lib/vtls/openssl.c 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/lib/vtls/openssl.c 2017-11-27 18:38:07.000000000 +0000 @@ -51,8 +51,10 @@ #include "strcase.h" #include "hostcheck.h" #include "curl_printf.h" - #include +#ifdef HAVE_OPENSSL_ENGINE_H +#include +#endif #include #include #ifndef OPENSSL_NO_DSA @@ -64,8 +66,12 @@ #include #include #include +#include +#include -#ifdef HAVE_OPENSSL_PKCS12_H +#ifndef OPENSSL_IS_BORINGSSL +/* BoringSSL does not support PKCS12 */ +#define HAVE_PKCS12_SUPPORT 1 #include #endif @@ -144,6 +150,19 @@ #define OPENSSL_load_builtin_modules(x) #endif +/* + * Whether SSL_CTX_set_keylog_callback is available. + * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287 + * BoringSSL: supported since d28f59c27bac (committed 2015-11-19) + * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it + * lies and pretends to be OpenSSL 2.0.0). + */ +#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \ + !defined(LIBRESSL_VERSION_NUMBER)) || \ + defined(OPENSSL_IS_BORINGSSL) +#define HAVE_KEYLOG_CALLBACK +#endif + #if defined(LIBRESSL_VERSION_NUMBER) #define OSSL_PACKAGE "LibreSSL" #elif defined(OPENSSL_IS_BORINGSSL) @@ -152,6 +171,38 @@ #define OSSL_PACKAGE "OpenSSL" #endif +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) +/* up2date versions of OpenSSL maintain the default reasonably secure without + * breaking compatibility, so it is better not to override the default by curl + */ +#define DEFAULT_CIPHER_SELECTION NULL +#else +/* ... but it is not the case with old versions of OpenSSL */ +#define DEFAULT_CIPHER_SELECTION \ + "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH" +#endif + +#ifdef ENABLE_SSLKEYLOGFILE +typedef struct ssl_tap_state { + int master_key_length; + unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + unsigned char client_random[SSL3_RANDOM_SIZE]; +} ssl_tap_state_t; +#endif /* ENABLE_SSLKEYLOGFILE */ + +struct ssl_backend_data { + /* these ones requires specific SSL-types */ + SSL_CTX* ctx; + SSL* handle; + X509* server_cert; +#ifdef ENABLE_SSLKEYLOGFILE + /* tap_state holds the last seen master key if we're logging them */ + ssl_tap_state_t tap_state; +#endif +}; + +#define BACKEND connssl->backend + /* * Number of bytes to read from the random number seed file. This must be * a finite value (because some entropy "files" like /dev/urandom have @@ -160,6 +211,112 @@ */ #define RAND_LOAD_LENGTH 1024 +#ifdef ENABLE_SSLKEYLOGFILE +/* The fp for the open SSLKEYLOGFILE, or NULL if not open */ +static FILE *keylog_file_fp; + +#ifdef HAVE_KEYLOG_CALLBACK +static void ossl_keylog_callback(const SSL *ssl, const char *line) +{ + (void)ssl; + + /* Using fputs here instead of fprintf since libcurl's fprintf replacement + may not be thread-safe. */ + if(keylog_file_fp && line && *line) { + char stackbuf[256]; + char *buf; + size_t linelen = strlen(line); + + if(linelen <= sizeof(stackbuf) - 2) + buf = stackbuf; + else { + buf = malloc(linelen + 2); + if(!buf) + return; + } + strncpy(buf, line, linelen); + buf[linelen] = '\n'; + buf[linelen + 1] = '\0'; + + fputs(buf, keylog_file_fp); + if(buf != stackbuf) + free(buf); + } +} +#else +#define KEYLOG_PREFIX "CLIENT_RANDOM " +#define KEYLOG_PREFIX_LEN (sizeof(KEYLOG_PREFIX) - 1) +/* + * tap_ssl_key is called by libcurl to make the CLIENT_RANDOMs if the OpenSSL + * being used doesn't have native support for doing that. + */ +static void tap_ssl_key(const SSL *ssl, ssl_tap_state_t *state) +{ + const char *hex = "0123456789ABCDEF"; + int pos, i; + char line[KEYLOG_PREFIX_LEN + 2 * SSL3_RANDOM_SIZE + 1 + + 2 * SSL_MAX_MASTER_KEY_LENGTH + 1 + 1]; + const SSL_SESSION *session = SSL_get_session(ssl); + unsigned char client_random[SSL3_RANDOM_SIZE]; + unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + int master_key_length = 0; + + if(!session || !keylog_file_fp) + return; + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that + * we have a valid SSL context if we have a non-NULL session. */ + SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE); + master_key_length = + SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH); +#else + if(ssl->s3 && session->master_key_length > 0) { + master_key_length = session->master_key_length; + memcpy(master_key, session->master_key, session->master_key_length); + memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE); + } +#endif + + if(master_key_length <= 0) + return; + + /* Skip writing keys if there is no key or it did not change. */ + if(state->master_key_length == master_key_length && + !memcmp(state->master_key, master_key, master_key_length) && + !memcmp(state->client_random, client_random, SSL3_RANDOM_SIZE)) { + return; + } + + state->master_key_length = master_key_length; + memcpy(state->master_key, master_key, master_key_length); + memcpy(state->client_random, client_random, SSL3_RANDOM_SIZE); + + memcpy(line, KEYLOG_PREFIX, KEYLOG_PREFIX_LEN); + pos = KEYLOG_PREFIX_LEN; + + /* Client Random for SSLv3/TLS */ + for(i = 0; i < SSL3_RANDOM_SIZE; i++) { + line[pos++] = hex[client_random[i] >> 4]; + line[pos++] = hex[client_random[i] & 0xF]; + } + line[pos++] = ' '; + + /* Master Secret (size is at most SSL_MAX_MASTER_KEY_LENGTH) */ + for(i = 0; i < master_key_length; i++) { + line[pos++] = hex[master_key[i] >> 4]; + line[pos++] = hex[master_key[i] & 0xF]; + } + line[pos++] = '\n'; + line[pos] = '\0'; + + /* Using fputs here instead of fprintf since libcurl's fprintf replacement + may not be thread-safe. */ + fputs(line, keylog_file_fp); +} +#endif /* !HAVE_KEYLOG_CALLBACK */ +#endif /* ENABLE_SSLKEYLOGFILE */ + static const char *SSL_ERROR_to_str(int err) { switch(err) { @@ -214,7 +371,7 @@ if(!encrypting) { int klen = curlx_uztosi(strlen((char *)global_passwd)); if(num > klen) { - memcpy(buf, global_passwd, klen+1); + memcpy(buf, global_passwd, klen + 1); return klen; } } @@ -289,14 +446,14 @@ size_t len = sizeof(randb); size_t i, i_max; for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) { - struct curltime tv = curlx_tvnow(); + struct curltime tv = Curl_now(); Curl_wait_ms(1); tv.tv_sec *= i + 1; tv.tv_usec *= (unsigned int)i + 2; - tv.tv_sec ^= ((curlx_tvnow().tv_sec + curlx_tvnow().tv_usec) * + tv.tv_sec ^= ((Curl_now().tv_sec + Curl_now().tv_usec) * (i + 3)) << 8; - tv.tv_usec ^= (unsigned int) ((curlx_tvnow().tv_sec + - curlx_tvnow().tv_usec) * + tv.tv_usec ^= (unsigned int) ((Curl_now().tv_sec + + Curl_now().tv_usec) * (i + 4)) << 16; memcpy(&randb[i * sizeof(struct curltime)], &tv, sizeof(struct curltime)); @@ -305,7 +462,7 @@ } while(!rand_enough()); /* generates a default path for the random seed file */ - fname[0]=0; /* blank it first */ + fname[0] = 0; /* blank it first */ RAND_file_name(fname, sizeof(fname)); if(fname[0]) { /* we got a file name to try */ @@ -393,6 +550,7 @@ { struct Curl_easy *data = conn->data; char error_buffer[256]; + bool check_privkey = TRUE; int file_type = do_file_type(cert_type); @@ -496,7 +654,7 @@ case SSL_FILETYPE_PKCS12: { -#ifdef HAVE_OPENSSL_PKCS12_H +#ifdef HAVE_PKCS12_SUPPORT FILE *f; PKCS12 *p12; EVP_PKEY *pri; @@ -601,7 +759,7 @@ break; if(!key_file) /* cert & key can only be in PEM case in the same file */ - key_file=cert_file; + key_file = cert_file; /* FALLTHROUGH */ case SSL_FILETYPE_ASN1: if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) { @@ -664,13 +822,13 @@ return 0; } - ssl=SSL_new(ctx); + ssl = SSL_new(ctx); if(!ssl) { failf(data, "unable to create an SSL structure"); return 0; } - x509=SSL_get_certificate(ssl); + x509 = SSL_get_certificate(ssl); /* This version was provided by Evan Jordan and is supposed to not leak memory as the previous version: */ @@ -680,17 +838,38 @@ EVP_PKEY_free(pktmp); } +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL) + { + /* If RSA is used, don't check the private key if its flags indicate + * it doesn't support it. */ + EVP_PKEY *priv_key = SSL_get_privatekey(ssl); + int pktype; +#ifdef HAVE_OPAQUE_EVP_PKEY + pktype = EVP_PKEY_id(priv_key); +#else + pktype = priv_key->type; +#endif + if(pktype == EVP_PKEY_RSA) { + RSA *rsa = EVP_PKEY_get1_RSA(priv_key); + if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK) + check_privkey = FALSE; + RSA_free(rsa); /* Decrement reference count */ + } + } +#endif + SSL_free(ssl); /* If we are using DSA, we can copy the parameters from * the private key */ - - /* Now we know that a key and cert have been set against - * the SSL context */ - if(!SSL_CTX_check_private_key(ctx)) { - failf(data, "Private key does not match the certificate public key"); - return 0; + if(check_privkey == TRUE) { + /* Now we know that a key and cert have been set against + * the SSL context */ + if(!SSL_CTX_check_private_key(ctx)) { + failf(data, "Private key does not match the certificate public key"); + return 0; + } } } return 1; @@ -718,7 +897,7 @@ size--; /* don't overwrite the buffer end */ memcpy(buf, biomem->data, size); - buf[size]=0; + buf[size] = 0; BIO_free(bio_out); @@ -732,8 +911,12 @@ * @retval 0 error initializing SSL * @retval 1 SSL initialized successfully */ -int Curl_ossl_init(void) +static int Curl_ossl_init(void) { +#ifdef ENABLE_SSLKEYLOGFILE + const char *keylog_file_name; +#endif + OPENSSL_load_builtin_modules(); #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES @@ -770,11 +953,24 @@ OpenSSL_add_all_algorithms(); #endif +#ifdef ENABLE_SSLKEYLOGFILE + keylog_file_name = curl_getenv("SSLKEYLOGFILE"); + if(keylog_file_name && !keylog_file_fp) { + keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT); + if(keylog_file_fp) { + if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096)) { + fclose(keylog_file_fp); + keylog_file_fp = NULL; + } + } + } +#endif + return 1; } /* Global cleanup */ -void Curl_ossl_cleanup(void) +static void Curl_ossl_cleanup(void) { #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ !defined(LIBRESSL_VERSION_NUMBER) @@ -806,6 +1002,13 @@ SSL_COMP_free_compression_methods(); #endif #endif + +#ifdef ENABLE_SSLKEYLOGFILE + if(keylog_file_fp) { + fclose(keylog_file_fp); + keylog_file_fp = NULL; + } +#endif } /* @@ -816,7 +1019,7 @@ * 0 means the connection has been closed * -1 means the connection status is unknown */ -int Curl_ossl_check_cxn(struct connectdata *conn) +static int Curl_ossl_check_cxn(struct connectdata *conn) { /* SSL_peek takes data out of the raw recv buffer without peeking so we use recv MSG_PEEK instead. Bug #795 */ @@ -862,7 +1065,8 @@ /* Selects an OpenSSL crypto engine */ -CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine) +static CURLcode Curl_ossl_set_engine(struct Curl_easy *data, + const char *engine) { #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) ENGINE *e; @@ -907,7 +1111,7 @@ /* Sets engine as default for all SSL operations */ -CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data) +static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data) { #ifdef HAVE_OPENSSL_ENGINE_H if(data->state.engine) { @@ -929,7 +1133,7 @@ /* Return list of OpenSSL crypto engine names. */ -struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data) +static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data) { struct curl_slist *list = NULL; #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) @@ -952,23 +1156,23 @@ static void ossl_close(struct ssl_connect_data *connssl) { - if(connssl->handle) { - (void)SSL_shutdown(connssl->handle); - SSL_set_connect_state(connssl->handle); - - SSL_free(connssl->handle); - connssl->handle = NULL; - } - if(connssl->ctx) { - SSL_CTX_free(connssl->ctx); - connssl->ctx = NULL; + if(BACKEND->handle) { + (void)SSL_shutdown(BACKEND->handle); + SSL_set_connect_state(BACKEND->handle); + + SSL_free(BACKEND->handle); + BACKEND->handle = NULL; + } + if(BACKEND->ctx) { + SSL_CTX_free(BACKEND->ctx); + BACKEND->ctx = NULL; } } /* * This function is called when an SSL connection is closed. */ -void Curl_ossl_close(struct connectdata *conn, int sockindex) +static void Curl_ossl_close(struct connectdata *conn, int sockindex) { ossl_close(&conn->ssl[sockindex]); ossl_close(&conn->proxy_ssl[sockindex]); @@ -978,7 +1182,7 @@ * This function is called to shut down the SSL layer but keep the * socket open (CCC - Clear Command Channel) */ -int Curl_ossl_shutdown(struct connectdata *conn, int sockindex) +static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex) { int retval = 0; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; @@ -997,9 +1201,9 @@ we do not send one. Let's hope other servers do the same... */ if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE) - (void)SSL_shutdown(connssl->handle); + (void)SSL_shutdown(BACKEND->handle); - if(connssl->handle) { + if(BACKEND->handle) { buffsize = (int)sizeof(buf); while(!done) { int what = SOCKET_READABLE(conn->sock[sockindex], @@ -1009,9 +1213,8 @@ /* Something to read, let's do it and hope that it is the close notify alert from the server */ - nread = (ssize_t)SSL_read(conn->ssl[sockindex].handle, buf, - buffsize); - err = SSL_get_error(conn->ssl[sockindex].handle, (int)nread); + nread = (ssize_t)SSL_read(BACKEND->handle, buf, buffsize); + err = SSL_get_error(BACKEND->handle, (int)nread); switch(err) { case SSL_ERROR_NONE: /* this is not an error */ @@ -1056,7 +1259,7 @@ if(data->set.verbose) { #ifdef HAVE_SSL_GET_SHUTDOWN - switch(SSL_get_shutdown(connssl->handle)) { + switch(SSL_get_shutdown(BACKEND->handle)) { case SSL_SENT_SHUTDOWN: infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n"); break; @@ -1071,13 +1274,13 @@ #endif } - SSL_free(connssl->handle); - connssl->handle = NULL; + SSL_free(BACKEND->handle); + BACKEND->handle = NULL; } return retval; } -void Curl_ossl_session_free(void *ptr) +static void Curl_ossl_session_free(void *ptr) { /* free the ID */ SSL_SESSION_free(ptr); @@ -1087,7 +1290,7 @@ * This function is called when the 'data' struct is going away. Close * down everything and free all resources! */ -void Curl_ossl_close_all(struct Curl_easy *data) +static void Curl_ossl_close_all(struct Curl_easy *data) { #ifdef HAVE_OPENSSL_ENGINE_H if(data->state.engine) { @@ -1179,7 +1382,7 @@ numalts = sk_GENERAL_NAME_num(altnames); /* loop through all alternatives - until a dnsmatch */ - for(i=0; (i < numalts) && !dnsmatched; i++) { + for(i = 0; (i < numalts) && !dnsmatched; i++) { /* get a handle to alternative name number i */ const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i); @@ -1248,7 +1451,7 @@ else { /* we have to look to the last occurrence of a commonName in the distinguished one to get the most significant one. */ - int j, i=-1; + int j, i = -1; /* The following is done because of a bug in 0.9.6b */ @@ -1257,14 +1460,14 @@ X509_NAME *name = X509_get_subject_name(server_cert); if(name) - while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i))>=0) - i=j; + while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0) + i = j; /* we have the name entry and we will now convert this to a string that we can use for comparison. Doing this we support BMPstring, UTF8 etc. */ - if(i>=0) { + if(i >= 0) { ASN1_STRING *tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i)); @@ -1277,7 +1480,7 @@ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { j = ASN1_STRING_length(tmp); if(j >= 0) { - peer_CN = OPENSSL_malloc(j+1); + peer_CN = OPENSSL_malloc(j + 1); if(peer_CN) { memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j); peer_CN[j] = '\0'; @@ -1300,7 +1503,8 @@ peer_CN = NULL; else { /* convert peer_CN from UTF8 */ - CURLcode rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN)); + CURLcode rc = Curl_convert_from_utf8(data, (char *)peer_CN, + strlen((char *)peer_CN)); /* Curl_convert_from_utf8 calls failf if unsuccessful */ if(rc) { OPENSSL_free(peer_CN); @@ -1346,7 +1550,7 @@ X509_STORE *st = NULL; STACK_OF(X509) *ch = NULL; - long len = SSL_get_tlsext_status_ocsp_resp(connssl->handle, &p); + long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p); if(!p) { failf(data, "No OCSP response received"); @@ -1376,8 +1580,8 @@ goto end; } - ch = SSL_get_peer_cert_chain(connssl->handle); - st = SSL_CTX_get_cert_store(connssl->ctx); + ch = SSL_get_peer_cert_chain(BACKEND->handle); + st = SSL_CTX_get_cert_store(BACKEND->ctx); #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \ (defined(LIBRESSL_VERSION_NUMBER) && \ @@ -1768,7 +1972,7 @@ #ifdef TLS1_3_VERSION { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - SSL_CTX_set_max_proto_version(connssl->ctx, TLS1_3_VERSION); + SSL_CTX_set_max_proto_version(BACKEND->ctx, TLS1_3_VERSION); *ctx_options |= SSL_OP_NO_TLSv1_2; } #else @@ -1919,25 +2123,25 @@ return CURLE_SSL_CONNECT_ERROR; } - if(connssl->ctx) - SSL_CTX_free(connssl->ctx); - connssl->ctx = SSL_CTX_new(req_method); + if(BACKEND->ctx) + SSL_CTX_free(BACKEND->ctx); + BACKEND->ctx = SSL_CTX_new(req_method); - if(!connssl->ctx) { + if(!BACKEND->ctx) { failf(data, "SSL: couldn't create a context: %s", ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer))); return CURLE_OUT_OF_MEMORY; } #ifdef SSL_MODE_RELEASE_BUFFERS - SSL_CTX_set_mode(connssl->ctx, SSL_MODE_RELEASE_BUFFERS); + SSL_CTX_set_mode(BACKEND->ctx, SSL_MODE_RELEASE_BUFFERS); #endif #ifdef SSL_CTRL_SET_MSG_CALLBACK if(data->set.fdebug && data->set.verbose) { /* the SSL trace callback is only used for verbose logging */ - SSL_CTX_set_msg_callback(connssl->ctx, ssl_tls_trace); - SSL_CTX_set_msg_callback_arg(connssl->ctx, conn); + SSL_CTX_set_msg_callback(BACKEND->ctx, ssl_tls_trace); + SSL_CTX_set_msg_callback_arg(BACKEND->ctx, conn); } #endif @@ -2054,11 +2258,11 @@ return CURLE_SSL_CONNECT_ERROR; } - SSL_CTX_set_options(connssl->ctx, ctx_options); + SSL_CTX_set_options(BACKEND->ctx, ctx_options); #ifdef HAS_NPN if(conn->bits.tls_enable_npn) - SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb, conn); + SSL_CTX_set_next_proto_select_cb(BACKEND->ctx, select_next_proto_cb, conn); #endif #ifdef HAS_ALPN @@ -2086,12 +2290,12 @@ /* expects length prefixed preference ordered list of protocols in wire * format */ - SSL_CTX_set_alpn_protos(connssl->ctx, protocols, cur); + SSL_CTX_set_alpn_protos(BACKEND->ctx, protocols, cur); } #endif if(ssl_cert || ssl_cert_type) { - if(!cert_stuff(conn, connssl->ctx, ssl_cert, ssl_cert_type, + if(!cert_stuff(conn, BACKEND->ctx, ssl_cert, ssl_cert_type, SSL_SET_OPTION(key), SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd))) { /* failf() is already done in cert_stuff() */ @@ -2102,11 +2306,13 @@ ciphers = SSL_CONN_CONFIG(cipher_list); if(!ciphers) ciphers = (char *)DEFAULT_CIPHER_SELECTION; - if(!SSL_CTX_set_cipher_list(connssl->ctx, ciphers)) { - failf(data, "failed setting cipher list: %s", ciphers); - return CURLE_SSL_CIPHER; + if(ciphers) { + if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) { + failf(data, "failed setting cipher list: %s", ciphers); + return CURLE_SSL_CIPHER; + } + infof(data, "Cipher selection: %s\n", ciphers); } - infof(data, "Cipher selection: %s\n", ciphers); #ifdef USE_TLS_SRP if(ssl_authtype == CURL_TLSAUTH_SRP) { @@ -2114,18 +2320,18 @@ infof(data, "Using TLS-SRP username: %s\n", ssl_username); - if(!SSL_CTX_set_srp_username(connssl->ctx, ssl_username)) { + if(!SSL_CTX_set_srp_username(BACKEND->ctx, ssl_username)) { failf(data, "Unable to set SRP user name"); return CURLE_BAD_FUNCTION_ARGUMENT; } - if(!SSL_CTX_set_srp_password(connssl->ctx, SSL_SET_OPTION(password))) { + if(!SSL_CTX_set_srp_password(BACKEND->ctx, SSL_SET_OPTION(password))) { failf(data, "failed setting SRP password"); return CURLE_BAD_FUNCTION_ARGUMENT; } if(!SSL_CONN_CONFIG(cipher_list)) { infof(data, "Setting cipher list SRP\n"); - if(!SSL_CTX_set_cipher_list(connssl->ctx, "SRP")) { + if(!SSL_CTX_set_cipher_list(BACKEND->ctx, "SRP")) { failf(data, "failed setting SRP cipher list"); return CURLE_SSL_CIPHER; } @@ -2136,7 +2342,7 @@ if(ssl_cafile || ssl_capath) { /* tell SSL where to find CA certificates that are used to verify the servers certificate. */ - if(!SSL_CTX_load_verify_locations(connssl->ctx, ssl_cafile, ssl_capath)) { + if(!SSL_CTX_load_verify_locations(BACKEND->ctx, ssl_cafile, ssl_capath)) { if(verifypeer) { /* Fail if we insist on successfully verifying the server. */ failf(data, "error setting certificate verify locations:\n" @@ -2164,14 +2370,14 @@ else if(verifypeer) { /* verfying the peer without any CA certificates won't work so use openssl's built in default as fallback */ - SSL_CTX_set_default_verify_paths(connssl->ctx); + SSL_CTX_set_default_verify_paths(BACKEND->ctx); } #endif if(ssl_crlfile) { /* tell SSL where to find CRL file that is used to check certificate * revocation */ - lookup=X509_STORE_add_lookup(SSL_CTX_get_cert_store(connssl->ctx), + lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(BACKEND->ctx), X509_LOOKUP_file()); if(!lookup || (!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) { @@ -2180,7 +2386,7 @@ } /* Everything is fine. */ infof(data, "successfully load CRL file:\n"); - X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx), + X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx), X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); infof(data, " CRLfile: %s\n", ssl_crlfile); @@ -2195,7 +2401,7 @@ */ #if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS) if(verifypeer) { - X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx), + X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx), X509_V_FLAG_TRUSTED_FIRST); } #endif @@ -2204,12 +2410,19 @@ * fail to connect if the verification fails, or if it should continue * anyway. In the latter case the result of the verification is checked with * SSL_get_verify_result() below. */ - SSL_CTX_set_verify(connssl->ctx, + SSL_CTX_set_verify(BACKEND->ctx, verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL); + /* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */ +#if defined(ENABLE_SSLKEYLOGFILE) && defined(HAVE_KEYLOG_CALLBACK) + if(keylog_file) { + SSL_CTX_set_keylog_callback(connssl->ctx, ossl_keylog_callback); + } +#endif + /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { - result = (*data->set.ssl.fsslctx)(data, connssl->ctx, + result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx, data->set.ssl.fsslctxp); if(result) { failf(data, "error signaled by ssl ctx callback"); @@ -2218,10 +2431,10 @@ } /* Lets make an SSL structure */ - if(connssl->handle) - SSL_free(connssl->handle); - connssl->handle = SSL_new(connssl->ctx); - if(!connssl->handle) { + if(BACKEND->handle) + SSL_free(BACKEND->handle); + BACKEND->handle = SSL_new(BACKEND->ctx); + if(!BACKEND->handle) { failf(data, "SSL: couldn't create a context (handle)!"); return CURLE_OUT_OF_MEMORY; } @@ -2229,19 +2442,19 @@ #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ !defined(OPENSSL_NO_OCSP) if(SSL_CONN_CONFIG(verifystatus)) - SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp); + SSL_set_tlsext_status_type(BACKEND->handle, TLSEXT_STATUSTYPE_ocsp); #endif - SSL_set_connect_state(connssl->handle); + SSL_set_connect_state(BACKEND->handle); - connssl->server_cert = 0x0; + BACKEND->server_cert = 0x0; #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) && #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) && #endif sni && - !SSL_set_tlsext_host_name(connssl->handle, hostname)) + !SSL_set_tlsext_host_name(BACKEND->handle, hostname)) infof(data, "WARNING: failed to configure server name indication (SNI) " "TLS extension\n"); #endif @@ -2253,7 +2466,7 @@ Curl_ssl_sessionid_lock(conn); if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { /* we got a session id, use it! */ - if(!SSL_set_session(connssl->handle, ssl_sessionid)) { + if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) { Curl_ssl_sessionid_unlock(conn); failf(data, "SSL: SSL_set_session failed: %s", ossl_strerror(ERR_get_error(), error_buffer, @@ -2268,13 +2481,14 @@ if(conn->proxy_ssl[sockindex].use) { BIO *const bio = BIO_new(BIO_f_ssl()); + SSL *handle = conn->proxy_ssl[sockindex].backend->handle; DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); - DEBUGASSERT(conn->proxy_ssl[sockindex].handle != NULL); + DEBUGASSERT(handle != NULL); DEBUGASSERT(bio != NULL); - BIO_set_ssl(bio, conn->proxy_ssl[sockindex].handle, FALSE); - SSL_set_bio(connssl->handle, bio, bio); + BIO_set_ssl(bio, handle, FALSE); + SSL_set_bio(BACKEND->handle, bio, bio); } - else if(!SSL_set_fd(connssl->handle, (int)sockfd)) { + else if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) { /* pass the raw socket into the SSL layers */ failf(data, "SSL: SSL_set_fd failed: %s", ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer))); @@ -2299,13 +2513,18 @@ ERR_clear_error(); - err = SSL_connect(connssl->handle); + err = SSL_connect(BACKEND->handle); + /* If keylogging is enabled but the keylog callback is not supported then log + secrets here, immediately after SSL_connect by using tap_ssl_key. */ +#if defined(ENABLE_SSLKEYLOGFILE) && !defined(HAVE_KEYLOG_CALLBACK) + tap_ssl_key(BACKEND->handle, &BACKEND->tap_state); +#endif /* 1 is fine 0 is "not successful but was shut down controlled" <0 is "handshake was not successful, because a fatal error occurred" */ if(1 != err) { - int detail = SSL_get_error(connssl->handle, err); + int detail = SSL_get_error(BACKEND->handle, err); if(SSL_ERROR_WANT_READ == detail) { connssl->connecting_state = ssl_connect_2_reading; @@ -2339,7 +2558,7 @@ (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) { result = CURLE_SSL_CACERT; - lerr = SSL_get_verify_result(connssl->handle); + lerr = SSL_get_verify_result(BACKEND->handle); if(lerr != X509_V_OK) { *certverifyresult = lerr; snprintf(error_buffer, sizeof(error_buffer), @@ -2383,8 +2602,8 @@ /* Informational message */ infof(data, "SSL connection using %s / %s\n", - get_ssl_version_txt(connssl->handle), - SSL_get_cipher(connssl->handle)); + get_ssl_version_txt(BACKEND->handle), + SSL_get_cipher(BACKEND->handle)); #ifdef HAS_ALPN /* Sets data and len to negotiated protocol, len is 0 if no protocol was @@ -2393,7 +2612,7 @@ if(conn->bits.tls_enable_alpn) { const unsigned char *neg_protocol; unsigned int len; - SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len); + SSL_get0_alpn_selected(BACKEND->handle, &neg_protocol, &len); if(len != 0) { infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol); @@ -2438,7 +2657,7 @@ do { \ long info_len = BIO_get_mem_data(mem, &ptr); \ Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \ - if(1!=BIO_reset(mem)) \ + if(1 != BIO_reset(mem)) \ break; \ } WHILE_FALSE @@ -2486,12 +2705,12 @@ /* no extensions, bail out */ return 1; - for(i=0; i < (int)sk_X509_EXTENSION_num(exts); i++) { + for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) { ASN1_OBJECT *obj; X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); BUF_MEM *biomem; char buf[512]; - char *ptr=buf; + char *ptr = buf; char namebuf[128]; BIO *bio_out = BIO_new(BIO_s_mem()); @@ -2508,16 +2727,16 @@ BIO_get_mem_ptr(bio_out, &biomem); for(j = 0; j < (size_t)biomem->length; j++) { - const char *sep=""; + const char *sep = ""; if(biomem->data[j] == '\n') { - sep=", "; + sep = ", "; j++; /* skip the newline */ }; while((j<(size_t)biomem->length) && (biomem->data[j] == ' ')) j++; if(j<(size_t)biomem->length) - ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep, - biomem->data[j]); + ptr += snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep, + biomem->data[j]); } Curl_ssl_push_certinfo(data, certnum, namebuf, buf); @@ -2539,7 +2758,7 @@ int numcerts; BIO *mem; - sk = SSL_get_peer_cert_chain(connssl->handle); + sk = SSL_get_peer_cert_chain(BACKEND->handle); if(!sk) { return CURLE_OUT_OF_MEMORY; } @@ -2556,7 +2775,7 @@ for(i = 0; i < numcerts; i++) { ASN1_INTEGER *num; X509 *x = sk_X509_value(sk, i); - EVP_PKEY *pubkey=NULL; + EVP_PKEY *pubkey = NULL; int j; char *ptr; const ASN1_BIT_STRING *psig = NULL; @@ -2829,8 +3048,8 @@ /* we've been asked to gather certificate info! */ (void)get_cert_chain(conn, connssl); - connssl->server_cert = SSL_get_peer_certificate(connssl->handle); - if(!connssl->server_cert) { + BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle); + if(!BACKEND->server_cert) { BIO_free(mem); if(!strict) return CURLE_OK; @@ -2841,32 +3060,32 @@ infof(data, "%s certificate:\n", SSL_IS_PROXY() ? "Proxy" : "Server"); - rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert), + rc = x509_name_oneline(X509_get_subject_name(BACKEND->server_cert), buffer, sizeof(buffer)); infof(data, " subject: %s\n", rc?"[NONE]":buffer); - ASN1_TIME_print(mem, X509_get0_notBefore(connssl->server_cert)); + ASN1_TIME_print(mem, X509_get0_notBefore(BACKEND->server_cert)); len = BIO_get_mem_data(mem, (char **) &ptr); infof(data, " start date: %.*s\n", len, ptr); - rc = BIO_reset(mem); + (void)BIO_reset(mem); - ASN1_TIME_print(mem, X509_get0_notAfter(connssl->server_cert)); + ASN1_TIME_print(mem, X509_get0_notAfter(BACKEND->server_cert)); len = BIO_get_mem_data(mem, (char **) &ptr); infof(data, " expire date: %.*s\n", len, ptr); - rc = BIO_reset(mem); + (void)BIO_reset(mem); BIO_free(mem); if(SSL_CONN_CONFIG(verifyhost)) { - result = verifyhost(conn, connssl->server_cert); + result = verifyhost(conn, BACKEND->server_cert); if(result) { - X509_free(connssl->server_cert); - connssl->server_cert = NULL; + X509_free(BACKEND->server_cert); + BACKEND->server_cert = NULL; return result; } } - rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert), + rc = x509_name_oneline(X509_get_issuer_name(BACKEND->server_cert), buffer, sizeof(buffer)); if(rc) { if(strict) @@ -2886,8 +3105,8 @@ if(strict) failf(data, "SSL: Unable to open issuer cert (%s)", SSL_SET_OPTION(issuercert)); - X509_free(connssl->server_cert); - connssl->server_cert = NULL; + X509_free(BACKEND->server_cert); + BACKEND->server_cert = NULL; return CURLE_SSL_ISSUER_ERROR; } @@ -2896,7 +3115,7 @@ if(strict) failf(data, "SSL: Unable to read issuer cert (%s)", SSL_SET_OPTION(issuercert)); - X509_free(connssl->server_cert); + X509_free(BACKEND->server_cert); X509_free(issuer); fclose(fp); return CURLE_SSL_ISSUER_ERROR; @@ -2904,13 +3123,13 @@ fclose(fp); - if(X509_check_issued(issuer, connssl->server_cert) != X509_V_OK) { + if(X509_check_issued(issuer, BACKEND->server_cert) != X509_V_OK) { if(strict) failf(data, "SSL: Certificate issuer check failed (%s)", SSL_SET_OPTION(issuercert)); - X509_free(connssl->server_cert); + X509_free(BACKEND->server_cert); X509_free(issuer); - connssl->server_cert = NULL; + BACKEND->server_cert = NULL; return CURLE_SSL_ISSUER_ERROR; } @@ -2919,7 +3138,7 @@ X509_free(issuer); } - lerr = *certverifyresult = SSL_get_verify_result(connssl->handle); + lerr = *certverifyresult = SSL_get_verify_result(BACKEND->handle); if(*certverifyresult != X509_V_OK) { if(SSL_CONN_CONFIG(verifypeer)) { @@ -2944,8 +3163,8 @@ if(SSL_CONN_CONFIG(verifystatus)) { result = verifystatus(conn, connssl); if(result) { - X509_free(connssl->server_cert); - connssl->server_cert = NULL; + X509_free(BACKEND->server_cert); + BACKEND->server_cert = NULL; return result; } } @@ -2958,13 +3177,13 @@ ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; if(!result && ptr) { - result = pkp_pin_peer_pubkey(data, connssl->server_cert, ptr); + result = pkp_pin_peer_pubkey(data, BACKEND->server_cert, ptr); if(result) failf(data, "SSL: public key does not match pinned public key!"); } - X509_free(connssl->server_cert); - connssl->server_cert = NULL; + X509_free(BACKEND->server_cert); + BACKEND->server_cert = NULL; connssl->connecting_state = ssl_connect_done; return result; @@ -2983,7 +3202,7 @@ SSL_SESSION *our_ssl_sessionid; void *old_ssl_sessionid = NULL; - our_ssl_sessionid = SSL_get1_session(connssl->handle); + our_ssl_sessionid = SSL_get1_session(BACKEND->handle); /* SSL_get1_session() will increment the reference count and the session will stay in memory until explicitly freed with SSL_SESSION_free(3), @@ -3088,9 +3307,9 @@ if(connssl->connecting_state == ssl_connect_2_reading || connssl->connecting_state == ssl_connect_2_writing) { - curl_socket_t writefd = ssl_connect_2_writing== + curl_socket_t writefd = ssl_connect_2_writing == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading== + curl_socket_t readfd = ssl_connect_2_reading == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, @@ -3148,14 +3367,14 @@ return CURLE_OK; } -CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn, + int sockindex, + bool *done) { return ossl_connect_common(conn, sockindex, TRUE, done); } -CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex) +static CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -3169,17 +3388,22 @@ return CURLE_OK; } -bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex) +static bool Curl_ossl_data_pending(const struct connectdata *conn, + int connindex) { - if(conn->ssl[connindex].handle) + const struct ssl_connect_data *connssl = &conn->ssl[connindex]; + const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex]; + if(BACKEND->handle) /* SSL is in use */ - return (0 != SSL_pending(conn->ssl[connindex].handle) || - (conn->proxy_ssl[connindex].handle && - 0 != SSL_pending(conn->proxy_ssl[connindex].handle))) ? + return (0 != SSL_pending(BACKEND->handle) || + (proxyssl->backend->handle && + 0 != SSL_pending(proxyssl->backend->handle))) ? TRUE : FALSE; return FALSE; } +static size_t Curl_ossl_version(char *buffer, size_t size); + static ssize_t ossl_send(struct connectdata *conn, int sockindex, const void *mem, @@ -3193,14 +3417,15 @@ unsigned long sslerror; int memlen; int rc; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; ERR_clear_error(); memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; - rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen); + rc = SSL_write(BACKEND->handle, mem, memlen); if(rc <= 0) { - err = SSL_get_error(conn->ssl[sockindex].handle, rc); + err = SSL_get_error(BACKEND->handle, rc); switch(err) { case SSL_ERROR_WANT_READ: @@ -3254,14 +3479,15 @@ unsigned long sslerror; ssize_t nread; int buffsize; + struct ssl_connect_data *connssl = &conn->ssl[num]; ERR_clear_error(); buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; - nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf, buffsize); + nread = (ssize_t)SSL_read(BACKEND->handle, buf, buffsize); if(nread <= 0) { /* failed SSL_read */ - int err = SSL_get_error(conn->ssl[num].handle, (int)nread); + int err = SSL_get_error(BACKEND->handle, (int)nread); switch(err) { case SSL_ERROR_NONE: /* this is not an error */ @@ -3293,7 +3519,7 @@ return nread; } -size_t Curl_ossl_version(char *buffer, size_t size) +static size_t Curl_ossl_version(char *buffer, size_t size) { #ifdef OPENSSL_IS_BORINGSSL return snprintf(buffer, size, OSSL_PACKAGE); @@ -3302,9 +3528,9 @@ unsigned long ssleay_value; sub[2]='\0'; sub[1]='\0'; - ssleay_value=OpenSSL_version_num(); + ssleay_value = OpenSSL_version_num(); if(ssleay_value < 0x906000) { - ssleay_value=SSLEAY_VERSION_NUMBER; + ssleay_value = SSLEAY_VERSION_NUMBER; sub[0]='\0'; } else { @@ -3333,8 +3559,8 @@ } /* can be called with data == NULL */ -CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy, - size_t length) +static CURLcode Curl_ossl_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) { int rc; if(data) { @@ -3350,23 +3576,24 @@ return (rc == 1 ? CURLE_OK : CURLE_FAILED_INIT); } -void Curl_ossl_md5sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *md5sum /* output */, - size_t unused) +static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *md5sum /* output */, + size_t unused) { MD5_CTX MD5pw; (void)unused; MD5_Init(&MD5pw); MD5_Update(&MD5pw, tmp, tmplen); MD5_Final(md5sum, &MD5pw); + return CURLE_OK; } #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) -void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum /* output */, - size_t unused) +static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *sha256sum /* output */, + size_t unused) { SHA256_CTX SHA256pw; (void)unused; @@ -3376,7 +3603,7 @@ } #endif -bool Curl_ossl_cert_status_request(void) +static bool Curl_ossl_cert_status_request(void) { #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ !defined(OPENSSL_NO_OCSP) @@ -3385,4 +3612,50 @@ return FALSE; #endif } + +static void *Curl_ossl_get_internals(struct ssl_connect_data *connssl, + CURLINFO info) +{ + /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */ + return info == CURLINFO_TLS_SESSION ? + (void *)BACKEND->ctx : (void *)BACKEND->handle; +} + +const struct Curl_ssl Curl_ssl_openssl = { + { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */ + + 1, /* have_ca_path */ + 1, /* have_certinfo */ + 1, /* have_pinnedpubkey */ + 1, /* have_ssl_ctx */ + 1, /* support_https_proxy */ + + sizeof(struct ssl_backend_data), + + Curl_ossl_init, /* init */ + Curl_ossl_cleanup, /* cleanup */ + Curl_ossl_version, /* version */ + Curl_ossl_check_cxn, /* check_cxn */ + Curl_ossl_shutdown, /* shutdown */ + Curl_ossl_data_pending, /* data_pending */ + Curl_ossl_random, /* random */ + Curl_ossl_cert_status_request, /* cert_status_request */ + Curl_ossl_connect, /* connect */ + Curl_ossl_connect_nonblocking, /* connect_nonblocking */ + Curl_ossl_get_internals, /* get_internals */ + Curl_ossl_close, /* close_one */ + Curl_ossl_close_all, /* close_all */ + Curl_ossl_session_free, /* session_free */ + Curl_ossl_set_engine, /* set_engine */ + Curl_ossl_set_engine_default, /* set_engine_default */ + Curl_ossl_engines_list, /* engines_list */ + Curl_none_false_start, /* false_start */ + Curl_ossl_md5sum, /* md5sum */ +#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) + Curl_ossl_sha256sum /* sha256sum */ +#else + NULL /* sha256sum */ +#endif +}; + #endif /* USE_OPENSSL */ diff -Nru curl-7.55.1/lib/vtls/openssl.h curl-7.57.0/lib/vtls/openssl.h --- curl-7.55.1/lib/vtls/openssl.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/openssl.h 2017-11-09 22:40:36.000000000 +0000 @@ -31,96 +31,7 @@ #include "urldata.h" -CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); - -/* close a SSL connection */ -void Curl_ossl_close(struct connectdata *conn, int sockindex); - -/* tell OpenSSL to close down all open information regarding connections (and - thus session ID caching etc) */ -void Curl_ossl_close_all(struct Curl_easy *data); - -/* Sets an OpenSSL engine */ -CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine); - -/* function provided for the generic SSL-layer, called when a session id - should be freed */ -void Curl_ossl_session_free(void *ptr); - -/* Sets engine as default for all SSL operations */ -CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data); - -/* Build list of OpenSSL engines */ -struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data); - -int Curl_ossl_init(void); -void Curl_ossl_cleanup(void); - -size_t Curl_ossl_version(char *buffer, size_t size); -int Curl_ossl_check_cxn(struct connectdata *cxn); -int Curl_ossl_shutdown(struct connectdata *conn, int sockindex); -bool Curl_ossl_data_pending(const struct connectdata *conn, - int connindex); - -/* return 0 if a find random is filled in */ -CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy, - size_t length); -void Curl_ossl_md5sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *md5sum /* output */, - size_t unused); -void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum /* output */, - size_t unused); - -bool Curl_ossl_cert_status_request(void); - -/* Support HTTPS-proxy */ -#define HTTPS_PROXY_SUPPORT 1 - -/* Set the API backend definition to OpenSSL */ -#define CURL_SSL_BACKEND CURLSSLBACKEND_OPENSSL - -/* this backend supports the CAPATH option */ -#define have_curlssl_ca_path 1 - -/* this backend supports CURLOPT_CERTINFO */ -#define have_curlssl_certinfo 1 - -/* this backend supports CURLOPT_SSL_CTX_* */ -#define have_curlssl_ssl_ctx 1 - -/* this backend supports CURLOPT_PINNEDPUBLICKEY */ -#define have_curlssl_pinnedpubkey 1 - -/* API setup for OpenSSL */ -#define curlssl_init Curl_ossl_init -#define curlssl_cleanup Curl_ossl_cleanup -#define curlssl_connect Curl_ossl_connect -#define curlssl_connect_nonblocking Curl_ossl_connect_nonblocking -#define curlssl_session_free(x) Curl_ossl_session_free(x) -#define curlssl_close_all Curl_ossl_close_all -#define curlssl_close Curl_ossl_close -#define curlssl_shutdown(x,y) Curl_ossl_shutdown(x,y) -#define curlssl_set_engine(x,y) Curl_ossl_set_engine(x,y) -#define curlssl_set_engine_default(x) Curl_ossl_set_engine_default(x) -#define curlssl_engines_list(x) Curl_ossl_engines_list(x) -#define curlssl_version Curl_ossl_version -#define curlssl_check_cxn Curl_ossl_check_cxn -#define curlssl_data_pending(x,y) Curl_ossl_data_pending(x,y) -#define curlssl_random(x,y,z) Curl_ossl_random(x,y,z) -#define curlssl_md5sum(a,b,c,d) Curl_ossl_md5sum(a,b,c,d) -#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) -#define curlssl_sha256sum(a,b,c,d) Curl_ossl_sha256sum(a,b,c,d) -#endif -#define curlssl_cert_status_request() Curl_ossl_cert_status_request() - -#define DEFAULT_CIPHER_SELECTION \ - "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH" +extern const struct Curl_ssl Curl_ssl_openssl; #endif /* USE_OPENSSL */ #endif /* HEADER_CURL_SSLUSE_H */ diff -Nru curl-7.55.1/lib/vtls/polarssl.c curl-7.57.0/lib/vtls/polarssl.c --- curl-7.55.1/lib/vtls/polarssl.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/vtls/polarssl.c 2017-11-10 16:47:30.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 2012 - 2017, Daniel Stenberg, , et al. * Copyright (C) 2010 - 2011, Hoi-Ho Chan, * * This software is licensed as described in the file COPYING, which @@ -30,7 +30,6 @@ #include "curl_setup.h" #ifdef USE_POLARSSL - #include #include #include @@ -70,6 +69,19 @@ #define PUB_DER_MAX_BYTES (RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \ RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES) +struct ssl_backend_data { + ctr_drbg_context ctr_drbg; + entropy_context entropy; + ssl_context ssl; + int server_fd; + x509_crt cacert; + x509_crt clicert; + x509_crl crl; + rsa_context rsa; +}; + +#define BACKEND connssl->backend + /* apply threading? */ #if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32) #define THREADING_SUPPORT @@ -197,8 +209,8 @@ return result; } - ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, ssl_min_ver); - ssl_set_max_version(&connssl->ssl, SSL_MAJOR_VERSION_3, ssl_max_ver); + ssl_set_min_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3, ssl_min_ver); + ssl_set_max_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3, ssl_max_ver); return result; } @@ -215,7 +227,7 @@ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port; int ret = -1; char errorbuf[128]; - errorbuf[0]=0; + errorbuf[0] = 0; /* PolarSSL only supports SSLv3 and TLSv1 */ if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) { @@ -226,16 +238,16 @@ #ifdef THREADING_SUPPORT entropy_init_mutex(&entropy); - if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func_mutex, &entropy, + if((ret = ctr_drbg_init(&BACKEND->ctr_drbg, entropy_func_mutex, &entropy, NULL, 0)) != 0) { error_strerror(ret, errorbuf, sizeof(errorbuf)); failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n", -ret, errorbuf); } #else - entropy_init(&connssl->entropy); + entropy_init(&BACKEND->entropy); - if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func, &connssl->entropy, + if((ret = ctr_drbg_init(&BACKEND->ctr_drbg, entropy_func, &BACKEND->entropy, NULL, 0)) != 0) { error_strerror(ret, errorbuf, sizeof(errorbuf)); failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n", @@ -244,10 +256,10 @@ #endif /* THREADING_SUPPORT */ /* Load the trusted CA */ - memset(&connssl->cacert, 0, sizeof(x509_crt)); + memset(&BACKEND->cacert, 0, sizeof(x509_crt)); if(SSL_CONN_CONFIG(CAfile)) { - ret = x509_crt_parse_file(&connssl->cacert, + ret = x509_crt_parse_file(&BACKEND->cacert, SSL_CONN_CONFIG(CAfile)); if(ret<0) { @@ -261,7 +273,7 @@ } if(capath) { - ret = x509_crt_parse_path(&connssl->cacert, capath); + ret = x509_crt_parse_path(&BACKEND->cacert, capath); if(ret<0) { error_strerror(ret, errorbuf, sizeof(errorbuf)); @@ -274,10 +286,10 @@ } /* Load the client certificate */ - memset(&connssl->clicert, 0, sizeof(x509_crt)); + memset(&BACKEND->clicert, 0, sizeof(x509_crt)); if(SSL_SET_OPTION(cert)) { - ret = x509_crt_parse_file(&connssl->clicert, + ret = x509_crt_parse_file(&BACKEND->clicert, SSL_SET_OPTION(cert)); if(ret) { @@ -298,9 +310,9 @@ if(ret == 0 && !pk_can_do(&pk, POLARSSL_PK_RSA)) ret = POLARSSL_ERR_PK_TYPE_MISMATCH; if(ret == 0) - rsa_copy(&connssl->rsa, pk_rsa(pk)); + rsa_copy(&BACKEND->rsa, pk_rsa(pk)); else - rsa_free(&connssl->rsa); + rsa_free(&BACKEND->rsa); pk_free(&pk); if(ret) { @@ -313,10 +325,10 @@ } /* Load the CRL */ - memset(&connssl->crl, 0, sizeof(x509_crl)); + memset(&BACKEND->crl, 0, sizeof(x509_crl)); if(SSL_SET_OPTION(CRLfile)) { - ret = x509_crl_parse_file(&connssl->crl, + ret = x509_crl_parse_file(&BACKEND->crl, SSL_SET_OPTION(CRLfile)); if(ret) { @@ -330,7 +342,7 @@ infof(data, "PolarSSL: Connecting to %s:%d\n", hostname, port); - if(ssl_init(&connssl->ssl)) { + if(ssl_init(&BACKEND->ssl)) { failf(data, "PolarSSL: ssl_init failed"); return CURLE_SSL_CONNECT_ERROR; } @@ -338,13 +350,13 @@ switch(SSL_CONN_CONFIG(version)) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: - ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + ssl_set_min_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1); break; case CURL_SSLVERSION_SSLv3: - ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + ssl_set_min_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0); - ssl_set_max_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + ssl_set_max_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0); infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n"); break; @@ -363,16 +375,16 @@ return CURLE_SSL_CONNECT_ERROR; } - ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT); - ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL); + ssl_set_endpoint(&BACKEND->ssl, SSL_IS_CLIENT); + ssl_set_authmode(&BACKEND->ssl, SSL_VERIFY_OPTIONAL); - ssl_set_rng(&connssl->ssl, ctr_drbg_random, - &connssl->ctr_drbg); - ssl_set_bio(&connssl->ssl, + ssl_set_rng(&BACKEND->ssl, ctr_drbg_random, + &BACKEND->ctr_drbg); + ssl_set_bio(&BACKEND->ssl, net_recv, &conn->sock[sockindex], net_send, &conn->sock[sockindex]); - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); + ssl_set_ciphersuites(&BACKEND->ssl, ssl_list_ciphersuites()); /* Check if there's a cached ID we can/should use here! */ if(SSL_SET_OPTION(primary.sessionid)) { @@ -380,7 +392,7 @@ Curl_ssl_sessionid_lock(conn); if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) { - ret = ssl_set_session(&connssl->ssl, old_session); + ret = ssl_set_session(&BACKEND->ssl, old_session); if(ret) { Curl_ssl_sessionid_unlock(conn); failf(data, "ssl_set_session returned -0x%x", -ret); @@ -391,15 +403,15 @@ Curl_ssl_sessionid_unlock(conn); } - ssl_set_ca_chain(&connssl->ssl, - &connssl->cacert, - &connssl->crl, + ssl_set_ca_chain(&BACKEND->ssl, + &BACKEND->cacert, + &BACKEND->crl, hostname); - ssl_set_own_cert_rsa(&connssl->ssl, - &connssl->clicert, &connssl->rsa); + ssl_set_own_cert_rsa(&BACKEND->ssl, + &BACKEND->clicert, &BACKEND->rsa); - if(ssl_set_hostname(&connssl->ssl, hostname)) { + if(ssl_set_hostname(&BACKEND->ssl, hostname)) { /* ssl_set_hostname() sets the name to use in CN/SAN checks *and* the name to set in the SNI extension. So even if curl connects to a host specified as an IP address, this function must be used. */ @@ -424,12 +436,12 @@ protocols[cur] = NULL; - ssl_set_alpn_protocols(&connssl->ssl, protocols); + ssl_set_alpn_protocols(&BACKEND->ssl, protocols); } #endif #ifdef POLARSSL_DEBUG - ssl_set_dbg(&connssl->ssl, polarssl_debug, data); + ssl_set_dbg(&BACKEND->ssl, polarssl_debug, data); #endif connssl->connecting_state = ssl_connect_2; @@ -456,7 +468,7 @@ conn->recv[sockindex] = polarssl_recv; conn->send[sockindex] = polarssl_send; - ret = ssl_handshake(&connssl->ssl); + ret = ssl_handshake(&BACKEND->ssl); switch(ret) { case 0: @@ -478,9 +490,9 @@ } infof(data, "PolarSSL: Handshake complete, cipher is %s\n", - ssl_get_ciphersuite(&conn->ssl[sockindex].ssl) ); + ssl_get_ciphersuite(&BACKEND->ssl) ); - ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl); + ret = ssl_get_verify_result(&BACKEND->ssl); if(ret && SSL_CONN_CONFIG(verifypeer)) { if(ret & BADCERT_EXPIRED) @@ -500,12 +512,12 @@ return CURLE_PEER_FAILED_VERIFICATION; } - if(ssl_get_peer_cert(&(connssl->ssl))) { + if(ssl_get_peer_cert(&(BACKEND->ssl))) { /* If the session was resumed, there will be no peer certs */ memset(buffer, 0, sizeof(buffer)); if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ", - ssl_get_peer_cert(&(connssl->ssl))) != -1) + ssl_get_peer_cert(&(BACKEND->ssl))) != -1) infof(data, "Dumping cert info:\n%s\n", buffer); } @@ -517,7 +529,7 @@ unsigned char pubkey[PUB_DER_MAX_BYTES]; const x509_crt *peercert; - peercert = ssl_get_peer_cert(&connssl->ssl); + peercert = ssl_get_peer_cert(&BACKEND->ssl); if(!peercert || !peercert->raw.p || !peercert->raw.len) { failf(data, "Failed due to missing peer certificate"); @@ -566,7 +578,7 @@ #ifdef HAS_ALPN if(conn->bits.tls_enable_alpn) { - const char *next_protocol = ssl_get_alpn_protocol(&connssl->ssl); + const char *next_protocol = ssl_get_alpn_protocol(&BACKEND->ssl); if(next_protocol != NULL) { infof(data, "ALPN, server accepted to use %s\n", next_protocol); @@ -614,7 +626,7 @@ memset(our_ssl_sessionid, 0, sizeof(ssl_session)); - ret = ssl_get_session(&connssl->ssl, our_ssl_sessionid); + ret = ssl_get_session(&BACKEND->ssl, our_ssl_sessionid); if(ret) { failf(data, "ssl_get_session returned -0x%x", -ret); return CURLE_SSL_CONNECT_ERROR; @@ -645,9 +657,10 @@ size_t len, CURLcode *curlcode) { + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; int ret = -1; - ret = ssl_write(&conn->ssl[sockindex].ssl, + ret = ssl_write(&BACKEND->ssl, (unsigned char *)mem, len); if(ret < 0) { @@ -659,13 +672,14 @@ return ret; } -void Curl_polarssl_close(struct connectdata *conn, int sockindex) +static void Curl_polarssl_close(struct connectdata *conn, int sockindex) { - rsa_free(&conn->ssl[sockindex].rsa); - x509_crt_free(&conn->ssl[sockindex].clicert); - x509_crt_free(&conn->ssl[sockindex].cacert); - x509_crl_free(&conn->ssl[sockindex].crl); - ssl_free(&conn->ssl[sockindex].ssl); + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + rsa_free(&BACKEND->rsa); + x509_crt_free(&BACKEND->clicert); + x509_crt_free(&BACKEND->cacert); + x509_crl_free(&BACKEND->crl); + ssl_free(&BACKEND->ssl); } static ssize_t polarssl_recv(struct connectdata *conn, @@ -674,11 +688,12 @@ size_t buffersize, CURLcode *curlcode) { + struct ssl_connect_data *connssl = &conn->ssl[num]; int ret = -1; ssize_t len = -1; memset(buf, 0, buffersize); - ret = ssl_read(&conn->ssl[num].ssl, (unsigned char *)buf, buffersize); + ret = ssl_read(&BACKEND->ssl, (unsigned char *)buf, buffersize); if(ret <= 0) { if(ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) @@ -694,7 +709,7 @@ return len; } -void Curl_polarssl_session_free(void *ptr) +static void Curl_polarssl_session_free(void *ptr) { ssl_session_free(ptr); free(ptr); @@ -703,7 +718,7 @@ /* 1.3.10 was the first rebranded version. All new releases (in 1.3 branch and higher) will be mbed TLS branded.. */ -size_t Curl_polarssl_version(char *buffer, size_t size) +static size_t Curl_polarssl_version(char *buffer, size_t size) { unsigned int version = version_get_number(); return snprintf(buffer, size, "%s/%d.%d.%d", @@ -762,9 +777,9 @@ if(connssl->connecting_state == ssl_connect_2_reading || connssl->connecting_state == ssl_connect_2_writing) { - curl_socket_t writefd = ssl_connect_2_writing== + curl_socket_t writefd = ssl_connect_2_writing == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading== + curl_socket_t readfd = ssl_connect_2_reading == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, @@ -825,18 +840,14 @@ return CURLE_OK; } -CURLcode -Curl_polarssl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return polarssl_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_polarssl_connect(struct connectdata *conn, - int sockindex) +static CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -854,20 +865,73 @@ * return 0 error initializing SSL * return 1 SSL initialized successfully */ -int Curl_polarssl_init(void) +static int Curl_polarssl_init(void) { return Curl_polarsslthreadlock_thread_setup(); } -void Curl_polarssl_cleanup(void) +static void Curl_polarssl_cleanup(void) { (void)Curl_polarsslthreadlock_thread_cleanup(); } - -int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex) +static bool Curl_polarssl_data_pending(const struct connectdata *conn, + int sockindex) { - return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0; + const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + return ssl_get_bytes_avail(&BACKEND->ssl) != 0; } +static void Curl_polarssl_sha256sum(const unsigned char *input, + size_t inputlen, + unsigned char *sha256sum, + size_t sha256len UNUSED_PARAM) +{ + (void)sha256len; + sha256(input, inputlen, sha256sum, 0); +} + +static void *Curl_polarssl_get_internals(struct ssl_connect_data *connssl, + CURLINFO info UNUSED_PARAM) +{ + (void)info; + return &BACKEND->ssl; +} + +const struct Curl_ssl Curl_ssl_polarssl = { + { CURLSSLBACKEND_POLARSSL, "polarssl" }, /* info */ + + 1, /* have_ca_path */ + 0, /* have_certinfo */ + 1, /* have_pinnedpubkey */ + 0, /* have_ssl_ctx */ + 0, /* support_https_proxy */ + + sizeof(struct ssl_backend_data), + + Curl_polarssl_init, /* init */ + Curl_polarssl_cleanup, /* cleanup */ + Curl_polarssl_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_none_shutdown, /* shutdown */ + Curl_polarssl_data_pending, /* data_pending */ + /* This might cause libcurl to use a weeker random! + * TODO: use Polarssl's CTR-DRBG or HMAC-DRBG + */ + Curl_none_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_polarssl_connect, /* connect */ + Curl_polarssl_connect_nonblocking, /* connect_nonblocking */ + Curl_polarssl_get_internals, /* get_internals */ + Curl_polarssl_close, /* close_one */ + Curl_none_close_all, /* close_all */ + Curl_polarssl_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start, /* false_start */ + Curl_none_md5sum, /* md5sum */ + Curl_polarssl_sha256sum /* sha256sum */ +}; + #endif /* USE_POLARSSL */ diff -Nru curl-7.55.1/lib/vtls/polarssl.h curl-7.57.0/lib/vtls/polarssl.h --- curl-7.55.1/lib/vtls/polarssl.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/polarssl.h 2017-11-09 22:40:36.000000000 +0000 @@ -26,57 +26,7 @@ #ifdef USE_POLARSSL -#include - -/* Called on first use PolarSSL, setup threading if supported */ -int Curl_polarssl_init(void); -void Curl_polarssl_cleanup(void); -int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex); - - -CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); - -CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); - - /* close a SSL connection */ -void Curl_polarssl_close(struct connectdata *conn, int sockindex); - -void Curl_polarssl_session_free(void *ptr); -size_t Curl_polarssl_version(char *buffer, size_t size); -int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex); - -/* Set the API backend definition to PolarSSL */ -#define CURL_SSL_BACKEND CURLSSLBACKEND_POLARSSL - -/* this backend supports the CAPATH option */ -#define have_curlssl_ca_path 1 - -/* this backends supports CURLOPT_PINNEDPUBLICKEY */ -#define have_curlssl_pinnedpubkey 1 - -/* API setup for PolarSSL */ -#define curlssl_init() Curl_polarssl_init() -#define curlssl_cleanup() Curl_polarssl_cleanup() -#define curlssl_connect Curl_polarssl_connect -#define curlssl_connect_nonblocking Curl_polarssl_connect_nonblocking -#define curlssl_session_free(x) Curl_polarssl_session_free(x) -#define curlssl_close_all(x) ((void)x) -#define curlssl_close Curl_polarssl_close -#define curlssl_shutdown(x,y) 0 -#define curlssl_set_engine(x,y) ((void)x, (void)y, CURLE_NOT_BUILT_IN) -#define curlssl_set_engine_default(x) ((void)x, CURLE_NOT_BUILT_IN) -#define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) -#define curlssl_version Curl_polarssl_version -#define curlssl_check_cxn(x) ((void)x, -1) -#define curlssl_data_pending(x,y) Curl_polarssl_data_pending(x, y) -#define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0) - -/* This might cause libcurl to use a weeker random! - TODO: implement proper use of Polarssl's CTR-DRBG or HMAC-DRBG and use that -*/ -#define curlssl_random(x,y,z) ((void)x, (void)y, (void)z, CURLE_NOT_BUILT_IN) +extern const struct Curl_ssl Curl_ssl_polarssl; #endif /* USE_POLARSSL */ #endif /* HEADER_CURL_POLARSSL_H */ diff -Nru curl-7.55.1/lib/vtls/polarssl_threadlock.c curl-7.57.0/lib/vtls/polarssl_threadlock.c --- curl-7.55.1/lib/vtls/polarssl_threadlock.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/polarssl_threadlock.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2013-2016, Daniel Stenberg, , et al. + * Copyright (C) 2013-2017, Daniel Stenberg, , et al. * Copyright (C) 2010, 2011, Hoi-Ho Chan, * * This software is licensed as described in the file COPYING, which @@ -114,7 +114,7 @@ } #elif defined(HAVE_PROCESS_H) if(n < NUMT) { - ret = (WaitForSingleObject(mutex_buf[n], INFINITE)==WAIT_FAILED?1:0); + ret = (WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED?1:0); if(ret) { DEBUGF(fprintf(stderr, "Error: polarsslthreadlock_lock_function failed\n")); diff -Nru curl-7.55.1/lib/vtls/schannel.c curl-7.57.0/lib/vtls/schannel.c --- curl-7.55.1/lib/vtls/schannel.c 2017-08-12 13:28:13.000000000 +0000 +++ curl-7.57.0/lib/vtls/schannel.c 2017-11-10 16:47:30.000000000 +0000 @@ -46,6 +46,8 @@ # error "Can't compile SCHANNEL support without SSPI." #endif +#include +#include #include "curl_sspi.h" #include "schannel.h" #include "vtls.h" @@ -74,11 +76,92 @@ # define HAS_ALPN 1 #endif +#ifndef UNISP_NAME_A +#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider" +#endif + +#ifndef UNISP_NAME_W +#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider" +#endif + +#ifndef UNISP_NAME +#ifdef UNICODE +#define UNISP_NAME UNISP_NAME_W +#else +#define UNISP_NAME UNISP_NAME_A +#endif +#endif + +#ifndef SP_PROT_SSL2_CLIENT +#define SP_PROT_SSL2_CLIENT 0x00000008 +#endif + +#ifndef SP_PROT_SSL3_CLIENT +#define SP_PROT_SSL3_CLIENT 0x00000008 +#endif + +#ifndef SP_PROT_TLS1_CLIENT +#define SP_PROT_TLS1_CLIENT 0x00000080 +#endif + +#ifndef SP_PROT_TLS1_0_CLIENT +#define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT +#endif + +#ifndef SP_PROT_TLS1_1_CLIENT +#define SP_PROT_TLS1_1_CLIENT 0x00000200 +#endif + +#ifndef SP_PROT_TLS1_2_CLIENT +#define SP_PROT_TLS1_2_CLIENT 0x00000800 +#endif + +#ifndef SECBUFFER_ALERT +#define SECBUFFER_ALERT 17 +#endif + +/* Both schannel buffer sizes must be > 0 */ +#define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096 +#define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024 + /* Uncomment to force verbose output * #define infof(x, y, ...) printf(y, __VA_ARGS__) * #define failf(x, y, ...) printf(y, __VA_ARGS__) */ +/* Structs to store Schannel handles */ +struct curl_schannel_cred { + CredHandle cred_handle; + TimeStamp time_stamp; + int refcount; +}; + +struct curl_schannel_ctxt { + CtxtHandle ctxt_handle; + TimeStamp time_stamp; +}; + +struct ssl_backend_data { + struct curl_schannel_cred *cred; + struct curl_schannel_ctxt *ctxt; + SecPkgContext_StreamSizes stream_sizes; + size_t encdata_length, decdata_length; + size_t encdata_offset, decdata_offset; + unsigned char *encdata_buffer, *decdata_buffer; + /* encdata_is_incomplete: if encdata contains only a partial record that + can't be decrypted without another Curl_read_plain (that is, status is + SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes + more bytes into encdata then set this back to false. */ + bool encdata_is_incomplete; + unsigned long req_flags, ret_flags; + CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */ + bool recv_sspi_close_notify; /* true if connection closed by close_notify */ + bool recv_connection_closed; /* true if connection closed, regardless how */ + bool use_alpn; /* true if ALPN is used for this connection */ +}; + +#define BACKEND connssl->backend + static Curl_recv schannel_recv; static Curl_send schannel_send; @@ -176,33 +259,33 @@ #ifdef HAS_ALPN /* ALPN is only supported on Windows 8.1 / Server 2012 R2 and above. Also it doesn't seem to be supported for Wine, see curl bug #983. */ - connssl->use_alpn = conn->bits.tls_enable_alpn && + BACKEND->use_alpn = conn->bits.tls_enable_alpn && !GetProcAddress(GetModuleHandleA("ntdll"), "wine_get_version") && Curl_verify_windows_version(6, 3, PLATFORM_WINNT, VERSION_GREATER_THAN_EQUAL); #else - connssl->use_alpn = false; + BACKEND->use_alpn = false; #endif - connssl->cred = NULL; + BACKEND->cred = NULL; /* check for an existing re-usable credential handle */ if(SSL_SET_OPTION(primary.sessionid)) { Curl_ssl_sessionid_lock(conn); if(!Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)) { - connssl->cred = old_cred; + BACKEND->cred = old_cred; infof(data, "schannel: re-using existing credential handle\n"); /* increment the reference counter of the credential/session handle */ - connssl->cred->refcount++; + BACKEND->cred->refcount++; infof(data, "schannel: incremented credential handle refcount = %d\n", - connssl->cred->refcount); + BACKEND->cred->refcount); } Curl_ssl_sessionid_unlock(conn); } - if(!connssl->cred) { + if(!BACKEND->cred) { /* setup Schannel API options */ memset(&schannel_cred, 0, sizeof(schannel_cred)); schannel_cred.dwVersion = SCHANNEL_CRED_VERSION; @@ -272,14 +355,14 @@ } /* allocate memory for the re-usable credential handle */ - connssl->cred = (struct curl_schannel_cred *) + BACKEND->cred = (struct curl_schannel_cred *) malloc(sizeof(struct curl_schannel_cred)); - if(!connssl->cred) { + if(!BACKEND->cred) { failf(data, "schannel: unable to allocate memory"); return CURLE_OUT_OF_MEMORY; } - memset(connssl->cred, 0, sizeof(struct curl_schannel_cred)); - connssl->cred->refcount = 1; + memset(BACKEND->cred, 0, sizeof(struct curl_schannel_cred)); + BACKEND->cred->refcount = 1; /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx */ @@ -287,8 +370,8 @@ s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, &schannel_cred, NULL, NULL, - &connssl->cred->cred_handle, - &connssl->cred->time_stamp); + &BACKEND->cred->cred_handle, + &BACKEND->cred->time_stamp); if(sspi_status != SEC_E_OK) { if(sspi_status == SEC_E_WRONG_PRINCIPAL) @@ -297,7 +380,7 @@ else failf(data, "schannel: AcquireCredentialsHandle failed: %s", Curl_sspi_strerror(conn, sspi_status)); - Curl_safefree(connssl->cred); + Curl_safefree(BACKEND->cred); return CURLE_SSL_CONNECT_ERROR; } } @@ -312,7 +395,7 @@ } #ifdef HAS_ALPN - if(connssl->use_alpn) { + if(BACKEND->use_alpn) { int cur = 0; int list_start_index = 0; unsigned int *extension_len = NULL; @@ -370,18 +453,18 @@ InitSecBufferDesc(&outbuf_desc, &outbuf, 1); /* setup request flags */ - connssl->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | + BACKEND->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM; /* allocate memory for the security context handle */ - connssl->ctxt = (struct curl_schannel_ctxt *) + BACKEND->ctxt = (struct curl_schannel_ctxt *) malloc(sizeof(struct curl_schannel_ctxt)); - if(!connssl->ctxt) { + if(!BACKEND->ctxt) { failf(data, "schannel: unable to allocate memory"); return CURLE_OUT_OF_MEMORY; } - memset(connssl->ctxt, 0, sizeof(struct curl_schannel_ctxt)); + memset(BACKEND->ctxt, 0, sizeof(struct curl_schannel_ctxt)); host_name = Curl_convert_UTF8_to_tchar(hostname); if(!host_name) @@ -395,10 +478,10 @@ us problems with inbuf regardless. https://github.com/curl/curl/issues/983 */ sspi_status = s_pSecFn->InitializeSecurityContext( - &connssl->cred->cred_handle, NULL, host_name, connssl->req_flags, 0, 0, - (connssl->use_alpn ? &inbuf_desc : NULL), - 0, &connssl->ctxt->ctxt_handle, - &outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp); + &BACKEND->cred->cred_handle, NULL, host_name, BACKEND->req_flags, 0, 0, + (BACKEND->use_alpn ? &inbuf_desc : NULL), + 0, &BACKEND->ctxt->ctxt_handle, + &outbuf_desc, &BACKEND->ret_flags, &BACKEND->ctxt->time_stamp); Curl_unicodefree(host_name); @@ -409,7 +492,7 @@ else failf(data, "schannel: initial InitializeSecurityContext failed: %s", Curl_sspi_strerror(conn, sspi_status)); - Curl_safefree(connssl->ctxt); + Curl_safefree(BACKEND->ctxt); return CURLE_SSL_CONNECT_ERROR; } @@ -429,10 +512,10 @@ infof(data, "schannel: sent initial handshake data: " "sent %zd bytes\n", written); - connssl->recv_unrecoverable_err = CURLE_OK; - connssl->recv_sspi_close_notify = false; - connssl->recv_connection_closed = false; - connssl->encdata_is_incomplete = false; + BACKEND->recv_unrecoverable_err = CURLE_OK; + BACKEND->recv_sspi_close_notify = false; + BACKEND->recv_connection_closed = false; + BACKEND->encdata_is_incomplete = false; /* continue to second handshake step */ connssl->connecting_state = ssl_connect_2; @@ -465,39 +548,39 @@ infof(data, "schannel: SSL/TLS connection with %s port %hu (step 2/3)\n", hostname, conn->remote_port); - if(!connssl->cred || !connssl->ctxt) + if(!BACKEND->cred || !BACKEND->ctxt) return CURLE_SSL_CONNECT_ERROR; /* buffer to store previously received and decrypted data */ - if(connssl->decdata_buffer == NULL) { - connssl->decdata_offset = 0; - connssl->decdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE; - connssl->decdata_buffer = malloc(connssl->decdata_length); - if(connssl->decdata_buffer == NULL) { + if(BACKEND->decdata_buffer == NULL) { + BACKEND->decdata_offset = 0; + BACKEND->decdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE; + BACKEND->decdata_buffer = malloc(BACKEND->decdata_length); + if(BACKEND->decdata_buffer == NULL) { failf(data, "schannel: unable to allocate memory"); return CURLE_OUT_OF_MEMORY; } } /* buffer to store previously received and encrypted data */ - if(connssl->encdata_buffer == NULL) { - connssl->encdata_is_incomplete = false; - connssl->encdata_offset = 0; - connssl->encdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE; - connssl->encdata_buffer = malloc(connssl->encdata_length); - if(connssl->encdata_buffer == NULL) { + if(BACKEND->encdata_buffer == NULL) { + BACKEND->encdata_is_incomplete = false; + BACKEND->encdata_offset = 0; + BACKEND->encdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE; + BACKEND->encdata_buffer = malloc(BACKEND->encdata_length); + if(BACKEND->encdata_buffer == NULL) { failf(data, "schannel: unable to allocate memory"); return CURLE_OUT_OF_MEMORY; } } /* if we need a bigger buffer to read a full message, increase buffer now */ - if(connssl->encdata_length - connssl->encdata_offset < + if(BACKEND->encdata_length - BACKEND->encdata_offset < CURL_SCHANNEL_BUFFER_FREE_SIZE) { /* increase internal encrypted data buffer */ - reallocated_length = connssl->encdata_offset + + reallocated_length = BACKEND->encdata_offset + CURL_SCHANNEL_BUFFER_FREE_SIZE; - reallocated_buffer = realloc(connssl->encdata_buffer, + reallocated_buffer = realloc(BACKEND->encdata_buffer, reallocated_length); if(reallocated_buffer == NULL) { @@ -505,8 +588,8 @@ return CURLE_OUT_OF_MEMORY; } else { - connssl->encdata_buffer = reallocated_buffer; - connssl->encdata_length = reallocated_length; + BACKEND->encdata_buffer = reallocated_buffer; + BACKEND->encdata_length = reallocated_length; } } @@ -514,10 +597,10 @@ if(doread) { /* read encrypted handshake data from socket */ result = Curl_read_plain(conn->sock[sockindex], - (char *) (connssl->encdata_buffer + - connssl->encdata_offset), - connssl->encdata_length - - connssl->encdata_offset, + (char *) (BACKEND->encdata_buffer + + BACKEND->encdata_offset), + BACKEND->encdata_length - + BACKEND->encdata_offset, &nread); if(result == CURLE_AGAIN) { if(connssl->connecting_state != ssl_connect_2_writing) @@ -533,17 +616,17 @@ } /* increase encrypted data buffer offset */ - connssl->encdata_offset += nread; - connssl->encdata_is_incomplete = false; + BACKEND->encdata_offset += nread; + BACKEND->encdata_is_incomplete = false; infof(data, "schannel: encrypted data got %zd\n", nread); } infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n", - connssl->encdata_offset, connssl->encdata_length); + BACKEND->encdata_offset, BACKEND->encdata_length); /* setup input buffers */ - InitSecBuffer(&inbuf[0], SECBUFFER_TOKEN, malloc(connssl->encdata_offset), - curlx_uztoul(connssl->encdata_offset)); + InitSecBuffer(&inbuf[0], SECBUFFER_TOKEN, malloc(BACKEND->encdata_offset), + curlx_uztoul(BACKEND->encdata_offset)); InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0); InitSecBufferDesc(&inbuf_desc, inbuf, 2); @@ -559,8 +642,8 @@ } /* copy received handshake data into input buffer */ - memcpy(inbuf[0].pvBuffer, connssl->encdata_buffer, - connssl->encdata_offset); + memcpy(inbuf[0].pvBuffer, BACKEND->encdata_buffer, + BACKEND->encdata_offset); host_name = Curl_convert_UTF8_to_tchar(hostname); if(!host_name) @@ -569,9 +652,9 @@ /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx */ sspi_status = s_pSecFn->InitializeSecurityContext( - &connssl->cred->cred_handle, &connssl->ctxt->ctxt_handle, - host_name, connssl->req_flags, 0, 0, &inbuf_desc, 0, NULL, - &outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp); + &BACKEND->cred->cred_handle, &BACKEND->ctxt->ctxt_handle, + host_name, BACKEND->req_flags, 0, 0, &inbuf_desc, 0, NULL, + &outbuf_desc, &BACKEND->ret_flags, &BACKEND->ctxt->time_stamp); Curl_unicodefree(host_name); @@ -580,7 +663,7 @@ /* check if the handshake was incomplete */ if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { - connssl->encdata_is_incomplete = true; + BACKEND->encdata_is_incomplete = true; connssl->connecting_state = ssl_connect_2_reading; infof(data, "schannel: received incomplete message, need more data\n"); return CURLE_OK; @@ -590,8 +673,8 @@ the handshake without one. This will allow connections to servers which request a client certificate but do not require it. */ if(sspi_status == SEC_I_INCOMPLETE_CREDENTIALS && - !(connssl->req_flags & ISC_REQ_USE_SUPPLIED_CREDS)) { - connssl->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS; + !(BACKEND->req_flags & ISC_REQ_USE_SUPPLIED_CREDS)) { + BACKEND->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS; connssl->connecting_state = ssl_connect_2_writing; infof(data, "schannel: a client certificate has been requested\n"); return CURLE_OK; @@ -631,7 +714,7 @@ failf(data, "schannel: next InitializeSecurityContext failed: %s", Curl_sspi_strerror(conn, sspi_status)); return sspi_status == SEC_E_UNTRUSTED_ROOT ? - CURLE_SSL_CACERT_BADFILE : CURLE_SSL_CONNECT_ERROR; + CURLE_SSL_CACERT : CURLE_SSL_CONNECT_ERROR; } /* check if there was additional remaining encrypted data */ @@ -649,11 +732,11 @@ */ /* check if the remaining data is less than the total amount and therefore begins after the already processed data */ - if(connssl->encdata_offset > inbuf[1].cbBuffer) { - memmove(connssl->encdata_buffer, - (connssl->encdata_buffer + connssl->encdata_offset) - + if(BACKEND->encdata_offset > inbuf[1].cbBuffer) { + memmove(BACKEND->encdata_buffer, + (BACKEND->encdata_buffer + BACKEND->encdata_offset) - inbuf[1].cbBuffer, inbuf[1].cbBuffer); - connssl->encdata_offset = inbuf[1].cbBuffer; + BACKEND->encdata_offset = inbuf[1].cbBuffer; if(sspi_status == SEC_I_CONTINUE_NEEDED) { doread = FALSE; continue; @@ -661,7 +744,7 @@ } } else { - connssl->encdata_offset = 0; + BACKEND->encdata_offset = 0; } break; } @@ -709,27 +792,27 @@ infof(data, "schannel: SSL/TLS connection with %s port %hu (step 3/3)\n", hostname, conn->remote_port); - if(!connssl->cred) + if(!BACKEND->cred) return CURLE_SSL_CONNECT_ERROR; /* check if the required context attributes are met */ - if(connssl->ret_flags != connssl->req_flags) { - if(!(connssl->ret_flags & ISC_RET_SEQUENCE_DETECT)) + if(BACKEND->ret_flags != BACKEND->req_flags) { + if(!(BACKEND->ret_flags & ISC_RET_SEQUENCE_DETECT)) failf(data, "schannel: failed to setup sequence detection"); - if(!(connssl->ret_flags & ISC_RET_REPLAY_DETECT)) + if(!(BACKEND->ret_flags & ISC_RET_REPLAY_DETECT)) failf(data, "schannel: failed to setup replay detection"); - if(!(connssl->ret_flags & ISC_RET_CONFIDENTIALITY)) + if(!(BACKEND->ret_flags & ISC_RET_CONFIDENTIALITY)) failf(data, "schannel: failed to setup confidentiality"); - if(!(connssl->ret_flags & ISC_RET_ALLOCATED_MEMORY)) + if(!(BACKEND->ret_flags & ISC_RET_ALLOCATED_MEMORY)) failf(data, "schannel: failed to setup memory allocation"); - if(!(connssl->ret_flags & ISC_RET_STREAM)) + if(!(BACKEND->ret_flags & ISC_RET_STREAM)) failf(data, "schannel: failed to setup stream orientation"); return CURLE_SSL_CONNECT_ERROR; } #ifdef HAS_ALPN - if(connssl->use_alpn) { - sspi_status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle, + if(BACKEND->use_alpn) { + sspi_status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_APPLICATION_PROTOCOL, &alpn_result); if(sspi_status != SEC_E_OK) { @@ -771,7 +854,7 @@ incache = !(Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)); if(incache) { - if(old_cred != connssl->cred) { + if(old_cred != BACKEND->cred) { infof(data, "schannel: old credential handle is stale, removing\n"); /* we're not taking old_cred ownership here, no refcount++ is needed */ Curl_ssl_delsessionid(conn, (void *)old_cred); @@ -779,7 +862,7 @@ } } if(!incache) { - result = Curl_ssl_addsessionid(conn, (void *)connssl->cred, + result = Curl_ssl_addsessionid(conn, (void *)BACKEND->cred, sizeof(struct curl_schannel_cred), sockindex); if(result) { @@ -789,7 +872,7 @@ } else { /* this cred session is now also referenced by sessionid cache */ - connssl->cred->refcount++; + BACKEND->cred->refcount++; infof(data, "schannel: stored credential handle in session cache\n"); } } @@ -797,7 +880,7 @@ } if(data->set.ssl.certinfo) { - sspi_status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle, + sspi_status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &ccert_context); if((sspi_status != SEC_E_OK) || (ccert_context == NULL)) { @@ -951,11 +1034,11 @@ CURLcode result; /* check if the maximum stream sizes were queried */ - if(connssl->stream_sizes.cbMaximumMessage == 0) { + if(BACKEND->stream_sizes.cbMaximumMessage == 0) { sspi_status = s_pSecFn->QueryContextAttributes( - &connssl->ctxt->ctxt_handle, + &BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_STREAM_SIZES, - &connssl->stream_sizes); + &BACKEND->stream_sizes); if(sspi_status != SEC_E_OK) { *err = CURLE_SEND_ERROR; return -1; @@ -963,14 +1046,13 @@ } /* check if the buffer is longer than the maximum message length */ - if(len > connssl->stream_sizes.cbMaximumMessage) { - *err = CURLE_SEND_ERROR; - return -1; + if(len > BACKEND->stream_sizes.cbMaximumMessage) { + len = BACKEND->stream_sizes.cbMaximumMessage; } /* calculate the complete message length and allocate a buffer for it */ - data_len = connssl->stream_sizes.cbHeader + len + - connssl->stream_sizes.cbTrailer; + data_len = BACKEND->stream_sizes.cbHeader + len + + BACKEND->stream_sizes.cbTrailer; data = (unsigned char *) malloc(data_len); if(data == NULL) { *err = CURLE_OUT_OF_MEMORY; @@ -979,12 +1061,12 @@ /* setup output buffers (header, data, trailer, empty) */ InitSecBuffer(&outbuf[0], SECBUFFER_STREAM_HEADER, - data, connssl->stream_sizes.cbHeader); + data, BACKEND->stream_sizes.cbHeader); InitSecBuffer(&outbuf[1], SECBUFFER_DATA, - data + connssl->stream_sizes.cbHeader, curlx_uztoul(len)); + data + BACKEND->stream_sizes.cbHeader, curlx_uztoul(len)); InitSecBuffer(&outbuf[2], SECBUFFER_STREAM_TRAILER, - data + connssl->stream_sizes.cbHeader + len, - connssl->stream_sizes.cbTrailer); + data + BACKEND->stream_sizes.cbHeader + len, + BACKEND->stream_sizes.cbTrailer); InitSecBuffer(&outbuf[3], SECBUFFER_EMPTY, NULL, 0); InitSecBufferDesc(&outbuf_desc, outbuf, 4); @@ -992,7 +1074,7 @@ memcpy(outbuf[1].pvBuffer, buf, len); /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375390.aspx */ - sspi_status = s_pSecFn->EncryptMessage(&connssl->ctxt->ctxt_handle, 0, + sspi_status = s_pSecFn->EncryptMessage(&BACKEND->ctxt->ctxt_handle, 0, &outbuf_desc, 0); /* check if the message was encrypted */ @@ -1102,7 +1184,7 @@ size_t min_encdata_length = len + CURL_SCHANNEL_BUFFER_FREE_SIZE; /**************************************************************************** - * Don't return or set connssl->recv_unrecoverable_err unless in the cleanup. + * Don't return or set BACKEND->recv_unrecoverable_err unless in the cleanup. * The pattern for return error is set *err, optional infof, goto cleanup. * * Our priority is to always return as much decrypted data to the caller as @@ -1114,16 +1196,16 @@ infof(data, "schannel: client wants to read %zu bytes\n", len); *err = CURLE_OK; - if(len && len <= connssl->decdata_offset) { + if(len && len <= BACKEND->decdata_offset) { infof(data, "schannel: enough decrypted data is already available\n"); goto cleanup; } - else if(connssl->recv_unrecoverable_err) { - *err = connssl->recv_unrecoverable_err; + else if(BACKEND->recv_unrecoverable_err) { + *err = BACKEND->recv_unrecoverable_err; infof(data, "schannel: an unrecoverable error occurred in a prior call\n"); goto cleanup; } - else if(connssl->recv_sspi_close_notify) { + else if(BACKEND->recv_sspi_close_notify) { /* once a server has indicated shutdown there is no more encrypted data */ infof(data, "schannel: server indicated shutdown in a prior call\n"); goto cleanup; @@ -1135,17 +1217,17 @@ */ ; /* do nothing */ } - else if(!connssl->recv_connection_closed) { + else if(!BACKEND->recv_connection_closed) { /* increase enc buffer in order to fit the requested amount of data */ - size = connssl->encdata_length - connssl->encdata_offset; + size = BACKEND->encdata_length - BACKEND->encdata_offset; if(size < CURL_SCHANNEL_BUFFER_FREE_SIZE || - connssl->encdata_length < min_encdata_length) { - reallocated_length = connssl->encdata_offset + + BACKEND->encdata_length < min_encdata_length) { + reallocated_length = BACKEND->encdata_offset + CURL_SCHANNEL_BUFFER_FREE_SIZE; if(reallocated_length < min_encdata_length) { reallocated_length = min_encdata_length; } - reallocated_buffer = realloc(connssl->encdata_buffer, + reallocated_buffer = realloc(BACKEND->encdata_buffer, reallocated_length); if(reallocated_buffer == NULL) { *err = CURLE_OUT_OF_MEMORY; @@ -1153,20 +1235,20 @@ goto cleanup; } - connssl->encdata_buffer = reallocated_buffer; - connssl->encdata_length = reallocated_length; - size = connssl->encdata_length - connssl->encdata_offset; + BACKEND->encdata_buffer = reallocated_buffer; + BACKEND->encdata_length = reallocated_length; + size = BACKEND->encdata_length - BACKEND->encdata_offset; infof(data, "schannel: encdata_buffer resized %zu\n", - connssl->encdata_length); + BACKEND->encdata_length); } infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n", - connssl->encdata_offset, connssl->encdata_length); + BACKEND->encdata_offset, BACKEND->encdata_length); /* read encrypted data from socket */ *err = Curl_read_plain(conn->sock[sockindex], - (char *)(connssl->encdata_buffer + - connssl->encdata_offset), + (char *)(BACKEND->encdata_buffer + + BACKEND->encdata_offset), size, &nread); if(*err) { nread = -1; @@ -1178,26 +1260,26 @@ infof(data, "schannel: Curl_read_plain returned error %d\n", *err); } else if(nread == 0) { - connssl->recv_connection_closed = true; + BACKEND->recv_connection_closed = true; infof(data, "schannel: server closed the connection\n"); } else if(nread > 0) { - connssl->encdata_offset += (size_t)nread; - connssl->encdata_is_incomplete = false; + BACKEND->encdata_offset += (size_t)nread; + BACKEND->encdata_is_incomplete = false; infof(data, "schannel: encrypted data got %zd\n", nread); } } infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n", - connssl->encdata_offset, connssl->encdata_length); + BACKEND->encdata_offset, BACKEND->encdata_length); /* decrypt loop */ - while(connssl->encdata_offset > 0 && sspi_status == SEC_E_OK && - (!len || connssl->decdata_offset < len || - connssl->recv_connection_closed)) { + while(BACKEND->encdata_offset > 0 && sspi_status == SEC_E_OK && + (!len || BACKEND->decdata_offset < len || + BACKEND->recv_connection_closed)) { /* prepare data buffer for DecryptMessage call */ - InitSecBuffer(&inbuf[0], SECBUFFER_DATA, connssl->encdata_buffer, - curlx_uztoul(connssl->encdata_offset)); + InitSecBuffer(&inbuf[0], SECBUFFER_DATA, BACKEND->encdata_buffer, + curlx_uztoul(BACKEND->encdata_offset)); /* we need 3 more empty input buffers for possible output */ InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0); @@ -1207,7 +1289,7 @@ /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx */ - sspi_status = s_pSecFn->DecryptMessage(&connssl->ctxt->ctxt_handle, + sspi_status = s_pSecFn->DecryptMessage(&BACKEND->ctxt->ctxt_handle, &inbuf_desc, 0, NULL); /* check if everything went fine (server may want to renegotiate @@ -1223,36 +1305,36 @@ /* increase buffer in order to fit the received amount of data */ size = inbuf[1].cbBuffer > CURL_SCHANNEL_BUFFER_FREE_SIZE ? inbuf[1].cbBuffer : CURL_SCHANNEL_BUFFER_FREE_SIZE; - if(connssl->decdata_length - connssl->decdata_offset < size || - connssl->decdata_length < len) { + if(BACKEND->decdata_length - BACKEND->decdata_offset < size || + BACKEND->decdata_length < len) { /* increase internal decrypted data buffer */ - reallocated_length = connssl->decdata_offset + size; + reallocated_length = BACKEND->decdata_offset + size; /* make sure that the requested amount of data fits */ if(reallocated_length < len) { reallocated_length = len; } - reallocated_buffer = realloc(connssl->decdata_buffer, + reallocated_buffer = realloc(BACKEND->decdata_buffer, reallocated_length); if(reallocated_buffer == NULL) { *err = CURLE_OUT_OF_MEMORY; failf(data, "schannel: unable to re-allocate memory"); goto cleanup; } - connssl->decdata_buffer = reallocated_buffer; - connssl->decdata_length = reallocated_length; + BACKEND->decdata_buffer = reallocated_buffer; + BACKEND->decdata_length = reallocated_length; } /* copy decrypted data to internal buffer */ size = inbuf[1].cbBuffer; if(size) { - memcpy(connssl->decdata_buffer + connssl->decdata_offset, + memcpy(BACKEND->decdata_buffer + BACKEND->decdata_offset, inbuf[1].pvBuffer, size); - connssl->decdata_offset += size; + BACKEND->decdata_offset += size; } infof(data, "schannel: decrypted data added: %zu\n", size); infof(data, "schannel: decrypted data cached: offset %zu length %zu\n", - connssl->decdata_offset, connssl->decdata_length); + BACKEND->decdata_offset, BACKEND->decdata_length); } /* check for remaining encrypted data */ @@ -1263,21 +1345,21 @@ /* check if the remaining data is less than the total amount * and therefore begins after the already processed data */ - if(connssl->encdata_offset > inbuf[3].cbBuffer) { + if(BACKEND->encdata_offset > inbuf[3].cbBuffer) { /* move remaining encrypted data forward to the beginning of buffer */ - memmove(connssl->encdata_buffer, - (connssl->encdata_buffer + connssl->encdata_offset) - + memmove(BACKEND->encdata_buffer, + (BACKEND->encdata_buffer + BACKEND->encdata_offset) - inbuf[3].cbBuffer, inbuf[3].cbBuffer); - connssl->encdata_offset = inbuf[3].cbBuffer; + BACKEND->encdata_offset = inbuf[3].cbBuffer; } infof(data, "schannel: encrypted data cached: offset %zu length %zu\n", - connssl->encdata_offset, connssl->encdata_length); + BACKEND->encdata_offset, BACKEND->encdata_length); } else { /* reset encrypted buffer offset, because there is no data remaining */ - connssl->encdata_offset = 0; + BACKEND->encdata_offset = 0; } /* check if server wants to renegotiate the connection context */ @@ -1287,7 +1369,7 @@ infof(data, "schannel: can't renogotiate, an error is pending\n"); goto cleanup; } - if(connssl->encdata_offset) { + if(BACKEND->encdata_offset) { *err = CURLE_RECV_ERROR; infof(data, "schannel: can't renogotiate, " "encrypted data available\n"); @@ -1311,16 +1393,16 @@ else if(sspi_status == SEC_I_CONTEXT_EXPIRED) { /* In Windows 2000 SEC_I_CONTEXT_EXPIRED (close_notify) is not returned so we have to work around that in cleanup. */ - connssl->recv_sspi_close_notify = true; - if(!connssl->recv_connection_closed) { - connssl->recv_connection_closed = true; + BACKEND->recv_sspi_close_notify = true; + if(!BACKEND->recv_connection_closed) { + BACKEND->recv_connection_closed = true; infof(data, "schannel: server closed the connection\n"); } goto cleanup; } } else if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { - connssl->encdata_is_incomplete = true; + BACKEND->encdata_is_incomplete = true; if(!*err) *err = CURLE_AGAIN; infof(data, "schannel: failed to decrypt data, need more data\n"); @@ -1335,10 +1417,10 @@ } infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n", - connssl->encdata_offset, connssl->encdata_length); + BACKEND->encdata_offset, BACKEND->encdata_length); infof(data, "schannel: decrypted data buffer: offset %zu length %zu\n", - connssl->decdata_offset, connssl->decdata_length); + BACKEND->decdata_offset, BACKEND->decdata_length); cleanup: /* Warning- there is no guarantee the encdata state is valid at this point */ @@ -1352,13 +1434,13 @@ return close_notify. In that case if the connection was closed we assume it was graceful (close_notify) since there doesn't seem to be a way to tell. */ - if(len && !connssl->decdata_offset && connssl->recv_connection_closed && - !connssl->recv_sspi_close_notify) { + if(len && !BACKEND->decdata_offset && BACKEND->recv_connection_closed && + !BACKEND->recv_sspi_close_notify) { bool isWin2k = Curl_verify_windows_version(5, 0, PLATFORM_WINNT, VERSION_EQUAL); if(isWin2k && sspi_status == SEC_E_OK) - connssl->recv_sspi_close_notify = true; + BACKEND->recv_sspi_close_notify = true; else { *err = CURLE_RECV_ERROR; infof(data, "schannel: server closed abruptly (missing close_notify)\n"); @@ -1367,23 +1449,23 @@ /* Any error other than CURLE_AGAIN is an unrecoverable error. */ if(*err && *err != CURLE_AGAIN) - connssl->recv_unrecoverable_err = *err; + BACKEND->recv_unrecoverable_err = *err; - size = len < connssl->decdata_offset ? len : connssl->decdata_offset; + size = len < BACKEND->decdata_offset ? len : BACKEND->decdata_offset; if(size) { - memcpy(buf, connssl->decdata_buffer, size); - memmove(connssl->decdata_buffer, connssl->decdata_buffer + size, - connssl->decdata_offset - size); - connssl->decdata_offset -= size; + memcpy(buf, BACKEND->decdata_buffer, size); + memmove(BACKEND->decdata_buffer, BACKEND->decdata_buffer + size, + BACKEND->decdata_offset - size); + BACKEND->decdata_offset -= size; infof(data, "schannel: decrypted data returned %zu\n", size); infof(data, "schannel: decrypted data buffer: offset %zu length %zu\n", - connssl->decdata_offset, connssl->decdata_length); + BACKEND->decdata_offset, BACKEND->decdata_length); *err = CURLE_OK; return (ssize_t)size; } - if(!*err && !connssl->recv_connection_closed) + if(!*err && !BACKEND->recv_connection_closed) *err = CURLE_AGAIN; /* It's debatable what to return when !len. We could return whatever error we @@ -1395,15 +1477,13 @@ return *err ? -1 : 0; } -CURLcode -Curl_schannel_connect_nonblocking(struct connectdata *conn, int sockindex, - bool *done) +static CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return schannel_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_schannel_connect(struct connectdata *conn, int sockindex) +static CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -1417,25 +1497,38 @@ return CURLE_OK; } -bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex) +static bool Curl_schannel_data_pending(const struct connectdata *conn, + int sockindex) { const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; if(connssl->use) /* SSL/TLS is in use */ - return (connssl->decdata_offset > 0 || - (connssl->encdata_offset > 0 && !connssl->encdata_is_incomplete)); + return (BACKEND->decdata_offset > 0 || + (BACKEND->encdata_offset > 0 && !BACKEND->encdata_is_incomplete)); else return FALSE; } -void Curl_schannel_close(struct connectdata *conn, int sockindex) +static void Curl_schannel_close(struct connectdata *conn, int sockindex) { if(conn->ssl[sockindex].use) /* if the SSL/TLS channel hasn't been shut down yet, do that now. */ Curl_ssl_shutdown(conn, sockindex); } -int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) +static void Curl_schannel_session_free(void *ptr) +{ + /* this is expected to be called under sessionid lock */ + struct curl_schannel_cred *cred = ptr; + + cred->refcount--; + if(cred->refcount == 0) { + s_pSecFn->FreeCredentialsHandle(&cred->cred_handle); + Curl_safefree(cred); + } +} + +static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) { /* See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx * Shutting Down an Schannel Connection @@ -1448,7 +1541,7 @@ infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu\n", hostname, conn->remote_port); - if(connssl->cred && connssl->ctxt) { + if(BACKEND->cred && BACKEND->ctxt) { SecBufferDesc BuffDesc; SecBuffer Buffer; SECURITY_STATUS sspi_status; @@ -1461,7 +1554,7 @@ InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut)); InitSecBufferDesc(&BuffDesc, &Buffer, 1); - sspi_status = s_pSecFn->ApplyControlToken(&connssl->ctxt->ctxt_handle, + sspi_status = s_pSecFn->ApplyControlToken(&BACKEND->ctxt->ctxt_handle, &BuffDesc); if(sspi_status != SEC_E_OK) @@ -1477,18 +1570,18 @@ InitSecBufferDesc(&outbuf_desc, &outbuf, 1); sspi_status = s_pSecFn->InitializeSecurityContext( - &connssl->cred->cred_handle, - &connssl->ctxt->ctxt_handle, + &BACKEND->cred->cred_handle, + &BACKEND->ctxt->ctxt_handle, host_name, - connssl->req_flags, + BACKEND->req_flags, 0, 0, NULL, 0, - &connssl->ctxt->ctxt_handle, + &BACKEND->ctxt->ctxt_handle, &outbuf_desc, - &connssl->ret_flags, - &connssl->ctxt->time_stamp); + &BACKEND->ret_flags, + &BACKEND->ctxt->time_stamp); Curl_unicodefree(host_name); @@ -1507,71 +1600,62 @@ } /* free SSPI Schannel API security context handle */ - if(connssl->ctxt) { + if(BACKEND->ctxt) { infof(data, "schannel: clear security context handle\n"); - s_pSecFn->DeleteSecurityContext(&connssl->ctxt->ctxt_handle); - Curl_safefree(connssl->ctxt); + s_pSecFn->DeleteSecurityContext(&BACKEND->ctxt->ctxt_handle); + Curl_safefree(BACKEND->ctxt); } /* free SSPI Schannel API credential handle */ - if(connssl->cred) { + if(BACKEND->cred) { Curl_ssl_sessionid_lock(conn); - Curl_schannel_session_free(connssl->cred); + Curl_schannel_session_free(BACKEND->cred); Curl_ssl_sessionid_unlock(conn); - connssl->cred = NULL; + BACKEND->cred = NULL; } /* free internal buffer for received encrypted data */ - if(connssl->encdata_buffer != NULL) { - Curl_safefree(connssl->encdata_buffer); - connssl->encdata_length = 0; - connssl->encdata_offset = 0; - connssl->encdata_is_incomplete = false; + if(BACKEND->encdata_buffer != NULL) { + Curl_safefree(BACKEND->encdata_buffer); + BACKEND->encdata_length = 0; + BACKEND->encdata_offset = 0; + BACKEND->encdata_is_incomplete = false; } /* free internal buffer for received decrypted data */ - if(connssl->decdata_buffer != NULL) { - Curl_safefree(connssl->decdata_buffer); - connssl->decdata_length = 0; - connssl->decdata_offset = 0; + if(BACKEND->decdata_buffer != NULL) { + Curl_safefree(BACKEND->decdata_buffer); + BACKEND->decdata_length = 0; + BACKEND->decdata_offset = 0; } return CURLE_OK; } -void Curl_schannel_session_free(void *ptr) -{ - /* this is expected to be called under sessionid lock */ - struct curl_schannel_cred *cred = ptr; - - cred->refcount--; - if(cred->refcount == 0) { - s_pSecFn->FreeCredentialsHandle(&cred->cred_handle); - Curl_safefree(cred); - } -} - -int Curl_schannel_init(void) +static int Curl_schannel_init(void) { return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0); } -void Curl_schannel_cleanup(void) +static void Curl_schannel_cleanup(void) { Curl_sspi_global_cleanup(); } -size_t Curl_schannel_version(char *buffer, size_t size) +static size_t Curl_schannel_version(char *buffer, size_t size) { size = snprintf(buffer, size, "WinSSL"); return size; } -CURLcode Curl_schannel_random(unsigned char *entropy, size_t length) +static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM, + unsigned char *entropy, size_t length) { HCRYPTPROV hCryptProv = 0; + (void)data; + if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) return CURLE_FAILED_INIT; @@ -1598,7 +1682,7 @@ conn->http_proxy.host.name : conn->host.name; - status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle, + status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &pCertContextServer); @@ -1725,4 +1809,44 @@ } #endif /* _WIN32_WCE */ +static void *Curl_schannel_get_internals(struct ssl_connect_data *connssl, + CURLINFO info UNUSED_PARAM) +{ + (void)info; + return &BACKEND->ctxt->ctxt_handle; +} + +const struct Curl_ssl Curl_ssl_schannel = { + { CURLSSLBACKEND_SCHANNEL, "schannel" }, /* info */ + + 0, /* have_ca_path */ + 1, /* have_certinfo */ + 0, /* have_pinnedpubkey */ + 0, /* have_ssl_ctx */ + 0, /* support_https_proxy */ + + sizeof(struct ssl_backend_data), + + Curl_schannel_init, /* init */ + Curl_schannel_cleanup, /* cleanup */ + Curl_schannel_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_schannel_shutdown, /* shutdown */ + Curl_schannel_data_pending, /* data_pending */ + Curl_schannel_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_schannel_connect, /* connect */ + Curl_schannel_connect_nonblocking, /* connect_nonblocking */ + Curl_schannel_get_internals, /* get_internals */ + Curl_schannel_close, /* close_one */ + Curl_none_close_all, /* close_all */ + Curl_schannel_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start, /* false_start */ + Curl_none_md5sum, /* md5sum */ + NULL /* sha256sum */ +}; + #endif /* USE_SCHANNEL */ diff -Nru curl-7.55.1/lib/vtls/schannel.h curl-7.57.0/lib/vtls/schannel.h --- curl-7.55.1/lib/vtls/schannel.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/schannel.h 2017-11-09 22:40:36.000000000 +0000 @@ -28,94 +28,7 @@ #include "urldata.h" -#ifndef UNISP_NAME_A -#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider" -#endif - -#ifndef UNISP_NAME_W -#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider" -#endif - -#ifndef UNISP_NAME -#ifdef UNICODE -#define UNISP_NAME UNISP_NAME_W -#else -#define UNISP_NAME UNISP_NAME_A -#endif -#endif - -#ifndef SP_PROT_SSL2_CLIENT -#define SP_PROT_SSL2_CLIENT 0x00000008 -#endif - -#ifndef SP_PROT_SSL3_CLIENT -#define SP_PROT_SSL3_CLIENT 0x00000008 -#endif - -#ifndef SP_PROT_TLS1_CLIENT -#define SP_PROT_TLS1_CLIENT 0x00000080 -#endif - -#ifndef SP_PROT_TLS1_0_CLIENT -#define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT -#endif - -#ifndef SP_PROT_TLS1_1_CLIENT -#define SP_PROT_TLS1_1_CLIENT 0x00000200 -#endif - -#ifndef SP_PROT_TLS1_2_CLIENT -#define SP_PROT_TLS1_2_CLIENT 0x00000800 -#endif - -#ifndef SECBUFFER_ALERT -#define SECBUFFER_ALERT 17 -#endif - -/* Both schannel buffer sizes must be > 0 */ -#define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096 -#define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024 - - -CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex); - -CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); - -bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex); -void Curl_schannel_close(struct connectdata *conn, int sockindex); -int Curl_schannel_shutdown(struct connectdata *conn, int sockindex); -void Curl_schannel_session_free(void *ptr); - -int Curl_schannel_init(void); -void Curl_schannel_cleanup(void); -size_t Curl_schannel_version(char *buffer, size_t size); - -CURLcode Curl_schannel_random(unsigned char *entropy, size_t length); - -/* Set the API backend definition to Schannel */ -#define CURL_SSL_BACKEND CURLSSLBACKEND_SCHANNEL - -/* this backend supports CURLOPT_CERTINFO */ -#define have_curlssl_certinfo 1 - -/* API setup for Schannel */ -#define curlssl_init Curl_schannel_init -#define curlssl_cleanup Curl_schannel_cleanup -#define curlssl_connect Curl_schannel_connect -#define curlssl_connect_nonblocking Curl_schannel_connect_nonblocking -#define curlssl_session_free Curl_schannel_session_free -#define curlssl_close_all(x) ((void)x) -#define curlssl_close Curl_schannel_close -#define curlssl_shutdown Curl_schannel_shutdown -#define curlssl_set_engine(x,y) ((void)x, (void)y, CURLE_NOT_BUILT_IN) -#define curlssl_set_engine_default(x) ((void)x, CURLE_NOT_BUILT_IN) -#define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) -#define curlssl_version Curl_schannel_version -#define curlssl_check_cxn(x) ((void)x, -1) -#define curlssl_data_pending Curl_schannel_data_pending -#define curlssl_random(x,y,z) ((void)x, Curl_schannel_random(y,z)) +extern const struct Curl_ssl Curl_ssl_schannel; #endif /* USE_SCHANNEL */ #endif /* HEADER_CURL_SCHANNEL_H */ diff -Nru curl-7.55.1/lib/vtls/vtls.c curl-7.57.0/lib/vtls/vtls.c --- curl-7.55.1/lib/vtls/vtls.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/vtls.c 2017-11-10 16:47:30.000000000 +0000 @@ -28,17 +28,9 @@ to any specific SSL-layer. Curl_ssl_ - prefix for generic ones - Curl_ossl_ - prefix for OpenSSL ones - Curl_gtls_ - prefix for GnuTLS ones - Curl_nss_ - prefix for NSS ones - Curl_gskit_ - prefix for GSKit ones - Curl_polarssl_ - prefix for PolarSSL ones - Curl_cyassl_ - prefix for CyaSSL ones - Curl_schannel_ - prefix for Schannel SSPI ones - Curl_darwinssl_ - prefix for SecureTransport (Darwin) ones - Note that this source code uses curlssl_* functions, and they are all - defines/macros #defined by the lib-specific header files. + Note that this source code uses the functions of the configured SSL + backend via the global Curl_ssl instance. "SSL/TLS Strong Encryption: An Introduction" https://httpd.apache.org/docs/2.0/ssl/ssl_intro.html @@ -98,9 +90,12 @@ (data->version_max == needle->version_max) && (data->verifypeer == needle->verifypeer) && (data->verifyhost == needle->verifyhost) && + (data->verifystatus == needle->verifystatus) && Curl_safe_strcasecompare(data->CApath, needle->CApath) && Curl_safe_strcasecompare(data->CAfile, needle->CAfile) && Curl_safe_strcasecompare(data->clientcert, needle->clientcert) && + Curl_safe_strcasecompare(data->random_file, needle->random_file) && + Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) && Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list)) return TRUE; @@ -111,42 +106,51 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, struct ssl_primary_config *dest) { - dest->verifyhost = source->verifyhost; - dest->verifypeer = source->verifypeer; dest->version = source->version; dest->version_max = source->version_max; + dest->verifypeer = source->verifypeer; + dest->verifyhost = source->verifyhost; + dest->verifystatus = source->verifystatus; + dest->sessionid = source->sessionid; - CLONE_STRING(CAfile); CLONE_STRING(CApath); - CLONE_STRING(cipher_list); - CLONE_STRING(egdsocket); - CLONE_STRING(random_file); + CLONE_STRING(CAfile); CLONE_STRING(clientcert); + CLONE_STRING(random_file); + CLONE_STRING(egdsocket); + CLONE_STRING(cipher_list); - /* Disable dest sessionid cache if a client cert is used, CVE-2016-5419. */ - dest->sessionid = (dest->clientcert ? false : source->sessionid); return TRUE; } void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc) { - Curl_safefree(sslc->CAfile); Curl_safefree(sslc->CApath); - Curl_safefree(sslc->cipher_list); - Curl_safefree(sslc->egdsocket); - Curl_safefree(sslc->random_file); + Curl_safefree(sslc->CAfile); Curl_safefree(sslc->clientcert); + Curl_safefree(sslc->random_file); + Curl_safefree(sslc->egdsocket); + Curl_safefree(sslc->cipher_list); } +#ifdef USE_SSL +static int multissl_init(const struct Curl_ssl *backend); +#endif + int Curl_ssl_backend(void) { - return (int)CURL_SSL_BACKEND; +#ifdef USE_SSL + multissl_init(NULL); + return Curl_ssl->info.id; +#else + return (int)CURLSSLBACKEND_NONE; +#endif } #ifdef USE_SSL /* "global" init done? */ -static bool init_ssl=FALSE; +static bool init_ssl = FALSE; /** * Global SSL init @@ -161,7 +165,7 @@ return 1; init_ssl = TRUE; /* never again */ - return curlssl_init(); + return Curl_ssl->init(); } @@ -170,7 +174,7 @@ { if(init_ssl) { /* only cleanup if we did a previous init */ - curlssl_cleanup(); + Curl_ssl->cleanup(); init_ssl = FALSE; } } @@ -205,12 +209,20 @@ DEBUGASSERT(conn->bits.proxy_ssl_connected[sockindex]); if(ssl_connection_complete == conn->ssl[sockindex].state && !conn->proxy_ssl[sockindex].use) { -#if defined(HTTPS_PROXY_SUPPORT) + struct ssl_backend_data *pbdata; + + if(!Curl_ssl->support_https_proxy) + return CURLE_NOT_BUILT_IN; + + /* The pointers to the ssl backend data, which is opaque here, are swapped + rather than move the contents. */ + pbdata = conn->proxy_ssl[sockindex].backend; conn->proxy_ssl[sockindex] = conn->ssl[sockindex]; + memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex])); -#else - return CURLE_NOT_BUILT_IN; -#endif + memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data); + + conn->ssl[sockindex].backend = pbdata; } return CURLE_OK; } @@ -233,7 +245,7 @@ conn->ssl[sockindex].use = TRUE; conn->ssl[sockindex].state = ssl_connection_negotiating; - result = curlssl_connect(conn, sockindex); + result = Curl_ssl->connect(conn, sockindex); if(!result) Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */ @@ -257,12 +269,7 @@ /* mark this is being ssl requested from here on. */ conn->ssl[sockindex].use = TRUE; -#ifdef curlssl_connect_nonblocking - result = curlssl_connect_nonblocking(conn, sockindex, done); -#else - *done = TRUE; /* fallback to BLOCKING */ - result = curlssl_connect(conn, sockindex); -#endif /* non-blocking connect support */ + result = Curl_ssl->connect_nonblocking(conn, sockindex, done); if(!result && *done) Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */ return result; @@ -361,7 +368,7 @@ /* defensive check */ /* free the ID the SSL-layer specific way */ - curlssl_session_free(session->sessionid); + Curl_ssl->session_free(session->sessionid); session->sessionid = NULL; session->age = 0; /* fresh */ @@ -379,7 +386,7 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid) { size_t i; - struct Curl_easy *data=conn->data; + struct Curl_easy *data = conn->data; for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) { struct curl_ssl_session *check = &data->state.session[i]; @@ -403,9 +410,9 @@ int sockindex) { size_t i; - struct Curl_easy *data=conn->data; /* the mother of all structs */ + struct Curl_easy *data = conn->data; /* the mother of all structs */ struct curl_ssl_session *store = &data->state.session[0]; - long oldest_age=data->state.session[0].age; /* zero if unused */ + long oldest_age = data->state.session[0].age; /* zero if unused */ char *clone_host; char *clone_conn_to_host; int conn_to_port; @@ -499,7 +506,7 @@ Curl_safefree(data->state.session); } - curlssl_close_all(data); + Curl_ssl->close_all(data); } #if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ @@ -542,12 +549,12 @@ void Curl_ssl_close(struct connectdata *conn, int sockindex) { DEBUGASSERT((sockindex <= 1) && (sockindex >= -1)); - curlssl_close(conn, sockindex); + Curl_ssl->close_one(conn, sockindex); } CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex) { - if(curlssl_shutdown(conn, sockindex)) + if(Curl_ssl->shutdown(conn, sockindex)) return CURLE_SSL_SHUTDOWN_FAILED; conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */ @@ -563,20 +570,20 @@ */ CURLcode Curl_ssl_set_engine(struct Curl_easy *data, const char *engine) { - return curlssl_set_engine(data, engine); + return Curl_ssl->set_engine(data, engine); } /* Selects the default SSL crypto engine */ CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data) { - return curlssl_set_engine_default(data); + return Curl_ssl->set_engine_default(data); } /* Return list of OpenSSL crypto engine names. */ struct curl_slist *Curl_ssl_engines_list(struct Curl_easy *data) { - return curlssl_engines_list(data); + return Curl_ssl->engines_list(data); } /* @@ -602,9 +609,15 @@ return CURLE_OK; } +static size_t Curl_multissl_version(char *buffer, size_t size); + size_t Curl_ssl_version(char *buffer, size_t size) { - return curlssl_version(buffer, size); +#ifdef CURL_WITH_MULTI_SSL + return Curl_multissl_version(buffer, size); +#else + return Curl_ssl->version(buffer, size); +#endif } /* @@ -617,13 +630,13 @@ */ int Curl_ssl_check_cxn(struct connectdata *conn) { - return curlssl_check_cxn(conn); + return Curl_ssl->check_cxn(conn); } bool Curl_ssl_data_pending(const struct connectdata *conn, int connindex) { - return curlssl_data_pending(conn, connindex); + return Curl_ssl->data_pending(conn, connindex); } void Curl_ssl_free_certinfo(struct Curl_easy *data) @@ -633,7 +646,7 @@ if(ci->num_of_certs) { /* free all individual lists used */ - for(i=0; inum_of_certs; i++) { + for(i = 0; inum_of_certs; i++) { curl_slist_free_all(ci->certinfo[i]); ci->certinfo[i] = NULL; } @@ -687,7 +700,7 @@ snprintf(output, outlen, "%s:", label); /* memcpy the value (it might not be zero terminated) */ - memcpy(&output[labellen+1], value, valuelen); + memcpy(&output[labellen + 1], value, valuelen); /* zero terminate the output */ output[labellen + 1 + valuelen] = 0; @@ -721,7 +734,7 @@ unsigned char *entropy, size_t length) { - return curlssl_random(data, entropy, length); + return Curl_ssl->random(data, entropy, length); } /* @@ -796,12 +809,10 @@ size_t size, pem_len; CURLcode pem_read; CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; -#ifdef curlssl_sha256sum CURLcode encode; size_t encodedlen, pinkeylen; char *encoded, *pinkeycopy, *begin_pos, *end_pos; unsigned char *sha256sumdigest = NULL; -#endif /* if a path wasn't specified, don't pin */ if(!pinnedpubkey) @@ -811,15 +822,20 @@ /* only do this if pinnedpubkey starts with "sha256//", length 8 */ if(strncmp(pinnedpubkey, "sha256//", 8) == 0) { -#ifdef curlssl_sha256sum + if(!Curl_ssl->sha256sum) { + /* without sha256 support, this cannot match */ + return result; + } + /* compute sha256sum of public key */ - sha256sumdigest = malloc(SHA256_DIGEST_LENGTH); + sha256sumdigest = malloc(CURL_SHA256_DIGEST_LENGTH); if(!sha256sumdigest) return CURLE_OUT_OF_MEMORY; - curlssl_sha256sum(pubkey, pubkeylen, - sha256sumdigest, SHA256_DIGEST_LENGTH); + Curl_ssl->sha256sum(pubkey, pubkeylen, + sha256sumdigest, CURL_SHA256_DIGEST_LENGTH); encode = Curl_base64_encode(data, (char *)sha256sumdigest, - SHA256_DIGEST_LENGTH, &encoded, &encodedlen); + CURL_SHA256_DIGEST_LENGTH, &encoded, + &encodedlen); Curl_safefree(sha256sumdigest); if(encode) @@ -864,10 +880,6 @@ } while(end_pos && begin_pos); Curl_safefree(encoded); Curl_safefree(pinkeycopy); -#else - /* without sha256 support, this cannot match */ - (void)data; -#endif return result; } @@ -943,45 +955,372 @@ unsigned char *md5sum, /* output */ size_t md5len) { -#ifdef curlssl_md5sum - curlssl_md5sum(tmp, tmplen, md5sum, md5len); -#else + return Curl_ssl->md5sum(tmp, tmplen, md5sum, md5len); +} +#endif + +/* + * Check whether the SSL backend supports the status_request extension. + */ +bool Curl_ssl_cert_status_request(void) +{ + return Curl_ssl->cert_status_request(); +} + +/* + * Check whether the SSL backend supports false start. + */ +bool Curl_ssl_false_start(void) +{ + return Curl_ssl->false_start(); +} + +/* + * Default implementations for unsupported functions. + */ + +int Curl_none_init(void) +{ + return 1; +} + +void Curl_none_cleanup(void) +{ } + +int Curl_none_shutdown(struct connectdata *conn UNUSED_PARAM, + int sockindex UNUSED_PARAM) +{ + (void)conn; + (void)sockindex; + return 0; +} + +int Curl_none_check_cxn(struct connectdata *conn UNUSED_PARAM) +{ + (void)conn; + return -1; +} + +CURLcode Curl_none_random(struct Curl_easy *data UNUSED_PARAM, + unsigned char *entropy UNUSED_PARAM, + size_t length UNUSED_PARAM) +{ + (void)data; + (void)entropy; + (void)length; + return CURLE_NOT_BUILT_IN; +} + +void Curl_none_close_all(struct Curl_easy *data UNUSED_PARAM) +{ + (void)data; +} + +void Curl_none_session_free(void *ptr UNUSED_PARAM) +{ + (void)ptr; +} + +bool Curl_none_data_pending(const struct connectdata *conn UNUSED_PARAM, + int connindex UNUSED_PARAM) +{ + (void)conn; + (void)connindex; + return 0; +} + +bool Curl_none_cert_status_request(void) +{ + return FALSE; +} + +CURLcode Curl_none_set_engine(struct Curl_easy *data UNUSED_PARAM, + const char *engine UNUSED_PARAM) +{ + (void)data; + (void)engine; + return CURLE_NOT_BUILT_IN; +} + +CURLcode Curl_none_set_engine_default(struct Curl_easy *data UNUSED_PARAM) +{ + (void)data; + return CURLE_NOT_BUILT_IN; +} + +struct curl_slist *Curl_none_engines_list(struct Curl_easy *data UNUSED_PARAM) +{ + (void)data; + return (struct curl_slist *)NULL; +} + +bool Curl_none_false_start(void) +{ + return FALSE; +} + +#ifndef CURL_DISABLE_CRYPTO_AUTH +CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen, + unsigned char *md5sum, size_t md5len UNUSED_PARAM) +{ MD5_context *MD5pw; - (void) md5len; + (void)md5len; MD5pw = Curl_MD5_init(Curl_DIGEST_MD5); if(!MD5pw) return CURLE_OUT_OF_MEMORY; - Curl_MD5_update(MD5pw, tmp, curlx_uztoui(tmplen)); + Curl_MD5_update(MD5pw, input, curlx_uztoui(inputlen)); Curl_MD5_final(MD5pw, md5sum); -#endif return CURLE_OK; } +#else +CURLcode Curl_none_md5sum(unsigned char *input UNUSED_PARAM, + size_t inputlen UNUSED_PARAM, + unsigned char *md5sum UNUSED_PARAM, + size_t md5len UNUSED_PARAM) +{ + (void)input; + (void)inputlen; + (void)md5sum; + (void)md5len; + return CURLE_NOT_BUILT_IN; +} #endif -/* - * Check whether the SSL backend supports the status_request extension. - */ -bool Curl_ssl_cert_status_request(void) +static int Curl_multissl_init(void) { -#ifdef curlssl_cert_status_request - return curlssl_cert_status_request(); + if(multissl_init(NULL)) + return 1; + return Curl_ssl->init(); +} + +static CURLcode Curl_multissl_connect(struct connectdata *conn, int sockindex) +{ + if(multissl_init(NULL)) + return CURLE_FAILED_INIT; + return Curl_ssl->connect(conn, sockindex); +} + +static CURLcode Curl_multissl_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) +{ + if(multissl_init(NULL)) + return CURLE_FAILED_INIT; + return Curl_ssl->connect_nonblocking(conn, sockindex, done); +} + +static void *Curl_multissl_get_internals(struct ssl_connect_data *connssl, + CURLINFO info) +{ + if(multissl_init(NULL)) + return NULL; + return Curl_ssl->get_internals(connssl, info); +} + +static void Curl_multissl_close(struct connectdata *conn, int sockindex) +{ + if(multissl_init(NULL)) + return; + Curl_ssl->close_one(conn, sockindex); +} + +static const struct Curl_ssl Curl_ssl_multi = { + { CURLSSLBACKEND_NONE, "multi" }, /* info */ + + 0, /* have_ca_path */ + 0, /* have_certinfo */ + 0, /* have_pinnedpubkey */ + 0, /* have_ssl_ctx */ + 0, /* support_https_proxy */ + + (size_t)-1, /* something insanely large to be on the safe side */ + + Curl_multissl_init, /* init */ + Curl_none_cleanup, /* cleanup */ + Curl_multissl_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_none_shutdown, /* shutdown */ + Curl_none_data_pending, /* data_pending */ + Curl_none_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_multissl_connect, /* connect */ + Curl_multissl_connect_nonblocking, /* connect_nonblocking */ + Curl_multissl_get_internals, /* get_internals */ + Curl_multissl_close, /* close_one */ + Curl_none_close_all, /* close_all */ + Curl_none_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start, /* false_start */ + Curl_none_md5sum, /* md5sum */ + NULL /* sha256sum */ +}; + +const struct Curl_ssl *Curl_ssl = +#if defined(CURL_WITH_MULTI_SSL) + &Curl_ssl_multi; +#elif defined(USE_AXTLS) + &Curl_ssl_axtls; +#elif defined(USE_CYASSL) + &Curl_ssl_cyassl; +#elif defined(USE_DARWINSSL) + &Curl_ssl_darwinssl; +#elif defined(USE_GNUTLS) + &Curl_ssl_gnutls; +#elif defined(USE_GSKIT) + &Curl_ssl_gskit; +#elif defined(USE_MBEDTLS) + &Curl_ssl_mbedtls; +#elif defined(USE_NSS) + &Curl_ssl_nss; +#elif defined(USE_OPENSSL) + &Curl_ssl_openssl; +#elif defined(USE_POLARSSL) + &Curl_ssl_polarssl; +#elif defined(USE_SCHANNEL) + &Curl_ssl_schannel; #else - return FALSE; +#error "Missing struct Curl_ssl for selected SSL backend" +#endif + +static const struct Curl_ssl *available_backends[] = { +#if defined(USE_AXTLS) + &Curl_ssl_axtls, +#endif +#if defined(USE_CYASSL) + &Curl_ssl_cyassl, +#endif +#if defined(USE_DARWINSSL) + &Curl_ssl_darwinssl, +#endif +#if defined(USE_GNUTLS) + &Curl_ssl_gnutls, +#endif +#if defined(USE_GSKIT) + &Curl_ssl_gskit, +#endif +#if defined(USE_MBEDTLS) + &Curl_ssl_mbedtls, #endif +#if defined(USE_NSS) + &Curl_ssl_nss, +#endif +#if defined(USE_OPENSSL) + &Curl_ssl_openssl, +#endif +#if defined(USE_POLARSSL) + &Curl_ssl_polarssl, +#endif +#if defined(USE_SCHANNEL) + &Curl_ssl_schannel, +#endif + NULL +}; + +static size_t Curl_multissl_version(char *buffer, size_t size) +{ + static const struct Curl_ssl *selected; + static char backends[200]; + static size_t total; + const struct Curl_ssl *current; + + current = Curl_ssl == &Curl_ssl_multi ? available_backends[0] : Curl_ssl; + + if(current != selected) { + char *p = backends; + int i; + + selected = current; + + for(i = 0; available_backends[i]; i++) { + if(i) + *(p++) = ' '; + if(selected != available_backends[i]) + *(p++) = '('; + p += available_backends[i]->version(p, backends + sizeof(backends) - p); + if(selected != available_backends[i]) + *(p++) = ')'; + } + *p = '\0'; + total = p - backends; + } + + if(size < total) + memcpy(buffer, backends, total + 1); + else { + memcpy(buffer, backends, size - 1); + buffer[size - 1] = '\0'; + } + + return total; } -/* - * Check whether the SSL backend supports false start. - */ -bool Curl_ssl_false_start(void) +static int multissl_init(const struct Curl_ssl *backend) { -#ifdef curlssl_false_start - return curlssl_false_start(); -#else - return FALSE; + const char *env; + int i; + + if(Curl_ssl != &Curl_ssl_multi) + return 1; + + if(backend) { + Curl_ssl = backend; + return 0; + } + + if(!available_backends[0]) + return 1; + + env = getenv("CURL_SSL_BACKEND"); +#ifdef CURL_DEFAULT_SSL_BACKEND + if(!env) + env = CURL_DEFAULT_SSL_BACKEND; #endif + if(env) { + for(i = 0; available_backends[i]; i++) { + if(strcasecompare(env, available_backends[i]->info.name)) { + Curl_ssl = available_backends[i]; + return 0; + } + } + } + + /* Fall back to first available backend */ + Curl_ssl = available_backends[0]; + return 0; +} + +CURLsslset curl_global_sslset(curl_sslbackend id, const char *name, + const curl_ssl_backend ***avail) +{ + int i; + + if(Curl_ssl != &Curl_ssl_multi) + return id == Curl_ssl->info.id ? CURLSSLSET_OK : CURLSSLSET_TOO_LATE; + + for(i = 0; available_backends[i]; i++) { + if(available_backends[i]->info.id == id || + (name && strcasecompare(available_backends[i]->info.name, name))) { + multissl_init(available_backends[i]); + return CURLSSLSET_OK; + } + } + + if(avail) + *avail = (const curl_ssl_backend **)&available_backends; + return CURLSSLSET_UNKNOWN_BACKEND; +} + +#else /* USE_SSL */ +CURLsslset curl_global_sslset(curl_sslbackend id, const char *name, + const curl_ssl_backend ***avail) +{ + (void)id; + (void)name; + (void)avail; + return CURLSSLSET_NO_BACKENDS; } -#endif /* USE_SSL */ +#endif /* !USE_SSL */ diff -Nru curl-7.55.1/lib/vtls/vtls.h curl-7.57.0/lib/vtls/vtls.h --- curl-7.55.1/lib/vtls/vtls.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/lib/vtls/vtls.h 2017-11-10 16:47:30.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -23,6 +23,80 @@ ***************************************************************************/ #include "curl_setup.h" +struct connectdata; +struct ssl_connect_data; + +struct Curl_ssl { + /* + * This *must* be the first entry to allow returning the list of available + * backends in curl_global_sslset(). + */ + curl_ssl_backend info; + + unsigned have_ca_path:1; /* supports CAPATH */ + unsigned have_certinfo:1; /* supports CURLOPT_CERTINFO */ + unsigned have_pinnedpubkey:1; /* supports CURLOPT_PINNEDPUBLICKEY */ + unsigned have_ssl_ctx:1; /* supports CURLOPT_SSL_CTX_* */ + + unsigned support_https_proxy:1; /* supports access via HTTPS proxies */ + + size_t sizeof_ssl_backend_data; + + int (*init)(void); + void (*cleanup)(void); + + size_t (*version)(char *buffer, size_t size); + int (*check_cxn)(struct connectdata *cxn); + int (*shutdown)(struct connectdata *conn, int sockindex); + bool (*data_pending)(const struct connectdata *conn, + int connindex); + + /* return 0 if a find random is filled in */ + CURLcode (*random)(struct Curl_easy *data, unsigned char *entropy, + size_t length); + bool (*cert_status_request)(void); + + CURLcode (*connect)(struct connectdata *conn, int sockindex); + CURLcode (*connect_nonblocking)(struct connectdata *conn, int sockindex, + bool *done); + void *(*get_internals)(struct ssl_connect_data *connssl, CURLINFO info); + void (*close_one)(struct connectdata *conn, int sockindex); + void (*close_all)(struct Curl_easy *data); + void (*session_free)(void *ptr); + + CURLcode (*set_engine)(struct Curl_easy *data, const char *engine); + CURLcode (*set_engine_default)(struct Curl_easy *data); + struct curl_slist *(*engines_list)(struct Curl_easy *data); + + bool (*false_start)(void); + + CURLcode (*md5sum)(unsigned char *input, size_t inputlen, + unsigned char *md5sum, size_t md5sumlen); + void (*sha256sum)(const unsigned char *input, size_t inputlen, + unsigned char *sha256sum, size_t sha256sumlen); +}; + +#ifdef USE_SSL +extern const struct Curl_ssl *Curl_ssl; +#endif + +int Curl_none_init(void); +void Curl_none_cleanup(void); +int Curl_none_shutdown(struct connectdata *conn, int sockindex); +int Curl_none_check_cxn(struct connectdata *conn); +CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy, + size_t length); +void Curl_none_close_all(struct Curl_easy *data); +void Curl_none_session_free(void *ptr); +bool Curl_none_data_pending(const struct connectdata *conn, int connindex); +bool Curl_none_cert_status_request(void); +CURLcode Curl_none_set_engine(struct Curl_easy *data, const char *engine); +CURLcode Curl_none_set_engine_default(struct Curl_easy *data); +struct curl_slist *Curl_none_engines_list(struct Curl_easy *data); +bool Curl_none_false_start(void); +CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen, + unsigned char *md5sum, size_t md5len); + #include "openssl.h" /* OpenSSL versions */ #include "gtls.h" /* GnuTLS versions */ #include "nssg.h" /* NSS versions */ @@ -42,8 +116,8 @@ #define MD5_DIGEST_LENGTH 16 /* fixed size */ #endif -#ifndef SHA256_DIGEST_LENGTH -#define SHA256_DIGEST_LENGTH 32 /* fixed size */ +#ifndef CURL_SHA256_DIGEST_LENGTH +#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */ #endif /* see https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 */ @@ -172,8 +246,6 @@ #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ #else -/* Set the API backend definition to none */ -#define CURL_SSL_BACKEND CURLSSLBACKEND_NONE /* When SSL support is not present, just define away these function calls */ #define Curl_ssl_init() 1 diff -Nru curl-7.55.1/lib/warnless.c curl-7.57.0/lib/warnless.c --- curl-7.55.1/lib/warnless.c 2017-08-12 14:37:48.000000000 +0000 +++ curl-7.57.0/lib/warnless.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -69,36 +69,36 @@ # error "SIZEOF_INT not defined" #endif -#if (CURL_SIZEOF_LONG == 2) +#if (SIZEOF_LONG == 2) # define CURL_MASK_SLONG 0x7FFFL # define CURL_MASK_ULONG 0xFFFFUL -#elif (CURL_SIZEOF_LONG == 4) +#elif (SIZEOF_LONG == 4) # define CURL_MASK_SLONG 0x7FFFFFFFL # define CURL_MASK_ULONG 0xFFFFFFFFUL -#elif (CURL_SIZEOF_LONG == 8) +#elif (SIZEOF_LONG == 8) # define CURL_MASK_SLONG 0x7FFFFFFFFFFFFFFFL # define CURL_MASK_ULONG 0xFFFFFFFFFFFFFFFFUL -#elif (CURL_SIZEOF_LONG == 16) +#elif (SIZEOF_LONG == 16) # define CURL_MASK_SLONG 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL # define CURL_MASK_ULONG 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFUL #else -# error "CURL_SIZEOF_LONG not defined" +# error "SIZEOF_LONG not defined" #endif -#if (CURL_SIZEOF_CURL_OFF_T == 2) +#if (SIZEOF_CURL_OFF_T == 2) # define CURL_MASK_SCOFFT CURL_OFF_T_C(0x7FFF) # define CURL_MASK_UCOFFT CURL_OFF_TU_C(0xFFFF) -#elif (CURL_SIZEOF_CURL_OFF_T == 4) +#elif (SIZEOF_CURL_OFF_T == 4) # define CURL_MASK_SCOFFT CURL_OFF_T_C(0x7FFFFFFF) # define CURL_MASK_UCOFFT CURL_OFF_TU_C(0xFFFFFFFF) -#elif (CURL_SIZEOF_CURL_OFF_T == 8) +#elif (SIZEOF_CURL_OFF_T == 8) # define CURL_MASK_SCOFFT CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF) # define CURL_MASK_UCOFFT CURL_OFF_TU_C(0xFFFFFFFFFFFFFFFF) -#elif (CURL_SIZEOF_CURL_OFF_T == 16) +#elif (SIZEOF_CURL_OFF_T == 16) # define CURL_MASK_SCOFFT CURL_OFF_T_C(0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) # define CURL_MASK_UCOFFT CURL_OFF_TU_C(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) #else -# error "CURL_SIZEOF_CURL_OFF_T not defined" +# error "SIZEOF_CURL_OFF_T not defined" #endif #if (SIZEOF_SIZE_T == SIZEOF_SHORT) @@ -107,10 +107,10 @@ #elif (SIZEOF_SIZE_T == SIZEOF_INT) # define CURL_MASK_SSIZE_T CURL_MASK_SINT # define CURL_MASK_USIZE_T CURL_MASK_UINT -#elif (SIZEOF_SIZE_T == CURL_SIZEOF_LONG) +#elif (SIZEOF_SIZE_T == SIZEOF_LONG) # define CURL_MASK_SSIZE_T CURL_MASK_SLONG # define CURL_MASK_USIZE_T CURL_MASK_ULONG -#elif (SIZEOF_SIZE_T == CURL_SIZEOF_CURL_OFF_T) +#elif (SIZEOF_SIZE_T == SIZEOF_CURL_OFF_T) # define CURL_MASK_SSIZE_T CURL_MASK_SCOFFT # define CURL_MASK_USIZE_T CURL_MASK_UCOFFT #else @@ -226,7 +226,7 @@ # pragma warning(disable:810) /* conversion may lose significant bits */ #endif -#if (CURL_SIZEOF_LONG < SIZEOF_SIZE_T) +#if (SIZEOF_LONG < SIZEOF_SIZE_T) DEBUGASSERT(uznum <= (size_t) CURL_MASK_ULONG); #endif return (unsigned long)(uznum & (size_t) CURL_MASK_ULONG); @@ -269,7 +269,7 @@ #endif DEBUGASSERT(slnum >= 0); -#if (SIZEOF_INT < CURL_SIZEOF_LONG) +#if (SIZEOF_INT < SIZEOF_LONG) DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_SINT); #endif return (int)(slnum & (long) CURL_MASK_SINT); @@ -291,7 +291,7 @@ #endif DEBUGASSERT(slnum >= 0); -#if (SIZEOF_INT < CURL_SIZEOF_LONG) +#if (SIZEOF_INT < SIZEOF_LONG) DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_UINT); #endif return (unsigned int)(slnum & (long) CURL_MASK_UINT); diff -Nru curl-7.55.1/m4/curl-compilers.m4 curl-7.57.0/m4/curl-compilers.m4 --- curl-7.55.1/m4/curl-compilers.m4 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/m4/curl-compilers.m4 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -89,7 +89,7 @@ if test -z "$clangver"; then if echo $fullclangver | grep "Apple LLVM version " >/dev/null; then dnl Starting with XCode 7 / clang 3.7, Apple clang won't tell its upstream version - clangver=`3.7` + clangver="3.7" else clangver=`echo $fullclangver | "$SED" 's/.*version \(@<:@0-9@:>@*\.@<:@0-9@:>@*\).*/\1/'` fi @@ -922,6 +922,11 @@ dnl Only clang 3.9 or later if test "$compiler_num" -ge "309"; then tmp_CFLAGS="$tmp_CFLAGS -Wcomma" + # avoid the varargs warning, fixed in 4.0 + # https://bugs.llvm.org/show_bug.cgi?id=29140 + if test "$compiler_num" -lt "400"; then + tmp_CFLAGS="$tmp_CFLAGS -Wno-varargs" + fi fi fi ;; diff -Nru curl-7.55.1/m4/curl-confopts.m4 curl-7.57.0/m4/curl-confopts.m4 --- curl-7.55.1/m4/curl-confopts.m4 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/m4/curl-confopts.m4 2017-11-09 22:40:36.000000000 +0000 @@ -37,14 +37,14 @@ AC_HELP_STRING([--disable-threaded-resolver],[Disable threaded resolver]), OPT_THRES=$enableval) case "$OPT_THRES" in - *) - dnl configure option not specified - want_thres="yes" - ;; no) dnl --disable-threaded-resolver option used want_thres="no" ;; + *) + dnl configure option not specified + want_thres="yes" + ;; esac AC_MSG_RESULT([$want_thres]) ]) diff -Nru curl-7.55.1/Makefile.am curl-7.57.0/Makefile.am --- curl-7.55.1/Makefile.am 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/Makefile.am 2017-11-27 07:50:21.000000000 +0000 @@ -30,7 +30,8 @@ CMake/Macros.cmake \ CMake/CurlSymbolHiding.cmake CMake/FindCARES.cmake \ CMake/FindLibSSH2.cmake CMake/FindNGHTTP2.cmake \ - CMake/FindMbedTLS.cmake CMake/cmake_uninstall.cmake.in + CMake/FindMbedTLS.cmake CMake/cmake_uninstall.cmake.in \ + CMake/curl-config.cmake VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist @@ -216,15 +217,6 @@ check-docs: @(cd docs/libcurl; $(MAKE) check) -# This is a hook to have 'make clean' also clean up the docs and the tests -# dir. The extra check for the Makefiles being present is necessary because -# 'make distcheck' will make clean first in these directories _before_ it runs -# this hook. -clean-local: - @(if test -f tests/Makefile; then cd tests; $(MAKE) clean; fi) - @(if test -f docs/Makefile; then cd docs; $(MAKE) clean; fi) - -# # Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros # must contain the following line: # %_topdir /home/loic/local/rpm diff -Nru curl-7.55.1/Makefile.in curl-7.57.0/Makefile.in --- curl-7.55.1/Makefile.in 2017-08-14 06:05:07.000000000 +0000 +++ curl-7.57.0/Makefile.in 2017-11-29 09:29:11.000000000 +0000 @@ -43,7 +43,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -348,7 +348,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -365,6 +367,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -510,7 +513,8 @@ CMake/Macros.cmake \ CMake/CurlSymbolHiding.cmake CMake/FindCARES.cmake \ CMake/FindLibSSH2.cmake CMake/FindNGHTTP2.cmake \ - CMake/FindMbedTLS.cmake CMake/cmake_uninstall.cmake.in + CMake/FindMbedTLS.cmake CMake/cmake_uninstall.cmake.in \ + CMake/curl-config.cmake VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist @@ -660,7 +664,8 @@ http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \ http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c \ curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \ - x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c + x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \ + mime.c sha256.c setopt.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ @@ -679,7 +684,7 @@ curl_sasl.h curl_multibyte.h hostcheck.h conncache.h \ curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h \ x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ - curl_printf.h system_win32.h rand.h + curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h LIB_RCFILES = libcurl.rc CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES) @@ -723,7 +728,6 @@ tool_libinfo.c \ tool_main.c \ tool_metalink.c \ - tool_mfiles.c \ tool_msgs.c \ tool_operate.c \ tool_operhlp.c \ @@ -764,7 +768,6 @@ tool_libinfo.h \ tool_main.h \ tool_metalink.h \ - tool_mfiles.h \ tool_msgs.h \ tool_operate.h \ tool_operhlp.h \ @@ -1232,7 +1235,7 @@ @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive -clean-am: clean-generic clean-libtool clean-local mostlyclean-am +clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) @@ -1303,9 +1306,9 @@ .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ am--refresh check check-am clean clean-cscope clean-generic \ - clean-libtool clean-local cscope cscopelist-am ctags ctags-am \ - dist dist-all dist-bzip2 dist-gzip dist-hook dist-lzip \ - dist-shar dist-tarZ dist-xz dist-zip distcheck distclean \ + clean-libtool cscope cscopelist-am ctags ctags-am dist \ + dist-all dist-bzip2 dist-gzip dist-hook dist-lzip dist-shar \ + dist-tarZ dist-xz dist-zip distcheck distclean \ distclean-generic distclean-libtool distclean-tags \ distcleancheck distdir distuninstallcheck dvi dvi-am html \ html-am info info-am install install-am install-binSCRIPTS \ @@ -1372,15 +1375,6 @@ check-docs: @(cd docs/libcurl; $(MAKE) check) -# This is a hook to have 'make clean' also clean up the docs and the tests -# dir. The extra check for the Makefiles being present is necessary because -# 'make distcheck' will make clean first in these directories _before_ it runs -# this hook. -clean-local: - @(if test -f tests/Makefile; then cd tests; $(MAKE) clean; fi) - @(if test -f docs/Makefile; then cd docs; $(MAKE) clean; fi) - -# # Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros # must contain the following line: # %_topdir /home/loic/local/rpm diff -Nru curl-7.55.1/packages/AIX/Makefile.in curl-7.57.0/packages/AIX/Makefile.in --- curl-7.55.1/packages/AIX/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/packages/AIX/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -241,7 +241,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -258,6 +260,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/packages/AIX/RPM/Makefile.in curl-7.57.0/packages/AIX/RPM/Makefile.in --- curl-7.55.1/packages/AIX/RPM/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/packages/AIX/RPM/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -181,7 +181,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -198,6 +200,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/packages/EPM/Makefile.in curl-7.57.0/packages/EPM/Makefile.in --- curl-7.55.1/packages/EPM/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/packages/EPM/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -181,7 +181,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -198,6 +200,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/packages/Linux/Makefile.in curl-7.57.0/packages/Linux/Makefile.in --- curl-7.55.1/packages/Linux/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/packages/Linux/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -241,7 +241,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -258,6 +260,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/packages/Linux/RPM/Makefile.in curl-7.57.0/packages/Linux/RPM/Makefile.in --- curl-7.55.1/packages/Linux/RPM/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/packages/Linux/RPM/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -182,7 +182,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -199,6 +201,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/packages/Makefile.in curl-7.57.0/packages/Makefile.in --- curl-7.55.1/packages/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/packages/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -241,7 +241,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -258,6 +260,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/packages/OS400/curl.inc.in curl-7.57.0/packages/OS400/curl.inc.in --- curl-7.55.1/packages/OS400/curl.inc.in 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/packages/OS400/curl.inc.in 2017-11-09 22:40:36.000000000 +0000 @@ -129,6 +129,8 @@ d c X'00100000' d CURL_VERSION_HTTPS_PROXY... d c X'00200000' + d CURL_VERSION_MULTI_SSL... + d c X'00400000' * d CURL_HTTPPOST_FILENAME... d c X'00000001' @@ -1312,6 +1314,8 @@ d c 10264 d CURLOPT_SUPPRESS_CONNECT_HEADERS... d c 00265 + d CURLOPT_SSH_COMPRESSION... + d c 00268 * /if not defined(CURL_NO_OLDIES) d CURLOPT_FILE c 10001 diff -Nru curl-7.55.1/packages/OS400/makefile.sh curl-7.57.0/packages/OS400/makefile.sh --- curl-7.55.1/packages/OS400/makefile.sh 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/packages/OS400/makefile.sh 2017-11-10 16:47:30.000000000 +0000 @@ -31,10 +31,11 @@ for TEXT in "${TOPDIR}/COPYING" "${SCRIPTDIR}/README.OS400" \ "${TOPDIR}/CHANGES" "${TOPDIR}/docs/THANKS" "${TOPDIR}/docs/FAQ" \ - "${TOPDIR}/docs/FEATURES" "${TOPDIR}/docs/SSLCERTS" \ + "${TOPDIR}/docs/FEATURES" "${TOPDIR}/docs/SSLCERTS.md" \ "${TOPDIR}/docs/RESOURCES" "${TOPDIR}/docs/VERSIONS" \ - "${TOPDIR}/docs/HISTORY" + "${TOPDIR}/docs/HISTORY.md" do MEMBER="`basename \"${TEXT}\" .OS400`" + MEMBER="`basename \"${MEMBER}\" .md`" MEMBER="${LIBIFSNAME}/DOCS.FILE/`db2_name \"${MEMBER}\"`.MBR" if action_needed "${MEMBER}" "${TEXT}" diff -Nru curl-7.55.1/packages/OS400/README.OS400 curl-7.57.0/packages/OS400/README.OS400 --- curl-7.55.1/packages/OS400/README.OS400 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/packages/OS400/README.OS400 2017-11-10 16:47:30.000000000 +0000 @@ -241,7 +241,8 @@ be installed. _ Likewise, if SCP and SFTP protocols have to be compiled in, LIBSSH2 developent environment must be installed. -_ Install the curl source directory in IFS. +_ Install the curl source directory in IFS. Do NOT install it in the + installation target directory (wich defaults to /curl). _ Enter shell (QSH) _ Change current directory to the curl installation directory _ Change current directory to ./packages/OS400 diff -Nru curl-7.55.1/packages/Solaris/Makefile.in curl-7.57.0/packages/Solaris/Makefile.in --- curl-7.55.1/packages/Solaris/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/packages/Solaris/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -184,7 +184,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -201,6 +203,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/packages/Symbian/group/libcurl.mmp curl-7.57.0/packages/Symbian/group/libcurl.mmp --- curl-7.55.1/packages/Symbian/group/libcurl.mmp 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/packages/Symbian/group/libcurl.mmp 2017-11-26 13:19:01.000000000 +0000 @@ -39,7 +39,7 @@ asyn-ares.c asyn-thread.c curl_gssapi.c http_ntlm.c curl_ntlm_wb.c \ curl_ntlm_core.c curl_sasl.c vtls/schannel.c curl_multibyte.c \ vtls/darwinssl.c conncache.c curl_sasl_sspi.c smb.c curl_endian.c \ - curl_des.c system_win32.c \ + curl_des.c system_win32.c sha256.c \ vauth/vauth.c vauth/cleartext.c vauth/cram.c vauth/digest.c \ vauth/digest_sspi.c vauth/krb5_gssapi.c vauth/krb5_sspi.c \ vauth/ntlm.c vauth/ntlm_sspi.c vauth/oauth2.c vauth/spnego_gssapi.c \ diff -Nru curl-7.55.1/packages/vms/Makefile.in curl-7.57.0/packages/vms/Makefile.in --- curl-7.55.1/packages/vms/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/packages/vms/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -181,7 +181,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -198,6 +200,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/packages/Win32/cygwin/Makefile.in curl-7.57.0/packages/Win32/cygwin/Makefile.in --- curl-7.55.1/packages/Win32/cygwin/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/packages/Win32/cygwin/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -181,7 +181,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -198,6 +200,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/packages/Win32/Makefile.in curl-7.57.0/packages/Win32/Makefile.in --- curl-7.55.1/packages/Win32/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/packages/Win32/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -241,7 +241,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -258,6 +260,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/projects/build-openssl.bat curl-7.57.0/projects/build-openssl.bat --- curl-7.55.1/projects/build-openssl.bat 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/projects/build-openssl.bat 2017-11-09 22:40:36.000000000 +0000 @@ -138,6 +138,9 @@ rem Check the start directory exists if not exist "%START_DIR%" goto noopenssl + rem Check that OpenSSL is not unsupported version 1.1.0 + if not exist "%START_DIR%\ms\do_ms.bat" goto unsupported + :configure if "%BUILD_PLATFORM%" == "" ( if "%VC_VER%" == "6.0" ( @@ -355,6 +358,14 @@ echo Error: Cannot locate OpenSSL source directory goto error +:unsupported + echo. + echo Error: Unsupported OpenSSL version. + echo The pre-generated project files and this build script only support the + echo LTS version of OpenSSL ^(v1.0.2^). The next version of this build script + echo will support OpenSSL v1.1.0. + goto error + :error if "%OS%" == "Windows_NT" endlocal exit /B 1 diff -Nru curl-7.55.1/projects/Windows/VC10/lib/libcurl.vcxproj curl-7.57.0/projects/Windows/VC10/lib/libcurl.vcxproj --- curl-7.55.1/projects/Windows/VC10/lib/libcurl.vcxproj 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC10/lib/libcurl.vcxproj 2017-11-29 09:29:29.000000000 +0000 @@ -2383,6 +2383,7 @@ + @@ -2399,6 +2400,8 @@ + + @@ -2480,6 +2483,7 @@ + @@ -2510,6 +2514,7 @@ + @@ -2524,6 +2529,7 @@ + diff -Nru curl-7.55.1/projects/Windows/VC10/src/curl.vcxproj curl-7.57.0/projects/Windows/VC10/src/curl.vcxproj --- curl-7.55.1/projects/Windows/VC10/src/curl.vcxproj 2017-08-14 06:05:15.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC10/src/curl.vcxproj 2017-11-29 09:29:29.000000000 +0000 @@ -2654,7 +2654,6 @@ - @@ -2700,7 +2699,6 @@ - diff -Nru curl-7.55.1/projects/Windows/VC11/lib/libcurl.vcxproj curl-7.57.0/projects/Windows/VC11/lib/libcurl.vcxproj --- curl-7.55.1/projects/Windows/VC11/lib/libcurl.vcxproj 2017-08-14 06:05:15.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC11/lib/libcurl.vcxproj 2017-11-29 09:29:29.000000000 +0000 @@ -2439,6 +2439,7 @@ + @@ -2455,6 +2456,8 @@ + + @@ -2536,6 +2539,7 @@ + @@ -2566,6 +2570,7 @@ + @@ -2580,6 +2585,7 @@ + diff -Nru curl-7.55.1/projects/Windows/VC11/src/curl.vcxproj curl-7.57.0/projects/Windows/VC11/src/curl.vcxproj --- curl-7.55.1/projects/Windows/VC11/src/curl.vcxproj 2017-08-14 06:05:15.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC11/src/curl.vcxproj 2017-11-29 09:29:29.000000000 +0000 @@ -2710,7 +2710,6 @@ - @@ -2756,7 +2755,6 @@ - diff -Nru curl-7.55.1/projects/Windows/VC12/lib/libcurl.vcxproj curl-7.57.0/projects/Windows/VC12/lib/libcurl.vcxproj --- curl-7.55.1/projects/Windows/VC12/lib/libcurl.vcxproj 2017-08-14 06:05:15.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC12/lib/libcurl.vcxproj 2017-11-29 09:29:29.000000000 +0000 @@ -2439,6 +2439,7 @@ + @@ -2455,6 +2456,8 @@ + + @@ -2536,6 +2539,7 @@ + @@ -2566,6 +2570,7 @@ + @@ -2580,6 +2585,7 @@ + diff -Nru curl-7.55.1/projects/Windows/VC12/src/curl.vcxproj curl-7.57.0/projects/Windows/VC12/src/curl.vcxproj --- curl-7.55.1/projects/Windows/VC12/src/curl.vcxproj 2017-08-14 06:05:15.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC12/src/curl.vcxproj 2017-11-29 09:29:29.000000000 +0000 @@ -2710,7 +2710,6 @@ - @@ -2756,7 +2755,6 @@ - diff -Nru curl-7.55.1/projects/Windows/VC14/lib/libcurl.vcxproj curl-7.57.0/projects/Windows/VC14/lib/libcurl.vcxproj --- curl-7.55.1/projects/Windows/VC14/lib/libcurl.vcxproj 2017-08-14 06:05:15.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC14/lib/libcurl.vcxproj 2017-11-29 09:29:29.000000000 +0000 @@ -2439,6 +2439,7 @@ + @@ -2455,6 +2456,8 @@ + + @@ -2536,6 +2539,7 @@ + @@ -2566,6 +2570,7 @@ + @@ -2580,6 +2585,7 @@ + diff -Nru curl-7.55.1/projects/Windows/VC14/src/curl.vcxproj curl-7.57.0/projects/Windows/VC14/src/curl.vcxproj --- curl-7.55.1/projects/Windows/VC14/src/curl.vcxproj 2017-08-14 06:05:15.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC14/src/curl.vcxproj 2017-11-29 09:29:29.000000000 +0000 @@ -2710,7 +2710,6 @@ - @@ -2756,7 +2755,6 @@ - diff -Nru curl-7.55.1/projects/Windows/VC6/lib/libcurl.dsp curl-7.57.0/projects/Windows/VC6/lib/libcurl.dsp --- curl-7.55.1/projects/Windows/VC6/lib/libcurl.dsp 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC6/lib/libcurl.dsp 2017-11-29 09:29:28.000000000 +0000 @@ -970,6 +970,10 @@ # End Source File # Begin Source File +SOURCE=..\..\..\..\lib\mime.c +# End Source File +# Begin Source File + SOURCE=..\..\..\..\lib\mprintf.c # End Source File # Begin Source File @@ -1034,6 +1038,14 @@ # End Source File # Begin Source File +SOURCE=..\..\..\..\lib\setopt.c +# End Source File +# Begin Source File + +SOURCE=..\..\..\..\lib\sha256.c +# End Source File +# Begin Source File + SOURCE=..\..\..\..\lib\share.c # End Source File # Begin Source File @@ -1354,6 +1366,10 @@ # End Source File # Begin Source File +SOURCE=..\..\..\..\lib\curl_sha256.h +# End Source File +# Begin Source File + SOURCE=..\..\..\..\lib\curl_sspi.h # End Source File # Begin Source File @@ -1474,6 +1490,10 @@ # End Source File # Begin Source File +SOURCE=..\..\..\..\lib\mime.h +# End Source File +# Begin Source File + SOURCE=..\..\..\..\lib\multihandle.h # End Source File # Begin Source File @@ -1530,6 +1550,10 @@ # End Source File # Begin Source File +SOURCE=..\..\..\..\lib\setopt.h +# End Source File +# Begin Source File + SOURCE=..\..\..\..\lib\setup-vms.h # End Source File # Begin Source File diff -Nru curl-7.55.1/projects/Windows/VC6/src/curl.dsp curl-7.57.0/projects/Windows/VC6/src/curl.dsp --- curl-7.55.1/projects/Windows/VC6/src/curl.dsp 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC6/src/curl.dsp 2017-11-29 09:29:28.000000000 +0000 @@ -787,10 +787,6 @@ # End Source File # Begin Source File -SOURCE=..\..\..\..\src\tool_mfiles.c -# End Source File -# Begin Source File - SOURCE=..\..\..\..\src\tool_msgs.c # End Source File # Begin Source File @@ -967,10 +963,6 @@ # End Source File # Begin Source File -SOURCE=..\..\..\..\src\tool_mfiles.h -# End Source File -# Begin Source File - SOURCE=..\..\..\..\src\tool_msgs.h # End Source File # Begin Source File diff -Nru curl-7.55.1/projects/Windows/VC7/lib/libcurl.vcproj curl-7.57.0/projects/Windows/VC7/lib/libcurl.vcproj --- curl-7.55.1/projects/Windows/VC7/lib/libcurl.vcproj 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC7/lib/libcurl.vcproj 2017-11-29 09:29:28.000000000 +0000 @@ -1290,6 +1290,9 @@ RelativePath="..\..\..\..\lib\memdebug.c"> + + + + + + + + + + + + - - - - + + + + + + + + + + + + - - - - + + @@ -3921,6 +3925,14 @@ > + + + + @@ -4145,6 +4157,10 @@ > + + @@ -4265,6 +4281,10 @@ > + + @@ -4321,6 +4341,10 @@ > + + diff -Nru curl-7.55.1/projects/Windows/VC8/src/curl.vcproj curl-7.57.0/projects/Windows/VC8/src/curl.vcproj --- curl-7.55.1/projects/Windows/VC8/src/curl.vcproj 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC8/src/curl.vcproj 2017-11-29 09:29:28.000000000 +0000 @@ -4189,10 +4189,6 @@ > - - @@ -4369,10 +4365,6 @@ > - - diff -Nru curl-7.55.1/projects/Windows/VC9/lib/libcurl.vcproj curl-7.57.0/projects/Windows/VC9/lib/libcurl.vcproj --- curl-7.55.1/projects/Windows/VC9/lib/libcurl.vcproj 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC9/lib/libcurl.vcproj 2017-11-29 09:29:28.000000000 +0000 @@ -3798,6 +3798,10 @@ > + + @@ -3862,6 +3866,14 @@ > + + + + @@ -4086,6 +4098,10 @@ > + + @@ -4206,6 +4222,10 @@ > + + @@ -4262,6 +4282,10 @@ > + + diff -Nru curl-7.55.1/projects/Windows/VC9/src/curl.vcproj curl-7.57.0/projects/Windows/VC9/src/curl.vcproj --- curl-7.55.1/projects/Windows/VC9/src/curl.vcproj 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/projects/Windows/VC9/src/curl.vcproj 2017-11-29 09:29:29.000000000 +0000 @@ -4046,10 +4046,6 @@ > - - @@ -4226,10 +4222,6 @@ > - - diff -Nru curl-7.55.1/RELEASE-NOTES curl-7.57.0/RELEASE-NOTES --- curl-7.55.1/RELEASE-NOTES 2017-08-14 06:03:41.000000000 +0000 +++ curl-7.57.0/RELEASE-NOTES 2017-11-29 09:27:26.000000000 +0000 @@ -1,40 +1,88 @@ -Curl and libcurl 7.55.1 +Curl and libcurl 7.57.0 - Public curl releases: 168 - Command line options: 210 - curl_easy_setopt() options: 247 - Public functions in libcurl: 61 - Contributors: 1592 + Public curl releases: 171 + Command line options: 211 + curl_easy_setopt() options: 249 + Public functions in libcurl: 74 + Contributors: 1649 + +This release includes the following changes: + + o auth: add support for RFC7616 - HTTP Digest access authentication [12] + o share: add support for sharing the connection cache [31] + o HTTP: implement Brotli content encoding [28] This release includes the following bugfixes: - o build: fix 'make install' with configure, install docs/libcurl/* too - o make install: add 8 missing man pages to the installation - o curl: do bounds check using a double comparison [1] - o dist: Add dictserver.py/negtelnetserver.py to release [2] - o digest_sspi: Don't reuse context if the user/passwd has changed [3] - o gitignore: ignore top-level .vs folder [4] - o build: check out *.sln files with Windows line endings [5] - o travis: verify "make install" [6] - o dist: fix the cmake build by shipping cmake_uninstall.cmake.in too [7] - o metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead - o configure: use the threaded resolver backend by default if possible [8] - o mkhelp.pl: allow executing this script directly [9] - o maketgz: remove old *.dist files before making the tarball [10] - o openssl: remove CONST_ASN1_BIT_STRING [11] - o openssl: fix "error: this statement may fall through" - o proxy: fix memory leak in case of invalid proxy server name [12] - o curl/system.h: support more architectures (OpenRISC, ARC) [13] - o docs: fix typos [14] - o curl/system.h: add Oracle Solaris Studio [15] - o CURLINFO_TOTAL_TIME: could wrongly return 4200 seconds [16] - o docs: --connect-to clarified - o cmake: allow user to override CMAKE_DEBUG_POSTFIX [17] - o travis: test cmake build on tarball too - o redirect: make it handle absolute redirects to IDN names [18] - o curl/system.h: fix for gcc on PowerPC [19] - o curl --interface: fixed for IPV6 unique local addresses [20] - o cmake: threads detection improvements [21] + o CVE-2017-8816: NTLM buffer overflow via integer overflow [47] + o CVE-2017-8817: FTP wildcard out of bounds read [48] + o CVE-2017-8818: SSL out of buffer access [49] + o curl_mime_filedata.3: fix typos [1] + o libtest: Add required test libraries for lib1552 and lib1553 [2] + o fix time diffs for systems using unsigned time_t [3] + o ftplistparser: memory leak fix: free temporary memory always [4] + o multi: allow table handle sizes to be overridden [5] + o wildcards: don't use with non-supported protocols [6] + o curl_fnmatch: return error on illegal wildcard pattern [7] + o transfer: Fix chunked-encoding upload too early exit [8] + o curl_setup: Improve detection of CURL_WINDOWS_APP [9] + o resolvers: only include anything if needed [10] + o setopt: fix CURLOPT_SSH_AUTH_TYPES option read + o appveyor: add a win32 build + o Curl_timeleft: change return type to timediff_t [11] + o cmake: Export libcurl and curl targets to use by other cmake projects [13] + o curl: in -F option arg, comma is a delimiter for files only [14] + o curl: improved ";type=" handling in -F option arguments + o timeval: use mach_absolute_time() on MacOS [15] + o curlx: the timeval functions are no longer provided as curlx_* [16] + o mkhelp.pl: do not generate comment with current date [17] + o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18] + o cookie: avoid NULL dereference [19] + o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20] + o include: remove conncache.h inclusion from where its not needed + o CURLOPT_MAXREDIRS: allow -1 as a value [21] + o tests: Fixed torture tests on tests 556 and 650 + o http2: Fixed OOM handling in upgrade request + o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 + o CURLOPT_INFILESIZE: accept -1 [22] + o curl: pass through [] in URLs instead of calling globbing error [23] + o curl: speed up handling of many URLs [24] + o ntlm: avoid malloc(0) for zero length passwords [25] + o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26] + o HTTP: support multiple Content-Encodings [27] + o travis: add a job with brotli enabled + o url: remove unncessary NULL-check + o fnmatch: remove dead code + o connect: store IPv6 connection status after valid connection [29] + o imap: deal with commands case insensitively [30] + o --interface: add support for Linux VRF [32] + o content_encoding: fix inflate_stream for no bytes available [33] + o cmake: Correctly include curl.rc in Windows builds [34] + o cmake: Add missing setmode check [35] + o connect.c: remove executable bit on file [36] + o SMB: fix uninitialized local variable + o zlib/brotli: only include header files in modules needing them [37] + o URL: return error on malformed URLs with junk after IPv6 bracket [38] + o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39] + o macOS: Fix missing connectx function with Xcode version older than 9.0 [40] + o --resolve: allow IP address within [] brackets [41] + o examples/curlx: Fix code style [42] + o ntlm: remove unnecessary NULL-check to please scan-build [43] + o Curl_llist_remove: fix potential NULL pointer deref [43] + o mime: fix "Value stored to 'sz' is never read" scan-build error [43] + o openssl: fix "Value stored to 'rc' is never read" scan-build error [43] + o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43] + o http2: fix "Value stored to 'end' is never read" scan-build error [43] + o Curl_open: fix OOM return error correctly [43] + o url: reject ASCII control characters and space in host names [44] + o examples/rtsp: clear RANGE again after use [45] + o connect: improve the bind error message [46] + o make: fix "make distclean" [50] + o connect: add support for new TCP Fast Open API on Linux [51] + o metalink: fix memory-leak and NULL pointer dereference [52] + o URL: update "file:" URL handling [53] + o ssh: remove check for a NULL pointer [54] + o global_init: ignore CURL_GLOBAL_SSL's absense [55] This release includes the following known bugs: @@ -43,36 +91,73 @@ This release would not have looked like this without help, code, reports and advice from friends like these: - Adam Sampson, Alessandro Ghedini, Alex Potapenko, Bernard Spil, - Christian Weisgerber, Dagobert Michelsen, Dan Fandrich, Daniel Krügler, - Daniel Stenberg, David Benjamin, David Lord, Even Rouault, Han Qiao, - Isaac Boukris, James Slaughter, Marcel Raad, paulharris on github, - Ray Satiro, Salah-Eddin Shaban, Sergei Nikulov, Simon Warta, - Thomas Petazzoni, - (22 contributors) + Alessandro Ghedini, Alex Malinovich, Alex Nichols, Alfonso Martone, + Andrew Lambert, arainchik on github, Brian Carpenter, cbartl on github, + Dan Fandrich, Daniel Bankhead, Daniel Stenberg, Dirk Feytons, + Dmitri Tikhonov, Evgeny Grin, Gisle Vanem, hsiao yi, Jakub Zakrzewski, + John Starks, Juro Bystricky, Kamil Dudka, Luca Boccassi, Marcel Raad, + Martin Storsjö, Matthew Kerwin, Max Dymond, Michael Felt, Michael Kaufmann, + moohoorama on github, omau on github, Orgad Shaneh, Patrick Monnerat, + Paul Howarth, Pavel Gushchin, Pavol Markovic, Per Lundberg, Peter Piekarski, + Petr Voytsik, Ray Satiro, Rob Cotrone, Viktor Szakáts, youngchopin on github, + (41 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=1750 - [2] = https://curl.haxx.se/bug/?i=1744 - [3] = https://curl.haxx.se/bug/?i=1742 - [4] = https://curl.haxx.se/bug/?i=1746 - [5] = https://curl.haxx.se/bug/?i=1746 - [6] = https://curl.haxx.se/bug/?i=1753 - [7] = https://curl.haxx.se/bug/?i=1755 - [8] = https://curl.haxx.se/bug/?i=1647 - [9] = https://curl.haxx.se/bug/?i=1743 - [10] = https://curl.haxx.se/mail/lib-2017-08/0050.html - [11] = https://curl.haxx.se/bug/?i=1759 - [12] = https://curl.haxx.se/bug/?i=1761 - [13] = https://curl.haxx.se/bug/?i=1766 - [14] = https://curl.haxx.se/bug/?i=1770 - [15] = https://curl.haxx.se/bug/?i=1752 - [16] = https://curl.haxx.se/bug/?i=1769 - [17] = https://curl.haxx.se/bug/?i=1763 - [18] = https://curl.haxx.se/bug/?i=1762 - [19] = https://curl.haxx.se/bug/?i=1774 - [20] = https://curl.haxx.se/bug/?i=1764 - [21] = https://curl.haxx.se/bug/?i=1719 + [1] = https://curl.haxx.se/bug/?i=2008 + [2] = https://curl.haxx.se/bug/?i=2006 + [3] = https://curl.haxx.se/bug/?i=2004 + [4] = https://curl.haxx.se/bug/?i=2013 + [5] = https://curl.haxx.se/bug/?i=1982 + [6] = https://curl.haxx.se/bug/?i=2016 + [7] = https://curl.haxx.se/bug/?i=2015 + [8] = https://curl.haxx.se/bug/?i=2001 + [9] = https://curl.haxx.se/bug/?i=2025 + [10] = https://curl.haxx.se/bug/?i=2023 + [11] = https://curl.haxx.se/bug/?i=2021 + [12] = https://curl.haxx.se/bug/?i=1934 + [13] = https://curl.haxx.se/bug/?i=1879 + [14] = https://curl.haxx.se/bug/?i=2022 + [15] = https://curl.haxx.se/bug/?i=2033 + [16] = https://curl.haxx.se/bug/?i=2034 + [17] = https://curl.haxx.se/bug/?i=2026 + [18] = https://curl.haxx.se/bug/?i=2031 + [19] = https://curl.haxx.se/bug/?i=2032 + [20] = https://curl.haxx.se/mail/lib-2017-11/0000.html + [21] = https://curl.haxx.se/bug/?i=2038 + [22] = https://curl.haxx.se/bug/?i=2047 + [23] = https://curl.haxx.se/bug/?i=2044 + [24] = https://curl.haxx.se/bug/?i=1959 + [25] = https://curl.haxx.se/bug/?i=2054 + [26] = https://github.com/curl/curl/commit/f121575#commitcomment-25347120 + [27] = https://curl.haxx.se/bug/?i=2002 + [28] = https://curl.haxx.se/bug/?i=2045 + [29] = https://curl.haxx.se/bug/?i=2053 + [30] = https://curl.haxx.se/bug/?i=2061 + [31] = https://curl.haxx.se/bug/?i=2043 + [32] = https://curl.haxx.se/bug/?i=2024 + [33] = https://curl.haxx.se/bug/?i=2060 + [34] = https://curl.haxx.se/bug/?i=2064 + [35] = https://curl.haxx.se/bug/?i=2067 + [36] = https://curl.haxx.se/bug/?i=2071 + [37] = https://curl.haxx.se/mail/lib-2017-11/0032.html + [38] = https://curl.haxx.se/bug/?i=2072 + [39] = https://curl.haxx.se/bug/?i=2079 + [40] = https://curl.haxx.se/bug/?i=2080 + [41] = https://curl.haxx.se/bug/?i=2087 + [42] = https://curl.haxx.se/bug/?i=2096 + [43] = https://curl.haxx.se/bug/?i=2098 + [44] = https://curl.haxx.se/bug/?i=2073 + [45] = https://curl.haxx.se/bug/?i=2106 + [46] = https://curl.haxx.se/bug/?i=2104 + [47] = https://curl.haxx.se/docs/adv_2017-11e7.html + [48] = https://curl.haxx.se/docs/adv_2017-ae72.html + [49] = https://curl.haxx.se/docs/adv_2017-af0a.html + [50] = https://curl.haxx.se/bug/?i=2097 + [51] = https://curl.haxx.se/bug/?i=2056 + [52] = https://curl.haxx.se/bug/?i=2109 + [53] = https://curl.haxx.se/bug/?i=2110 + [54] = https://curl.haxx.se/bug/?i=2111 + [55] = https://curl.haxx.se/bug/?i=2083 diff -Nru curl-7.55.1/scripts/Makefile.in curl-7.57.0/scripts/Makefile.in --- curl-7.55.1/scripts/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/scripts/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -181,7 +181,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -198,6 +200,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ diff -Nru curl-7.55.1/scripts/zsh.pl curl-7.57.0/scripts/zsh.pl --- curl-7.55.1/scripts/zsh.pl 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/scripts/zsh.pl 2017-11-09 22:40:36.000000000 +0000 @@ -54,10 +54,11 @@ $option .= '}' if defined $short; $option .= '\'[' . trim($desc) . ']\'' if defined $desc; - $option .= ":$arg" if defined $arg; + $option .= ":'$arg'" if defined $arg; $option .= ':_files' - if defined $arg and ($arg eq 'FILE' || $arg eq 'DIR'); + if defined $arg and ($arg eq '' || $arg eq '' + || $arg eq ''); push @list, $option; } diff -Nru curl-7.55.1/src/CMakeLists.txt curl-7.57.0/src/CMakeLists.txt --- curl-7.55.1/src/CMakeLists.txt 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/CMakeLists.txt 2017-11-26 13:19:01.000000000 +0000 @@ -40,7 +40,7 @@ include(${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake) if(MSVC) - list(APPEND CURL_SOURCE curl.rc) + list(APPEND CURL_FILES curl.rc) endif() # CURL_FILES comes from Makefile.inc @@ -76,4 +76,15 @@ #INCLUDE(ModuleInstall OPTIONAL) -install(TARGETS ${EXE_NAME} DESTINATION bin) +install(TARGETS ${EXE_NAME} EXPORT curl-target DESTINATION bin) +export(TARGETS ${EXE_NAME} + APPEND FILE ${PROJECT_BINARY_DIR}/curl-target.cmake + NAMESPACE CURL:: +) + +install(EXPORT curl-target + FILE curl-target.cmake + NAMESPACE CURL:: + DESTINATION ${CURL_INSTALL_CMAKE_DIR} +) + diff -Nru curl-7.55.1/src/Makefile.in curl-7.57.0/src/Makefile.in --- curl-7.55.1/src/Makefile.in 2017-08-13 16:22:17.000000000 +0000 +++ curl-7.57.0/src/Makefile.in 2017-11-28 15:13:58.000000000 +0000 @@ -135,22 +135,22 @@ tool_convert.c tool_dirhie.c tool_doswin.c tool_easysrc.c \ tool_formparse.c tool_getparam.c tool_getpass.c tool_help.c \ tool_helpers.c tool_homedir.c tool_hugehelp.c tool_libinfo.c \ - tool_main.c tool_metalink.c tool_mfiles.c tool_msgs.c \ - tool_operate.c tool_operhlp.c tool_panykey.c tool_paramhlp.c \ - tool_parsecfg.c tool_strdup.c tool_setopt.c tool_sleep.c \ - tool_urlglob.c tool_util.c tool_vms.c tool_writeout.c \ - tool_xattr.c ../lib/strtoofft.c ../lib/nonblock.c \ - ../lib/warnless.c slist_wc.h tool_binmode.h tool_bname.h \ - tool_cb_dbg.h tool_cb_hdr.h tool_cb_prg.h tool_cb_rea.h \ - tool_cb_see.h tool_cb_wrt.h tool_cfgable.h tool_convert.h \ - tool_dirhie.h tool_doswin.h tool_easysrc.h tool_formparse.h \ - tool_getparam.h tool_getpass.h tool_help.h tool_helpers.h \ - tool_homedir.h tool_hugehelp.h tool_libinfo.h tool_main.h \ - tool_metalink.h tool_mfiles.h tool_msgs.h tool_operate.h \ - tool_operhlp.h tool_panykey.h tool_paramhlp.h tool_parsecfg.h \ - tool_sdecls.h tool_setopt.h tool_setup.h tool_sleep.h \ - tool_strdup.h tool_urlglob.h tool_util.h tool_version.h \ - tool_vms.h tool_writeout.h tool_xattr.h + tool_main.c tool_metalink.c tool_msgs.c tool_operate.c \ + tool_operhlp.c tool_panykey.c tool_paramhlp.c tool_parsecfg.c \ + tool_strdup.c tool_setopt.c tool_sleep.c tool_urlglob.c \ + tool_util.c tool_vms.c tool_writeout.c tool_xattr.c \ + ../lib/strtoofft.c ../lib/nonblock.c ../lib/warnless.c \ + slist_wc.h tool_binmode.h tool_bname.h tool_cb_dbg.h \ + tool_cb_hdr.h tool_cb_prg.h tool_cb_rea.h tool_cb_see.h \ + tool_cb_wrt.h tool_cfgable.h tool_convert.h tool_dirhie.h \ + tool_doswin.h tool_easysrc.h tool_formparse.h tool_getparam.h \ + tool_getpass.h tool_help.h tool_helpers.h tool_homedir.h \ + tool_hugehelp.h tool_libinfo.h tool_main.h tool_metalink.h \ + tool_msgs.h tool_operate.h tool_operhlp.h tool_panykey.h \ + tool_paramhlp.h tool_parsecfg.h tool_sdecls.h tool_setopt.h \ + tool_setup.h tool_sleep.h tool_strdup.h tool_urlglob.h \ + tool_util.h tool_version.h tool_vms.h tool_writeout.h \ + tool_xattr.h am__objects_1 = libcurltool_la-slist_wc.lo \ libcurltool_la-tool_binmode.lo libcurltool_la-tool_bname.lo \ libcurltool_la-tool_cb_dbg.lo libcurltool_la-tool_cb_hdr.lo \ @@ -164,10 +164,9 @@ libcurltool_la-tool_help.lo libcurltool_la-tool_helpers.lo \ libcurltool_la-tool_homedir.lo libcurltool_la-tool_hugehelp.lo \ libcurltool_la-tool_libinfo.lo libcurltool_la-tool_main.lo \ - libcurltool_la-tool_metalink.lo libcurltool_la-tool_mfiles.lo \ - libcurltool_la-tool_msgs.lo libcurltool_la-tool_operate.lo \ - libcurltool_la-tool_operhlp.lo libcurltool_la-tool_panykey.lo \ - libcurltool_la-tool_paramhlp.lo \ + libcurltool_la-tool_metalink.lo libcurltool_la-tool_msgs.lo \ + libcurltool_la-tool_operate.lo libcurltool_la-tool_operhlp.lo \ + libcurltool_la-tool_panykey.lo libcurltool_la-tool_paramhlp.lo \ libcurltool_la-tool_parsecfg.lo libcurltool_la-tool_strdup.lo \ libcurltool_la-tool_setopt.lo libcurltool_la-tool_sleep.lo \ libcurltool_la-tool_urlglob.lo libcurltool_la-tool_util.lo \ @@ -205,14 +204,13 @@ curl-tool_helpers.$(OBJEXT) curl-tool_homedir.$(OBJEXT) \ curl-tool_hugehelp.$(OBJEXT) curl-tool_libinfo.$(OBJEXT) \ curl-tool_main.$(OBJEXT) curl-tool_metalink.$(OBJEXT) \ - curl-tool_mfiles.$(OBJEXT) curl-tool_msgs.$(OBJEXT) \ - curl-tool_operate.$(OBJEXT) curl-tool_operhlp.$(OBJEXT) \ - curl-tool_panykey.$(OBJEXT) curl-tool_paramhlp.$(OBJEXT) \ - curl-tool_parsecfg.$(OBJEXT) curl-tool_strdup.$(OBJEXT) \ - curl-tool_setopt.$(OBJEXT) curl-tool_sleep.$(OBJEXT) \ - curl-tool_urlglob.$(OBJEXT) curl-tool_util.$(OBJEXT) \ - curl-tool_vms.$(OBJEXT) curl-tool_writeout.$(OBJEXT) \ - curl-tool_xattr.$(OBJEXT) + curl-tool_msgs.$(OBJEXT) curl-tool_operate.$(OBJEXT) \ + curl-tool_operhlp.$(OBJEXT) curl-tool_panykey.$(OBJEXT) \ + curl-tool_paramhlp.$(OBJEXT) curl-tool_parsecfg.$(OBJEXT) \ + curl-tool_strdup.$(OBJEXT) curl-tool_setopt.$(OBJEXT) \ + curl-tool_sleep.$(OBJEXT) curl-tool_urlglob.$(OBJEXT) \ + curl-tool_util.$(OBJEXT) curl-tool_vms.$(OBJEXT) \ + curl-tool_writeout.$(OBJEXT) curl-tool_xattr.$(OBJEXT) am__objects_7 = ../lib/curl-strtoofft.$(OBJEXT) \ ../lib/curl-nonblock.$(OBJEXT) ../lib/curl-warnless.$(OBJEXT) am__objects_8 = $(am__objects_6) $(am__objects_7) $(am__objects_3) @@ -377,7 +375,9 @@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -394,6 +394,7 @@ GCOV = @GCOV@ GENHTML = @GENHTML@ GREP = @GREP@ +HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -612,7 +613,6 @@ tool_libinfo.c \ tool_main.c \ tool_metalink.c \ - tool_mfiles.c \ tool_msgs.c \ tool_operate.c \ tool_operhlp.c \ @@ -653,7 +653,6 @@ tool_libinfo.h \ tool_main.h \ tool_metalink.h \ - tool_mfiles.h \ tool_msgs.h \ tool_operate.h \ tool_operhlp.h \ @@ -862,7 +861,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl-tool_libinfo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl-tool_main.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl-tool_metalink.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl-tool_mfiles.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl-tool_msgs.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl-tool_operate.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl-tool_operhlp.Po@am__quote@ @@ -901,7 +899,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_libinfo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_main.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_metalink.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_mfiles.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_msgs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_operate.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_operhlp.Plo@am__quote@ @@ -1109,13 +1106,6 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurltool_la_CPPFLAGS) $(CPPFLAGS) $(libcurltool_la_CFLAGS) $(CFLAGS) -c -o libcurltool_la-tool_metalink.lo `test -f 'tool_metalink.c' || echo '$(srcdir)/'`tool_metalink.c -libcurltool_la-tool_mfiles.lo: tool_mfiles.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurltool_la_CPPFLAGS) $(CPPFLAGS) $(libcurltool_la_CFLAGS) $(CFLAGS) -MT libcurltool_la-tool_mfiles.lo -MD -MP -MF $(DEPDIR)/libcurltool_la-tool_mfiles.Tpo -c -o libcurltool_la-tool_mfiles.lo `test -f 'tool_mfiles.c' || echo '$(srcdir)/'`tool_mfiles.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurltool_la-tool_mfiles.Tpo $(DEPDIR)/libcurltool_la-tool_mfiles.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tool_mfiles.c' object='libcurltool_la-tool_mfiles.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurltool_la_CPPFLAGS) $(CPPFLAGS) $(libcurltool_la_CFLAGS) $(CFLAGS) -c -o libcurltool_la-tool_mfiles.lo `test -f 'tool_mfiles.c' || echo '$(srcdir)/'`tool_mfiles.c - libcurltool_la-tool_msgs.lo: tool_msgs.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurltool_la_CPPFLAGS) $(CPPFLAGS) $(libcurltool_la_CFLAGS) $(CFLAGS) -MT libcurltool_la-tool_msgs.lo -MD -MP -MF $(DEPDIR)/libcurltool_la-tool_msgs.Tpo -c -o libcurltool_la-tool_msgs.lo `test -f 'tool_msgs.c' || echo '$(srcdir)/'`tool_msgs.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurltool_la-tool_msgs.Tpo $(DEPDIR)/libcurltool_la-tool_msgs.Plo @@ -1571,20 +1561,6 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o curl-tool_metalink.obj `if test -f 'tool_metalink.c'; then $(CYGPATH_W) 'tool_metalink.c'; else $(CYGPATH_W) '$(srcdir)/tool_metalink.c'; fi` -curl-tool_mfiles.o: tool_mfiles.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT curl-tool_mfiles.o -MD -MP -MF $(DEPDIR)/curl-tool_mfiles.Tpo -c -o curl-tool_mfiles.o `test -f 'tool_mfiles.c' || echo '$(srcdir)/'`tool_mfiles.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/curl-tool_mfiles.Tpo $(DEPDIR)/curl-tool_mfiles.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tool_mfiles.c' object='curl-tool_mfiles.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o curl-tool_mfiles.o `test -f 'tool_mfiles.c' || echo '$(srcdir)/'`tool_mfiles.c - -curl-tool_mfiles.obj: tool_mfiles.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT curl-tool_mfiles.obj -MD -MP -MF $(DEPDIR)/curl-tool_mfiles.Tpo -c -o curl-tool_mfiles.obj `if test -f 'tool_mfiles.c'; then $(CYGPATH_W) 'tool_mfiles.c'; else $(CYGPATH_W) '$(srcdir)/tool_mfiles.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/curl-tool_mfiles.Tpo $(DEPDIR)/curl-tool_mfiles.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tool_mfiles.c' object='curl-tool_mfiles.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o curl-tool_mfiles.obj `if test -f 'tool_mfiles.c'; then $(CYGPATH_W) 'tool_mfiles.c'; else $(CYGPATH_W) '$(srcdir)/tool_mfiles.c'; fi` - curl-tool_msgs.o: tool_msgs.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT curl-tool_msgs.o -MD -MP -MF $(DEPDIR)/curl-tool_msgs.Tpo -c -o curl-tool_msgs.o `test -f 'tool_msgs.c' || echo '$(srcdir)/'`tool_msgs.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/curl-tool_msgs.Tpo $(DEPDIR)/curl-tool_msgs.Po diff -Nru curl-7.55.1/src/Makefile.inc curl-7.57.0/src/Makefile.inc --- curl-7.55.1/src/Makefile.inc 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/Makefile.inc 2017-11-09 22:40:36.000000000 +0000 @@ -45,7 +45,6 @@ tool_libinfo.c \ tool_main.c \ tool_metalink.c \ - tool_mfiles.c \ tool_msgs.c \ tool_operate.c \ tool_operhlp.c \ @@ -86,7 +85,6 @@ tool_libinfo.h \ tool_main.h \ tool_metalink.h \ - tool_mfiles.h \ tool_msgs.h \ tool_operate.h \ tool_operhlp.h \ diff -Nru curl-7.55.1/src/Makefile.m32 curl-7.57.0/src/Makefile.m32 --- curl-7.55.1/src/Makefile.m32 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/Makefile.m32 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1999 - 2015, Daniel Stenberg, , et al. +# Copyright (C) 1999 - 2017, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -22,8 +22,9 @@ ########################################################################### # -## Makefile for building curl.exe with MingW (GCC-3.2 or later) -## and optionally OpenSSL (1.0.2a), libssh2 (1.5), zlib (1.2.8), librtmp (2.4) +## Makefile for building curl.exe with MingW (GCC-3.2 or later or LLVM/Clang) +## and optionally OpenSSL (1.0.2a), libssh2 (1.5), zlib (1.2.8), librtmp (2.4), +## brotli (1.0.1) ## ## Usage: mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...] ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn @@ -38,6 +39,10 @@ ifndef ZLIB_PATH ZLIB_PATH = ../../zlib-1.2.8 endif +# Edit the path below to point to the base of your Brotli sources. +ifndef BROTLI_PATH +BROTLI_PATH = ../../brotli-1.0.1 +endif # Edit the path below to point to the base of your OpenSSL package. ifndef OPENSSL_PATH OPENSSL_PATH = ../../openssl-1.0.2a @@ -62,9 +67,9 @@ ifndef LIBXML2_PATH LIBXML2_PATH = ../../libxml2-2.9.2 endif -# Edit the path below to point to the base of your libidn package. -ifndef LIBIDN_PATH -LIBIDN_PATH = ../../libidn-1.32 +# Edit the path below to point to the base of your libidn2 package. +ifndef LIBIDN2_PATH +LIBIDN2_PATH = ../../libidn2-2.0.3 endif # Edit the path below to point to the base of your MS IDN package. # Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1 @@ -88,12 +93,19 @@ LIBCARES_PATH = $(PROOT)/ares endif -CC = $(CROSSPREFIX)gcc +ifeq ($(CURL_CC),) +CURL_CC := $(CROSSPREFIX)gcc +endif +ifeq ($(CURL_AR),) +CURL_AR := $(CROSSPREFIX)ar +endif + +CC = $(CURL_CC) CFLAGS = $(CURL_CFLAG_EXTRAS) -g -O2 -Wall -W CFLAGS += -fno-strict-aliasing # comment LDFLAGS below to keep debug info LDFLAGS = $(CURL_LDFLAG_EXTRAS) $(CURL_LDFLAG_EXTRAS_EXE) -s -AR = $(CROSSPREFIX)ar +AR = $(CURL_AR) RC = $(CROSSPREFIX)windres RCFLAGS = --include-dir=$(PROOT)/include -O COFF STRIP = $(CROSSPREFIX)strip -g @@ -168,9 +180,7 @@ endif ifeq ($(findstring -ssh2,$(CFG)),-ssh2) SSH2 = 1 -ifneq ($(findstring -winssl,$(CFG)),-winssl) SSL = 1 -endif ZLIB = 1 endif ifeq ($(findstring -ssl,$(CFG)),-ssl) @@ -179,8 +189,11 @@ ifeq ($(findstring -zlib,$(CFG)),-zlib) ZLIB = 1 endif -ifeq ($(findstring -idn,$(CFG)),-idn) -IDN = 1 +ifeq ($(findstring -brotli,$(CFG)),-brotli) +BROTLI = 1 +endif +ifeq ($(findstring -idn2,$(CFG)),-idn2) +IDN2 = 1 endif ifeq ($(findstring -winidn,$(CFG)),-winidn) WINIDN = 1 @@ -206,6 +219,11 @@ endif INCLUDES = -I. -I../include -I../lib +ifdef SSL + ifdef WINSSL + CFLAGS += -DCURL_WITH_MULTI_SSL + endif +endif ifdef DYN curl_DEPENDENCIES = $(PROOT)/lib/libcurldll.a $(PROOT)/lib/libcurl.dll @@ -274,19 +292,29 @@ INCLUDES += -I"$(OPENSSL_INCLUDE)" CFLAGS += -DUSE_OPENSSL curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS) -else +endif ifdef WINSSL + CFLAGS += -DUSE_SCHANNEL curl_LDADD += -lcrypt32 endif -endif ifdef ZLIB INCLUDES += -I"$(ZLIB_PATH)" CFLAGS += -DHAVE_LIBZ -DHAVE_ZLIB_H curl_LDADD += -L"$(ZLIB_PATH)" -lz endif -ifdef IDN - CFLAGS += -DUSE_LIBIDN - curl_LDADD += -L"$(LIBIDN_PATH)/lib" -lidn +ifdef BROTLI + INCLUDES += -I"$(BROTLI_PATH)/include" + CFLAGS += -DHAVE_BROTLI + curl_LDADD += -L"$(BROTLI_PATH)/lib" + ifdef BROTLI_LIBS + curl_LDADD += $(BROTLI_LIBS) + else + curl_LDADD += -lbrotlidec + endif +endif +ifdef IDN2 + CFLAGS += -DUSE_LIBIDN2 + curl_LDADD += -L"$(LIBIDN2_PATH)/lib" -lidn2 else ifdef WINIDN CFLAGS += -DUSE_WIN32_IDN @@ -307,9 +335,6 @@ endif ifdef SSPI CFLAGS += -DUSE_WINDOWS_SSPI - ifdef WINSSL - CFLAGS += -DUSE_SCHANNEL - endif endif ifdef IPV6 CFLAGS += -DENABLE_IPV6 -D_WIN32_WINNT=0x0501 diff -Nru curl-7.55.1/src/mkhelp.pl curl-7.57.0/src/mkhelp.pl --- curl-7.55.1/src/mkhelp.pl 2017-08-13 16:10:42.000000000 +0000 +++ curl-7.57.0/src/mkhelp.pl 2017-11-26 13:19:01.000000000 +0000 @@ -102,11 +102,9 @@ } close(READ); -$now = localtime; print <, et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -238,37 +238,40 @@ if(tracetype == TRACE_BIN) { /* hex not disabled, show it */ for(c = 0; c < width; c++) - if(i+c < size) - fprintf(stream, "%02x ", ptr[i+c]); + if(i + c < size) + fprintf(stream, "%02x ", ptr[i + c]); else fputs(" ", stream); } - for(c = 0; (c < width) && (i+c < size); c++) { + for(c = 0; (c < width) && (i + c < size); c++) { /* check for 0D0A; if found, skip past and start a new line of output */ if((tracetype == TRACE_ASCII) && - (i+c+1 < size) && (ptr[i+c] == 0x0D) && (ptr[i+c+1] == 0x0A)) { - i += (c+2-width); + (i + c + 1 < size) && (ptr[i + c] == 0x0D) && + (ptr[i + c + 1] == 0x0A)) { + i += (c + 2 - width); break; } #ifdef CURL_DOES_CONVERSIONS /* repeat the 0D0A check above but use the host encoding for CRLF */ if((tracetype == TRACE_ASCII) && - (i+c+1 < size) && (ptr[i+c] == '\r') && (ptr[i+c+1] == '\n')) { - i += (c+2-width); + (i + c + 1 < size) && (ptr[i + c] == '\r') && + (ptr[i + c + 1] == '\n')) { + i += (c + 2 - width); break; } /* convert to host encoding and print this character */ - fprintf(stream, "%c", convert_char(infotype, ptr[i+c])); + fprintf(stream, "%c", convert_char(infotype, ptr[i + c])); #else (void)infotype; - fprintf(stream, "%c", ((ptr[i+c] >= 0x20) && (ptr[i+c] < 0x80)) ? - ptr[i+c] : UNPRINTABLE_CHAR); + fprintf(stream, "%c", ((ptr[i + c] >= 0x20) && (ptr[i + c] < 0x80)) ? + ptr[i + c] : UNPRINTABLE_CHAR); #endif /* CURL_DOES_CONVERSIONS */ /* check again for 0D0A, to avoid an extra \n if it's at width */ if((tracetype == TRACE_ASCII) && - (i+c+2 < size) && (ptr[i+c+1] == 0x0D) && (ptr[i+c+2] == 0x0A)) { - i += (c+3-width); + (i + c + 2 < size) && (ptr[i + c + 1] == 0x0D) && + (ptr[i + c + 2] == 0x0A)) { + i += (c + 3 - width); break; } } diff -Nru curl-7.55.1/src/tool_cb_hdr.c curl-7.57.0/src/tool_cb_hdr.c --- curl-7.55.1/src/tool_cb_hdr.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/tool_cb_hdr.c 2017-11-10 16:47:30.000000000 +0000 @@ -146,7 +146,7 @@ char stop = '\0'; /* simple implementation of strndup() */ - copy = malloc(len+1); + copy = malloc(len + 1); if(!copy) return NULL; memcpy(copy, ptr, len); @@ -161,8 +161,13 @@ else stop = ';'; + /* scan for the end letter and stop there */ + q = strchr(p, stop); + if(q) + *q = '\0'; + /* if the filename contains a path, only use filename portion */ - q = strrchr(copy, '/'); + q = strrchr(p, '/'); if(q) { p = q + 1; if(!*p) { @@ -183,14 +188,6 @@ } } - /* scan for the end letter and stop there */ - for(q = p; *q; ++q) { - if(*q == stop) { - *q = '\0'; - break; - } - } - /* make sure the file name doesn't end in \r or \n */ q = strchr(p, '\r'); if(q) diff -Nru curl-7.55.1/src/tool_cb_prg.c curl-7.57.0/src/tool_cb_prg.c --- curl-7.55.1/src/tool_cb_prg.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/tool_cb_prg.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2014, 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -44,7 +44,7 @@ /* The original progress-bar source code was written for curl by Lars Aas, and this new edition inherits some of his concepts. */ - char line[MAX_BARLENGTH+1]; + char line[MAX_BARLENGTH + 1]; char format[40]; double frac; double percent; diff -Nru curl-7.55.1/src/tool_cfgable.c curl-7.57.0/src/tool_cfgable.c --- curl-7.55.1/src/tool_cfgable.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/tool_cfgable.c 2017-11-09 22:40:36.000000000 +0000 @@ -140,11 +140,11 @@ curl_slist_free_all(config->headers); curl_slist_free_all(config->proxyheaders); - if(config->httppost) { - curl_formfree(config->httppost); - config->httppost = NULL; + if(config->mimepost) { + curl_mime_free(config->mimepost); + config->mimepost = NULL; } - config->last_post = NULL; + config->mimecurrent = NULL; curl_slist_free_all(config->telnet_options); curl_slist_free_all(config->resolve); diff -Nru curl-7.55.1/src/tool_cfgable.h curl-7.57.0/src/tool_cfgable.h --- curl-7.55.1/src/tool_cfgable.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/tool_cfgable.h 2017-11-26 13:19:01.000000000 +0000 @@ -114,6 +114,7 @@ struct getout *url_last; /* point to the last/current node */ struct getout *url_get; /* point to the node to fill in URL */ struct getout *url_out; /* point to the node to fill in outfile */ + struct getout *url_ul; /* point to the node to fill in upload */ char *cipher_list; char *proxy_cipher_list; char *cert; @@ -170,8 +171,8 @@ time_t condtime; struct curl_slist *headers; struct curl_slist *proxyheaders; - struct curl_httppost *httppost; - struct curl_httppost *last_post; + curl_mime *mimepost; + curl_mime *mimecurrent; struct curl_slist *telnet_options; struct curl_slist *resolve; struct curl_slist *connect_to; @@ -247,6 +248,7 @@ from user callbacks */ curl_error synthetic_error; /* if non-zero, it overrides any libcurl error */ + bool ssh_compression; /* enable/disable SSH compression */ struct GlobalConfig *global; struct OperationConfig *prev; struct OperationConfig *next; /* Always last in the struct */ diff -Nru curl-7.55.1/src/tool_easysrc.c curl-7.57.0/src/tool_easysrc.c --- curl-7.55.1/src/tool_easysrc.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/tool_easysrc.c 2017-11-09 22:40:36.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -42,7 +42,7 @@ struct slist_wc *easysrc_code = NULL; /* Setopt calls */ struct slist_wc *easysrc_toohard = NULL; /* Unconvertible setopt */ struct slist_wc *easysrc_clean = NULL; /* Clean up allocated data */ -int easysrc_form_count = 0; +int easysrc_mime_count = 0; int easysrc_slist_count = 0; static const char *const srchead[]={ @@ -141,11 +141,11 @@ const char *c; CHKRET(easysrc_add(&easysrc_code, "")); /* Preamble comment */ - for(i=0; ((c = srchard[i]) != NULL); i++) + for(i = 0; ((c = srchard[i]) != NULL); i++) CHKRET(easysrc_add(&easysrc_code, c)); /* Each unconverted option */ if(easysrc_toohard) { - for(ptr=easysrc_toohard->first; ptr; ptr = ptr->next) + for(ptr = easysrc_toohard->first; ptr; ptr = ptr->next) CHKRET(easysrc_add(&easysrc_code, ptr->data)); } CHKRET(easysrc_add(&easysrc_code, "")); @@ -189,12 +189,12 @@ int i; const char *c; - for(i=0; ((c = srchead[i]) != NULL); i++) + for(i = 0; ((c = srchead[i]) != NULL); i++) fprintf(out, "%s\n", c); /* Declare variables used for complex setopt values */ if(easysrc_decl) { - for(ptr=easysrc_decl->first; ptr; ptr = ptr->next) + for(ptr = easysrc_decl->first; ptr; ptr = ptr->next) fprintf(out, " %s\n", ptr->data); } @@ -202,13 +202,13 @@ if(easysrc_data) { fprintf(out, "\n"); - for(ptr=easysrc_data->first; ptr; ptr = ptr->next) + for(ptr = easysrc_data->first; ptr; ptr = ptr->next) fprintf(out, " %s\n", ptr->data); } fprintf(out, "\n"); if(easysrc_code) { - for(ptr=easysrc_code->first; ptr; ptr = ptr->next) { + for(ptr = easysrc_code->first; ptr; ptr = ptr->next) { if(ptr->data[0]) { fprintf(out, " %s\n", ptr->data); } @@ -219,11 +219,11 @@ } if(easysrc_clean) { - for(ptr=easysrc_clean->first; ptr; ptr = ptr->next) + for(ptr = easysrc_clean->first; ptr; ptr = ptr->next) fprintf(out, " %s\n", ptr->data); } - for(i=0; ((c = srcend[i]) != NULL); i++) + for(i = 0; ((c = srcend[i]) != NULL); i++) fprintf(out, "%s\n", c); if(fopened) diff -Nru curl-7.55.1/src/tool_easysrc.h curl-7.57.0/src/tool_easysrc.h --- curl-7.55.1/src/tool_easysrc.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/tool_easysrc.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,7 +32,7 @@ extern struct slist_wc *easysrc_toohard; /* Unconvertible setopt */ extern struct slist_wc *easysrc_clean; /* Clean up (reverse order) */ -extern int easysrc_form_count; /* Number of curl_httppost variables */ +extern int easysrc_mime_count; /* Number of curl_mime variables */ extern int easysrc_slist_count; /* Number of curl_slist variables */ extern CURLcode easysrc_init(void); diff -Nru curl-7.55.1/src/tool_formparse.c curl-7.57.0/src/tool_formparse.c --- curl-7.55.1/src/tool_formparse.c 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/tool_formparse.c 2017-11-26 13:19:01.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -21,6 +21,7 @@ ***************************************************************************/ #include "tool_setup.h" +#include "mime.h" #include "strcase.h" #define ENABLE_CURLX_PRINTF @@ -29,25 +30,34 @@ #include "tool_cfgable.h" #include "tool_convert.h" -#include "tool_mfiles.h" #include "tool_msgs.h" +#include "tool_binmode.h" +#include "tool_getparam.h" +#include "tool_paramhlp.h" #include "tool_formparse.h" #include "memdebug.h" /* keep this as LAST include */ +/* Stdin parameters. */ +typedef struct { + char *data; /* Memory data. */ + curl_off_t origin; /* File read origin offset. */ + curl_off_t size; /* Data size. */ + curl_off_t curpos; /* Current read position. */ +} standard_input; + /* * helper function to get a word from form param * after call get_parm_word, str either point to string end * or point to any of end chars. */ -static char *get_param_word(char **str, char **end_pos) +static char *get_param_word(char **str, char **end_pos, char endchar) { char *ptr = *str; char *word_begin = NULL; char *ptr2; char *escape = NULL; - const char *end_chars = ";,"; /* the first non-space char is here */ word_begin = ptr; @@ -77,10 +87,10 @@ while(ptr < *end_pos); *end_pos = ptr2; } - while(*ptr && NULL==strchr(end_chars, *ptr)) + while(*ptr && *ptr != ';' && *ptr != endchar) ++ptr; *str = ptr; - return word_begin+1; + return word_begin + 1; } ++ptr; } @@ -88,12 +98,407 @@ ptr = word_begin; } - while(*ptr && NULL==strchr(end_chars, *ptr)) + while(*ptr && *ptr != ';' && *ptr != endchar) ++ptr; *str = *end_pos = ptr; return word_begin; } +/* Append slist item and return -1 if failed. */ +static int slist_append(struct curl_slist **plist, const char *data) +{ + struct curl_slist *s = curl_slist_append(*plist, data); + + if(!s) + return -1; + + *plist = s; + return 0; +} + +/* Read headers from a file and append to list. */ +static int read_field_headers(struct OperationConfig *config, + const char *filename, FILE *fp, + struct curl_slist **pheaders) +{ + size_t hdrlen = 0; + size_t pos = 0; + int c; + bool incomment = FALSE; + int lineno = 1; + char hdrbuf[999]; /* Max. header length + 1. */ + + for(;;) { + c = getc(fp); + if(c == EOF || (!pos && !ISSPACE(c))) { + /* Strip and flush the current header. */ + while(hdrlen && ISSPACE(hdrbuf[hdrlen - 1])) + hdrlen--; + if(hdrlen) { + hdrbuf[hdrlen] = '\0'; + if(slist_append(pheaders, hdrbuf)) { + fprintf(config->global->errors, + "Out of memory for field headers!\n"); + return -1; + } + hdrlen = 0; + } + } + + switch(c) { + case EOF: + if(ferror(fp)) { + fprintf(config->global->errors, + "Header file %s read error: %s\n", filename, strerror(errno)); + return -1; + } + return 0; /* Done. */ + case '\r': + continue; /* Ignore. */ + case '\n': + pos = 0; + incomment = FALSE; + lineno++; + continue; + case '#': + if(!pos) + incomment = TRUE; + break; + } + + pos++; + if(!incomment) { + if(hdrlen == sizeof hdrbuf - 1) { + warnf(config->global, "File %s line %d: header too long (truncated)\n", + filename, lineno); + c = ' '; + } + if(hdrlen <= sizeof hdrbuf - 1) + hdrbuf[hdrlen++] = (char) c; + } + } + /* NOTREACHED */ +} + +static int get_param_part(struct OperationConfig *config, char endchar, + char **str, char **pdata, char **ptype, + char **pfilename, char **pencoder, + struct curl_slist **pheaders) +{ + char *p = *str; + char *type = NULL; + char *filename = NULL; + char *encoder = NULL; + char *endpos; + char *tp; + char sep; + char type_major[128] = ""; + char type_minor[128] = ""; + char *endct = NULL; + struct curl_slist *headers = NULL; + + if(ptype) + *ptype = NULL; + if(pfilename) + *pfilename = NULL; + if(pheaders) + *pheaders = NULL; + if(pencoder) + *pencoder = NULL; + while(ISSPACE(*p)) + p++; + tp = p; + *pdata = get_param_word(&p, &endpos, endchar); + /* If not quoted, strip trailing spaces. */ + if(*pdata == tp) + while(endpos > *pdata && ISSPACE(endpos[-1])) + endpos--; + sep = *p; + *endpos = '\0'; + while(sep == ';') { + while(ISSPACE(*++p)) + ; + + if(!endct && checkprefix("type=", p)) { + for(p += 5; ISSPACE(*p); p++) + ; + /* set type pointer */ + type = p; + + /* verify that this is a fine type specifier */ + if(2 != sscanf(type, "%127[^/ ]/%127[^;, \n]", type_major, type_minor)) { + warnf(config->global, "Illegally formatted content-type field!\n"); + curl_slist_free_all(headers); + return -1; /* illegal content-type syntax! */ + } + + /* now point beyond the content-type specifier */ + p = type + strlen(type_major) + strlen(type_minor) + 1; + for(endct = p; *p && *p != ';' && *p != endchar; p++) + if(!ISSPACE(*p)) + endct = p + 1; + sep = *p; + } + else if(checkprefix("filename=", p)) { + if(endct) { + *endct = '\0'; + endct = NULL; + } + for(p += 9; ISSPACE(*p); p++) + ; + tp = p; + filename = get_param_word(&p, &endpos, endchar); + /* If not quoted, strip trailing spaces. */ + if(filename == tp) + while(endpos > filename && ISSPACE(endpos[-1])) + endpos--; + sep = *p; + *endpos = '\0'; + } + else if(checkprefix("headers=", p)) { + if(endct) { + *endct = '\0'; + endct = NULL; + } + p += 8; + if(*p == '@' || *p == '<') { + char *hdrfile; + FILE *fp; + /* Read headers from a file. */ + + do { + p++; + } while(ISSPACE(*p)); + tp = p; + hdrfile = get_param_word(&p, &endpos, endchar); + /* If not quoted, strip trailing spaces. */ + if(hdrfile == tp) + while(endpos > hdrfile && ISSPACE(endpos[-1])) + endpos--; + sep = *p; + *endpos = '\0'; + /* TODO: maybe special fopen for VMS? */ + fp = fopen(hdrfile, FOPEN_READTEXT); + if(!fp) + warnf(config->global, "Cannot read from %s: %s\n", hdrfile, + strerror(errno)); + else { + int i = read_field_headers(config, hdrfile, fp, &headers); + + fclose(fp); + if(i) { + curl_slist_free_all(headers); + return -1; + } + } + } + else { + char *hdr; + + while(ISSPACE(*p)) + p++; + tp = p; + hdr = get_param_word(&p, &endpos, endchar); + /* If not quoted, strip trailing spaces. */ + if(hdr == tp) + while(endpos > hdr && ISSPACE(endpos[-1])) + endpos--; + sep = *p; + *endpos = '\0'; + if(slist_append(&headers, hdr)) { + fprintf(config->global->errors, "Out of memory for field header!\n"); + curl_slist_free_all(headers); + return -1; + } + } + } + else if(checkprefix("encoder=", p)) { + if(endct) { + *endct = '\0'; + endct = NULL; + } + for(p += 8; ISSPACE(*p); p++) + ; + tp = p; + encoder = get_param_word(&p, &endpos, endchar); + /* If not quoted, strip trailing spaces. */ + if(encoder == tp) + while(endpos > encoder && ISSPACE(endpos[-1])) + endpos--; + sep = *p; + *endpos = '\0'; + } + else if(endct) { + /* This is part of content type. */ + for(endct = p; *p && *p != ';' && *p != endchar; p++) + if(!ISSPACE(*p)) + endct = p + 1; + sep = *p; + } + else { + /* unknown prefix, skip to next block */ + char *unknown = get_param_word(&p, &endpos, endchar); + + sep = *p; + *endpos = '\0'; + if(*unknown) + warnf(config->global, "skip unknown form field: %s\n", unknown); + } + } + + /* Terminate content type. */ + if(endct) + *endct = '\0'; + + if(ptype) + *ptype = type; + else if(type) + warnf(config->global, "Field content type not allowed here: %s\n", type); + + if(pfilename) + *pfilename = filename; + else if(filename) + warnf(config->global, + "Field file name not allowed here: %s\n", filename); + + if(pencoder) + *pencoder = encoder; + else if(encoder) + warnf(config->global, + "Field encoder not allowed here: %s\n", encoder); + + if(pheaders) + *pheaders = headers; + else if(headers) { + warnf(config->global, + "Field headers not allowed here: %s\n", headers->data); + curl_slist_free_all(headers); + } + + *str = p; + return sep & 0xFF; +} + + +/* Mime part callbacks for stdin. */ +static size_t stdin_read(char *buffer, size_t size, size_t nitems, void *arg) +{ + standard_input *sip = (standard_input *) arg; + curl_off_t bytesleft; + (void) size; /* Always 1: ignored. */ + + if(sip->curpos >= sip->size) + return 0; /* At eof. */ + bytesleft = sip->size - sip->curpos; + if((curl_off_t) nitems > bytesleft) + nitems = (size_t) bytesleft; + if(sip->data) { + /* Return data from memory. */ + memcpy(buffer, sip->data + (size_t) sip->curpos, nitems); + } + else { + /* Read from stdin. */ + nitems = fread(buffer, 1, nitems, stdin); + } + sip->curpos += nitems; + return nitems; +} + +static int stdin_seek(void *instream, curl_off_t offset, int whence) +{ + standard_input *sip = (standard_input *) instream; + + switch(whence) { + case SEEK_CUR: + offset += sip->curpos; + break; + case SEEK_END: + offset += sip->size; + break; + } + if(offset < 0) + return CURL_SEEKFUNC_CANTSEEK; + if(!sip->data) { + if(fseek(stdin, (long) (offset + sip->origin), SEEK_SET)) + return CURL_SEEKFUNC_CANTSEEK; + } + sip->curpos = offset; + return CURL_SEEKFUNC_OK; +} + +static void stdin_free(void *ptr) +{ + standard_input *sip = (standard_input *) ptr; + + Curl_safefree(sip->data); + free(sip); +} + +/* Set a part's data from a file, taking care about the pseudo filename "-" as + * a shortcut to read stdin: if so, use a callback to read OUR stdin (to + * workaround Windows DLL file handle caveat). + * If stdin is a regular file opened in binary mode, save current offset as + * origin for rewind and do not buffer data. Else read to EOF and keep in + * memory. In all cases, compute the stdin data size. + */ +static CURLcode file_or_stdin(curl_mimepart *part, const char *file) +{ + standard_input *sip = NULL; + int fd = -1; + CURLcode result = CURLE_OK; + struct_stat sbuf; + + if(strcmp(file, "-")) + return curl_mime_filedata(part, file); + + sip = (standard_input *) malloc(sizeof *sip); + if(!sip) + return CURLE_OUT_OF_MEMORY; + + memset((char *) sip, 0, sizeof *sip); + set_binmode(stdin); + + /* If stdin is a regular file, do not buffer data but read it when needed. */ + fd = fileno(stdin); + sip->origin = ftell(stdin); + if(fd >= 0 && sip->origin >= 0 && !fstat(fd, &sbuf) && +#ifdef __VMS + sbuf.st_fab_rfm != FAB$C_VAR && sbuf.st_fab_rfm != FAB$C_VFC && +#endif + S_ISREG(sbuf.st_mode)) { + sip->size = sbuf.st_size - sip->origin; + if(sip->size < 0) + sip->size = 0; + } + else { /* Not suitable for direct use, buffer stdin data. */ + size_t stdinsize = 0; + + sip->origin = 0; + if(file2memory(&sip->data, &stdinsize, stdin) != PARAM_OK) + result = CURLE_OUT_OF_MEMORY; + else { + if(!stdinsize) + sip->data = NULL; /* Has been freed if no data. */ + sip->size = stdinsize; + if(ferror(stdin)) + result = CURLE_READ_ERROR; + } + } + + /* Set remote file name. */ + if(!result) + result = curl_mime_filename(part, file); + + /* Set part's data from callback. */ + if(!result) + result = curl_mime_data_cb(part, sip->size, + stdin_read, stdin_seek, stdin_free, sip); + if(result) + stdin_free(sip); + return result; +} + + /*************************************************************************** * * formparse() @@ -143,219 +548,316 @@ int formparse(struct OperationConfig *config, const char *input, - struct curl_httppost **httppost, - struct curl_httppost **last_post, + curl_mime **mimepost, + curl_mime **mimecurrent, bool literal_value) { - /* nextarg MUST be a string in the format 'name=contents' and we'll + /* input MUST be a string in the format 'name=contents' and we'll build a linked list with the info */ - char name[256]; + char *name = NULL; char *contents = NULL; - char type_major[128] = ""; - char type_minor[128] = ""; char *contp; + char *data; char *type = NULL; - char *sep; - - if((1 == sscanf(input, "%255[^=]=", name)) && - ((contp = strchr(input, '=')) != NULL)) { - /* the input was using the correct format */ - - /* Allocate the contents */ - contents = strdup(contp+1); - if(!contents) { - fprintf(config->global->errors, "out of memory\n"); + char *filename = NULL; + char *encoder = NULL; + struct curl_slist *headers = NULL; + curl_mimepart *part = NULL; + CURLcode res; + int sep = '\0'; + + /* Allocate the main mime structure if needed. */ + if(!*mimepost) { + *mimepost = curl_mime_init(config->easy); + if(!*mimepost) { + warnf(config->global, "curl_mime_init failed!\n"); return 1; } - contp = contents; + *mimecurrent = *mimepost; + } - if('@' == contp[0] && !literal_value) { + /* Make a copy we can overwrite. */ + contents = strdup(input); + if(!contents) { + fprintf(config->global->errors, "out of memory\n"); + return 2; + } - /* we use the @-letter to indicate file name(s) */ + /* Scan for the end of the name. */ + contp = strchr(contents, '='); + if(contp) { + if(contp > contents) + name = contents; + *contp++ = '\0'; + + if(*contp == '(' && !literal_value) { + curl_mime *subparts; + + /* Starting a multipart. */ + sep = get_param_part(config, '\0', + &contp, &data, &type, NULL, NULL, &headers); + if(sep < 0) { + Curl_safefree(contents); + return 3; + } + subparts = curl_mime_init(config->easy); + if(!subparts) { + warnf(config->global, "curl_mime_init failed!\n"); + curl_slist_free_all(headers); + Curl_safefree(contents); + return 4; + } + part = curl_mime_addpart(*mimecurrent); + if(!part) { + warnf(config->global, "curl_mime_addpart failed!\n"); + curl_mime_free(subparts); + curl_slist_free_all(headers); + Curl_safefree(contents); + return 5; + } + if(curl_mime_subparts(part, subparts)) { + warnf(config->global, "curl_mime_subparts failed!\n"); + curl_mime_free(subparts); + curl_slist_free_all(headers); + Curl_safefree(contents); + return 6; + } + *mimecurrent = subparts; + if(curl_mime_headers(part, headers, 1)) { + warnf(config->global, "curl_mime_headers failed!\n"); + curl_slist_free_all(headers); + Curl_safefree(contents); + return 7; + } + if(curl_mime_type(part, type)) { + warnf(config->global, "curl_mime_type failed!\n"); + Curl_safefree(contents); + return 8; + } + } + else if(!name && !strcmp(contp, ")") && !literal_value) { + /* Ending a mutipart. */ + if(*mimecurrent == *mimepost) { + warnf(config->global, "no multipart to terminate!\n"); + Curl_safefree(contents); + return 9; + } + *mimecurrent = (*mimecurrent)->parent->parent; + } + else if('@' == contp[0] && !literal_value) { - struct multi_files *multi_start = NULL; - struct multi_files *multi_current = NULL; + /* we use the @-letter to indicate file name(s) */ - char *ptr = contp; - char *end = ptr + strlen(ptr); + curl_mime *subparts = NULL; do { /* since this was a file, it may have a content-type specifier at the end too, or a filename. Or both. */ - char *filename = NULL; - char *word_end; - bool semicolon; - - type = NULL; - - ++ptr; - contp = get_param_word(&ptr, &word_end); - semicolon = (';' == *ptr) ? TRUE : FALSE; - *word_end = '\0'; /* terminate the contp */ - - /* have other content, continue parse */ - while(semicolon) { - /* have type or filename field */ - ++ptr; - while(*ptr && (ISSPACE(*ptr))) - ++ptr; - - if(checkprefix("type=", ptr)) { - /* set type pointer */ - type = &ptr[5]; - - /* verify that this is a fine type specifier */ - if(2 != sscanf(type, "%127[^/]/%127[^;,\n]", - type_major, type_minor)) { - warnf(config->global, - "Illegally formatted content-type field!\n"); - Curl_safefree(contents); - FreeMultiInfo(&multi_start, &multi_current); - return 2; /* illegal content-type syntax! */ - } - - /* now point beyond the content-type specifier */ - sep = type + strlen(type_major)+strlen(type_minor)+1; - - /* there's a semicolon following - we check if it is a filename - specified and if not we simply assume that it is text that - the user wants included in the type and include that too up - to the next sep. */ - ptr = sep; - if(*sep==';') { - if(!checkprefix(";filename=", sep)) { - ptr = sep + 1; - (void)get_param_word(&ptr, &sep); - semicolon = (';' == *ptr) ? TRUE : FALSE; - } - } - else - semicolon = FALSE; + ++contp; + sep = get_param_part(config, ',', &contp, + &data, &type, &filename, &encoder, &headers); + if(sep < 0) { + if(subparts != *mimecurrent) + curl_mime_free(subparts); + Curl_safefree(contents); + return 10; + } - if(*sep) - *sep = '\0'; /* zero terminate type string */ - } - else if(checkprefix("filename=", ptr)) { - ptr += 9; - filename = get_param_word(&ptr, &word_end); - semicolon = (';' == *ptr) ? TRUE : FALSE; - *word_end = '\0'; - } + /* now contp point to comma or string end. + If more files to come, make sure we have multiparts. */ + if(!subparts) { + if(sep != ',') /* If there is a single file. */ + subparts = *mimecurrent; else { - /* unknown prefix, skip to next block */ - char *unknown = NULL; - unknown = get_param_word(&ptr, &word_end); - semicolon = (';' == *ptr) ? TRUE : FALSE; - if(*unknown) { - *word_end = '\0'; - warnf(config->global, "skip unknown form field: %s\n", unknown); + subparts = curl_mime_init(config->easy); + if(!subparts) { + warnf(config->global, "curl_mime_init failed!\n"); + curl_slist_free_all(headers); + Curl_safefree(contents); + return 11; } } } - /* now ptr point to comma or string end */ + /* Allocate a part for that file. */ + part = curl_mime_addpart(subparts); + if(!part) { + warnf(config->global, "curl_mime_addpart failed!\n"); + if(subparts != *mimecurrent) + curl_mime_free(subparts); + curl_slist_free_all(headers); + Curl_safefree(contents); + return 12; + } - /* if type == NULL curl_formadd takes care of the problem */ + /* Set part headers. */ + if(curl_mime_headers(part, headers, 1)) { + warnf(config->global, "curl_mime_headers failed!\n"); + if(subparts != *mimecurrent) + curl_mime_free(subparts); + curl_slist_free_all(headers); + Curl_safefree(contents); + return 13; + } - if(*contp && !AddMultiFiles(contp, type, filename, &multi_start, - &multi_current)) { - warnf(config->global, "Error building form post!\n"); + /* Setup file in part. */ + res = file_or_stdin(part, data); + if(res) { + warnf(config->global, "setting file %s failed!\n", data); + if(res != CURLE_READ_ERROR) { + if(subparts != *mimecurrent) + curl_mime_free(subparts); + Curl_safefree(contents); + return 14; + } + } + if(filename && curl_mime_filename(part, filename)) { + warnf(config->global, "curl_mime_filename failed!\n"); + if(subparts != *mimecurrent) + curl_mime_free(subparts); + Curl_safefree(contents); + return 15; + } + if(curl_mime_type(part, type)) { + warnf(config->global, "curl_mime_type failed!\n"); + if(subparts != *mimecurrent) + curl_mime_free(subparts); + Curl_safefree(contents); + return 16; + } + if(curl_mime_encoder(part, encoder)) { + warnf(config->global, "curl_mime_encoder failed!\n"); + if(subparts != *mimecurrent) + curl_mime_free(subparts); Curl_safefree(contents); - FreeMultiInfo(&multi_start, &multi_current); - return 3; + return 17; } - /* *ptr could be '\0', so we just check with the string end */ - } while(ptr < end); /* loop if there's another file name */ + /* *contp could be '\0', so we just check with the delimiter */ + } while(sep); /* loop if there's another file name */ /* now we add the multiple files section */ - if(multi_start) { - struct curl_forms *forms = NULL; - struct multi_files *start = multi_start; - unsigned int i, count = 0; - while(start) { - start = start->next; - ++count; - } - forms = malloc((count+1)*sizeof(struct curl_forms)); - if(!forms) { - fprintf(config->global->errors, "Error building form post!\n"); - Curl_safefree(contents); - FreeMultiInfo(&multi_start, &multi_current); - return 4; - } - for(i = 0, start = multi_start; i < count; ++i, start = start->next) { - forms[i].option = start->form.option; - forms[i].value = start->form.value; - } - forms[count].option = CURLFORM_END; - FreeMultiInfo(&multi_start, &multi_current); - if(curl_formadd(httppost, last_post, - CURLFORM_COPYNAME, name, - CURLFORM_ARRAY, forms, CURLFORM_END) != 0) { - warnf(config->global, "curl_formadd failed!\n"); - Curl_safefree(forms); + if(subparts != *mimecurrent) { + part = curl_mime_addpart(*mimecurrent); + if(!part) { + warnf(config->global, "curl_mime_addpart failed!\n"); + curl_mime_free(subparts); + Curl_safefree(contents); + return 18; + } + if(curl_mime_subparts(part, subparts)) { + warnf(config->global, "curl_mime_subparts failed!\n"); + curl_mime_free(subparts); Curl_safefree(contents); - return 5; + return 19; } - Curl_safefree(forms); } } else { - struct curl_forms info[4]; - int i = 0; - char *ct = literal_value ? NULL : strstr(contp, ";type="); - - info[i].option = CURLFORM_COPYNAME; - info[i].value = name; - i++; - - if(ct) { - info[i].option = CURLFORM_CONTENTTYPE; - info[i].value = &ct[6]; - i++; - ct[0] = '\0'; /* zero terminate here */ - } - - if(contp[0]=='<' && !literal_value) { - info[i].option = CURLFORM_FILECONTENT; - info[i].value = contp+1; - i++; - info[i].option = CURLFORM_END; - - if(curl_formadd(httppost, last_post, - CURLFORM_ARRAY, info, CURLFORM_END) != 0) { - warnf(config->global, "curl_formadd failed, possibly the file %s is " - "bad!\n", contp + 1); + /* Allocate a mime part. */ + part = curl_mime_addpart(*mimecurrent); + if(!part) { + warnf(config->global, "curl_mime_addpart failed!\n"); + Curl_safefree(contents); + return 20; + } + + if(*contp == '<' && !literal_value) { + ++contp; + sep = get_param_part(config, '\0', &contp, + &data, &type, NULL, &encoder, &headers); + if(sep < 0) { + Curl_safefree(contents); + return 21; + } + + /* Set part headers. */ + if(curl_mime_headers(part, headers, 1)) { + warnf(config->global, "curl_mime_headers failed!\n"); + curl_slist_free_all(headers); Curl_safefree(contents); - return 6; + return 22; + } + + /* Setup file in part. */ + res = file_or_stdin(part, data); + if(res) { + warnf(config->global, "setting file %s failed!\n", data); + if(res != CURLE_READ_ERROR) { + Curl_safefree(contents); + return 23; + } } } else { + if(literal_value) + data = contp; + else { + sep = get_param_part(config, '\0', &contp, + &data, &type, &filename, &encoder, &headers); + if(sep < 0) { + Curl_safefree(contents); + return 24; + } + } + + /* Set part headers. */ + if(curl_mime_headers(part, headers, 1)) { + warnf(config->global, "curl_mime_headers failed!\n"); + curl_slist_free_all(headers); + Curl_safefree(contents); + return 25; + } + #ifdef CURL_DOES_CONVERSIONS - if(convert_to_network(contp, strlen(contp))) { + if(convert_to_network(data, strlen(data))) { warnf(config->global, "curl_formadd failed!\n"); Curl_safefree(contents); - return 7; + return 26; } #endif - info[i].option = CURLFORM_COPYCONTENTS; - info[i].value = contp; - i++; - info[i].option = CURLFORM_END; - if(curl_formadd(httppost, last_post, - CURLFORM_ARRAY, info, CURLFORM_END) != 0) { - warnf(config->global, "curl_formadd failed!\n"); + + if(curl_mime_data(part, data, CURL_ZERO_TERMINATED)) { + warnf(config->global, "curl_mime_data failed!\n"); Curl_safefree(contents); - return 8; + return 27; } } + + if(curl_mime_filename(part, filename)) { + warnf(config->global, "curl_mime_filename failed!\n"); + Curl_safefree(contents); + return 28; + } + if(curl_mime_type(part, type)) { + warnf(config->global, "curl_mime_type failed!\n"); + Curl_safefree(contents); + return 29; + } + if(curl_mime_encoder(part, encoder)) { + warnf(config->global, "curl_mime_encoder failed!\n"); + Curl_safefree(contents); + return 30; + } + + if(sep) { + *contp = (char) sep; + warnf(config->global, + "garbage at end of field specification: %s\n", contp); + } } + /* Set part name. */ + if(name && curl_mime_name(part, name)) { + warnf(config->global, "curl_mime_name failed!\n"); + Curl_safefree(contents); + return 31; + } } else { warnf(config->global, "Illegally formatted input field!\n"); - return 1; + Curl_safefree(contents); + return 32; } Curl_safefree(contents); return 0; diff -Nru curl-7.55.1/src/tool_formparse.h curl-7.57.0/src/tool_formparse.h --- curl-7.55.1/src/tool_formparse.h 2017-08-07 22:42:29.000000000 +0000 +++ curl-7.57.0/src/tool_formparse.h 2017-11-09 22:40:36.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,8 +25,8 @@ int formparse(struct OperationConfig *config, const char *input, - struct curl_httppost **httppost, - struct curl_httppost **last_post, + curl_mime **mimepost, + curl_mime **mimecurrent, bool literal_value); #endif /* HEADER_CURL_TOOL_FORMPARSE_H */ diff -Nru curl-7.55.1/src/tool_getparam.c curl-7.57.0/src/tool_getparam.c --- curl-7.55.1/src/tool_getparam.c 2017-08-12 23:23:09.000000000 +0000 +++ curl-7.57.0/src/tool_getparam.c 2017-11-26 13:19:01.000000000 +0000 @@ -188,6 +188,7 @@ {"$W", "abstract-unix-socket", ARG_STRING}, {"$X", "tls-max", ARG_STRING}, {"$Y", "suppress-connect-headers", ARG_BOOL}, + {"$Z", "compressed-ssh", ARG_BOOL}, {"0", "http1.0", ARG_NONE}, {"01", "http1.1", ARG_NONE}, {"02", "http2", ARG_NONE}, @@ -448,7 +449,7 @@ if(('-' != flag[0]) || (('-' == flag[0]) && ('-' == flag[1]))) { /* this should be a long name */ - const char *word = ('-' == flag[0]) ? flag+2 : flag; + const char *word = ('-' == flag[0]) ? flag + 2 : flag; size_t fnam = strlen(word); int numhits = 0; @@ -491,7 +492,7 @@ if(!longopt) { letter = (char)*parse; - subletter='\0'; + subletter = '\0'; } else { letter = parse[0]; @@ -590,7 +591,11 @@ { /* We support G, M, K too */ char *unit; - curl_off_t value = curlx_strtoofft(nextarg, &unit, 0); + curl_off_t value; + if(curlx_strtoofft(nextarg, &unit, 0, &value)) { + warnf(global, "unsupported rate\n"); + return PARAM_BAD_USE; + } if(!*unit) unit = (char *)"b"; @@ -782,7 +787,7 @@ url = config->url_get; else /* there was no free node, create one! */ - url = new_getout(config); + config->url_get = url = new_getout(config); if(!url) return PARAM_NO_MEM; @@ -999,7 +1004,7 @@ #ifdef USE_METALINK int mlmaj, mlmin, mlpatch; metalink_get_version(&mlmaj, &mlmin, &mlpatch); - if((mlmaj*10000)+(mlmin*100)+mlpatch < CURL_REQ_LIBMETALINK_VERS) { + if((mlmaj*10000)+(mlmin*100) + mlpatch < CURL_REQ_LIBMETALINK_VERS) { warnf(global, "--metalink option cannot be used because the version of " "the linked libmetalink library is too old. " @@ -1072,6 +1077,9 @@ case 'Y': /* --suppress-connect-headers */ config->suppress_connect_headers = toggle; break; + case 'Z': /* --compressed-ssh */ + config->ssh_compression = toggle; + break; } break; case '#': /* --progress-bar */ @@ -1182,7 +1190,7 @@ config->resume_from_current = TRUE; config->resume_from = 0; } - config->use_resume=TRUE; + config->use_resume = TRUE; break; case 'd': /* postfield data */ @@ -1346,11 +1354,11 @@ memcpy(config->postfields, oldpost, (size_t)oldlen); /* use byte value 0x26 for '&' to accommodate non-ASCII platforms */ config->postfields[oldlen] = '\x26'; - memcpy(&config->postfields[oldlen+1], postdata, size); - config->postfields[oldlen+1+size] = '\0'; + memcpy(&config->postfields[oldlen + 1], postdata, size); + config->postfields[oldlen + 1 + size] = '\0'; Curl_safefree(oldpost); Curl_safefree(postdata); - config->postfieldsize += size+1; + config->postfieldsize += size + 1; } else { config->postfields = postdata; @@ -1598,11 +1606,11 @@ to sort this out slowly and carefully */ if(formparse(config, nextarg, - &config->httppost, - &config->last_post, - (subletter=='s')?TRUE:FALSE)) /* 's' means literal string */ + &config->mimepost, + &config->mimecurrent, + (subletter == 's')?TRUE:FALSE)) /* 's' is literal string */ return PARAM_BAD_USE; - if(SetHTTPrequest(config, HTTPREQ_FORMPOST, &config->httpreq)) + if(SetHTTPrequest(config, HTTPREQ_MIMEPOST, &config->httpreq)) return PARAM_BAD_USE; break; @@ -1779,7 +1787,7 @@ url = config->url_out; else /* there was no free node, create one! */ - url = new_getout(config); + config->url_out = url = new_getout(config); if(!url) return PARAM_NO_MEM; @@ -1843,10 +1851,13 @@ if(ISDIGIT(*nextarg) && !strchr(nextarg, '-')) { char buffer[32]; curl_off_t off; + if(curlx_strtoofft(nextarg, NULL, 10, &off)) { + warnf(global, "unsupported range point\n"); + return PARAM_BAD_USE; + } warnf(global, "A specified range MUST include at least one dash (-). " "Appending one for you!\n"); - off = curlx_strtoofft(nextarg, NULL, 10); snprintf(buffer, sizeof(buffer), "%" CURL_FORMAT_CURL_OFF_T "-", off); Curl_safefree(config->range); config->range = strdup(buffer); @@ -1901,23 +1912,23 @@ /* we are uploading */ { struct getout *url; - if(!config->url_out) - config->url_out = config->url_list; - if(config->url_out) { + if(!config->url_ul) + config->url_ul = config->url_list; + if(config->url_ul) { /* there's a node here, if it already is filled-in continue to find an "empty" node */ - while(config->url_out && (config->url_out->flags & GETOUT_UPLOAD)) - config->url_out = config->url_out->next; + while(config->url_ul && (config->url_ul->flags & GETOUT_UPLOAD)) + config->url_ul = config->url_ul->next; } /* now there might or might not be an available node to fill in! */ - if(config->url_out) + if(config->url_ul) /* existing node */ - url = config->url_out; + url = config->url_ul; else /* there was no free node, create one! */ - url = new_getout(config); + config->url_ul = url = new_getout(config); if(!url) return PARAM_NO_MEM; @@ -2042,7 +2053,7 @@ break; } now = time(NULL); - config->condtime=curl_getdate(nextarg, &now); + config->condtime = curl_getdate(nextarg, &now); if(-1 == (int)config->condtime) { /* now let's see if it is a file name to get the time from instead! */ struct_stat statbuf; diff -Nru curl-7.55.1/src/tool_help.c curl-7.57.0/src/tool_help.c --- curl-7.55.1/src/tool_help.c 2017-08-10 13:07:40.000000000 +0000 +++ curl-7.57.0/src/tool_help.c 2017-11-26 13:19:01.000000000 +0000 @@ -54,7 +54,7 @@ "Append to target file when uploading"}, {" --basic", "Use HTTP Basic Authentication"}, - {" --cacert ", + {" --cacert ", "CA certificate to verify peer against"}, {" --capath ", "CA directory to verify peer against"}, @@ -68,6 +68,8 @@ "SSL ciphers to use"}, {" --compressed", "Request compressed response"}, + {" --compressed-ssh", + "Enable SSH compression"}, {"-K, --config ", "Read config from a file"}, {" --connect-timeout ", @@ -129,9 +131,9 @@ {" --false-start", "Enable TLS False Start"}, {"-F, --form ", - "Specify HTTP multipart POST data"}, + "Specify multipart MIME data"}, {" --form-string ", - "Specify HTTP multipart POST data"}, + "Specify multipart MIME data"}, {" --ftp-account ", "Account data string"}, {" --ftp-alternative-to-user ", @@ -497,11 +499,13 @@ {"NTLM_WB", CURL_VERSION_NTLM_WB}, {"SSL", CURL_VERSION_SSL}, {"libz", CURL_VERSION_LIBZ}, + {"brotli", CURL_VERSION_BROTLI}, {"CharConv", CURL_VERSION_CONV}, {"TLS-SRP", CURL_VERSION_TLSAUTH_SRP}, {"HTTP2", CURL_VERSION_HTTP2}, {"UnixSockets", CURL_VERSION_UNIX_SOCKETS}, - {"HTTPS-proxy", CURL_VERSION_HTTPS_PROXY} + {"HTTPS-proxy", CURL_VERSION_HTTPS_PROXY}, + {"MultiSSL", CURL_VERSION_MULTI_SSL} }; void tool_help(void) diff -Nru curl-7.55.1/src/tool_hugehelp.c curl-7.57.0/src/tool_hugehelp.c --- curl-7.55.1/src/tool_hugehelp.c 2017-08-14 06:05:14.000000000 +0000 +++ curl-7.57.0/src/tool_hugehelp.c 2017-11-29 09:29:27.000000000 +0000 @@ -2,7 +2,6 @@ #ifndef HAVE_LIBZ /* * NEVER EVER edit this manually, fix the mkhelp.pl script instead! - * Generation time: Sun Aug 13 18:22:49 2017 */ #ifdef USE_MANUAL #include "tool_hugehelp.h" @@ -212,7 +211,7 @@ "\n" " See also --proxy-basic.\n" "\n" -" --cacert \n" +" --cacert \n" " (TLS) Tells curl to use the specified certificate file to verify\n" " the peer. The file may contain multiple CA certificates. The\n" , stdout); @@ -346,243 +345,249 @@ fputs( " If this option is used several times, the last one will be used.\n" "\n" +" --compressed-ssh\n" +" (SCP SFTP) Enables built-in SSH compression. This is a request,\n" +" not an order; the server may or may not do it.\n" +"\n" +" Added in 7.56.0.\n" +"\n" " --compressed\n" " (HTTP) Request a compressed response using one of the algorithms\n" -" curl supports, and save the uncompressed document. If this\n" -" option is used and the server sends an unsupported encoding,\n" +" curl supports, and save the uncompressed document. If this\n" +, stdout); + fputs( +" option is used and the server sends an unsupported encoding,\n" " curl will report an error.\n" "\n" " -K, --config \n" "\n" -" Specify a text file to read curl arguments from. The command\n" -, stdout); - fputs( -" line arguments found in the text file will be used as if they\n" +" Specify a text file to read curl arguments from. The command\n" +" line arguments found in the text file will be used as if they\n" " were provided on the command line.\n" "\n" -" Options and their parameters must be specified on the same line\n" -" in the file, separated by whitespace, colon, or the equals sign.\n" -" Long option names can optionally be given in the config file\n" -" without the initial double dashes and if so, the colon or equals\n" +" Options and their parameters must be specified on the same line\n" , stdout); fputs( +" in the file, separated by whitespace, colon, or the equals sign.\n" +" Long option names can optionally be given in the config file\n" +" without the initial double dashes and if so, the colon or equals\n" " characters can be used as separators. If the option is specified\n" -" with one or two dashes, there can be no colon or equals charac-\n" +" with one or two dashes, there can be no colon or equals charac-\n" " ter between the option and its parameter.\n" "\n" -" If the parameter is to contain whitespace, the parameter must be\n" -" enclosed within quotes. Within double quotes, the following\n" -" escape sequences are available: \\\\, \\\", \\t, \\n, \\r and \\v. A\n" , stdout); fputs( -" backslash preceding any other letter is ignored. If the first\n" +" If the parameter is to contain whitespace, the parameter must be\n" +" enclosed within quotes. Within double quotes, the following\n" +" escape sequences are available: \\\\, \\\", \\t, \\n, \\r and \\v. A\n" +" backslash preceding any other letter is ignored. If the first\n" " column of a config line is a '#' character, the rest of the line\n" " will be treated as a comment. Only write one option per physical\n" +, stdout); + fputs( " line in the config file.\n" "\n" -" Specify the filename to -K, --config as '-' to make curl read\n" +" Specify the filename to -K, --config as '-' to make curl read\n" " the file from stdin.\n" "\n" -" Note that to be able to specify a URL in the config file, you\n" -, stdout); - fputs( -" need to specify it using the --url option, and not by simply\n" -" writing the URL on its own line. So, it could look similar to\n" +" Note that to be able to specify a URL in the config file, you\n" +" need to specify it using the --url option, and not by simply\n" +" writing the URL on its own line. So, it could look similar to\n" " this:\n" "\n" " url = \"https://curl.haxx.se/docs/\"\n" "\n" -" When curl is invoked, it (unless -q, --disable is used) checks\n" +, stdout); + fputs( +" When curl is invoked, it (unless -q, --disable is used) checks\n" " for a default config file and uses it if found. The default con-\n" " fig file is checked for in the following places in this order:\n" "\n" +" 1) curl tries to find the \"home dir\": It first checks for the\n" +" CURL_HOME and then the HOME environment variables. Failing that,\n" +" it uses getpwuid() on Unix-like systems (which returns the home\n" , stdout); fputs( -" 1) curl tries to find the \"home dir\": It first checks for the\n" -" CURL_HOME and then the HOME environment variables. Failing that,\n" -" it uses getpwuid() on Unix-like systems (which returns the home\n" -" dir given the current user in your system). On Windows, it then\n" +" dir given the current user in your system). On Windows, it then\n" " checks for the APPDATA variable, or as a last resort the '%USER-\n" " PROFILE%\\Application Data'.\n" "\n" -, stdout); - fputs( -" 2) On windows, if there is no _curlrc file in the home dir, it\n" +" 2) On windows, if there is no _curlrc file in the home dir, it\n" " checks for one in the same dir the curl executable is placed. On\n" -" Unix-like systems, it will simply try to load .curlrc from the\n" +" Unix-like systems, it will simply try to load .curlrc from the\n" " determined home dir.\n" "\n" +, stdout); + fputs( " # --- Example file ---\n" " # this is a comment\n" " url = \"example.com\"\n" " output = \"curlhere.html\"\n" " user-agent = \"superagent/1.0\"\n" "\n" -, stdout); - fputs( " # and fetch another URL too\n" " url = \"example.com/docs/manpage.html\"\n" " -O\n" " referer = \"http://nowhereatall.example.com/\"\n" " # --- End of example file ---\n" "\n" -" This option can be used multiple times to load multiple config\n" +" This option can be used multiple times to load multiple config\n" +, stdout); + fputs( " files.\n" "\n" " --connect-timeout \n" -" Maximum time in seconds that you allow curl's connection to\n" -, stdout); - fputs( -" take. This only limits the connection phase, so if curl con-\n" -" nects within the given period it will continue - if not it will\n" +" Maximum time in seconds that you allow curl's connection to\n" +" take. This only limits the connection phase, so if curl con-\n" +" nects within the given period it will continue - if not it will\n" " exit. Since version 7.32.0, this option accepts decimal values.\n" " If this option is used several times, the last one will be used.\n" "\n" " See also -m, --max-time.\n" "\n" +, stdout); + fputs( " --connect-to \n" "\n" " For a request to the given HOST1:PORT1 pair, connect to\n" -, stdout); - fputs( " HOST2:PORT2 instead. This option is suitable to direct requests\n" " at a specific server, e.g. at a specific cluster node in a clus-\n" -" ter of servers. This option is only used to establish the net-\n" -" work connection. It does NOT affect the hostname/port that is\n" -" used for TLS/SSL (e.g. SNI, certificate verification) or for the\n" -" application protocols. \"HOST1\" and \"PORT1\" may be the empty\n" +" ter of servers. This option is only used to establish the net-\n" +" work connection. It does NOT affect the hostname/port that is\n" , stdout); fputs( +" used for TLS/SSL (e.g. SNI, certificate verification) or for the\n" +" application protocols. \"HOST1\" and \"PORT1\" may be the empty\n" " string, meaning \"any host/port\". \"HOST2\" and \"PORT2\" may also be\n" -" the empty string, meaning \"use the request's original\n" +" the empty string, meaning \"use the request's original\n" " host/port\".\n" "\n" " A \"host\" specified to this option is compared as a string, so it\n" -" needs to match the name used in request URL. It can be either\n" -" numerical such as \"127.0.0.1\" or the full host name such as\n" -" \"example.org\".\n" -"\n" , stdout); fputs( +" needs to match the name used in request URL. It can be either\n" +" numerical such as \"127.0.0.1\" or the full host name such as\n" +" \"example.org\".\n" +"\n" " This option can be used many times to add many connect rules.\n" "\n" " See also --resolve and -H, --header. Added in 7.49.0.\n" "\n" " -C, --continue-at \n" -" Continue/Resume a previous file transfer at the given offset.\n" -" The given offset is the exact number of bytes that will be\n" -" skipped, counting from the beginning of the source file before\n" -" it is transferred to the destination. If used with uploads, the\n" +" Continue/Resume a previous file transfer at the given offset.\n" , stdout); fputs( +" The given offset is the exact number of bytes that will be\n" +" skipped, counting from the beginning of the source file before\n" +" it is transferred to the destination. If used with uploads, the\n" " FTP server command SIZE will not be used by curl.\n" "\n" -" Use \"-C -\" to tell curl to automatically find out where/how to\n" -" resume the transfer. It then uses the given output/input files\n" +" Use \"-C -\" to tell curl to automatically find out where/how to\n" +" resume the transfer. It then uses the given output/input files\n" " to figure that out.\n" "\n" +, stdout); + fputs( " If this option is used several times, the last one will be used.\n" "\n" " See also -r, --range.\n" "\n" " -c, --cookie-jar \n" -" (HTTP) Specify to which file you want curl to write all cookies\n" +" (HTTP) Specify to which file you want curl to write all cookies\n" +" after a completed operation. Curl writes all cookies from its\n" +" in-memory cookie storage to the given file at the end of opera-\n" +" tions. If no cookies are known, no data will be written. The\n" , stdout); fputs( -" after a completed operation. Curl writes all cookies from its\n" -" in-memory cookie storage to the given file at the end of opera-\n" -" tions. If no cookies are known, no data will be written. The\n" -" file will be written using the Netscape cookie file format. If\n" +" file will be written using the Netscape cookie file format. If\n" " you set the file name to a single dash, \"-\", the cookies will be\n" " written to stdout.\n" "\n" -, stdout); - fputs( -" This command line option will activate the cookie engine that\n" +" This command line option will activate the cookie engine that\n" " makes curl record and use cookies. Another way to activate it is\n" " to use the -b, --cookie option.\n" "\n" " If the cookie jar can't be created or written to, the whole curl\n" -" operation won't fail or even report an error clearly. Using -v,\n" -" --verbose will get a warning displayed, but that is the only\n" , stdout); fputs( +" operation won't fail or even report an error clearly. Using -v,\n" +" --verbose will get a warning displayed, but that is the only\n" " visible feedback you get about this possibly lethal situation.\n" "\n" -" If this option is used several times, the last specified file\n" +" If this option is used several times, the last specified file\n" " name will be used.\n" "\n" " -b, --cookie \n" " (HTTP) Pass the data to the HTTP server in the Cookie header. It\n" -" is supposedly the data previously received from the server in a\n" -" \"Set-Cookie:\" line. The data should be in the format\n" +, stdout); + fputs( +" is supposedly the data previously received from the server in a\n" +" \"Set-Cookie:\" line. The data should be in the format\n" " \"NAME1=VALUE1; NAME2=VALUE2\".\n" "\n" +" If no '=' symbol is used in the argument, it is instead treated\n" +" as a filename to read previously stored cookie from. This option\n" +" also activates the cookie engine which will make curl record\n" , stdout); fputs( -" If no '=' symbol is used in the argument, it is instead treated\n" -" as a filename to read previously stored cookie from. This option\n" -" also activates the cookie engine which will make curl record\n" -" incoming cookies, which may be handy if you're using this in\n" -" combination with the -L, --location option or do multiple URL\n" +" incoming cookies, which may be handy if you're using this in\n" +" combination with the -L, --location option or do multiple URL\n" " transfers on the same invoke.\n" "\n" -, stdout); - fputs( " The file format of the file to read cookies from should be plain\n" -" HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie\n" +" HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie\n" " file format.\n" "\n" -" The file specified with -b, --cookie is only used as input. No\n" -" cookies will be written to the file. To store cookies, use the\n" -" -c, --cookie-jar option.\n" -"\n" -" Exercise caution if you are using this option and multiple\n" +" The file specified with -b, --cookie is only used as input. No\n" , stdout); fputs( +" cookies will be written to the file. To store cookies, use the\n" +" -c, --cookie-jar option.\n" +"\n" +" Exercise caution if you are using this option and multiple\n" " transfers may occur. If you use the NAME1=VALUE1; format, or in\n" -" a file use the Set-Cookie format and don't specify a domain,\n" +" a file use the Set-Cookie format and don't specify a domain,\n" " then the cookie is sent for any domain (even after redirects are\n" -" followed) and cannot be modified by a server-set cookie. If the\n" -" cookie engine is enabled and a server sets a cookie of the same\n" -" name then both will be sent on a future transfer to that server,\n" , stdout); fputs( -" likely not what you intended. To address these issues set a\n" -" domain in Set-Cookie (doing that will include sub domains) or\n" +" followed) and cannot be modified by a server-set cookie. If the\n" +" cookie engine is enabled and a server sets a cookie of the same\n" +" name then both will be sent on a future transfer to that server,\n" +" likely not what you intended. To address these issues set a\n" +" domain in Set-Cookie (doing that will include sub domains) or\n" " use the Netscape format.\n" "\n" -" If this option is used several times, the last one will be used.\n" -" Users very often want to both read cookies from a file and write\n" -" updated cookies back to a file, so using both -b, --cookie and\n" , stdout); fputs( +" If this option is used several times, the last one will be used.\n" +" Users very often want to both read cookies from a file and write\n" +" updated cookies back to a file, so using both -b, --cookie and\n" " -c, --cookie-jar in the same command line is common.\n" "\n" " --create-dirs\n" " When used in conjunction with the -o, --output option, curl will\n" -" create the necessary local directory hierarchy as needed. This\n" -" option creates the dirs mentioned with the -o, --output option,\n" -" nothing else. If the --output file name uses no dir or if the\n" -" dirs it mentions already exist, no dir will be created.\n" -"\n" +" create the necessary local directory hierarchy as needed. This\n" , stdout); fputs( -" To create remote directories when using FTP or SFTP, try --ftp-\n" +" option creates the dirs mentioned with the -o, --output option,\n" +" nothing else. If the --output file name uses no dir or if the\n" +" dirs it mentions already exist, no dir will be created.\n" +"\n" +" To create remote directories when using FTP or SFTP, try --ftp-\n" " create-dirs.\n" "\n" -" --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS\n" +" --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS\n" " (OS/390).\n" "\n" " (SMTP added in 7.40.0)\n" "\n" +, stdout); + fputs( " --crlfile \n" " (TLS) Provide a file using PEM format with a Certificate Revoca-\n" " tion List that may specify peer certificates that are to be con-\n" " sidered revoked.\n" "\n" -, stdout); - fputs( " If this option is used several times, the last one will be used.\n" "\n" " Added in 7.19.7.\n" @@ -591,241 +596,241 @@ " (HTTP) This is just an alias for -d, --data.\n" "\n" " --data-binary \n" -" (HTTP) This posts data exactly as specified with no extra pro-\n" -" cessing whatsoever.\n" -"\n" -" If you start the data with the letter @, the rest should be a\n" -" filename. Data is posted in a similar manner as -d, --data\n" , stdout); fputs( -" does, except that newlines and carriage returns are preserved\n" +" (HTTP) This posts data exactly as specified with no extra pro-\n" +" cessing whatsoever.\n" +"\n" +" If you start the data with the letter @, the rest should be a\n" +" filename. Data is posted in a similar manner as -d, --data\n" +" does, except that newlines and carriage returns are preserved\n" " and conversions are never done.\n" "\n" -" If this option is used several times, the ones following the\n" +" If this option is used several times, the ones following the\n" +, stdout); + fputs( " first will append data as described in -d, --data.\n" "\n" " --data-raw \n" -" (HTTP) This posts data similarly to -d, --data but without the\n" +" (HTTP) This posts data similarly to -d, --data but without the\n" " special interpretation of the @ character.\n" "\n" " See also -d, --data. Added in 7.43.0.\n" "\n" -, stdout); - fputs( " --data-urlencode \n" -" (HTTP) This posts data, similar to the other -d, --data options\n" +" (HTTP) This posts data, similar to the other -d, --data options\n" " with the exception that this performs URL-encoding.\n" "\n" -" To be CGI-compliant, the part should begin with a name\n" -" followed by a separator and a content specification. The \n" +, stdout); + fputs( +" To be CGI-compliant, the part should begin with a name\n" +" followed by a separator and a content specification. The \n" " part can be passed to curl using one of the following syntaxes:\n" "\n" " content\n" +" This will make curl URL-encode the content and pass that\n" +" on. Just be careful so that the content doesn't contain\n" +" any = or @ symbols, as that will then make the syntax\n" , stdout); fputs( -" This will make curl URL-encode the content and pass that\n" -" on. Just be careful so that the content doesn't contain\n" -" any = or @ symbols, as that will then make the syntax\n" " match one of the other cases below!\n" "\n" " =content\n" -" This will make curl URL-encode the content and pass that\n" +" This will make curl URL-encode the content and pass that\n" " on. The preceding = symbol is not included in the data.\n" "\n" -, stdout); - fputs( " name=content\n" -" This will make curl URL-encode the content part and pass\n" -" that on. Note that the name part is expected to be URL-\n" +" This will make curl URL-encode the content part and pass\n" +" that on. Note that the name part is expected to be URL-\n" " encoded already.\n" "\n" " @filename\n" -" This will make curl load data from the given file\n" -" (including any newlines), URL-encode that data and pass\n" +, stdout); + fputs( +" This will make curl load data from the given file\n" +" (including any newlines), URL-encode that data and pass\n" " it on in the POST.\n" "\n" " name@filename\n" +" This will make curl load data from the given file\n" +" (including any newlines), URL-encode that data and pass\n" +" it on in the POST. The name part gets an equal sign\n" , stdout); fputs( -" This will make curl load data from the given file\n" -" (including any newlines), URL-encode that data and pass\n" -" it on in the POST. The name part gets an equal sign\n" " appended, resulting in name=urlencoded-file-content. Note\n" " that the name is expected to be URL-encoded already.\n" " See also -d, --data and --data-raw. Added in 7.18.0.\n" "\n" " -d, --data \n" +" (HTTP) Sends the specified data in a POST request to the HTTP\n" +" server, in the same way that a browser does when a user has\n" +" filled in an HTML form and presses the submit button. This will\n" , stdout); fputs( -" (HTTP) Sends the specified data in a POST request to the HTTP\n" -" server, in the same way that a browser does when a user has\n" -" filled in an HTML form and presses the submit button. This will\n" " cause curl to pass the data to the server using the content-type\n" " application/x-www-form-urlencoded. Compare to -F, --form.\n" "\n" " --data-raw is almost the same but does not have a special inter-\n" -, stdout); - fputs( -" pretation of the @ character. To post data purely binary, you\n" -" should instead use the --data-binary option. To URL-encode the\n" +" pretation of the @ character. To post data purely binary, you\n" +" should instead use the --data-binary option. To URL-encode the\n" " value of a form field you may use --data-urlencode.\n" "\n" -" If any of these options is used more than once on the same com-\n" -" mand line, the data pieces specified will be merged together\n" -" with a separating &-symbol. Thus, using '-d name=daniel -d\n" , stdout); fputs( +" If any of these options is used more than once on the same com-\n" +" mand line, the data pieces specified will be merged together\n" +" with a separating &-symbol. Thus, using '-d name=daniel -d\n" " skill=lousy' would generate a post chunk that looks like\n" " 'name=daniel&skill=lousy'.\n" "\n" -" If you start the data with the letter @, the rest should be a\n" -" file name to read the data from, or - if you want curl to read\n" -" the data from stdin. Multiple files can also be specified. Post-\n" -" ing data from a file named from a file like that, carriage\n" +" If you start the data with the letter @, the rest should be a\n" , stdout); fputs( +" file name to read the data from, or - if you want curl to read\n" +" the data from stdin. Multiple files can also be specified. Post-\n" +" ing data from a file named from a file like that, carriage\n" " returns and newlines will be stripped out. If you don't want the\n" -" @ character to have a special interpretation use --data-raw\n" +" @ character to have a special interpretation use --data-raw\n" " instead.\n" "\n" " See also --data-binary and --data-urlencode and --data-raw. This\n" +, stdout); + fputs( " option overrides -F, --form and -I, --head and --upload.\n" "\n" " --delegation \n" -" (GSS/kerberos) Set LEVEL to tell the server what it is allowed\n" -, stdout); - fputs( +" (GSS/kerberos) Set LEVEL to tell the server what it is allowed\n" " to delegate when it comes to user credentials.\n" "\n" " none Don't allow any delegation.\n" "\n" -" policy Delegates if and only if the OK-AS-DELEGATE flag is set\n" -" in the Kerberos service ticket, which is a matter of\n" +" policy Delegates if and only if the OK-AS-DELEGATE flag is set\n" +" in the Kerberos service ticket, which is a matter of\n" " realm policy.\n" "\n" +, stdout); + fputs( " always Unconditionally allow the server to delegate.\n" "\n" " --digest\n" -" (HTTP) Enables HTTP Digest authentication. This is an authenti-\n" -, stdout); - fputs( -" cation scheme that prevents the password from being sent over\n" -" the wire in clear text. Use this in combination with the normal\n" +" (HTTP) Enables HTTP Digest authentication. This is an authenti-\n" +" cation scheme that prevents the password from being sent over\n" +" the wire in clear text. Use this in combination with the normal\n" " -u, --user option to set user name and password.\n" "\n" -" If this option is used several times, only the first one is\n" +" If this option is used several times, only the first one is\n" " used.\n" "\n" -" See also -u, --user and --proxy-digest and --anyauth. This\n" +, stdout); + fputs( +" See also -u, --user and --proxy-digest and --anyauth. This\n" " option overrides --basic and --ntlm and --negotiate.\n" "\n" " --disable-eprt\n" -, stdout); - fputs( " (FTP) Tell curl to disable the use of the EPRT and LPRT commands\n" " when doing active FTP transfers. Curl will normally always first\n" -" attempt to use EPRT, then LPRT before using PORT, but with this\n" -" option, it will use PORT right away. EPRT and LPRT are exten-\n" -" sions to the original FTP protocol, and may not work on all\n" -" servers, but they enable more functionality in a better way than\n" +" attempt to use EPRT, then LPRT before using PORT, but with this\n" +" option, it will use PORT right away. EPRT and LPRT are exten-\n" , stdout); fputs( +" sions to the original FTP protocol, and may not work on all\n" +" servers, but they enable more functionality in a better way than\n" " the traditional PORT command.\n" "\n" " --eprt can be used to explicitly enable EPRT again and --no-eprt\n" " is an alias for --disable-eprt.\n" "\n" -" If the server is accessed using IPv6, this option will have no\n" +" If the server is accessed using IPv6, this option will have no\n" " effect as EPRT is necessary then.\n" "\n" -" Disabling EPRT only changes the active behavior. If you want to\n" -" switch to passive mode you need to not use -P, --ftp-port or\n" -" force it with --ftp-pasv.\n" -"\n" , stdout); fputs( +" Disabling EPRT only changes the active behavior. If you want to\n" +" switch to passive mode you need to not use -P, --ftp-port or\n" +" force it with --ftp-pasv.\n" +"\n" " --disable-epsv\n" -" (FTP) (FTP) Tell curl to disable the use of the EPSV command\n" -" when doing passive FTP transfers. Curl will normally always\n" -" first attempt to use EPSV before PASV, but with this option, it\n" +" (FTP) (FTP) Tell curl to disable the use of the EPSV command\n" +" when doing passive FTP transfers. Curl will normally always\n" +" first attempt to use EPSV before PASV, but with this option, it\n" " will not try using EPSV.\n" "\n" +, stdout); + fputs( " --epsv can be used to explicitly enable EPSV again and --no-epsv\n" " is an alias for --disable-epsv.\n" "\n" -, stdout); - fputs( -" If the server is an IPv6 host, this option will have no effect\n" +" If the server is an IPv6 host, this option will have no effect\n" " as EPSV is necessary then.\n" "\n" " Disabling EPSV only changes the passive behavior. If you want to\n" " switch to active mode you need to use -P, --ftp-port.\n" "\n" " -q, --disable\n" -" If used as the first parameter on the command line, the curlrc\n" -" config file will not be read and used. See the -K, --config for\n" +" If used as the first parameter on the command line, the curlrc\n" , stdout); fputs( +" config file will not be read and used. See the -K, --config for\n" " details on the default config file search path.\n" "\n" " --dns-interface \n" -" (DNS) Tell curl to send outgoing DNS requests through . This option is a counterpart to --interface (which does\n" -" not affect DNS). The supplied string must be an interface name\n" +" (DNS) Tell curl to send outgoing DNS requests through . This option is a counterpart to --interface (which does\n" +" not affect DNS). The supplied string must be an interface name\n" " (not an address).\n" "\n" -" See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface\n" , stdout); fputs( -" requires that the underlying libcurl was built to support c-\n" +" See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface\n" +" requires that the underlying libcurl was built to support c-\n" " ares. Added in 7.33.0.\n" "\n" " --dns-ipv4-addr
\n" -" (DNS) Tell curl to bind to when making IPv4 DNS\n" -" requests, so that the DNS requests originate from this address.\n" +" (DNS) Tell curl to bind to when making IPv4 DNS\n" +" requests, so that the DNS requests originate from this address.\n" " The argument should be a single IPv4 address.\n" "\n" -" See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr\n" , stdout); fputs( -" requires that the underlying libcurl was built to support c-\n" +" See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr\n" +" requires that the underlying libcurl was built to support c-\n" " ares. Added in 7.33.0.\n" "\n" " --dns-ipv6-addr
\n" -" (DNS) Tell curl to bind to when making IPv6 DNS\n" -" requests, so that the DNS requests originate from this address.\n" +" (DNS) Tell curl to bind to when making IPv6 DNS\n" +" requests, so that the DNS requests originate from this address.\n" " The argument should be a single IPv6 address.\n" "\n" -" See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr\n" , stdout); fputs( -" requires that the underlying libcurl was built to support c-\n" +" See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr\n" +" requires that the underlying libcurl was built to support c-\n" " ares. Added in 7.33.0.\n" "\n" " --dns-servers \n" -" Set the list of DNS servers to be used instead of the system\n" +" Set the list of DNS servers to be used instead of the system\n" " default. The list of IP addresses should be separated with com-\n" " mas. Port numbers may also optionally be given as :\n" -" after each IP address.\n" -"\n" , stdout); fputs( -" --dns-servers requires that the underlying libcurl was built to\n" +" after each IP address.\n" +"\n" +" --dns-servers requires that the underlying libcurl was built to\n" " support c-ares. Added in 7.33.0.\n" "\n" " -D, --dump-header \n" -" (HTTP FTP) Write the received protocol headers to the specified\n" +" (HTTP FTP) Write the received protocol headers to the specified\n" " file.\n" "\n" -" This option is handy to use when you want to store the headers\n" -" that an HTTP site sends to you. Cookies from the headers could\n" -" then be read in a second curl invocation by using the -b,\n" +" This option is handy to use when you want to store the headers\n" +" that an HTTP site sends to you. Cookies from the headers could\n" , stdout); fputs( -" --cookie option! The -c, --cookie-jar option is a better way to\n" +" then be read in a second curl invocation by using the -b,\n" +" --cookie option! The -c, --cookie-jar option is a better way to\n" " store cookies.\n" "\n" -" When used in FTP, the FTP server response lines are considered\n" +" When used in FTP, the FTP server response lines are considered\n" " being \"headers\" and thus are saved there.\n" "\n" " If this option is used several times, the last one will be used.\n" @@ -833,134 +838,149 @@ " See also -o, --output.\n" "\n" " --egd-file \n" -" (TLS) Specify the path name to the Entropy Gathering Daemon\n" , stdout); fputs( -" socket. The socket is used to seed the random engine for SSL\n" +" (TLS) Specify the path name to the Entropy Gathering Daemon\n" +" socket. The socket is used to seed the random engine for SSL\n" " connections.\n" "\n" " See also --random-file.\n" "\n" " --engine \n" -" (TLS) Select the OpenSSL crypto engine to use for cipher opera-\n" +" (TLS) Select the OpenSSL crypto engine to use for cipher opera-\n" " tions. Use --engine list to print a list of build-time supported\n" -" engines. Note that not all (or none) of the engines may be\n" +" engines. Note that not all (or none) of the engines may be\n" +, stdout); + fputs( " available at run-time.\n" "\n" " --expect100-timeout \n" -, stdout); - fputs( " (HTTP) Maximum time in seconds that you allow curl to wait for a\n" -" 100-continue response when curl emits an Expects: 100-continue\n" -" header in its request. By default curl will wait one second.\n" -" This option accepts decimal values! When curl stops waiting, it\n" +" 100-continue response when curl emits an Expects: 100-continue\n" +" header in its request. By default curl will wait one second.\n" +" This option accepts decimal values! When curl stops waiting, it\n" " will continue as if the response has been received.\n" "\n" +, stdout); + fputs( " See also --connect-timeout. Added in 7.47.0.\n" "\n" " --fail-early\n" -, stdout); - fputs( " Fail and exit on the first detected transfer error.\n" "\n" -" When curl is used to do multiple transfers on the command line,\n" -" it will attempt to operate on each given URL, one by one. By\n" -" default, it will ignore errors if there are more URLs given and\n" -" the last URL's success will determine the error code curl\n" -" returns. So early failures will be \"hidden\" by subsequent suc-\n" -" cessful transfers.\n" -"\n" +" When curl is used to do multiple transfers on the command line,\n" +" it will attempt to operate on each given URL, one by one. By\n" +" default, it will ignore errors if there are more URLs given and\n" +" the last URL's success will determine the error code curl\n" , stdout); fputs( -" Using this option, curl will instead return an error on the\n" -" first transfer that fails, independent of the amount of URLs\n" -" that are given on the command line. This way, no transfer fail-\n" +" returns. So early failures will be \"hidden\" by subsequent suc-\n" +" cessful transfers.\n" +"\n" +" Using this option, curl will instead return an error on the\n" +" first transfer that fails, independent of the amount of URLs\n" +" that are given on the command line. This way, no transfer fail-\n" " ures go undetected by scripts and similar.\n" "\n" " This option is global and does not need to be specified for each\n" +, stdout); + fputs( " use of -:, --next.\n" "\n" " This option does not imply -f, --fail, which causes transfers to\n" -, stdout); - fputs( -" fail due to the server's HTTP status code. You can combine the\n" +" fail due to the server's HTTP status code. You can combine the\n" " two options, however note -f, --fail is not global and is there-\n" " fore contained by -:, --next.\n" "\n" " Added in 7.52.0.\n" "\n" " -f, --fail\n" -" (HTTP) Fail silently (no output at all) on server errors. This\n" -" is mostly done to better enable scripts etc to better deal with\n" -" failed attempts. In normal cases when an HTTP server fails to\n" +" (HTTP) Fail silently (no output at all) on server errors. This\n" , stdout); fputs( -" deliver a document, it returns an HTML document stating so\n" -" (which often also describes why and more). This flag will pre-\n" +" is mostly done to better enable scripts etc to better deal with\n" +" failed attempts. In normal cases when an HTTP server fails to\n" +" deliver a document, it returns an HTML document stating so\n" +" (which often also describes why and more). This flag will pre-\n" " vent curl from outputting that and return error 22.\n" "\n" -" This method is not fail-safe and there are occasions where non-\n" -" successful response codes will slip through, especially when\n" +" This method is not fail-safe and there are occasions where non-\n" +, stdout); + fputs( +" successful response codes will slip through, especially when\n" " authentication is involved (response codes 401 and 407).\n" "\n" " --false-start\n" -, stdout); - fputs( -" (TLS) Tells curl to use false start during the TLS handshake.\n" -" False start is a mode where a TLS client will start sending\n" +" (TLS) Tells curl to use false start during the TLS handshake.\n" +" False start is a mode where a TLS client will start sending\n" " application data before verifying the server's Finished message,\n" " thus saving a round trip when performing a full handshake.\n" "\n" -" This is currently only implemented in the NSS and Secure Trans-\n" +, stdout); + fputs( +" This is currently only implemented in the NSS and Secure Trans-\n" " port (on iOS 7.0 or later, or OS X 10.9 or later) backends.\n" "\n" " Added in 7.42.0.\n" "\n" -, stdout); - fputs( " --form-string \n" -" (HTTP) Similar to -F, --form except that the value string for\n" -" the named parameter is used literally. Leading '@' and '<' char-\n" -" acters, and the ';type=' string in the value have no special\n" -" meaning. Use this in preference to -F, --form if there's any\n" -" possibility that the string value may accidentally trigger the\n" -" '@' or '<' features of -F, --form.\n" -"\n" +" (HTTP SMTP IMAP) Similar to -F, --form except that the value\n" +" string for the named parameter is used literally. Leading '@'\n" +" and '<' characters, and the ';type=' string in the value have no\n" , stdout); fputs( +" special meaning. Use this in preference to -F, --form if there's\n" +" any possibility that the string value may accidentally trigger\n" +" the '@' or '<' features of -F, --form.\n" +"\n" " See also -F, --form.\n" "\n" " -F, --form \n" -" (HTTP) This lets curl emulate a filled-in form in which a user\n" -" has pressed the submit button. This causes curl to POST data\n" -" using the Content-Type multipart/form-data according to RFC\n" -" 2388. This enables uploading of binary files etc. To force the\n" -" 'content' part to be a file, prefix the file name with an @\n" +" (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu-\n" +" late a filled-in form in which a user has pressed the submit\n" +, stdout); + fputs( +" button. This causes curl to POST data using the Content-Type\n" +" multipart/form-data according to RFC 2388.\n" +"\n" +" For SMTP and IMAP protocols, this is the mean to compose a mul-\n" +" tipart mail message to transmit.\n" +"\n" +" This enables uploading of binary files etc. To force the 'con-\n" +" tent' part to be a file, prefix the file name with an @ sign. To\n" , stdout); fputs( -" sign. To just get the content part from a file, prefix the file\n" -" name with the symbol <. The difference between @ and < is then\n" -" that @ makes a file get attached in the post as a file upload,\n" -" while the < makes a text field and just get the contents for\n" -" that text field from a file.\n" +" just get the content part from a file, prefix the file name with\n" +" the symbol <. The difference between @ and < is then that @\n" +" makes a file get attached in the post as a file upload, while\n" +" the < makes a text field and just get the contents for that text\n" +" field from a file.\n" "\n" -" Example: to send an image to a server, where 'profile' is the\n" +" Example: to send an image to an HTTP server, where 'profile' is\n" , stdout); fputs( -" name of the form-field to which portrait.jpg will be the input:\n" +" the name of the form-field to which portrait.jpg will be the\n" +" input:\n" "\n" " curl -F profile=@portrait.jpg https://example.com/upload.cgi\n" "\n" " To read content from stdin instead of a file, use - as the file-\n" -" name. This goes for both @ and < constructs. Unfortunately it\n" -" does not support reading the file from a named pipe or similar,\n" -" as it needs the full size before the transfer starts.\n" -"\n" +" name. This goes for both @ and < constructs. If stdin is not\n" +" attached to a regular file, it is buffered first to determine\n" +" its size and allow a possible resend. Defining a part's data\n" , stdout); fputs( +" from a named non-regular file (such as a named pipe or similar)\n" +" is unfortunately not subject to buffering and will be effec-\n" +" tively read at transmission time; since the full size is unknown\n" +" before the transfer starts, data is sent as chunks by HTTP and\n" +" rejected by IMAP.\n" +"\n" " You can also tell curl what Content-Type to use by using\n" " 'type=', in a manner similar to:\n" "\n" +, stdout); + fputs( " curl -F \"web=@index.html;type=text/html\" example.com\n" "\n" " or\n" @@ -972,11 +992,11 @@ "\n" " curl -F \"file=@localfile;filename=nameinpost\" example.com\n" "\n" -, stdout); - fputs( " If filename/path contains ',' or ';', it must be quoted by dou-\n" " ble-quotes like:\n" "\n" +, stdout); + fputs( " curl -F \"file=@\\\"localfile\\\";filename=\\\"nameinpost\\\"\" exam-\n" " ple.com\n" "\n" @@ -988,6 +1008,78 @@ " double-quote or backslash within the filename must be escaped by\n" " backslash.\n" "\n" +" Quoting must also be applied to non-file data if it contains\n" +, stdout); + fputs( +" semicolons, leading/trailing spaces or leading double quotes:\n" +"\n" +" curl -F 'colors=\"red; green; blue\";type=text/x-myapp' exam-\n" +" ple.com\n" +"\n" +" You can add custom headers to the field by setting headers=,\n" +" like\n" +"\n" +" curl -F \"submit=OK;headers=\\\"X-submit-type: OK\\\"\" example.com\n" +"\n" +" or\n" +"\n" +" curl -F \"submit=OK;headers=@headerfile\" example.com\n" +"\n" +, stdout); + fputs( +" The headers= keyword may appear more that once and above notes\n" +" about quoting apply. When headers are read from a file, Empty\n" +" lines and lines starting with '#' are comments and ignored; each\n" +" header can be folded by splitting between two words and starting\n" +" the continuation line with a space; embedded carriage-returns\n" +" and trailing spaces are stripped. Here is an example of a\n" +, stdout); + fputs( +" header file contents:\n" +"\n" +" # This file contain two headers.\n" +" X-header-1: this is a header\n" +"\n" +" # The following header is folded.\n" +" X-header-2: this is\n" +" another header\n" +"\n" +" To support sending multipart mail messages, the syntax is\n" +" extended as follows:\n" +" - name can be omitted: the equal sign is the first character of\n" +" the argument,\n" +, stdout); + fputs( +" - if data starts with '(', this signals to start a new multi-\n" +" part: it can be followed by a content type specification.\n" +" - a multipart can be terminated with a '=)' argument.\n" +"\n" +" Example: the following command sends an SMTP mime e-mail con-\n" +" sisting in an inline part in two alternative formats: plain text\n" +" and HTML. It attaches a text file:\n" +"\n" +" curl -F '=(;type=multipart/alternative' \\\n" +, stdout); + fputs( +" -F '=plain text message' \\\n" +" -F '= HTML message;type=text/html' \\\n" +" -F '=)' -F '=@textfile.txt' ... smtp://example.com\n" +"\n" +" Data can be encoded for transfer using encoder=. Available\n" +" encodings are binary and 8bit that do nothing else than adding\n" +" the corresponding Content-Transfer-Encoding header, 7bit that\n" +, stdout); + fputs( +" only rejects 8-bit characters with a transfer error, quoted-\n" +" printable and base64 that encodes data according to the corre-\n" +" sponding schemes, limiting lines length to 76 characters.\n" +"\n" +" Example: send multipart mail with a quoted-printable text mes-\n" +" sage and a base64 attached file:\n" +"\n" +" curl -F '=text message;encoder=quoted-printable' \\\n" +" -F '=@localfile;encoder=base64' ... smtp://example.com\n" +"\n" , stdout); fputs( " See further examples and details in the MANUAL.\n" @@ -1339,278 +1431,282 @@ " curl --interface eth0:1 https://www.example.com/\n" "\n" " If this option is used several times, the last one will be used.\n" +" On Linux it can be used to specify a VRF, but the binary needs\n" +" to either have CAP_NET_RAW or to be ran as root. More informa-\n" +" tion about Linux VRF: https://www.kernel.org/doc/Documenta-\n" +" tion/networking/vrf.txt\n" "\n" " See also --dns-interface.\n" "\n" " -4, --ipv4\n" -" This option tells curl to resolve names to IPv4 addresses only,\n" +, stdout); + fputs( +" This option tells curl to resolve names to IPv4 addresses only,\n" " and not for example try IPv6.\n" "\n" -" See also --http1.1 and --http2. This option overrides -6,\n" +" See also --http1.1 and --http2. This option overrides -6,\n" " --ipv6.\n" "\n" " -6, --ipv6\n" -, stdout); - fputs( -" This option tells curl to resolve names to IPv6 addresses only,\n" +" This option tells curl to resolve names to IPv6 addresses only,\n" " and not for example try IPv4.\n" "\n" -" See also --http1.1 and --http2. This option overrides -6,\n" +" See also --http1.1 and --http2. This option overrides -6,\n" " --ipv6.\n" "\n" -" -j, --junk-session-cookies\n" -" (HTTP) When curl is told to read cookies from a given file, this\n" -" option will make it discard all \"session cookies\". This will\n" -" basically have the same effect as if a new session is started.\n" , stdout); fputs( -" Typical browsers always discard session cookies when they're\n" +" -j, --junk-session-cookies\n" +" (HTTP) When curl is told to read cookies from a given file, this\n" +" option will make it discard all \"session cookies\". This will\n" +" basically have the same effect as if a new session is started.\n" +" Typical browsers always discard session cookies when they're\n" " closed down.\n" "\n" " See also -b, --cookie and -c, --cookie-jar.\n" "\n" " --keepalive-time \n" -" This option sets the time a connection needs to remain idle\n" -" before sending keepalive probes and the time between individual\n" -" keepalive probes. It is currently effective on operating systems\n" , stdout); fputs( +" This option sets the time a connection needs to remain idle\n" +" before sending keepalive probes and the time between individual\n" +" keepalive probes. It is currently effective on operating systems\n" " offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options\n" -" (meaning Linux, recent AIX, HP-UX and more). This option has no\n" +" (meaning Linux, recent AIX, HP-UX and more). This option has no\n" " effect if --no-keepalive is used.\n" "\n" +, stdout); + fputs( " If this option is used several times, the last one will be used.\n" " If unspecified, the option defaults to 60 seconds.\n" "\n" " Added in 7.18.0.\n" "\n" " --key-type \n" -" (TLS) Private key file type. Specify which type your --key pro-\n" -, stdout); - fputs( -" vided private key is. DER, PEM, and ENG are supported. If not\n" +" (TLS) Private key file type. Specify which type your --key pro-\n" +" vided private key is. DER, PEM, and ENG are supported. If not\n" " specified, PEM is assumed.\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" +, stdout); + fputs( " --key \n" " (TLS SSH) Private key file name. Allows you to provide your pri-\n" -" vate key in this separate file. For SSH, if not specified, curl\n" +" vate key in this separate file. For SSH, if not specified, curl\n" " tries the following candidates in order:\n" "\n" -, stdout); - fputs( " If this option is used several times, the last one will be used.\n" "\n" " --krb \n" -" (FTP) Enable Kerberos authentication and use. The level must be\n" +" (FTP) Enable Kerberos authentication and use. The level must be\n" " entered and should be one of 'clear', 'safe', 'confidential', or\n" -" 'private'. Should you use a level that is not one of these,\n" +, stdout); + fputs( +" 'private'. Should you use a level that is not one of these,\n" " 'private' will instead be used.\n" "\n" " If this option is used several times, the last one will be used.\n" -, stdout); - fputs( -" --krb requires that the underlying libcurl was built to support\n" +" --krb requires that the underlying libcurl was built to support\n" " Kerberos.\n" "\n" " --libcurl \n" -" Append this option to any ordinary curl command line, and you\n" -" will get a libcurl-using C source code written to the file that\n" +" Append this option to any ordinary curl command line, and you\n" +" will get a libcurl-using C source code written to the file that\n" +, stdout); + fputs( " does the equivalent of what your command-line operation does!\n" "\n" -" If this option is used several times, the last given file name\n" +" If this option is used several times, the last given file name\n" " will be used.\n" "\n" -, stdout); - fputs( " Added in 7.16.1.\n" "\n" " --limit-rate \n" -" Specify the maximum transfer rate you want curl to use - for\n" +" Specify the maximum transfer rate you want curl to use - for\n" " both downloads and uploads. This feature is useful if you have a\n" " limited pipe and you'd like your transfer not to use your entire\n" -" bandwidth. To make it slower than it otherwise would be.\n" -"\n" -" The given speed is measured in bytes/second, unless a suffix is\n" , stdout); fputs( -" appended. Appending 'k' or 'K' will count the number as kilo-\n" -" bytes, 'm' or M' makes it megabytes, while 'g' or 'G' makes it\n" +" bandwidth. To make it slower than it otherwise would be.\n" +"\n" +" The given speed is measured in bytes/second, unless a suffix is\n" +" appended. Appending 'k' or 'K' will count the number as kilo-\n" +" bytes, 'm' or M' makes it megabytes, while 'g' or 'G' makes it\n" " gigabytes. Examples: 200K, 3m and 1G.\n" "\n" -" If you also use the -Y, --speed-limit option, that option will\n" +" If you also use the -Y, --speed-limit option, that option will\n" +, stdout); + fputs( " take precedence and might cripple the rate-limiting slightly, to\n" " help keeping the speed-limit logic working.\n" "\n" -, stdout); - fputs( " If this option is used several times, the last one will be used.\n" "\n" " -l, --list-only\n" -" (FTP POP3) (FTP) When listing an FTP directory, this switch\n" -" forces a name-only view. This is especially useful if the user\n" -" wants to machine-parse the contents of an FTP directory since\n" -" the normal directory view doesn't use a standard look or format.\n" -" When used like this, the option causes a NLST command to be sent\n" +" (FTP POP3) (FTP) When listing an FTP directory, this switch\n" +" forces a name-only view. This is especially useful if the user\n" +" wants to machine-parse the contents of an FTP directory since\n" , stdout); fputs( +" the normal directory view doesn't use a standard look or format.\n" +" When used like this, the option causes a NLST command to be sent\n" " to the server instead of LIST.\n" "\n" -" Note: Some FTP servers list only files in their response to\n" +" Note: Some FTP servers list only files in their response to\n" " NLST; they do not include sub-directories and symbolic links.\n" "\n" -" (POP3) When retrieving a specific email from POP3, this switch\n" -" forces a LIST command to be performed instead of RETR. This is\n" -" particularly useful if the user wants to see if a specific mes-\n" +" (POP3) When retrieving a specific email from POP3, this switch\n" , stdout); fputs( +" forces a LIST command to be performed instead of RETR. This is\n" +" particularly useful if the user wants to see if a specific mes-\n" " sage id exists on the server and what size it is.\n" "\n" -" Note: When combined with -X, --request, this option can be used\n" +" Note: When combined with -X, --request, this option can be used\n" " to send an UIDL command instead, so the user may use the email's\n" -" unique identifier rather than it's message id to make the\n" +" unique identifier rather than it's message id to make the\n" " request.\n" "\n" +, stdout); + fputs( " Added in 7.21.5.\n" "\n" " --local-port \n" -" Set a preferred single number or range (FROM-TO) of local port\n" -, stdout); - fputs( +" Set a preferred single number or range (FROM-TO) of local port\n" " numbers to use for the connection(s). Note that port numbers by\n" -" nature are a scarce resource that will be busy at times so set-\n" -" ting this range to something too narrow might cause unnecessary\n" +" nature are a scarce resource that will be busy at times so set-\n" +" ting this range to something too narrow might cause unnecessary\n" " connection setup failures.\n" "\n" " Added in 7.15.2.\n" "\n" " --location-trusted\n" -" (HTTP) Like -L, --location, but will allow sending the name +\n" -" password to all hosts that the site may redirect to. This may or\n" , stdout); fputs( +" (HTTP) Like -L, --location, but will allow sending the name +\n" +" password to all hosts that the site may redirect to. This may or\n" " may not introduce a security breach if the site redirects you to\n" -" a site to which you'll send your authentication info (which is\n" +" a site to which you'll send your authentication info (which is\n" " plaintext in the case of HTTP Basic authentication).\n" "\n" " See also -u, --user.\n" "\n" " -L, --location\n" -" (HTTP) If the server reports that the requested page has moved\n" -" to a different location (indicated with a Location: header and a\n" , stdout); fputs( -" 3XX response code), this option will make curl redo the request\n" -" on the new place. If used together with -i, --include or -I,\n" -" --head, headers from all requested pages will be shown. When\n" -" authentication is used, curl only sends its credentials to the\n" -" initial host. If a redirect takes curl to a different host, it\n" -" won't be able to intercept the user+password. See also --loca-\n" +" (HTTP) If the server reports that the requested page has moved\n" +" to a different location (indicated with a Location: header and a\n" +" 3XX response code), this option will make curl redo the request\n" +" on the new place. If used together with -i, --include or -I,\n" +" --head, headers from all requested pages will be shown. When\n" +" authentication is used, curl only sends its credentials to the\n" , stdout); fputs( -" tion-trusted on how to change this. You can limit the amount of\n" +" initial host. If a redirect takes curl to a different host, it\n" +" won't be able to intercept the user+password. See also --loca-\n" +" tion-trusted on how to change this. You can limit the amount of\n" " redirects to follow by using the --max-redirs option.\n" "\n" -" When curl follows a redirect and the request is not a plain GET\n" +" When curl follows a redirect and the request is not a plain GET\n" " (for example POST or PUT), it will do the following request with\n" -" a GET if the HTTP response was 301, 302, or 303. If the response\n" -" code was any other 3xx code, curl will re-send the following\n" , stdout); fputs( +" a GET if the HTTP response was 301, 302, or 303. If the response\n" +" code was any other 3xx code, curl will re-send the following\n" " request using the same unmodified method.\n" "\n" -" You can tell curl to not change the non-GET request method to\n" -" GET after a 30x response by using the dedicated options for\n" +" You can tell curl to not change the non-GET request method to\n" +" GET after a 30x response by using the dedicated options for\n" " that: --post301, --post302 and --post303.\n" "\n" " --login-options \n" -" (IMAP POP3 SMTP) Specify the login options to use during server\n" -" authentication.\n" -"\n" -" You can use the login options to specify protocol specific\n" , stdout); fputs( -" options that may be used during authentication. At present only\n" -" IMAP, POP3 and SMTP support login options. For more information\n" -" about the login options please see RFC 2384, RFC 5092 and IETF\n" +" (IMAP POP3 SMTP) Specify the login options to use during server\n" +" authentication.\n" +"\n" +" You can use the login options to specify protocol specific\n" +" options that may be used during authentication. At present only\n" +" IMAP, POP3 and SMTP support login options. For more information\n" +" about the login options please see RFC 2384, RFC 5092 and IETF\n" " draft draft-earhart-url-smtp-00.txt\n" "\n" +, stdout); + fputs( " If this option is used several times, the last one will be used.\n" "\n" " Added in 7.34.0.\n" "\n" " --mail-auth
\n" -, stdout); - fputs( -" (SMTP) Specify a single address. This will be used to specify\n" -" the authentication address (identity) of a submitted message\n" +" (SMTP) Specify a single address. This will be used to specify\n" +" the authentication address (identity) of a submitted message\n" " that is being relayed to another server.\n" "\n" " See also --mail-rcpt and --mail-from. Added in 7.25.0.\n" "\n" " --mail-from
\n" -" (SMTP) Specify a single address that the given mail should get\n" +, stdout); + fputs( +" (SMTP) Specify a single address that the given mail should get\n" " sent from.\n" "\n" " See also --mail-rcpt and --mail-auth. Added in 7.20.0.\n" "\n" -, stdout); - fputs( " --mail-rcpt
\n" " (SMTP) Specify a single address, user name or mailing list name.\n" " Repeat this option several times to send to multiple recipients.\n" -" When performing a mail transfer, the recipient should specify a\n" +" When performing a mail transfer, the recipient should specify a\n" " valid email address to send the mail to.\n" "\n" -" When performing an address verification (VRFY command), the\n" -" recipient should be specified as the user name or user name and\n" , stdout); fputs( +" When performing an address verification (VRFY command), the\n" +" recipient should be specified as the user name or user name and\n" " domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)\n" "\n" " When performing a mailing list expand (EXPN command), the recip-\n" -" ient should be specified using the mailing list name, such as\n" +" ient should be specified using the mailing list name, such as\n" " \"Friends\" or \"London-Office\". (Added in 7.34.0)\n" "\n" " Added in 7.20.0.\n" "\n" +, stdout); + fputs( " -M, --manual\n" " Manual. Display the huge help text.\n" "\n" " --max-filesize \n" -, stdout); - fputs( -" Specify the maximum size (in bytes) of a file to download. If\n" -" the file requested is larger than this value, the transfer will\n" +" Specify the maximum size (in bytes) of a file to download. If\n" +" the file requested is larger than this value, the transfer will\n" " not start and curl will return with exit code 63.\n" "\n" -" NOTE: The file size is not always known prior to download, and\n" +" NOTE: The file size is not always known prior to download, and\n" " for such files this option has no effect even if the file trans-\n" -" fer ends up being larger than this given limit. This concerns\n" , stdout); fputs( +" fer ends up being larger than this given limit. This concerns\n" " both FTP and HTTP transfers.\n" "\n" " See also --limit-rate.\n" "\n" " --max-redirs \n" -" (HTTP) Set maximum number of redirection-followings allowed.\n" -" When -L, --location is used, is used to prevent curl from fol-\n" -" lowing redirections \"in absurdum\". By default, the limit is set\n" -" to 50 redirections. Set this option to -1 to make it unlimited.\n" -"\n" +" (HTTP) Set maximum number of redirection-followings allowed.\n" +" When -L, --location is used, is used to prevent curl from fol-\n" +" lowing redirections \"in absurdum\". By default, the limit is set\n" , stdout); fputs( +" to 50 redirections. Set this option to -1 to make it unlimited.\n" +"\n" " If this option is used several times, the last one will be used.\n" "\n" " -m, --max-time