Use dynamic memory allocation for the buffer used in checking "pinned
public key". The PUB_DER_MAX_BYTES parameter with default settings is
set to a value greater than 2kB.
Co-authored-by: Daniel Stenberg
Closes#7586
Regression. In d6a37c23a3 (7.75.0) we removed the duplicated storage
(connection + easy handle), so this info needs be extracted again even
for re-used connections.
Add test 435 to verify
Reported-by: Max Dymond
Fixes#7660Closes#7662
This adds support for the previously unhandled supplemental data which
in -v output was printed like:
TLSv1.2 (IN), TLS header, Unknown (23):
These will now be printed with proper annotation:
TLSv1.2 (OUT), TLS header, Supplemental data (23):
Closes#7652
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Otherwise it would wait socket writability even after the entire CONNECT
request has sent and make curl basically busy-loop while waiting for a
response to come back.
The previous fix attempt in #7484 (c27a70a591) was inadequate.
Reported-by: zloi-user on github
Reported-by: Oleguer Llopart
Fixes#7589Closes#7647
Make the built-in HTTP parser behave similar to hyper and reject any
HTTP response using more than 3 digits for the response code.
Updated test 1432 accordingly.
Enabled test 1432 in the hyper builds.
Closes#7641
Adds the full listing of CURL_DISABLE options to the CMake build. Moves
all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which
resides near OpenSSL configuration, to the same block of code. Also
sorts the options here and in the cmake config header.
Additionally sorted the CURL-DISABLE listing and fixed the
CURL_DISABLE_POP3 option.
Closes#7624
Since this option is also used for FTP, it needs to work to set for
applications even if hyper doesn't support it for HTTP. Verified by test
1137.
Updated docs to specify that the option doesn't work for HTTP when using
the hyper backend.
Closes#7614
If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error
queue gets added on to for each session and never freed. Fix it by
calling ERR_clear_error() like in vtls/openssl when needed. This func is
a no-op in wolfcrypt if the error queue is not enabled.
Closes#7594
The values for HTTP_ONLY differed between CMakeLists.txt and
curl_setup.h. Sync them and sort the values in curl_setup.h to make it
easier to spot differences.
Closes#7601
Remove the previous handling that would call SSL_CTX_free(), and instead
add an assert that halts a debug build if there ever is a context
already set at this point.
Closes#7585
RFC4752 Section 3.1 states "The authorization identity is not terminated
with a zero-valued (%x00) octet". Although a comment in code said it may
be needed anyway, nothing confirms it. In addition, servers may consider
it as part of the identity, causing a failure.
Closes#7008
For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both
active.
- socks.c : warning C4100: 'lineno': unreferenced formal parameter
(co-authored by Daniel Stenberg)
- mbedtls.c: warning C4189: 'port': local variable is initialized but
not referenced
- schannel.c: warning C4189: 'hostname': local variable is initialized
but not referenced
Cloes #7528
- replace broken URL with the one it was most probably pointing to
when added (lib/tftp.c)
- replace broken URL with archive.org link (lib/curl_ntlm_wb.c)
- delete unnecessary protocol designator from archive.org URL
(docs/BINDINGS.md)
Closes#7562
ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced
in version 1.16.0.
With older c-ares versions, curl invokes ares_gethostbyname() twice - once for
IPv4 and once for IPv6 to resolve both addresses, and then combines the
returned results.
Reported-by: jjandesmet
Fixes#7364Closes#7552
- Do not assume IPv6 is not working when getaddrinfo is not present.
The check to see if IPv6 actually works is now independent of whether
there is any resolver that can potentially resolve a hostname to IPv6.
Prior to this change if getaddrinfo() was not found at compile time then
Curl_ipv6works() would be defined as a macro that returns FALSE.
When getaddrinfo is not found then libcurl is built with CURLRES_IPV4
defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups
in the traditional way. With this commit if libcurl is built with IPv6
support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the
IPv6 stack is actually working, then it is possible for libcurl to
resolve IPv6 addresses by using DoH.
Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378
Closes https://github.com/curl/curl/pull/7529
