diff -Nru curl-7.42.1/acinclude.m4 curl-7.43.0/acinclude.m4 --- curl-7.42.1/acinclude.m4 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/acinclude.m4 2015-06-11 17:50:43.000000000 +0000 @@ -2452,23 +2452,6 @@ ]) -# This is only a temporary fix. This macro is here to replace the broken one -# delivered by the automake project (including the 1.9.6 release). As soon as -# they ship a working version we SHOULD remove this work-around. - -AC_DEFUN([AM_MISSING_HAS_RUN], -[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -test x"${MISSING+set}" = xset || MISSING="\${SHELL} \"$am_aux_dir/missing\"" -# Use eval to expand $SHELL -if eval "$MISSING --run true"; then - am_missing_run="$MISSING --run " -else - am_missing_run= - AC_MSG_WARN([`missing' script is too old or missing]) -fi -]) - - dnl CURL_VERIFY_RUNTIMELIBS dnl ------------------------------------------------- dnl Verify that the shared libs found so far can be used when running @@ -2676,7 +2659,7 @@ AC_DEFINE_UNQUOTED(CURL_CA_PATH, "$capath", [Location of default ca path]) AC_MSG_RESULT([$capath (capath)]) fi - if test "x$ca" == "xno" && test "x$capath" == "xno"; then + if test "x$ca" = "xno" && test "x$capath" = "xno"; then AC_MSG_RESULT([no]) fi ]) diff -Nru curl-7.42.1/buildconf curl-7.43.0/buildconf --- curl-7.42.1/buildconf 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/buildconf 2015-06-11 17:50:43.000000000 +0000 @@ -318,6 +318,8 @@ ltsugar.m4 \ ltversion.m4 \ lt~obsolete.m4 \ + missing \ + install-sh \ stamp-h1 \ stamp-h2 \ stamp-h3 ; do @@ -329,7 +331,7 @@ # echo "buildconf: running libtoolize" -${libtoolize} --copy --automake --force || die "libtoolize command failed" +${libtoolize} --copy --force || die "libtoolize command failed" # When using libtool 1.5.X (X < 26) we copy libtool.m4 to our local m4 # subdirectory and this local copy is patched to fix some warnings that diff -Nru curl-7.42.1/CHANGES curl-7.43.0/CHANGES --- curl-7.42.1/CHANGES 2015-04-29 06:08:50.000000000 +0000 +++ curl-7.43.0/CHANGES 2015-06-17 05:57:03.000000000 +0000 @@ -6,5198 +6,5212 @@ Changelog -Version 7.42.1 (28 Apr 2015) +Version 7.43.0 (17 Jun 2015) -Daniel Stenberg (28 Apr 2015) -- RELEASE-NOTES: 7.42.1 ready +Daniel Stenberg (17 Jun 2015) +- RELEASE-NOTES: 7.43.0 release -- CURLOPT_HEADEROPT: default to separate +- THANKS: updated with 7.43.0 names + +- [Kamil Dudka brought this change] + + http: do not leak basic auth credentials on re-used connections - Make the HTTP headers separated by default for improved security and - reduced risk for information leakage. + CVE-2015-3236 - Bug: http://curl.haxx.se/docs/adv_20150429.html - Reported-by: Yehezkel Horowitz, Oren Souroujon + This partially reverts commit curl-7_39_0-237-g87c4abb + + Reported-by: Tomas Tomecek, Kamil Dudka + Bug: http://curl.haxx.se/docs/adv_20150617A.html -- RELEASE-NOTES: synced with a6e0270e +- [Kamil Dudka brought this change] -- sws: init http2 state properly - - It would otherwise cause problems when running tests after 1801 etc. + test2040: verify basic auth on re-used connections -- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION +- SMB: rangecheck values read off incoming packet - ... as it was previouly undocumented what the pointer was. - -- openssl: fix serial number output + CVE-2015-3237 - The code extracting the cert serial number was broken and didn't display - it properly. + Detected by Coverity. CID 1299430. - Bug: https://github.com/bagder/curl/issues/235 - Reported-by: dkjjr89 + Bug: http://curl.haxx.se/docs/adv_20150617B.html + +Jay Satiro (17 Jun 2015) +- schannel: schannel_recv overhaul + + This commit is several drafts squashed together. The changes from each + draft are noted below. If any changes are similar and possibly + contradictory the change in the latest draft takes precedence. + + Bug: https://github.com/bagder/curl/issues/244 + Reported-by: Chris Araman + + %% + %% Draft 1 + %% + - return 0 if len == 0. that will have to be documented. + - continue on and process the caches regardless of raw recv + - if decrypted data will be returned then set the error code to CURLE_OK + and return its count + - if decrypted data will not be returned and the connection has closed + (eg nread == 0) then return 0 and CURLE_OK + - if decrypted data will not be returned and the connection *hasn't* + closed then set the error code to CURLE_AGAIN --only if an error code + isn't already set-- and return -1 + - narrow the Win2k workaround to only Win2k + + %% + %% Draft 2 + %% + - Trying out a change in flow to handle corner cases. + + %% + %% Draft 3 + %% + - Back out the lazier decryption change made in draft2. + + %% + %% Draft 4 + %% + - Some formatting and branching changes + - Decrypt all encrypted cached data when len == 0 + - Save connection closed state + - Change special Win2k check to use connection closed state + + %% + %% Draft 5 + %% + - Default to CURLE_AGAIN in cleanup if an error code wasn't set and the + connection isn't closed. + + %% + %% Draft 6 + %% + - Save the last error only if it is an unrecoverable error. + + Prior to this I saved the last error state in all cases; unfortunately + the logic to cover that in all cases would lead to some muddle and I'm + concerned that could then lead to a bug in the future so I've replaced + it by only recording an unrecoverable error and that state will persist. + + - Do not recurse on renegotiation. + + Instead we'll continue on to process any trailing encrypted data + received during the renegotiation only. + + - Move the err checks in cleanup after the check for decrypted data. + + In either case decrypted data is always returned but I think it's easier + to understand when those err checks come after the decrypted data check. + + %% + %% Draft 7 + %% + - Regardless of len value go directly to cleanup if there is an + unrecoverable error or a close_notify was already received. Prior to + this change we only acknowledged those two states if len != 0. + + - Fix a bug in connection closed behavior: Set the error state in the + cleanup, because we don't know for sure it's an error until that time. + + - (Related to above) In the case the connection is closed go "greedy" + with the decryption to make sure all remaining encrypted data has been + decrypted even if it is not needed at that time by the caller. This is + necessary because we can only tell if the connection closed gracefully + (close_notify) once all encrypted data has been decrypted. + + - Do not renegotiate when an unrecoverable error is pending. + + %% + %% Draft 8 + %% + - Don't show 'server closed the connection' info message twice. + + - Show an info message if server closed abruptly (missing close_notify). -- [Alessandro Ghedini brought this change] +Daniel Stenberg (16 Jun 2015) +- [Paul Oliver brought this change] - curl.1: fix typo + Fix typo in docs + + s/curret/current/ -- RELEASE-NOTES: toward 7.42.1, synced with 097460a +- [Viktor Szakats brought this change] -- [Kamil Dudka brought this change] + docs: update URLs - curl -z: do not write empty file on unmet condition - - This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe. - It also introduces a regression test 1424 based on tests 78 and 1423. +- RELEASE-NOTES: synced with f29f2cbd00dbe5f + +- [Viktor Szakats brought this change] + + README: use secure protocol for Git repository + +- [Viktor Szakats brought this change] + + HTTP2.md: use SSL/TLS IETF URLs + +- [Viktor Szakats brought this change] + + LICENSE-MIXING: update URLs - Reported-by: Viktor Szakats - Bug: https://github.com/bagder/curl/issues/237 + * use SSL/TLS where available + * follow permanent redirects -- [Kamil Dudka brought this change] +- LICENSE-MIXING: refreshed - docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too +- curl_easy_duphandle: see also *reset -- connectionexists: follow-up to fd9d3a1ef1f +- rtsp_do: fix DEAD CODE - PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not - enabled. + "At condition p_request, the value of p_request cannot be NULL." - Mistake-caught-by: Kamil Dudka + Coverity CID 1306668. -- connectionexists: fix build without NTLM +- security:choose_mech fix DEAD CODE warning - Do not access NTLM-specific struct fields when built without NTLM - enabled! + ... by removing the "do {} while (0)" block. - bug: http://curl.haxx.se/?i=231 - Reported-by: Patrick Rapin + Coverity CID 1306669 -- dist: include {src,lib}/checksrc.whitelist +- curl.1: netrc is in man section 5 -Version 7.42.0 (22 Apr 2015) +- curl.1: small format fix + + use \fI-style instead of .BR for references -Daniel Stenberg (22 Apr 2015) -- RELEASE-NOTES: updated for 7.42.0 +- urldata: store POST size in state.infilesize too + + ... to simplify checking when PUT _or_ POST have completed. + + Reported-by: Frank Meier + Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html -- THANKS: added contributors from 7.42.0 release notes +Dan Fandrich (14 Jun 2015) +- test1530: added http to required features -- THANKS-filter: a few more alterations to squash +Jay Satiro (14 Jun 2015) +- [Drake Arconis brought this change] -- contrithanks.sh: helper script for maintaining THANKS + build: Fix typo from OpenSSL 1.0.2 version detection fix -- http_done: close Negotiate connections when done - - When doing HTTP requests Negotiate authenticated, the entire connnection - may become authenticated and not just the specific HTTP request which is - otherwise how HTTP works, as Negotiate can basically use NTLM under the - hood. curl was not adhering to this fact but would assume that such - requests would also be authenticated per request. - - CVE-2015-3148 - - Bug: http://curl.haxx.se/docs/adv_20150422B.html - Reported-by: Isaac Boukris +- [Drake Arconis brought this change] -- fix_hostname: zero length host name caused -1 index offset + build: Properly detect OpenSSL 1.0.2 when using configure + +- curl_multi_info_read.3: fix example formatting + +Daniel Stenberg (13 Jun 2015) +- BINDINGS: there's a new R binding in town! + +- BINDINGS: added the Xojo binding + +Jay Satiro (11 Jun 2015) +- [Joel Depooter brought this change] + + schannel: Add support for optional client certificates - If a URL is given with a zero-length host name, like in "http://:80" or - just ":80", `fix_hostname()` will index the host name pointer with a -1 - offset (as it blindly assumes a non-zero length) and both read and - assign that address. + Some servers will request a client certificate, but not require one. + This change allows libcurl to connect to such servers when using + schannel as its ssl/tls backend. When a server requests a client + certificate, libcurl will now continue the handshake without one, + rather than terminating the handshake. The server can then decide + if that is acceptable or not. Prior to this change, libcurl would + terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS + error. + +Daniel Stenberg (11 Jun 2015) +- curl_easy_cleanup.3: provide more SEE ALSO + +- debug: remove http2 debug leftovers + +- VERSIONS: now using markdown + +- RELEASE-PROCEDURE: remove ascii logo at the top of file + +- INTERNALS: absorbed docs/LIBCURL-STRUCTS + +- INTERNALS: cat lib/README* >> INTERNALS - CVE-2015-3144 + and a conversion to markdown. Removed the lib/README.* files. The idea + being to move toward having INTERNALS as the one and only "book" of + internals documentation. - Bug: http://curl.haxx.se/docs/adv_20150422D.html - Reported-by: Hanno Böck + Added a TOC to top of the document. -- cookie: cookie parser out of boundary memory access - - The internal libcurl function called sanitize_cookie_path() that cleans - up the path element as given to it from a remote site or when read from - a file, did not properly validate the input. If given a path that - consisted of a single double-quote, libcurl would index a newly - allocated memory area with index -1 and assign a zero to it, thus - destroying heap memory it wasn't supposed to. +Jay Satiro (8 Jun 2015) +- openssl: LibreSSL and BoringSSL do not use TLS_client_method - CVE-2015-3145 + Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of + TLS_client_method LibreSSL and BoringSSL didn't and still use + SSLv23_client_method. - Bug: http://curl.haxx.se/docs/adv_20150422C.html - Reported-by: Hanno Böck + Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009 + Reported-by: asavah@users.noreply.github.com -- ConnectionExists: for NTLM re-use, require credentials to match +Daniel Stenberg (9 Jun 2015) +- RELEASE-NOTES: synced with 20ac3458068 + +- CURLOPT_OPENSOCKETFUNCTION: return error at once - CVE-2015-3143 + When CURL_SOCKET_BAD is returned in the callback, it should be treated + as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently + created when trying to connect to a server. - Bug: http://curl.haxx.se/docs/adv_20150422A.html - Reported-by: Paras Sethia + Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html -Jay Satiro (21 Apr 2015) -- [byronhe brought this change] +- fopen.c: fix a few compiler warnings - openssl: add OPENSSL_NO_SSL3_METHOD check +- [Ville Skyttä brought this change] -Daniel Stenberg (20 Apr 2015) -- CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc - - Bug: https://github.com/bagder/curl/issues/229 - Reported-by: bsammon + docs: Spelling fixes -Kamil Dudka (20 Apr 2015) -- [Mostyn Bramley-Moore brought this change] +- [Ville Skyttä brought this change] - configure --with-nss: remove unneeded libs from the fallback + docs: man page indentation and syntax fixes -Daniel Stenberg (20 Apr 2015) -- contributors.sh: fix help output, filter out (-prefix from names +Linus Nielsen (8 Jun 2015) +- help: Add --proxy-service-name and --service-name to the --help output -- RELEASE-NOTES: synced with cc0e7ebc3be0 +Jay Satiro (7 Jun 2015) +- openssl: Fix verification of server-sent legacy intermediates + + - Try building a chain using issuers in the trusted store first to avoid + problems with server-sent legacy intermediates. + + Prior to this change server-sent legacy intermediates with missing + legacy issuers would cause verification to fail even if the client's CA + bundle contained a valid replacement for the intermediate and an + alternate chain could be constructed that would verify successfully. + + https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest -- [Michael Stapelberg brought this change] +Daniel Stenberg (5 Jun 2015) +- BINDINGS: update several URLs + + Stop linking to the curl.haxx.se anchor pages, they are usually only + themselves pointers to the real page so better point there directly + instead. - CURLMOPT_TIMERFUNCTION.3: Clarify, add an example +- BINDINGS: the curl-rust binding -- [Viktor Szakáts brought this change] +- curl.h: add CURL_HTTP_VERSION_2 + + The protocol is named "HTTP/2" after all. It is an alias for the + existing CURL_HTTP_VERSION_2_0 enum. - vtls/openssl: use https in URLs and a comment typo fixed +- openssl: removed error string #ifdef + + ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore -- curl_version_info.3: fixed the 'protocols' variable type +- openssl: removed USERDATA_IN_PWD_CALLBACK kludge - Reported-by: John Marshall - Bug: https://github.com/bagder/curl/issues/225 + Code for OpenSSL 0.9.4 serves no purpose anymore! -Dan Fandrich (18 Apr 2015) -- test1423: added missing "file" to server section +- openssl: remove SSL_get_session()-using code + + It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or + later. -Daniel Stenberg (17 Apr 2015) -- TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods +- openssl: remove dummy callback use from SSL_CTX_set_verify() - ... and some minor edits + The existing callback served no purpose. -- Revert "HTTP: don't abort connections with pending Negotiate authentication" +- LIBCURL-STRUCTS: clarify for multiplexing + +Jay Satiro (3 Jun 2015) +- cookie: Stop exporting any-domain cookies - This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. + Prior to this change any-domain cookies (cookies without a domain that + are sent to any domain) were exported with domain name "unknown". - Bug: https://github.com/bagder/curl/issues/223 - Reported-by: Michael Osipov + Bug: https://github.com/bagder/curl/issues/292 -Jay Satiro (17 Apr 2015) -- cyassl: Fix include order - - Prior to this change CyaSSL's build options could redefine some generic - build symbols. +Daniel Stenberg (3 Jun 2015) +- RELEASE-PROCEDURE: refreshed 'coming dates' + +Jay Satiro (2 Jun 2015) +- curl_setup: Change fopen text macros to use 't' for MSDOS - http://curl.haxx.se/mail/lib-2015-04/0069.html + Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198 + Reported-by: Gisle Vanem -Kamil Dudka (17 Apr 2015) -- configure --with-nss: drop redundant if statement +Daniel Stenberg (2 Jun 2015) +- curl_multi_timeout.3: added example -- configure --with-nss=PATH: query pkg-config if available +- curl_multi_perform.3: added example + +- curl_multi_info_read.3: added example + +- checksrc: detect fopen() for text without the FOPEN_* macros - Bug: https://github.com/bagder/curl/pull/171 + Follow-up to e8423f9ce150 with discussionis in + https://github.com/bagder/curl/pull/258 + + This check scans for fopen() with a mode string without 'b' present, as + it may indicate that an FOPEN_* define should rather be used. -Daniel Stenberg (17 Apr 2015) -- parsecfg: do not continue past a zero termination +- curl_getdate.3: update RFC reference + +Jay Satiro (1 Jun 2015) +- curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT - When a config file line ends without newline, the parsing function could - continue reading beyond that point in memory. + - Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt" + - Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt" - Reported-by: Hanno Böck + This change is to explicitly specify when we need to read/write text. + Unfortunately 't' is not part of POSIX fopen so we can't specify it + directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT. + + Prior to this change we had an issue on Windows if an application that + uses libcurl overrides the default file mode to binary. The default file + mode in Windows is normally text mode (translation mode) and that's what + libcurl expects. + + Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055 + Reported-by: Orgad Shaneh -Jay Satiro (16 Apr 2015) -- gitignore: Ignore Windows build output directories +Daniel Stenberg (1 Jun 2015) +- http2-upload.c: use PIPEWAIT for playing HTTP/2 better -Daniel Stenberg (15 Apr 2015) -- RELEASE-NOTES: synced with 1ba6e4c88e0 +- http2-download: check for CURLPIPE_MULTIPLEX properly + + Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html + Reported-by: Rafayel Mkrtchyan -- TODO: 17.9 Choose the name of file in braces for complex URLs +- [Isaac Boukris brought this change] -- TODO: a little caution that maybe not all ideas are still good + HTTP-NTLM: fail auth on connection close instead of looping + + Bug: https://github.com/bagder/curl/issues/256 -- TODO: 17.8 offer color-coded HTTP header output +- 5.6 Refuse "downgrade" redirects -- TODO: 17.7 warning when sending binary output to terminal +- README.pingpong: removed -- KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes +- ROADMAP: remove HTTP/2 multiplexing - its here now -Jay Satiro (14 Apr 2015) -- cyassl: Add support for TLS extension SNI +- HTTP2.md: formatted properly -Daniel Stenberg (13 Apr 2015) -- [Matthew Hall brought this change] +- HTTP2: moved docs into docs/ and make it markdown - gitignore: ignore test-driver file +- README.http2: refreshed and added multiplexing info -- [Matthew Hall brought this change] +- dist: add the http2 examples - vtls_openssl: improve PKCS#12 load failure error message +- http2 examples: clean up some comments -- [Matthew Hall brought this change] +- examples: added two programs doing multiplexed HTTP/2 - vtls_openssl: fix minor typo in PKCS#12 load routine +- scripts: moved contributors.sh and contrithanks.sh into subdir -- [Matthew Hall brought this change] +- RELEASE-NOTES: synced with c005790ff1c0a - vtls_openssl: improve client certificate load failure error messages +- [Daniel Melani brought this change] -- [Matthew Hall brought this change] + openssl: typo in comment - vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant +Jay Satiro (27 May 2015) +- openssl: Use TLS_client_method for OpenSSL 1.1.0+ + + SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The + equivalent is TLS_client_method. + + https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557 -- BUGS: refer to the github issue tracker now as primary +Daniel Stenberg (26 May 2015) +- FAQ: How do I port libcurl to my OS? -- firefox-db2pem: fix wildcard to find Firefox default profile +Jay Satiro (25 May 2015) +- CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain - At some point, Firefox has changed and generates different directory - names for the default profile that made this script fail to find them. + Document that if Set-Cookie is used without a domain then the cookie is + sent for any domain and will not be modified. - Bug: https://github.com/bagder/curl/issues/207 - Reported-by: sneakyimp + Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html + Reported-by: Alexander Dyagilev -Jay Satiro (11 Apr 2015) -- cyassl: Include the CyaSSL build config +Daniel Stenberg (25 May 2015) +- [Tatsuhiro Tsujikawa brought this change] + + http2: Copy data passed in Curl_http2_switched into HTTP/2 connection buffer - CyaSSL >= 2.6.0 may have an options.h that was generated during - its build by configure. + Previously, after seeing upgrade to HTTP/2, we feed data followed by + upgrade response headers directly to nghttp2_session_mem_recv() in + Curl_http2_switched(). But it turns out that passed buffer, mem, is + part of stream->mem, and callbacks called by + nghttp2_session_mem_recv() will write stream specific data into + stream->mem, overwriting input data. This will corrupt input, and + most likely frame length error is detected by nghttp2 library. The + fix is first copy the passed data to HTTP/2 connection buffer, + httpc->inbuf, and call nghttp2_session_mem_recv(). -- build: Generate source prerequisites for Visual Studio in generate.bat +Jay Satiro (24 May 2015) +- CURLOPT_COOKIE.3: Explain that the cookies won't be modified - Prior to this change Visual Studio builds could fail due to missing - prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h. + The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the + outgoing request(s)." However there seems to be some user confusion + about cookie modification. Document that the cookies set by this option + are not modified by the cookie engine. - http://curl.haxx.se/mail/lib-2015-04/0034.html + Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html + Reported-by: Alexander Dyagilev -Daniel Stenberg (9 Apr 2015) -- [Viktor Szakats brought this change] +- CURLOPT_COOKIELIST.3: Add example - lib/makefile.m32: add missing libs to build libcurl.dll +Dan Fandrich (24 May 2015) +- testcurl.pl: use rel2abs to make the source directory absolute - Add 'gdi32' and 'crypt32' Windows implibs to avoid failure - while building libcurl.dll using the mingw compiler. - The same logic is used in 'src/makefile.m32' when - building curl.exe. + This function makes a platform-specific absolute path which uses + backslashes on Windows. This form works when passing it on the + command-line, as well as if the source is on another drive. -Kamil Dudka (8 Apr 2015) -- test142[23]: verify that an empty file is stored on success +- conncache: fixed memory leak on OOM (torture tests) -- src/tool_operate: create output file on successful download - - ... of an empty file - - Bug: https://github.com/bagder/curl/issues/183 +Daniel Stenberg (24 May 2015) +- perl: remove subdir, not touched in 9 years -- src/tool_cb_wrt: separate fnc for output file creation +- log2changes.pl: moved to scripts/ -Daniel Stenberg (7 Apr 2015) -- [Da-Yoon Chung brought this change] +- [Alessandro Ghedini brought this change] - lib/transfer.c: Remove factor of 8 from sleep time calculation + scripts: add zsh.pl for generating zsh completion + +Dan Fandrich (23 May 2015) +- test1510: another flaky test + +Daniel Stenberg (22 May 2015) +- security: fix "Unchecked return value" from sscanf() - The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and - rate_bps are both in bytes. When using the rate limiting option, curl - waits 8 times too long, and then transfers very quickly until the - average rate reaches the limit. The average rate follows the limit over - time, but the actual traffic is bursty. + By (void) prefixing it and adding a comment. Did some minor related + cleanups. - Thanks-to: Benjamin Gilbert + Coverity CID 1299423. -- [Jay Satiro brought this change] +- security: simplify choose_mech + + Coverity CID 1299424 identified dead code because of checks that could + never equal true (if the mechanism's name was NULL). + + Simplified the function by removing a level of pointers and removing the + loop and array that weren't used. - x509asn1: Silence x64 loss-of-data warning on RSA key length assignment +- RTSP: catch attempted unsupported requests better - The key length in bits will always fit in an unsigned long so the - loss-of-data warning assigning the result of x64 pointer arithmetic to - an unsigned long is unnecessary. + Replace use of assert with code that properly catches bad input at + run-time even in non-debug builds. + + This flaw was sort of detected by Coverity CID 1299425 which claimed the + "case RTSPREQ_NONE" was dead code. -- [Jay Satiro brought this change] +- share_init: fix OOM crash + + A failed calloc() would lead to NULL pointer use. + + Coverity CID 1299427. - cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size +- parse_proxy: switch off tunneling if non-HTTP proxy - Also fix it so that all ERR_error_string calls use an error buffer. - CyaSSL's implementation of ERR_error_string only writes the error when - an error buffer is passed. + non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL - http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html + Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html + Reported-by: Sean Boudreau -- [Jay Satiro brought this change] - - cyassl: Remove 'Connecting to' message from cyassl_connect_step2 +- curl: fix potential NULL dereference - Prior to this change libcurl could show multiple 'CyaSSL: Connecting to' - messages since cyassl_connect_step2 is called multiple times, typically. - The message is superfluous even once since libcurl already informs the - user elsewhere in code that it is connecting. - -- [Viktor Szakats brought this change] + Coverity CID 1299428: Dereference after null check (FORWARD_NULL) - checksrc.bat: quotes to support an SRC_DIR with spaces +- http2: on_frame_recv: return early on stream 0 + + Coverity CID 1299426 warned about possible NULL dereference otherwise, + but that would only ever happen if we get invalid HTTP/2 data with + frames for stream 0. Avoid this risk by returning early when stream 0 is + used. -- hostip: fix compiler warnings +- http: removed self assignment - introduced in the previous mini-series of 3 commits + Follow-up fix from b0143a2a33f0 + + Detected by coverity. CID 1299429 -- [Stefan Bühler brought this change] +- [Tatsuhiro Tsujikawa brought this change] - actually implement CURLOPT_RESOLVE removals + http2: Make HTTP Upgrade work - - also log when a CURLOPT_RESOLVE entry couldn't get parsed + This commit just add implicitly opened stream 1 to streams hash. -- [Stefan Bühler brought this change] +Jay Satiro (22 May 2015) +- strerror: Change SEC_E_ILLEGAL_MESSAGE description + + Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS + and language specific, and invariably translated to something not very + helpful like: "The message received was unexpected or badly formatted." + + Bug: https://github.com/bagder/curl/issues/267 + Reported-by: Michael Osipov - move Curl_share_lock and ref counting into Curl_fetch_addr +- telnet: Fix read-callback change for Windows builds + + Refer to b0143a2 for more information on the read-callback change. -- [Stefan Bühler brought this change] +Daniel Stenberg (21 May 2015) +- CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy! - fix refreshing of obsolete dns cache entries +Dan Fandrich (21 May 2015) +- testcurl.pl: allow source to be in an arbitrary directory - - cache entries must be also refreshed when they are in use - - have the cache count as inuse reference too, freeing timestamp == 0 special - value - - use timestamp == 0 for CURLOPT_RESOLVE entries which don't get refreshed - - remove CURLOPT_RESOLVE special inuse reference (timestamp == 0 will prevent refresh) - - fix Curl_hostcache_clean - CURLOPT_RESOLVE entries don't have a special - reference anymore, and it would also release non CURLOPT_RESOLVE references - - fix locking in Curl_hostcache_clean - - fix unit1305.c: hash now keeps a reference, need to set inuse = 1 - -- RELEASE-NOTES: synced with abf6bddc14a + This way, the build directory can be located on an entirely different + filesystem from the source code (e.g. a tmpfs). -- [Jay Satiro brought this change] +Daniel Stenberg (20 May 2015) +- read_callback: move to SessionHandle from connectdata + + With many easy handles using the same connection for multiplexing, it is + important we store and keep the transfer-oriented stuff in the + SessionHandle so that callbacks and callback data work fine even when + many easy handles share the same physical connection. - checksrc.bat: Check lib\vtls source +- http2: show stream IDs in decimal + + It makes them easier to match output from the nghttpd test server. -- [Jay Satiro brought this change] +- [Tatsuhiro Tsujikawa brought this change] - cyassl: Set minimum protocol version before CTX callback + http2: Faster http2 upload - This change is to allow the user's CTX callback to change the minimum - protocol version in the CTX without us later overriding it, as we did - prior to this change. + Previously, when we send all given buffer in data_source_callback, we + return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream + temporarily for writing. This itself is good. If this is the sole + stream in the session, nghttp2_session_want_write() returns zero, + which means that libcurl does not check writeability of the underlying + socket. This leads to very slow upload, because it seems curl only + upload 16k something per 1 second. To fix this, if we still have data + to send, call nghttp2_session_resume_data after nghttp2_session_send. + This makes nghttp2_session_want_write() returns nonzero (if connection + window still opens), and as a result, socket writeability is checked, + and upload speed becomes normal. + +- [Dmitry Eremin-Solenikov brought this change] + + gtls: don't fail on non-fatal alerts during handshake + + Stop curl from failing when non-fatal alert is received during + handshake. This e.g. fixes lots of problems when working with https + sites through proxies. -- [Jay Satiro brought this change] +- curl_easy_unescape.3: update RFC reference + + Reported-by: bsammon + Bug: https://github.com/bagder/curl/issues/282 - build-openssl.bat: Fix mixed line endings +Jay Satiro (20 May 2015) +- CURLOPT_POSTFIELDS.3: Mention curl_easy_escape - Use LF not CRLF, throughout. msysgit will only convert a file to CRLF - on checkout if it's not mixed. + .. also correct some variable naming in curl_easy_escape.3 + + Bug: https://github.com/bagder/curl/issues/281 + Reported-by: bsammon@users.noreply.github.com -- [Jay Satiro brought this change] +Daniel Stenberg (19 May 2015) +- [Brian Prodoehl brought this change] - cyassl: Fix certificate load check + openssl: Use SSL_CTX_set_msg_callback and SSL_CTX_set_msg_callback_arg - SSL_CTX_load_verify_locations can return negative values on fail, - therefore to check for failure we check if load is != 1 (success) - instead of if load is == 0 (failure), the latter being incorrect given - that behavior. + BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl + and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and + OpenSSL. + + re #275 -- [Tatsuhiro Tsujikawa brought this change] +Jay Satiro (19 May 2015) +- curl.1: fix missing space in section --data - http2: Fix missing nghttp2_session_send call in Curl_http2_switched +Daniel Stenberg (19 May 2015) +- transfer: remove erroneous and misleading comment + +Kamil Dudka (19 May 2015) +- http: silence compile-time warnings without USE_NGHTTP2 - Previously in Curl_http2_switched, we called nghttp2_session_mem_recv to - parse incoming data which were already received while curl was handling - upgrade. But we didn't call nghttp2_session_send, and it led to make - curl not send any response to the received frames. Most likely, we - received SETTINGS from server at this point, so we missed opportunity to - send SETTINGS + ACK. This commit adds missing nghttp2_session_send call - in Curl_http2_switched to fix this issue. + Error: CLANG_WARNING: + lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read - Bug: https://github.com/bagder/curl/issues/192 - Reported-by: Stefan Eissing + Error: COMPILER_WARNING: + lib/http.c: scope_hint: In function ‘http_disconnect’ + lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable] -- cookie: handle spaces after the name in Set-Cookie - - "name =value" is fine and the space should just be skipped. +Jay Satiro (19 May 2015) +- transfer: Replace __func__ instances with function name - Updated test 31 to also test for this. + .. also make __func__ replacement in multi. - Bug: https://github.com/bagder/curl/issues/195 - Reported-by: cromestant - Help-by: Frank Gevaerts + Prior to this change debug builds would fail to build if the compiler + was building pre-c99 and didn't support __func__. -- [Jay Satiro brought this change] +Daniel Stenberg (19 May 2015) +- [Viktor Szakats brought this change] - cyassl: Fix library initialization return value - - (Curl_cyassl_init) - - Return 1 on success, 0 in failure. + build: bump version in default nghttp2 paths + +- INTERNALS: we require nghttp2 1.0.0+ now + +Jay Satiro (18 May 2015) +- http: Add some include guards for the new HTTP/2 stuff + +Daniel Stenberg (18 May 2015) +- http2: store upload state per stream - Prior to this change the fail path returned an incorrect value and the - evaluation to determine whether CyaSSL_Init had succeeded was incorrect. - Ironically that combined with the way curl_global_init tests SSL library - initialization (!Curl_ssl_init()) meant that CyaSSL having been - successfully initialized would be seen as that even though the code path - and return value in Curl_cyassl_init were wrong. + Use a curl_off_t for upload left -- [Thomas Ruecker brought this change] +- http2: fix build when NOT h2-enabled - CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200" +- http2: switch to use Curl_hash_destroy() - Icecast versions 1.3.0 through 1.3.12 would reply with "ICY 200" - under certain conditions: + as after 4883f7019d3, the *_clean() function only flushes the hash. + +- curlver: restore LIBCURL_VERSION_NUM defined as a full number - client_wants_icy_headers (connection_t *con) - { - const char *val; + As it breaks configure, curl-config and test 1023 if not. + +- [Anthony Avina brought this change] + + hostip: fix unintended destruction of hash table - if (!con) - return 1; + .. and added unit1602 for hash.c + +- curlver: introducing new version number (checking) macros + +- runtests.pl: use 'h2c' now, no -14 anymore + +- [Tatsuhiro Tsujikawa brought this change] + + http2: Ignore if we have stream ID not in hash in on_stream_close - val = get_user_agent (con); - if (!val || !val[0] || strcmp (val, "(null)") == 0) - return 1; + We could get stream ID not in the hash in on_stream_close. For + example, if we decided to reject stream (e.g., PUSH_PROMISE), then we + don't create stream and store it in hash with its stream ID. + +- [Tatsuhiro Tsujikawa brought this change] + + Require nghttp2 v1.0.0 - if (con->food.client->use_icy) - return 1; - if (strncasecmp (val, "winamp", 6) == 0) - return 1; - if (strncasecmp (val, "Shoutcast", 9) == 0) - return 1; + This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0, + and utilize recent version of nghttp2 to simplify the code, - return 0; - } + First we use nghttp2_option_set_no_recv_client_magic function to + detect nghttp2 v1.0.0. That function only exists since v1.0.0. - So mainly if there is no 'user agent' or it is '(null)' or contains - 'winamp' or 'Shoutcast'. + Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and + validates received header field. If it found error, RST_STREAM with + PROTOCOL_ERROR is issued. Since we require v1.0.0, we can utilize + this feature to simplify libcurl code. This commit does this. - No mainstream distribution carries Icecast 1.3.x anymore, after all - it was released in 2002 and superseded by Icecast 2.x. + Migration from 0.7 series are done based on nghttp2 migration + document. For libcurl, we removed the code sending first 24 bytes + client magic. It is now done by nghttp2 library. + on_invalid_frame_recv callback signature changed, and is updated + accordingly. -Dan Fandrich (31 Mar 2015) -- axtls: add timeout within Curl_axtls_connect +- http2: infof length in on_frame_send() + +- pipeline: switch some code over to functions - This allows test 405 to pass on axTLS. + ... to "compartmentalize" a bit and make it easier to change behavior + when multiplexing is used instead of good old pipelining. -Daniel Stenberg (30 Mar 2015) -- [Jay Satiro brought this change] +- symbols-in-versions: add CURLOPT_PIPEWAIT - checksrc: Windows-specific input fixes +- CURLOPT_PIPEWAIT: added - lib/config-win32ce.h - - Fix whitespace for checksrc compliance. - - lib/checksrc.pl - - Remove trailing carriage returns from input. - - projects/checksrc.bat - - Ignore tool_hugehelp.c. + By setting this option to 1 libcurl will wait for a connection to reveal + if it is possible to pipeline/multiplex on before it continues. -- [Dagobert Michelsen brought this change] +- Curl_http_readwrite_headers: minor code simplification - configure: Use KRB5CONFIG for krb5-config +- IsPipeliningPossible: fixed for http2 + +- http2: bump the h2 buffer size to 32K for speed + +- http2: remove the stream from the hash in stream_close callback - Allows the user to easier override its path. + ... and suddenly things work much better! + +- http2: if there is paused data, do not clear the drain field + +- http2: rename s/data/pausedata + +- http2: "stream %x" in all outputs to make it easier to search for + +- http2: Curl_expire() all handles with incoming traffic - Bug: http://curl.haxx.se/bug/view.cgi?id=1486 + ... so that they'll get handled next in the multi loop. -- multi: remove_handle: move pending connections +- http2: don't signal settings change for same values + +- http2: set default concurrency, fix ConnectionExists for multiplex + +- bundles: store no/default/pipeline/multiplex - If the handle removed from the multi handle happens to be the one - "owning" the pipeline other transfers will be waiting indefinitely. Now - we move such handles back to connect to have them race (again) for - getting the connection and thus avoid hanging. + to allow code to act differently on the situation. - Bug: http://curl.haxx.se/bug/view.cgi?id=1465 - Reported-by: Jiri Dvorak + Also added some more info message for the connection re-use function to + make it clearer when connections are not re-used. -- KNOWN_BUGS: 89 is bug #1411 +- http2: lazy init header_recvbuf - Disabling pipelining on multi handle with in-progress pipelined requests - leads to heap corruption and crash + It makes us use less memory when not doing HTTP/2 and subsequently also + makes us not have to cleanup HTTP/2 related data when not using HTTP/2! -- [Jay Satiro brought this change] +- http2: separate multiplex/pipelining + cleanup memory leaks - cyassl: CTX callback cosmetic changes and doc fix - - - More descriptive fail message for NO_FILESYSTEM builds. - - Cosmetic changes. - - Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific. +- CURLMOPT_PIPELINE: bit 1 is for multiplexing -- RELEASE-NOTES: synced with d2feb71752f +- [Tatsuhiro Tsujikawa brought this change] -Dan Fandrich (28 Mar 2015) -- tool_operate: only set SSL options if SSL is enabled + http2: Fix bug that data to be drained are overwritten by pending "paused" data -- runtests.pl: detect WolfSSL as yassl +- [Tatsuhiro Tsujikawa brought this change] -Daniel Stenberg (27 Mar 2015) -- [Kyle L. Huff brought this change] + http2: Don't call nghttp2_session_mem_recv while it is paused by a stream - cyassl: add SSL context callback support for CyaSSL +- [Tatsuhiro Tsujikawa brought this change] + + http2: Read data left in connection buffer after pause - Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better - handles CyaSSL instances using NO_FILESYSTEM. + Previously when we do pause because of out of buffer, we just throw + away unread data in connection buffer. This just broke protocol + framing, and I saw occasional FRAME_SIZE_ERROR. This commit fix this + issue by remembering how much data read, and in the next iteration, we + process remaining data. -- [Kyle L. Huff brought this change] +- [Tatsuhiro Tsujikawa brought this change] - cyassl: remove undefined reference to CyaSSL_no_filesystem_verify + http2: Fix streams get stuck - CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or - CyaSSL. This reference causes build errors when compiling with - NO_FILESYSTEM. + This commit fixes the bug that streams get stuck if stream gets some + DATA, and stream->closed becomes true at the same time. Previously, + in this condition, after we processed DATA, we are going to try to + read data from underlying transport, but there is no data, and gets + EAGAIN. There was no code path to evaludate stream->closed. -- [Jay Satiro brought this change] +- http2: store incoming h2 SETTINGS - build: Fix libcurl.sln erroneous mixed configurations +- pipeline: move function to pipeline.c and make static - Prior to this change some Release configurations had an active - configuration assignment to their Debug counterpart. - -- [Jay Satiro brought this change] + ... as it was only used from there. - vtls: Don't accept unknown CURLOPT_SSLVERSION values +- IsPipeliningPossible: http2 can always "pipeline" (multiplex) -- [Jay Satiro brought this change] +- http2: remove debug logging from on_frame_recv - url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined +- http2: remove the closed check in http2_recv + + With the "drained" functionality we can get here slightly asynchronously + so the stream have have been closed but there is pending data left to + read. -- [Paul Howarth brought this change] +- http2: bump the h2 buffer to 8K - build: link curl to openssl libraries when openssl support is enabled - - This fixes a build failure where openssl and libmetalink are used - together and the system linker does not do implicit linking (e.g. - Fedora 13 and later releases). The MD5 functions required for - metalink support must be pulled in from the openssl crypto library. +- http2: Curl_read should not use the single buffer - This is similar to commit c6e7cbb94e669b85d3eb8e015ec51d0072112133, - which fixes the same sort of problem for NSS builds. + ... as it does for pipelining when we're multiplexing, as we need the + different buffers to store incoming data correctly for all streams. -- multi: on a request completion, check all CONNECT_PEND transfers +- http2: more debug outputs + +- http2: leave WAITPERFORM when conn is multiplexed - ... even if they don't have an associated connection anymore. It could - leave the waiting transfers pending with no active one on the - connection. + No need to wait for our "spot" like for pipelining + +- http2: force "drainage" of streams - Bug: http://curl.haxx.se/bug/view.cgi?id=1465 - Reported-by: Jiri Dvorak + ... which is necessary since the socket won't be readable but there is + data waiting in the buffer. -- [Emil Lerner brought this change] +- http2: move the mem+len pair to the stream struct - globbing: fix url number calculation when using range with step +- http2: more stream-oriented data, stream ID 0 is for connections + +- http2: move lots of state data to the 'stream' struct - In function glob_range, the number of urls was multiplied by (max - min - + 1), regardless of step. The correct formula is (max - min) / step + 1 + ... from the connection struct. The stream one being the 'struct HTTP' + which is kept in the SessionHandle struct (easy handle). + + lookup streams for incoming frames in the stream hash, hashing is based + on the stream id and we get the SessionHandle for the incoming stream + that way. -- README.http2: refreshed and added TODO items +- HTTP: partial start at fixing up hash-lookups on http2 frame receival -- [Emil Lerner brought this change] +- http: a stream hash for h2 multiplexing - globbing: fix step parsing for character globbing ranges - - The glob_range function used wrong offset (3 instead of 4) for parsing - integer step inside character range specification, which led to 'bad - range' error when using character ranges with explicitly specified step - (such as '[a-z:2]') +- http: a stream hash for h2 multiplexing -- polarssl: called mbedTLS in 1.3.10 and later +- http2: debug log when receiving unexpected stream_id -- polarssl: remove dead code +- http2: move stream_id to the HTTP struct (per-stream) + +- Curl_http2_setup: only do it once and enable multiplex on the server - and simplify code by changing if-elses to a switch() + Once we know we are HTTP/2 enabled we know the server can multiplex. + +- http: switch on "pipelining" (multiplexing) for HTTP/2 servers - CID 1291706: Logically dead code. Execution cannot reach this statement + ... and do not blacklist any. -- polarssl: remove superfluous for(;;) loop +- README.pipelining: removed - "unreachable: Since the loop increment is unreachable, the loop body - will never execute more than once." + All the details mentioned here are better documented in man pages + +Dan Fandrich (14 May 2015) +- build: removed bundles.c from make files - Coverity CID 1291707 + This file was removed in commit fd137786 -- Curl_ssl_md5sum: return CURLcode +Daniel Stenberg (14 May 2015) +- Curl_conncache_add_conn: fix memory leak on OOM + +- CURLMOPT_MAX_HOST_CONNECTIONS: host = host name + port number + +- conncache: keep bundles on host+port bases, not only host names - ... since the funciton can fail on OOM. Check this return code. + Previously we counted all connections to a specific host name and that + would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example, + while servers on different port numbers are normally considered + different "origins" on the web and should thus be considered different + hosts. + +- bundles: merged into conncache.c - Coverity CID 1291705. + All the existing Curl_bundle* functions were only ever used from within + the conncache.c file, so I moved them over and made them static (and + removed the Curl_ prefix). -- [Jay Satiro brought this change] +- hostcache: made all host caches use structs, not pointers + + This avoids unnecessary dynamic allocs and as this also removed the last + users of *hash_alloc() and *hash_destroy(), those two functions are now + removed. - cyassl: default to highest possible TLS version +- multi: converted socket hash into non-allocated struct - (cyassl_connect_step1) - - Use TLS 1.0-1.2 by default when available. + avoids extra dynamic allocation + +- connection cache: avoid Curl_hash_alloc() - CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade - version. - - cyassl/cyassl@322f79f + ... by using plain structs instead of pointers for the connection cache, + we can avoid several dynamic allocations that weren't necessary. -- [Jay Satiro brought this change] +- proxy: add newline to info message - cyassl: Check for invalid length parameter in Curl_cyassl_random +Patrick Monnerat (8 May 2015) +- FTP: fix dangling conn->ip_addr dereference on verbose EPSV. -- [Jay Satiro brought this change] +- FTP: Make EPSV use the control IP address rather than the original host. + This ensures an alternate address is not used. + Does not apply to proxy tunnel. - cyassl: If wolfSSL then identify as such in version string +Daniel Stenberg (8 May 2015) +- [Alessandro Ghedini brought this change] -Dan Fandrich (24 Mar 2015) -- symbols-in-versions: added CURLOPT_PATH_AS_IS + tool_help: fix formatting for --next option -- testcurl.pl: add the --notes option to supply more info about a build - - Support for notes has been in place for a while, but it required - being added to the setup file manually. +- [Egon Eckert brought this change] -- curl_memory: make curl_memory.h the second-last header file loaded - - This header file must be included after all header files except - memdebug.h, as it does similar memory function redefinitions and can be - similarly affected by conflicting definitions in system or dependent - library headers. + opts: improved the TCP keepalive examples -Daniel Stenberg (24 Mar 2015) -- openssl: do the OCSP work-around for libressl too +Jay Satiro (8 May 2015) +- winbuild: Document the option used to statically link the CRT - I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to - still require the work-around for stapling to work. - -- openssl: verifystatus: only use the OCSP work-around <= 1.0.2a + - Document option RTLIBCFG (runtime library configuration). - URL: http://curl.haxx.se/mail/lib-2015-03/0205.html - Reported-by: Alessandro Ghedini - -- openssl: adapt to ASN1/X509 things gone opaque in 1.1 - -Dan Fandrich (24 Mar 2015) -- [Jay Satiro brought this change] - - curl_easy_setopt.3: Fix misspelling in CURLOPT_PATH_AS_IS description + Bug: https://github.com/bagder/curl/issues/254 + Reported-by: Bert Huijben -- [Viktor Szakáts brought this change] +- [Orgad Shaneh brought this change] - CURLOPT_HTTPHEADER.3: fix typo in recent commit + netrc: Read in text mode when cygwin + + Use text mode when cygwin to eliminate trailing carriage returns. + + Bug: https://github.com/bagder/curl/pull/258 -- [Viktor Szakáts brought this change] +Patrick Monnerat (5 May 2015) +- OS400: Add SPNEGO service name options to ILE/RPG binding. - CURLOPT_PATH_AS_IS.3: add type 'long' to prototype +Daniel Stenberg (4 May 2015) +- curl_multi_info_read.3: fix typo + + Reported-by: Liviu Chircu -- vtls: fix compile with --disable-crypto-auth but with SSL +- MANUAL: language fix - This is a strange combination of options, but is allowed. + Reported-by: Fred Stluka + Bug: https://github.com/bagder/curl/issues/255 -Patrick Monnerat (24 Mar 2015) -- os400: define new options in ILE/RPG binding. +- [Alessandro Ghedini brought this change] -Daniel Stenberg (24 Mar 2015) -- RELEASE-NOTES: synced with f6878609361 + gtls: properly retrieve certificate status + + Also print the revocation reason if appropriate. -- curl_easy_setopt.3: Add CURLOPT_PATH_AS_IS +- OpenSSL: conditional check for SSL3_RT_HEADER + + The symbol is fairly new. + + Reported-by: Kamil Dudka -- CURLOPT_PATH_AS_IS: added +- openssl: skip trace outputs for ssl_ver == 0 - --path-as-is is the command line option + The OpenSSL trace callback is wonderfully undocumented but given a + journey in the source code, it seems the cases were ssl_ver is zero + doesn't follow the same pattern and thus turned out confusing and + misleading. For now, we skip doing any CURLINFO_TEXT logging on those + but keep sending them as CURLINFO_SSL_DATA_OUT/IN. - Added docs in curl.1 and CURLOPT_PATH_AS_IS.3 + Also, I added direction to the text info and I edited some functions + slightly. - Added test in test 1241 + Bug: https://github.com/bagder/curl/issues/219 + Reported-by: Jay Satiro, Ashish Shukla -- [Yamada Yasuharu brought this change] +Marc Hoersken (2 May 2015) +- schannel.c: Small changes - curl_easy_recv/send: make them work with the multi interface - - By making sure Curl_getconnectinfo() uses the correct connection cache - to find the last connection. +- schannel.c: Improve code path and readability -- http2: move the init too for when its actually needed +- schannel.c: Improve error and return code handling upon aa99a63f03 + +- [Chris Araman brought this change] + + schannel: fix regression in schannel_recv - ... it would otherwise lead to memory leakage if we never actually do - the switch. + https://github.com/bagder/curl/issues/244 + + Commit 145c263 changed the behavior when Curl_read_plain returns + CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED + correctly. -Dan Fandrich (23 Mar 2015) -- dict: rename byte to avoid compiler shadowed declaration warning +- Bug born in changes made several days ago 9a91e80. - This conflicted with a WolfSSL typedef. + Commit: https://github.com/bagder/curl/commit/926cb9f + Reported-by: Ray Satiro -- cyassl: include version.h to ensure the version macros are defined +Daniel Stenberg (30 Apr 2015) +- [Michael Osipov brought this change] -- test1513: eliminated race condition in test run + configure: remove missing and make it autogenerate - It seems that some systems (e.g. fairly consistently in some recent - Solaris autobuilds) would manage to get to the connect phase before the - progress callback was called, resulting in a CURLE_COULDNT_CONNECT - error. Reworked the test to point at a test server that never returns a - full result so the progress callback always gets a chance to be called - before the transfer can complete in some other way. + The missing file has not been autogenerated because a temporary fix was + employed in acinclude.m4 which blocked update. Removed that fix and a recent + version of missing is copied to build root. -Nick Zitzmann (21 Mar 2015) -- darwinsssl: add support for TLS False Start - - TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later. +- [Michael Osipov brought this change] -Daniel Stenberg (21 Mar 2015) -- gtls: add check of return code + acinclude.m4: fix test for default CA cert bundle/path - Coverity CID 1291167 pointed out that 'rc' was received but never used when - gnutls_credentials_set() was used. Added return code check now. + test(1) on HP-UX requires a single equals sign and fails with two. + Let's use one and make every OS happy. -- gtls: dereferencing NULL pointer +- CONTRIBUTING.md: remove the sourceforge mention - Coverity CID 1291165 pointed out 'chainp' could be dereferenced when - NULL if gnutls_certificate_get_peers() had previously failed. + Reported-By: Michael Osipov -- gtls: avoid uninitialized variable. - - Coverity CID 1291166 pointed out that we could read this variable - uninitialized. +Dan Fandrich (30 Apr 2015) +- http_negotiate_sspi: added missing data variable -Dan Fandrich (21 Mar 2015) -- tests/certs: rebuild certificates with modified key usage bits - - The certificates were missing the digitalSignature and keyAgreement - usage types, of which at least digitalSignature was checked by CyaSSL. - This caused the test server in test 310 (among others) to fail the - startup verification and therefore run (see - http://curl.haxx.se/mail/lib-2014-07/0303.html). +Daniel Stenberg (30 Apr 2015) +- [Michael Osipov brought this change] -- tests/certs: added make target to rebuild certificates + configure: remove --automake from libtoolize call - The certificate generation scripts were also updated to better match the - format of the certificates currently checked in. + That option is not mentioned in the man page of libtoolize 2.4.4.19-fda4. + Moveover, a comment in line 2623 says "--automake is for 1.5 compatibility". + + This option is redundant now. -Daniel Stenberg (21 Mar 2015) -- x509asn1: add /* fallthrough */ in switch() case +- [Viktor Szakats brought this change] -- x509asn1: minor edit to unconfuse Coverity + build: update depedency versions, urls, example makefiles - CID 1202732 warns on the previous use, although I cannot fine any - problems with it. I'm doing this change only to make the code use a more - familiar approach to accomplish the same thing. + - update default versions of dependencies (except for rare/old platforms) + - update urls + - sync examples makefiles with main ones + - remove line ending space -- [Dagobert Michelsen brought this change] +- [Michael Osipov brought this change] - testcurl: Allow '=' in values given on command line + configure: remove autogenerated files by autoconf + + * install-sh is always regenerated + * mkinstalldirs was already redudant years ago. Automake uses install for + that. See: http://lists.gnu.org/archive/html/automake/2007-03/msg00015.html -- nss: error: unused variable 'connssl' +- [Anders Bakken brought this change] -Dan Fandrich (21 Mar 2015) -- test938: added missing closing tags + curl_multi_add_handle: next is already NULL -- cyassl: use new library version macro when available +Jay Satiro (30 Apr 2015) +- schannel: Fix out of bounds array + + Bug born in changes made several days ago 9a91e80. + + Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html + Reported-by: Brian Chrisman -Kamil Dudka (20 Mar 2015) -- [Alessandro Ghedini brought this change] +- docs/libcurl: gitignore libcurl-symbols.3 + + Bug: http://curl.haxx.se/mail/lib-2015-04/0191.html + Reported-by: Michael Osipov - curl: add --false-start option +- [Viktor Szakats brought this change] -- [Alessandro Ghedini brought this change] + lib/makefile.m32: add arch -m32/-m64 to LDFLAGS + + This fixes using a multi-target mingw distro to build curl .dll for the + non-default target. + (mirroring the same patch present in src/makefile.m32) - nss: add support for TLS False Start +Daniel Stenberg (29 Apr 2015) +- RELEASE-NOTES: synced with cd39b944afc + + I've not mentioned the bug fixes that were shipped in 7.42.1 from the + 7_42 branch. -- [Alessandro Ghedini brought this change] +- THANKS: merged from the 7.42.1 release - url: add CURLOPT_SSL_FALSESTART option +- CURLOPT_HEADEROPT: default to separate - This option can be used to enable/disable TLS False Start defined in the RFC - draft-bmoeller-tls-falsestart. + Make the HTTP headers separated by default for improved security and + reduced risk for information leakage. + + Bug: http://curl.haxx.se/docs/adv_20150429.html + Reported-by: Yehezkel Horowitz, Oren Souroujon -Patrick Monnerat (20 Mar 2015) -- [Alessandro Ghedini brought this change] +Linus Nielsen (28 Apr 2015) +- docs/libcurl: Corrected a typo in the CURLOPT_PROXY_SERVICE_NAME documentation - gtls: implement CURLOPT_CERTINFO +Daniel Stenberg (28 Apr 2015) +- hash: simplify Curl_str_key_compare() -Daniel Stenberg (20 Mar 2015) -- [Alessandro Ghedini brought this change] +- dist: ship CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME - openssl: try to avoid accessing OCSP structs when possible +- [Linus Nielsen brought this change] -- CURLOPT_URL.3: spelling! + Negotiate: custom service names for SPNEGO. - Reported-by: Frank Gevaerts - -- CURLOPT_URL.3: Added "SECURITY CONCERNS" + * Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. + * Add new curl options, --proxy-service-name and --service-name. -- CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section +- http2: unify http_conn variable names to 'c' -Dan Fandrich (19 Mar 2015) -- cyassl: detect the library as renamed wolfssl +- ConnectionExists: call it multi-use instead of pipelining - This change was made in CyaSSL/WolfSSL ver. 3.4.0 + So that it fits HTTP/2 as well -Daniel Stenberg (19 Mar 2015) -- HTTP: don't switch to HTTP/2 from 1.1 until we get the 101 +Kamil Dudka (27 Apr 2015) +- [Paul Howarth brought this change] + + nss: fix compilation failure with old versions of NSS - We prematurely changed protocol handler to HTTP/2 which made things very - slow (and wrong). + Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html + +Daniel Stenberg (27 Apr 2015) +- sws: init http2 state properly - Reported-by: Stefan Eissing - Bug: https://github.com/bagder/curl/issues/169 + It would otherwise cause problems when running tests after 1801 etc. -Dan Fandrich (19 Mar 2015) -- axtls: version 1.5.2 now requires that config.h be manually included +- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION + + ... as it was previouly undocumented what the pointer was. -Daniel Stenberg (19 Mar 2015) -- metalink: fix resource leak in OOM +- runtests: use a DISABLED.local file too - Coverity CID 1288826 + ... and have git ignore that. Allows for a dev to add tests to ignore in + local tests and yet don't obstruct a normal git work flow. -Dan Fandrich (18 Mar 2015) -- docs/libcurl: clean up libcurl-symbols.3 +Marc Hoersken (26 Apr 2015) +- schannel.c: Fix typo introduced with 3447c973d0 -- docs/libcurl: check that all options with man pages are referenced +- schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error - If a man page exists in the opts/ directory, it must also be referenced - either in curl_easy_setopt.3 or curl_multi_setopt.3 - -- curl_easy_setopt.3: added a few missing options + Reported-by: Brian Chrisman -Kamil Dudka (18 Mar 2015) -- nss: explicitly tell NSS to disable NPN/ALPN +Daniel Stenberg (26 Apr 2015) +- schannel: re-indented file to follow curl style better - ... if disabled at libcurl level. Otherwise, we would allow to - negotiate NPN despite curl was invoked with the --no-npn option. + white space changes only -Daniel Stenberg (18 Mar 2015) -- [Jay Satiro brought this change] +- Curl_ossl_init: load builtin modules + + To have engine modules work, we must tell openssl to load builtin + modules first. + + Bug: https://github.com/bagder/curl/pull/206 - mkhelp: Remove trailing carriage return from every line of input +- configure: follow-up fix for krb5-config - - Get rid of this flood of warnings in Windows mingw build: - warning: missing terminating " character + commit 5b66860652 was incomplete so here's a follow-up fix - The warning is due to the carriage return. When msysgit checks out files - from the repo by default it converts the line endings to CRLF. Prior to - this change when mkhelp.pl processed the MANUAL and curl.1 in CRLF - format the trailing carriage returns caused unnecessary CR in the - output. + Reported-by: Dagobert Michelsen + Bug: https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445 -- RELEASE-NOTES: synced with e539f01567 +- openssl: fix serial number output + + The code extracting the cert serial number was broken and didn't display + it properly. + + Bug: https://github.com/bagder/curl/issues/235 + Reported-by: dkjjr89 -- [Christian Weisgerber brought this change] +- [Grant Pannell brought this change] - docs/libcurl: make portability fix + sasl_sspi: Populate domain from the realm in the challenge - Using $< in a non-suffix rule context is a GNU make idiom. This bug was - introduced in 7.41.0. + Without this, SSPI based digest auth was broken. + + Bug: https://github.com/bagder/curl/pull/141.patch -Dan Fandrich (17 Mar 2015) -- checksrc: Fix whitelist on out-of-tree builds +Jay Satiro (25 Apr 2015) +- [Anthony Avina brought this change] -Daniel Stenberg (17 Mar 2015) -- [Stefan Bühler brought this change] + tool: New option --data-raw to HTTP POST data, '@' allowed. + + Add new option --data-raw which is almost the same as --data but does + not have a special interpretation of the @ character. + + Prior to this change there was no (easy) way to pass the @ character as + the first character in POST data without it being interpreted as a + special character. + + Bug: https://github.com/bagder/curl/issues/198 + Reported-by: Jens Rantil - Curl_sh_entry: remove unused 'timestamp' +Dan Fandrich (25 Apr 2015) +- test2039: fixed line endings that caused a test failure -- HTTP: don't use Expect: headers when on HTTP/2 - - Reported-by: Stefan Eissing - Bug: https://github.com/bagder/curl/issues/169 +Daniel Stenberg (24 Apr 2015) +- [Viktor Szakats brought this change] -- checksrc: detect and remove space before trailing semicolons + netrc: add unit tests for 'default' support -- checksrc: introduce a whitelisting concept +- [Viktor Szakats brought this change] -- checksrc: use space after comma + netrc: support 'default' token + + The 'default' token has no argument and means to match _any_ domain. + It must be placed last if there are 'machine ' tokens in the same file. + + See full description here: + https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html -- checksrc: use space before paren in "return (expr);" +- ROADMAP.md: extended the HTTP/2 section, reformatted + + Elaborated on several of the remaining HTTP/2 parts and made document + use a format that ends up nicer on the web page: + http://curl.haxx.se/dev/roadmap.html -- CONTRIBUTE: refer to git log instead of deprecated CHANGES file +Kamil Dudka (23 Apr 2015) +- curl -z: do not write empty file on unmet condition + + This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe. + It also introduces a regression test 1424 based on tests 78 and 1423. + + Reported-by: Viktor Szakats + Bug: https://github.com/bagder/curl/issues/237 -- CURLOPT_*.3: more examples and edits +Dan Fandrich (23 Apr 2015) +- tool: fixed a comment typo -- CURLOPT_*.3: added lots of small example sections +- README: convert to UTF-8 -- CURLOPT_PRIVATE.3: provide an example +Jay Satiro (22 Apr 2015) +- cyassl: Implement public key pinning + + Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc. -- CURLOPT_*TIMEOUT.3: provide examples +Dan Fandrich (22 Apr 2015) +- [Alessandro Ghedini brought this change] -- CURLOPT_USERAGENT.3: added an example + curl.1: fix typo -- CURLOPT_STDERR.3: added an example +Kamil Dudka (22 Apr 2015) +- docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too -- curl_easy_perform.3: remove superfluous close brace from example +- tests/unit/.gitignore: hide unit1601 and above, too -- free: instead of Curl_safefree() - - Since we just started make use of free(NULL) in order to simplify code, - this change takes it a step further and: +Daniel Stenberg (22 Apr 2015) +- connectionexists: follow-up to fd9d3a1ef1f - - converts lots of Curl_safefree() calls to good old free() - - makes Curl_safefree() not check the pointer before free() + PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not + enabled. - The (new) rule of thumb is: if you really want a function call that - frees a pointer and then assigns it to NULL, then use Curl_safefree(). - But we will prefer just using free() from now on. - -- [Markus Elfring brought this change] + Mistake-caught-by: Kamil Dudka - Bug #149: Deletion of unnecessary checks before a few calls of cURL functions - - The following functions return immediately if a null pointer was passed. - * Curl_cookie_cleanup - * curl_formfree - - It is therefore not needed that a function caller repeats a corresponding check. +- connectionexists: fix build without NTLM - This issue was fixed by using the software Coccinelle 1.0.0-rc24. + Do not access NTLM-specific struct fields when built without NTLM + enabled! - Signed-off-by: Markus Elfring + bug: http://curl.haxx.se/?i=231 + Reported-by: Patrick Rapin -- [Markus Elfring brought this change] +- bump: start working toward 7.43.0 - Bug #149: Deletion of unnecessary checks before calls of the function "free" +Kamil Dudka (22 Apr 2015) +- nss: implement public key pinning for NSS backend - The function "free" is documented in the way that no action shall occur for - a passed null pointer. It is therefore not needed that a function caller - repeats a corresponding check. - http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first - - This issue was fixed by using the software Coccinelle 1.0.0-rc24. - - Signed-off-by: Markus Elfring + Bug: https://bugzilla.redhat.com/1195771 -- [Jay Satiro brought this change] +Daniel Stenberg (22 Apr 2015) +- dist: include {src,lib}/checksrc.whitelist - connect: Fix happy eyeballs logic for IPv4-only builds - - Bug: https://github.com/bagder/curl/pull/168 - - (trynextip) - - Don't try the "other" protocol family unless IPv6 is available. In an - IPv4-only build the other family can only be IPv6 which is unavailable. - - This change essentially stops IPv4-only builds from attempting the - "happy eyeballs" secondary parallel connection that is supposed to be - used by the "other" address family. - - Prior to this change in IPv4-only builds that secondary parallel - connection attempt could be erroneously used by the same family (IPv4) - which caused a bug where every address after the first for a host could - be tried twice, often in parallel. This change fixes that bug. An - example of the bug is shown below. - - Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4: - - * STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000) - * Rebuilt URL to: http://MTEST/ - * Added connection 0. The cache now contains 1 members - * STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083 - (connection #0) - * Trying 127.0.0.2... - * STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163 - (connection #0) - * Trying 127.0.0.3... - * connect to 127.0.0.2 port 80 failed: Connection refused - * Trying 127.0.0.3... - * connect to 127.0.0.3 port 80 failed: Connection refused - * Trying 127.0.0.4... - * connect to 127.0.0.3 port 80 failed: Connection refused - * Trying 127.0.0.4... - * connect to 127.0.0.4 port 80 failed: Connection refused - * connect to 127.0.0.4 port 80 failed: Connection refused - * Failed to connect to MTEST port 80: Connection refused - * Closing connection 0 - * The cache now contains 0 members - * Expire cleared - curl: (7) Failed to connect to MTEST port 80: Connection refused - - The bug was born in commit bagder/curl@2d435c7. +Version 7.42.0 (22 Apr 2015) -- mksymbolsmanpage.pl: use std header and generate better nroff header +Daniel Stenberg (22 Apr 2015) +- RELEASE-NOTES: updated for 7.42.0 -- [Frank Meier brought this change] +- THANKS: added contributors from 7.42.0 release notes - closesocket: call multi socket cb on close even with custom close - - In function Curl_closesocket() in connect.c the call to - Curl_multi_closed() was wrongly omitted if a socket close function - (CURLOPT_CLOSESOCKETFUNCTION) is registered. - - That would lead to not removing the socket from the internal hash table - and not calling the multi socket callback appropriately. - - Bug: http://curl.haxx.se/bug/view.cgi?id=1493 +- THANKS-filter: a few more alterations to squash -- [Tobias Stoeckmann brought this change] +- contrithanks.sh: helper script for maintaining THANKS - hostip: Fix signal race in Curl_resolv_timeout. - - A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is - configured to interrupt system calls and uses siglongjmp to return into - the function if alarm() goes off. +- http_done: close Negotiate connections when done - The signal handler is installed before curl_jmpenv is initialized. - This means that an already installed alarm timer could trigger the - newly installed signal handler, leading to undefined behavior when it - accesses the uninitialized curl_jmpenv. + When doing HTTP requests Negotiate authenticated, the entire connnection + may become authenticated and not just the specific HTTP request which is + otherwise how HTTP works, as Negotiate can basically use NTLM under the + hood. curl was not adhering to this fact but would assume that such + requests would also be authenticated per request. - Even if there is no previously installed alarm available, the code in - Curl_resolv_timeout itself installs an alarm before the environment is - fully set up. If the process is sent into suspend right after that, the - signal handler could be called too early as in previous scenario. + CVE-2015-3148 - To fix this, the signal handler should only be installed and the alarm - timer only be set after sigsetjmp has been called. + Bug: http://curl.haxx.se/docs/adv_20150422B.html + Reported-by: Isaac Boukris -- http2: detect prematures close without data transfered +- fix_hostname: zero length host name caused -1 index offset - ... by using the regular Curl_http_done() method which checks for - that. This makes test 1801 fail consistently with error 56 (which seems - fine) to that test is also updated here. + If a URL is given with a zero-length host name, like in "http://:80" or + just ":80", `fix_hostname()` will index the host name pointer with a -1 + offset (as it blindly assumes a non-zero length) and both read and + assign that address. - Reported-by: Ben Darnell - Bug: https://github.com/bagder/curl/issues/166 - -Dan Fandrich (13 Mar 2015) -- test320: Expect the Host header to be the first header + CVE-2015-3144 - Required for the test to work after a5d994941c2b. - -Daniel Stenberg (12 Mar 2015) -- RELEASE-NOTES: synced with 186e46d88dd + Bug: http://curl.haxx.se/docs/adv_20150422D.html + Reported-by: Hanno Böck -- openssl: use colons properly in the ciphers list +- cookie: cookie parser out of boundary memory access - While the previous string worked, this is the documented format. + The internal libcurl function called sanitize_cookie_path() that cleans + up the path element as given to it from a remote site or when read from + a file, did not properly validate the input. If given a path that + consisted of a single double-quote, libcurl would index a newly + allocated memory area with index -1 and assign a zero to it, thus + destroying heap memory it wasn't supposed to. - Reported-by: Richard Moore + CVE-2015-3145 + + Bug: http://curl.haxx.se/docs/adv_20150422C.html + Reported-by: Hanno Böck -- openssl: sort the ciphers on strength +- ConnectionExists: for NTLM re-use, require credentials to match - This makes curl pick better (stronger) ciphers by default. The strongest - available ciphers are fine according to the HTTP/2 spec so an OpenSSL - built curl is no longer rejected by string HTTP/2 servers. + CVE-2015-3143 - Bug: http://curl.haxx.se/bug/view.cgi?id=1487 + Bug: http://curl.haxx.se/docs/adv_20150422A.html + Reported-by: Paras Sethia -- [Fabian Keil brought this change] +Jay Satiro (21 Apr 2015) +- [byronhe brought this change] - test203[0-3]: Expect the Host header to be the first header + openssl: add OPENSSL_NO_SSL3_METHOD check + +Daniel Stenberg (20 Apr 2015) +- CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc - Required for the tests to work after a5d994941c2b. + Bug: https://github.com/bagder/curl/issues/229 + Reported-by: bsammon -- openssl: show the cipher selection to use +Kamil Dudka (20 Apr 2015) +- [Mostyn Bramley-Moore brought this change] -- http: always send Host: header as first header - - ...after the method line: - - "Since the Host field-value is critical information for handling a - request, a user agent SHOULD generate Host as the first header field - following the request-line." / RFC 7230 section 5.4 - - Additionally, this will also make libcurl ignore multiple specified - custom Host: headers and only use the first one. Test 1121 has been - updated accordingly - - Bug: http://curl.haxx.se/bug/view.cgi?id=1491 - Reported-by: Rainer Canavan + configure --with-nss: remove unneeded libs from the fallback -- [Alexander Pepper brought this change] +Daniel Stenberg (20 Apr 2015) +- contributors.sh: fix help output, filter out (-prefix from names - mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q". - - Also unified printing to STDERR by creating the helper method "report". +- RELEASE-NOTES: synced with cc0e7ebc3be0 -- proxy: re-use proxy connections (regression) - - When checking for a connection to re-use, a proxy-using request must - check for and use a proxy connection and not one based on the host - name! - - Added test 1421 to verify - - Bug: http://curl.haxx.se/bug/view.cgi?id=1492 +- [Michael Stapelberg brought this change] -- [Jay Satiro brought this change] + CURLMOPT_TIMERFUNCTION.3: Clarify, add an example - memanalyze.pl: handle free(NULL) +- [Viktor Szakáts brought this change] -- [Jay Satiro brought this change] + vtls/openssl: use https in URLs and a comment typo fixed - .travis.yml: Change CI make test to make test-full - - - Change the continuous integration script to use 'make test-full' - instead of just 'make test' so that the diagnostic log output is - printed to stdout when a test fails. - - - Change the continuous integration script to use - './configure --enable-debug' instead of just './configure' so that the - memory analyzer will work during testing. +- curl_version_info.3: fixed the 'protocols' variable type - Prior to this change Travis used its default C test script: - ./configure && make && make test + Reported-by: John Marshall + Bug: https://github.com/bagder/curl/issues/225 -- [Alessandro Ghedini brought this change] +Dan Fandrich (18 Apr 2015) +- test1423: added missing "file" to server section - gtls: correctly align certificate status verification messages +Daniel Stenberg (17 Apr 2015) +- TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods + + ... and some minor edits -- [Alessandro Ghedini brought this change] +- Revert "HTTP: don't abort connections with pending Negotiate authentication" + + This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. + + Bug: https://github.com/bagder/curl/issues/223 + Reported-by: Michael Osipov - gtls: don't print double newline after certificate dates +Jay Satiro (17 Apr 2015) +- cyassl: Fix include order + + Prior to this change CyaSSL's build options could redefine some generic + build symbols. + + http://curl.haxx.se/mail/lib-2015-04/0069.html -- [Alessandro Ghedini brought this change] +Kamil Dudka (17 Apr 2015) +- configure --with-nss: drop redundant if statement - gtls: print negotiated TLS version and full cipher suite name +- configure --with-nss=PATH: query pkg-config if available - Instead of priting cipher and MAC algorithms names separately, print the - whole cipher suite string which also includes the key exchange algorithm, - along with the negotiated TLS version. + Bug: https://github.com/bagder/curl/pull/171 -- gtls: fix compiler warnings +Daniel Stenberg (17 Apr 2015) +- parsecfg: do not continue past a zero termination + + When a config file line ends without newline, the parsing function could + continue reading beyond that point in memory. + + Reported-by: Hanno Böck -- [Alessandro Ghedini brought this change] +Jay Satiro (16 Apr 2015) +- gitignore: Ignore Windows build output directories - gtls: add support for CURLOPT_CAPATH +Daniel Stenberg (15 Apr 2015) +- RELEASE-NOTES: synced with 1ba6e4c88e0 -- [stopiccot brought this change] +- TODO: 17.9 Choose the name of file in braces for complex URLs - MacOSX-Framework: use @rpath instead of @executable_path - - Bug: https://github.com/bagder/curl/pull/157 +- TODO: a little caution that maybe not all ideas are still good -- RELEASE-NOTES: synced with c19349951 +- TODO: 17.8 offer color-coded HTTP header output -- multi: fix *getsock() with CONNECT - - The code used some happy eyeballs logic even _after_ CONNECT has been - sent to a proxy, while the happy eyeball phase is already (should be) - over by then. - - This is solved by splitting the multi state into two separate states - introducing the new SENDPROTOCONNECT state. - - Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html - Reported-by: Peter Laser +- TODO: 17.7 warning when sending binary output to terminal -- conncontrol: only log changes to the connection bit +- KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes -- http2: use CURL_HTTP_VERSION_* symbols instead of NPN_* - - Since they already exist and will make comparing easier +Jay Satiro (14 Apr 2015) +- cyassl: Add support for TLS extension SNI -- http2: make the info-message about receiving HTTP2 headers debug-only +Daniel Stenberg (13 Apr 2015) +- [Matthew Hall brought this change] -- [Alessandro Ghedini brought this change] + gitignore: ignore test-driver file - urldata: remove unused asked_for_h2 field +- [Matthew Hall brought this change] -- [Alessandro Ghedini brought this change] + vtls_openssl: improve PKCS#12 load failure error message - polarssl: make it possible to enable ALPN/NPN without HTTP2 +- [Matthew Hall brought this change] -- [Alessandro Ghedini brought this change] + vtls_openssl: fix minor typo in PKCS#12 load routine - nss: make it possible to enable ALPN/NPN without HTTP2 +- [Matthew Hall brought this change] -- [Alessandro Ghedini brought this change] + vtls_openssl: improve client certificate load failure error messages - gtls: make it possible to enable ALPN/NPN without HTTP2 +- [Matthew Hall brought this change] -- [Alessandro Ghedini brought this change] + vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant - openssl: make it possible to enable ALPN/NPN without HTTP2 +- BUGS: refer to the github issue tracker now as primary -- metalink: add some error checks +- firefox-db2pem: fix wildcard to find Firefox default profile - malloc() and strdup() calls without checking return codes. + At some point, Firefox has changed and generates different directory + names for the default profile that made this script fail to find them. - Reported-by: Markus Elfring - Bug: https://github.com/bagder/curl/issues/150 + Bug: https://github.com/bagder/curl/issues/207 + Reported-by: sneakyimp -- curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS +Jay Satiro (11 Apr 2015) +- cyassl: Include the CyaSSL build config - Reported-by: Jonathan Cardoso + CyaSSL >= 2.6.0 may have an options.h that was generated during + its build by configure. -- urldata: fix gnutls build +- build: Generate source prerequisites for Visual Studio in generate.bat + + Prior to this change Visual Studio builds could fail due to missing + prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h. + + http://curl.haxx.se/mail/lib-2015-04/0034.html -Steve Holme (5 Mar 2015) -- openssl: Removed use of USE_SSLEAY from the Visual Studio project files +Daniel Stenberg (9 Apr 2015) +- [Viktor Szakats brought this change] + + lib/makefile.m32: add missing libs to build libcurl.dll - In addition to commit 709cf76f6b, removed the USE_SSLEAY preprocessor - variable from the Visual Studio project files as it isn't required - anymore. + Add 'gdi32' and 'crypt32' Windows implibs to avoid failure + while building libcurl.dll using the mingw compiler. + The same logic is used in 'src/makefile.m32' when + building curl.exe. + +Kamil Dudka (8 Apr 2015) +- test142[23]: verify that an empty file is stored on success -Daniel Stenberg (5 Mar 2015) -- multi: fix memory-leak on timeout (regression) +- src/tool_operate: create output file on successful download - Since 1342a96ecfe0d44, a timeout detected in the multi state machine didn't - necesarily clear everything up, like formpost data. + ... of an empty file - Bug: https://github.com/bagder/curl/issues/147 - Reported-by: Michel Promonet - Patched-by: Michel Promonet + Bug: https://github.com/bagder/curl/issues/183 -- configure: follow-up fix from 709cf76f6 - - OpenSSL handling was a little broken. +- src/tool_cb_wrt: separate fnc for output file creation -- openssl: remove all uses of USE_SSLEAY +Daniel Stenberg (7 Apr 2015) +- [Da-Yoon Chung brought this change] + + lib/transfer.c: Remove factor of 8 from sleep time calculation - SSLeay was the name of the library that was subsequently turned into - OpenSSL many moons ago (1999). curl does not work with the old SSLeay - library since years. This is now reflected by only using USE_OPENSSL in - code that depends on OpenSSL. + The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and + rate_bps are both in bytes. When using the rate limiting option, curl + waits 8 times too long, and then transfers very quickly until the + average rate reaches the limit. The average rate follows the limit over + time, but the actual traffic is bursty. + + Thanks-to: Benjamin Gilbert -- [Sergei Nikulov brought this change] +- [Jay Satiro brought this change] - cmake: handle build definitions CURLDEBUG/DEBUGBUILD + x509asn1: Silence x64 loss-of-data warning on RSA key length assignment - Acked-by: Brad King + The key length in bits will always fit in an unsigned long so the + loss-of-data warning assigning the result of x64 pointer arithmetic to + an unsigned long is unnecessary. -- FAQ: 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? +- [Jay Satiro brought this change] -- symbols.pl: handle '-' in the deprecated field + cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size - ... which otherwise made the script skip the _LAST define for some - symbols. + Also fix it so that all ERR_error_string calls use an error buffer. + CyaSSL's implementation of ERR_error_string only writes the error when + an error buffer is passed. - Reported-by: Jeroen Ooms - Bug: http://curl.haxx.se/mail/lib-2015-03/0052.html + http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html -- curl.1: fix "The the" typo - - Reported-by: Jon Seymour +- [Jay Satiro brought this change] -- vtls: use curl_printf.h all over + cyassl: Remove 'Connecting to' message from cyassl_connect_step2 - No need to use _MPRINTF_REPLACE internally. - -- tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE + Prior to this change libcurl could show multiple 'CyaSSL: Connecting to' + messages since cyassl_connect_step2 is called multiple times, typically. + The message is superfluous even once since libcurl already informs the + user elsewhere in code that it is connecting. -- tool_writeenv: remove _MPRINTF_REPLACE define, it wasn't used +- [Viktor Szakats brought this change] -- [Sergei Nikulov brought this change] + checksrc.bat: quotes to support an SRC_DIR with spaces - libtest: fixed linker errors on msvc +- hostip: fix compiler warnings - Bug: https://github.com/bagder/curl/pull/144 + introduced in the previous mini-series of 3 commits -- mprintf.h: remove #ifdef CURLDEBUG - - ... and as a consequence, introduce curl_printf.h with that re-define - magic instead and make all libcurl code use that instead. +- [Stefan Bühler brought this change] -- tool_getpass: remove unused curl/mprintf.h include + actually implement CURLOPT_RESOLVE removals + + - also log when a CURLOPT_RESOLVE entry couldn't get parsed -- CONTRIBUTING.md: file for advice on github +- [Stefan Bühler brought this change] -- [Viktor Szakáts brought this change] + move Curl_share_lock and ref counting into Curl_fetch_addr - BINDINGS: add link to Harbour bindings - - And UTF8-fix a few names +- [Stefan Bühler brought this change] -- CURLOPT_HEADERFUNCTION.3: typo in error code name + fix refreshing of obsolete dns cache entries - Reported-by: Jonathan Cardoso + - cache entries must be also refreshed when they are in use + - have the cache count as inuse reference too, freeing timestamp == 0 special + value + - use timestamp == 0 for CURLOPT_RESOLVE entries which don't get refreshed + - remove CURLOPT_RESOLVE special inuse reference (timestamp == 0 will prevent refresh) + - fix Curl_hostcache_clean - CURLOPT_RESOLVE entries don't have a special + reference anymore, and it would also release non CURLOPT_RESOLVE references + - fix locking in Curl_hostcache_clean + - fix unit1305.c: hash now keeps a reference, need to set inuse = 1 -- BINDINGS: tclcurl moved - - Reporte-by: Steve Havelka +- RELEASE-NOTES: synced with abf6bddc14a - [Jay Satiro brought this change] - opts: Fix pipelining examples + checksrc.bat: Check lib\vtls source - [Jay Satiro brought this change] - curl_multi_setopt.3: Link to CURLMOPT_MAXCONNECTS + cyassl: Set minimum protocol version before CTX callback + + This change is to allow the user's CTX callback to change the minimum + protocol version in the CTX without us later overriding it, as we did + prior to this change. -- CONTRIBUTE: the new more github-friendly attitude! +- [Jay Satiro brought this change] -Steve Holme (28 Feb 2015) -- RELEASE-NOTES: Synced with 921d195187 + build-openssl.bat: Fix mixed line endings + + Use LF not CRLF, throughout. msysgit will only convert a file to CRLF + on checkout if it's not mixed. -Kamil Dudka (28 Feb 2015) -- tool: wrap lines longer than 79 columns +- [Jay Satiro brought this change] + + cyassl: Fix certificate load check - ... to avoid a build failure when configured with --enable-debug + SSL_CTX_load_verify_locations can return negative values on fail, + therefore to check for failure we check if load is != 1 (success) + instead of if load is == 0 (failure), the latter being incorrect given + that behavior. -Steve Holme (27 Feb 2015) - [Tatsuhiro Tsujikawa brought this change] - http2: Return error if stream was closed with other than NO_ERROR + http2: Fix missing nghttp2_session_send call in Curl_http2_switched - Previously, we just ignored error code passed to - on_stream_close_callback and just return 0 (success) after stream - closure even if stream was reset with error. This patch records error - code in on_stream_close_callback, and return -1 and use CURLE_HTTP2 - error code on abnormal stream closure. - -- tool: Updated the warnf() function to use the GlobalConfig structure + Previously in Curl_http2_switched, we called nghttp2_session_mem_recv to + parse incoming data which were already received while curl was handling + upgrade. But we didn't call nghttp2_session_send, and it led to make + curl not send any response to the received frames. Most likely, we + received SETTINGS from server at this point, so we missed opportunity to + send SETTINGS + ACK. This commit adds missing nghttp2_session_send call + in Curl_http2_switched to fix this issue. - As the 'error' and 'mute' options are now part of the GlobalConfig, - rather than per Operation, updated the warnf() function to use this - structure rather than the OperationConfig. + Bug: https://github.com/bagder/curl/issues/192 + Reported-by: Stefan Eissing -- build: Removed DataExecutionPrevention directive from VC9+ project files +- cookie: handle spaces after the name in Set-Cookie - Removed the DataExecutionPrevention directive from the project files for - Visual Studio 2008 and above. The XML value in the VC9 project files was - set to "0" (Default) whilst the VC10+ project files contained an empty - XML element. + "name =value" is fine and the space should just be skipped. + + Updated test 31 to also test for this. + + Bug: https://github.com/bagder/curl/issues/195 + Reported-by: cromestant + Help-by: Frank Gevaerts -- build: Use default RandomizedBaseAddress directive in VC9+ project files +- [Jay Satiro brought this change] + + cyassl: Fix library initialization return value - Visual Studio 2008 introduced support for the address space layout - randomization (ASLR) feature of Windows Vista. However, upgrading the - VC8 project files to VC9 and above disabled this feature. + (Curl_cyassl_init) + - Return 1 on success, 0 in failure. - Removed the RandomizedBaseAddress directive to enabled the default - setting (/DYNAMICBASE). Note: This doesn't appear to have any negative - impact when compiled and ran on Windows XP. + Prior to this change the fail path returned an incorrect value and the + evaluation to determine whether CyaSSL_Init had succeeded was incorrect. + Ironically that combined with the way curl_global_init tests SSL library + initialization (!Curl_ssl_init()) meant that CyaSSL having been + successfully initialized would be seen as that even though the code path + and return value in Curl_cyassl_init were wrong. -- build: Added support to Generate.bat for files in the upcoming vauth folder +- [Thomas Ruecker brought this change] -Daniel Stenberg (25 Feb 2015) -- http2: return recv error on unexpected EOF + CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200" - Pointed-out-by: Tatsuhiro Tsujikawa - Bug: http://curl.haxx.se/bug/view.cgi?id=1487 + Icecast versions 1.3.0 through 1.3.12 would reply with "ICY 200" + under certain conditions: + + client_wants_icy_headers (connection_t *con) + { + const char *val; + + if (!con) + return 1; + + val = get_user_agent (con); + if (!val || !val[0] || strcmp (val, "(null)") == 0) + return 1; + + if (con->food.client->use_icy) + return 1; + if (strncasecmp (val, "winamp", 6) == 0) + return 1; + if (strncasecmp (val, "Shoutcast", 9) == 0) + return 1; + + return 0; + } + + So mainly if there is no 'user agent' or it is '(null)' or contains + 'winamp' or 'Shoutcast'. + + No mainstream distribution carries Icecast 1.3.x anymore, after all + it was released in 2002 and superseded by Icecast 2.x. -Kamil Dudka (25 Feb 2015) -- dist: add symbol-scan.pl to the tarball +Dan Fandrich (31 Mar 2015) +- axtls: add timeout within Curl_axtls_connect - ... in order to make test1135 succeed + This allows test 405 to pass on axTLS. -Daniel Stenberg (25 Feb 2015) -- http2: move lots of verbose output to be debug-only +Daniel Stenberg (30 Mar 2015) +- [Jay Satiro brought this change] -Kamil Dudka (25 Feb 2015) -- curl-config.in: eliminate double quotes around CURL_CA_BUNDLE - - Otherwise it expands to: + checksrc: Windows-specific input fixes - echo ""/etc/pki/tls/certs/ca-bundle.crt"" + lib/config-win32ce.h + - Fix whitespace for checksrc compliance. - Detected by ShellCheck: + lib/checksrc.pl + - Remove trailing carriage returns from input. - curl-config:74:16: warning: The double quotes around this do - nothing. Remove or escape them. [SC2140] + projects/checksrc.bat + - Ignore tool_hugehelp.c. -- nss: do not skip Curl_nss_seed() if data is NULL +- [Dagobert Michelsen brought this change] + + configure: Use KRB5CONFIG for krb5-config - In that case, we only skip writing the error message for failed NSS - initialization (while still returning the correct error code). + Allows the user to easier override its path. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1486 -- nss: improve error handling in Curl_nss_random() +- multi: remove_handle: move pending connections - The vtls layer now checks the return value, so it is no longer necessary - to abort if a random number cannot be provided by NSS. This also fixes - the following Coverity report: + If the handle removed from the multi handle happens to be the one + "owning" the pipeline other transfers will be waiting indefinitely. Now + we move such handles back to connect to have them race (again) for + getting the connection and thus avoid hanging. - Error: FORWARD_NULL (CWE-476): - lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null. - lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it. - lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data". + Bug: http://curl.haxx.se/bug/view.cgi?id=1465 + Reported-by: Jiri Dvorak -Daniel Stenberg (25 Feb 2015) -- RELEASE-PROCEDURE: add some more future release dates +- KNOWN_BUGS: 89 is bug #1411 - ... and remove some old ones + Disabling pipelining on multi handle with in-progress pipelined requests + leads to heap corruption and crash -- sws: timeout idle CONNECT connections +- [Jay Satiro brought this change] -- bump: start working toward 7.42.0 + cyassl: CTX callback cosmetic changes and doc fix + + - More descriptive fail message for NO_FILESYSTEM builds. + - Cosmetic changes. + - Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific. -Version 7.41.0 (25 Feb 2015) +- RELEASE-NOTES: synced with d2feb71752f -Daniel Stenberg (25 Feb 2015) -- THANKS: added contributors from the 7.41.0 RELEASE-NOTES +Dan Fandrich (28 Mar 2015) +- tool_operate: only set SSL options if SSL is enabled -- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!) +- runtests.pl: detect WolfSSL as yassl -Marc Hoersken (25 Feb 2015) -- Revert "telnet.c: fix handling of 0 being returned from custom read function" - - This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe. +Daniel Stenberg (27 Mar 2015) +- [Kyle L. Huff brought this change] -- telnet.c: fix invalid use of custom read function if not being set + cyassl: add SSL context callback support for CyaSSL - obj_count can be 1 if the custom read function is set or the stdin - handle is a reference to a pipe. Since the pipe should be handled - using the PeekNamedPipe-check below, the custom read function should - only be used if it is actually enabled. + Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better + handles CyaSSL instances using NO_FILESYSTEM. -- telnet.c: fix handling of 0 being returned from custom read function - - According to [1]: "Returning 0 will signal end-of-file to the library - and cause it to stop the current transfer." - This change makes the Windows telnet code handle this case accordingly. +- [Kyle L. Huff brought this change] + + cyassl: remove undefined reference to CyaSSL_no_filesystem_verify - [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html + CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or + CyaSSL. This reference causes build errors when compiling with + NO_FILESYSTEM. -Daniel Stenberg (24 Feb 2015) -- sws: stop logging about TPC_NODELAY nonsense +- [Jay Satiro brought this change] -- lib530: make it less timing sensible + build: Fix libcurl.sln erroneous mixed configurations - ... by making sure the first request is completed before doing the - remainder. + Prior to this change some Release configurations had an active + configuration assignment to their Debug counterpart. -Kamil Dudka (23 Feb 2015) -- connect: wait for IPv4 connection attempts +- [Jay Satiro brought this change] + + vtls: Don't accept unknown CURLOPT_SSLVERSION values + +- [Jay Satiro brought this change] + + url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined + +- [Paul Howarth brought this change] + + build: link curl to openssl libraries when openssl support is enabled - ... even if the last IPv6 connection attempt has failed. + This fixes a build failure where openssl and libmetalink are used + together and the system linker does not do implicit linking (e.g. + Fedora 13 and later releases). The MD5 functions required for + metalink support must be pulled in from the openssl crypto library. - Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4 + This is similar to commit c6e7cbb94e669b85d3eb8e015ec51d0072112133, + which fixes the same sort of problem for NSS builds. -- connect: avoid skipping an IPv4 address +- multi: on a request completion, check all CONNECT_PEND transfers - ... in case the protocol versions are mixed in a DNS response - (IPv6 -> IPv4 -> IPv6). + ... even if they don't have an associated connection anymore. It could + leave the waiting transfers pending with no active one on the + connection. - Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3 + Bug: http://curl.haxx.se/bug/view.cgi?id=1465 + Reported-by: Jiri Dvorak -Daniel Stenberg (23 Feb 2015) -- RELEASE-NOTES: synced with 5e4395eab839d +- [Emil Lerner brought this change] -- ROADMAP: curl_easy_setopt.3 has already been split up + globbing: fix url number calculation when using range with step - Remove cmake as marked for removal. It is in much better state now. + In function glob_range, the number of urls was multiplied by (max - min + + 1), regardless of step. The correct formula is (max - min) / step + 1 -- ROADMAP: extend the HTTP/2 stuff, remove SPDY +- README.http2: refreshed and added TODO items -- [Julian Ospald brought this change] +- [Emil Lerner brought this change] - configure: allow both --with-ca-bundle and --with-ca-path - - SSL_CTX_load_verify_locations by default (and if given non-Null - parameters) searches the CAfile first and falls back to CApath. This - allows for CAfile to be a basis (e.g. installed by the package manager) - and CApath to be a user configured directory. - - This wasn't reflected by the previous configure constraint which this - patch fixes. + globbing: fix step parsing for character globbing ranges - Bug: https://github.com/bagder/curl/pull/139 - -- [Ben Boeckel brought this change] - - cmake: install the dll file to the correct directory + The glob_range function used wrong offset (3 instead of 4) for parsing + integer step inside character range specification, which led to 'bad + range' error when using character ranges with explicitly specified step + (such as '[a-z:2]') -- [Alessandro Ghedini brought this change] +- polarssl: called mbedTLS in 1.3.10 and later - nss: fix NPN/ALPN protocol negotiation +- polarssl: remove dead code - Correctly check for memcmp() return value (it returns 0 if the strings match). + and simplify code by changing if-elses to a switch() - This is not really important, since curl is going to use http/1.1 anyway, but - it's still a bug I guess. - -- [Alessandro Ghedini brought this change] + CID 1291706: Logically dead code. Execution cannot reach this statement - polarssl: fix ALPN protocol negotiation +- polarssl: remove superfluous for(;;) loop - Correctly check for strncmp() return value (it returns 0 if the strings - match). - -- [Sergei Nikulov brought this change] + "unreachable: Since the loop increment is unreachable, the loop body + will never execute more than once." + + Coverity CID 1291707 - CMake: Fix generation of tool_hugehelp.c on windows +- Curl_ssl_md5sum: return CURLcode - Use "cmake -E echo" instead of "echo". + ... since the funciton can fail on OOM. Check this return code. - Reviewed-by: Brad King + Coverity CID 1291705. -- [Sergei Nikulov brought this change] +- [Jay Satiro brought this change] - CMake: fix winsock2 detection on windows + cyassl: default to highest possible TLS version - Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get - the winsock2 API from windows.h. Simplify the order of checks to - avoid extra conditions. + (cyassl_connect_step1) + - Use TLS 1.0-1.2 by default when available. - Use check_include_file instead of check_include_file_concat to look - for OpenSSL headers. They do not need to participate in a sequence - of dependent system headers. Also they may cause winsock.h to be - included before ws2tcpip.h, causing the latter to not be detected - in the sequence. + CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade + version. - Reviewed-by: Brad King - -- [Alessandro Ghedini brought this change] - - gtls: fix build with HTTP2 + cyassl/cyassl@322f79f -Steve Holme (16 Feb 2015) -- Makefile.vc6: Corrected typos in rename of darwinssl.obj +- [Jay Satiro brought this change] -Nick Zitzmann (15 Feb 2015) -- By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]" + cyassl: Check for invalid length parameter in Curl_cyassl_random -Steve Holme (14 Feb 2015) -- RELEASE-NOTES: Synced with 6f89f86c3d +- [Jay Satiro brought this change] -- tests/README: Updated to reflect email test ranges + cyassl: If wolfSSL then identify as such in version string -- [Alessandro Ghedini brought this change] +Dan Fandrich (24 Mar 2015) +- symbols-in-versions: added CURLOPT_PATH_AS_IS - curl.1: --cert-status is also supported by OpenSSL now +- testcurl.pl: add the --notes option to supply more info about a build + + Support for notes has been in place for a while, but it required + being added to the setup file manually. -- build: Removed Visual Studio SuppressStartupBanner directive for VC8+ +- curl_memory: make curl_memory.h the second-last header file loaded - Visual Studio 2005 and above defaults to disabling the startup banner - for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there - is no need to explicitly set the SuppressStartupBanner directive, as - this is a leftover from the VC7 and VC7.1 projects being upgraded to - VC8 and above. + This header file must be included after all header files except + memdebug.h, as it does similar memory function redefinitions and can be + similarly affected by conflicting definitions in system or dependent + library headers. -Kamil Dudka (12 Feb 2015) -- openssl: fix a compile-time warning +Daniel Stenberg (24 Mar 2015) +- openssl: do the OCSP work-around for libressl too - lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive + I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to + still require the work-around for stapling to work. -Steve Holme (11 Feb 2015) -- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection +- openssl: verifystatus: only use the OCSP work-around <= 1.0.2a - For consistency with other conditionally compiled code in openssl.c, - use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use - HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are - not included. + URL: http://curl.haxx.se/mail/lib-2015-03/0205.html + Reported-by: Alessandro Ghedini -Patrick Monnerat (11 Feb 2015) -- ftp: accept all 2xx responses to the PORT command +- openssl: adapt to ASN1/X509 things gone opaque in 1.1 -Steve Holme (9 Feb 2015) -- openssl: Disable OCSP in old versions of OpenSSL - - Versions of OpenSSL prior to v0.9.8h do not support the necessary - functions for OCSP stapling. +Dan Fandrich (24 Mar 2015) +- [Jay Satiro brought this change] -Daniel Stenberg (9 Feb 2015) -- [Tatsuhiro Tsujikawa brought this change] + curl_easy_setopt.3: Fix misspelling in CURLOPT_PATH_AS_IS description - http2: Fix bug that associated stream canceled on PUSH_PROMISE - - Previously we don't ignore PUSH_PROMISE header fields in on_header - callback. It makes header values mixed with following HEADERS, - resulting protocol error. +- [Viktor Szakáts brought this change] -- [Jay Satiro brought this change] + CURLOPT_HTTPHEADER.3: fix typo in recent commit - polarssl: Fix exclusive SSL protocol version options - - Prior to this change the options for exclusive SSL protocol versions did - not actually set the protocol exclusive. +- [Viktor Szakáts brought this change] + + CURLOPT_PATH_AS_IS.3: add type 'long' to prototype + +- vtls: fix compile with --disable-crypto-auth but with SSL - http://curl.haxx.se/mail/lib-2015-01/0002.html - Reported-by: Dan Fandrich + This is a strange combination of options, but is allowed. -- [Jay Satiro brought this change] +Patrick Monnerat (24 Mar 2015) +- os400: define new options in ILE/RPG binding. - gskit: Fix exclusive SSLv3 option +Daniel Stenberg (24 Mar 2015) +- RELEASE-NOTES: synced with f6878609361 -- curl.1: clarify that -X is used for all requests +- curl_easy_setopt.3: Add CURLOPT_PATH_AS_IS + +- CURLOPT_PATH_AS_IS: added - Reported-by: Jon Seymour + --path-as-is is the command line option + + Added docs in curl.1 and CURLOPT_PATH_AS_IS.3 + + Added test in test 1241 -- curl.1: add warning when using -H and redirects +- [Yamada Yasuharu brought this change] -Steve Holme (7 Feb 2015) -- schannel: Removed curl_ prefix from source files + curl_easy_recv/send: make them work with the multi interface - Removed the curl_ prefix from the schannel source files as discussed - with Marc and Daniel at FOSDEM. + By making sure Curl_getconnectinfo() uses the correct connection cache + to find the last connection. -Daniel Stenberg (6 Feb 2015) -- md5: use axTLS's own MD5 functions when available +- http2: move the init too for when its actually needed + + ... it would otherwise lead to memory leakage if we never actually do + the switch. -- MD(4|5): make the MD4_* and MD5_* functions static +Dan Fandrich (23 Mar 2015) +- dict: rename byte to avoid compiler shadowed declaration warning + + This conflicted with a WolfSSL typedef. -- axtls: fix conversion from size_t to int warning +- cyassl: include version.h to ensure the version macros are defined -Steve Holme (5 Feb 2015) -- ftp: Use 'CURLcode result' for curl result codes +- test1513: eliminated race condition in test run + + It seems that some systems (e.g. fairly consistently in some recent + Solaris autobuilds) would manage to get to the connect phase before the + progress callback was called, resulting in a CURLE_COULDNT_CONNECT + error. Reworked the test to point at a test server that never returns a + full result so the progress callback always gets a chance to be called + before the transfer can complete in some other way. -Daniel Stenberg (5 Feb 2015) -- openssl: SSL_SESSION->ssl_version no longer exist +Nick Zitzmann (21 Mar 2015) +- darwinsssl: add support for TLS False Start - The struct went private in 1.0.2 so we cannot read the version number - from there anymore. Use SSL_version() instead! + TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later. + +Daniel Stenberg (21 Mar 2015) +- gtls: add check of return code - Reported-by: Gisle Vanem - Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html + Coverity CID 1291167 pointed out that 'rc' was received but never used when + gnutls_credentials_set() was used. Added return code check now. -Dan Fandrich (4 Feb 2015) -- unit1600: Fix compilation when NTLM is disabled +- gtls: dereferencing NULL pointer + + Coverity CID 1291165 pointed out 'chainp' could be dereferenced when + NULL if gnutls_certificate_get_peers() had previously failed. -Daniel Stenberg (4 Feb 2015) -- MD5: fix compiler warnings and code style nits +- gtls: avoid uninitialized variable. + + Coverity CID 1291166 pointed out that we could read this variable + uninitialized. -- MD5: replace implementation +Dan Fandrich (21 Mar 2015) +- tests/certs: rebuild certificates with modified key usage bits - The previous one was "encumbered" by RSA Inc - to avoid the licensing - restrictions it has being replaced. This is the initial import, - inserting the md5.c and md5.h files from - http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 + The certificates were missing the digitalSignature and keyAgreement + usage types, of which at least digitalSignature was checked by CyaSSL. + This caused the test server in test 310 (among others) to fail the + startup verification and therefore run (see + http://curl.haxx.se/mail/lib-2014-07/0303.html). + +- tests/certs: added make target to rebuild certificates - Code-by: Alexander Peslyak + The certificate generation scripts were also updated to better match the + format of the certificates currently checked in. -- MD4: fix compiler warnings and code style nits +Daniel Stenberg (21 Mar 2015) +- x509asn1: add /* fallthrough */ in switch() case -- MD4: replace implementation - - The previous one was "encumbered" by RSA Inc - to avoid the licensing - restrictions it has being replaced. This is the initial import, - inserting the md4.c and md4.h files from - http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4 +- x509asn1: minor edit to unconfuse Coverity - Code-by: Alexander Peslyak + CID 1202732 warns on the previous use, although I cannot fine any + problems with it. I'm doing this change only to make the code use a more + familiar approach to accomplish the same thing. -Steve Holme (4 Feb 2015) -- telnet: Prefer 'CURLcode result' for curl result codes +- [Dagobert Michelsen brought this change] -- hostasyn: Prefer 'CURLcode result' for curl result codes + testcurl: Allow '=' in values given on command line -- schannel: Prefer 'CURLcode result' for curl result codes +- nss: error: unused variable 'connssl' -Daniel Stenberg (3 Feb 2015) -- unit1601: MD5 unit tests +Dan Fandrich (21 Mar 2015) +- test938: added missing closing tags -- unit1600: unit test for Curl_ntlm_core_mk_nt_hash +- cyassl: use new library version macro when available -- unit1600: NTLM unit test +Kamil Dudka (20 Mar 2015) +- [Alessandro Ghedini brought this change] -- tests/README: add a new range, clean up some language + curl: add --false-start option -- [Jay Satiro brought this change] +- [Alessandro Ghedini brought this change] - opts: CURLOPT_CAINFO availability depends on SSL engine + nss: add support for TLS False Start -- getpass: protect include with proper #ifdef - - Reported-by: Tamir +- [Alessandro Ghedini brought this change] -- getpass_r: read from stdin, not stdout! - - The file number used was wrong. This bug was introduced over 10 years - ago, proving this function isn't used much... + url: add CURLOPT_SSL_FALSESTART option - Bug: http://curl.haxx.se/bug/view.cgi?id=1476 - Reported-by: Tamir + This option can be used to enable/disable TLS False Start defined in the RFC + draft-bmoeller-tls-falsestart. -- test1135: verify the CURL_EXTERN order in header files +Patrick Monnerat (20 Mar 2015) +- [Alessandro Ghedini brought this change] -- Makefile.am: fix 'make distcheck' - - ... by removing generated files from the *_DIST variable [*] and instead - generate them with a .dist suffix, since that is then handled and put - into the release archive by our generic dist-hook. - - [*] = 'make distcheck' fails with non-existing files listed there + gtls: implement CURLOPT_CERTINFO -Steve Holme (2 Feb 2015) -- curl_sasl.c: More code policing +Daniel Stenberg (20 Mar 2015) +- [Alessandro Ghedini brought this change] + + openssl: try to avoid accessing OCSP structs when possible + +- CURLOPT_URL.3: spelling! - Better use of 80 character line limit, comment corrections and line - spacing preferences. + Reported-by: Frank Gevaerts -Daniel Stenberg (2 Feb 2015) -- libcurl-symbols: first basic shot for autogenerated docs +- CURLOPT_URL.3: Added "SECURITY CONCERNS" -- FAQ: minor edit of 3.22 +- CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section -Steve Holme (2 Feb 2015) -- build: Added removal of Visual Studio project files +Dan Fandrich (19 Mar 2015) +- cyassl: detect the library as renamed wolfssl - Added the removal of the locally generated project files so one - may revert to a clean repository. + This change was made in CyaSSL/WolfSSL ver. 3.4.0 -- build: Renamed top level Visual Studio solution files +Daniel Stenberg (19 Mar 2015) +- HTTP: don't switch to HTTP/2 from 1.1 until we get the 101 - In preparation for adding the test suite and examples projects renamed - the top level "all" solution files to better describe what they are. + We prematurely changed protocol handler to HTTP/2 which made things very + slow (and wrong). - This will also enable us to use "curl" rather than "curlsrc" for the - command line tool solution and project files, which will simplify some - of the configuration. + Reported-by: Stefan Eissing + Bug: https://github.com/bagder/curl/issues/169 -- build: Enabled DEBUGBUILD in Visual Studio debug builds - - Defined the DEBUGBUILD pre-processor variable to allow extra logging, - which is particularly useful in debug builds, as we use this and Visual - Studio typically uses _DEBUG. +Dan Fandrich (19 Mar 2015) +- axtls: version 1.5.2 now requires that config.h be manually included + +Daniel Stenberg (19 Mar 2015) +- metalink: fix resource leak in OOM - We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is - defined but that would also affect the makefile based builds which we - probably don't want to do. + Coverity CID 1288826 -- build: Removed unused Visual Studio bscmake settings +Dan Fandrich (18 Mar 2015) +- docs/libcurl: clean up libcurl-symbols.3 -Daniel Stenberg (2 Feb 2015) -- CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0 - - And modify the text to refer to HTTP 2 as it isn't called "2.0". +- docs/libcurl: check that all options with man pages are referenced - Reported-By: Michael Wallner + If a man page exists in the opts/ directory, it must also be referenced + either in curl_easy_setopt.3 or curl_multi_setopt.3 -Marc Hoersken (31 Jan 2015) -- TODO: moved WinSSL/SChannel todo items into docs +- curl_easy_setopt.3: added a few missing options -Daniel Stenberg (29 Jan 2015) -- [Michael Kaufmann brought this change] +Kamil Dudka (18 Mar 2015) +- nss: explicitly tell NSS to disable NPN/ALPN + + ... if disabled at libcurl level. Otherwise, we would allow to + negotiate NPN despite curl was invoked with the --no-npn option. - CURLOPT_SEEKFUNCTION.3: also when server closes a connection +Daniel Stenberg (18 Mar 2015) +- [Jay Satiro brought this change] -Steve Holme (29 Jan 2015) -- curl_sasl.c: Fixed compilation warning when cryptography is disabled + mkhelp: Remove trailing carriage return from every line of input - curl_sasl.c:1506: warning: unused variable 'chlg' + - Get rid of this flood of warnings in Windows mingw build: + warning: missing terminating " character + + The warning is due to the carriage return. When msysgit checks out files + from the repo by default it converts the line endings to CRLF. Prior to + this change when mkhelp.pl processed the MANUAL and curl.1 in CRLF + format the trailing carriage returns caused unnecessary CR in the + output. -- curl_sasl.c: Fixed compilation warning when verbose debug output disabled +- RELEASE-NOTES: synced with e539f01567 + +- [Christian Weisgerber brought this change] + + docs/libcurl: make portability fix - curl_sasl.c:1317: warning: unused parameter 'conn' + Using $< in a non-suffix rule context is a GNU make idiom. This bug was + introduced in 7.41.0. -- ntlm_core: Use own odd parity function when crypto engine doesn't have one +Dan Fandrich (17 Mar 2015) +- checksrc: Fix whitelist on out-of-tree builds -- ntlm_core: Prefer sizeof(key) rather than hard coded sizes +Daniel Stenberg (17 Mar 2015) +- [Stefan Bühler brought this change] -- ntlm_core: Added consistent comments to DES functions + Curl_sh_entry: remove unused 'timestamp' -- des: Added Curl_des_set_odd_parity() +- HTTP: don't use Expect: headers when on HTTP/2 - Added Curl_des_set_odd_parity() for use when cryptography engines - don't include this functionality. - -- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests + Reported-by: Stefan Eissing + Bug: https://github.com/bagder/curl/issues/169 -- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests +- checksrc: detect and remove space before trailing semicolons -- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests +- checksrc: introduce a whitelisting concept -- sasl: Minor code policing and grammar corrections +- checksrc: use space after comma -Daniel Stenberg (28 Jan 2015) -- [Gisle Vanem brought this change] +- checksrc: use space before paren in "return (expr);" - ldap: build with BoringSSL +- CONTRIBUTE: refer to git log instead of deprecated CHANGES file -- security: avoid compiler warning - - Possible access to uninitialised memory '&nread' at line 140 of - lib/security.c in function 'ftp_send_command'. - - Reported-by: Rich Burridge +- CURLOPT_*.3: more examples and edits -- runtests: identify BoringSSL and libressl +- CURLOPT_*.3: added lots of small example sections -Patrick Monnerat (27 Jan 2015) -- docs: cite SASL external authentication. +- CURLOPT_PRIVATE.3: provide an example -- sasl: remove XOAUTH2 from default enabled authentication mechanism. +- CURLOPT_*TIMEOUT.3: provide examples -- test: add test cases for sasl external authentication (imap/pop3/smtp). +- CURLOPT_USERAGENT.3: added an example -- imap: remove automatic password setting: it breaks external sasl authentication +- CURLOPT_STDERR.3: added an example -- sasl: implement EXTERNAL authentication mechanism. - Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and - by not setting the password. +- curl_easy_perform.3: remove superfluous close brace from example -Steve Holme (27 Jan 2015) -- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE +- free: instead of Curl_safefree() - Modified the Curl_ossl_cert_status_request() function to return FALSE - when built with BoringSSL or when OpenSSL is missing the necessary TLS - extensions. - -- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext' + Since we just started make use of free(NULL) in order to simplify code, + this change takes it a step further and: - Fixed the build of openssl.c when OpenSSL is built without the necessary - TLS extensions for OCSP stapling. + - converts lots of Curl_safefree() calls to good old free() + - makes Curl_safefree() not check the pointer before free() - Reported-by: John E. Malmberg - -- [Brad Spencer brought this change] - - curl_setup: Disable SMB/CIFS support when HTTP only + The (new) rule of thumb is: if you really want a function call that + frees a pointer and then assigns it to NULL, then use Curl_safefree(). + But we will prefer just using free() from now on. -- RELEASE-NOTES: Synced with 37824498a3 +- [Markus Elfring brought this change] -Daniel Stenberg (22 Jan 2015) -- configure: remove detection of the old yassl emulation API + Bug #149: Deletion of unnecessary checks before a few calls of cURL functions - ... as that is ancient history and not used. - -- OCSP stapling: disabled when build with BoringSSL - -- [Alessandro Ghedini brought this change] - - openssl: add support for the Certificate Status Request TLS extension + The following functions return immediately if a null pointer was passed. + * Curl_cookie_cleanup + * curl_formfree - Also known as "status_request" or OCSP stapling, defined in RFC6066 - section 8. + It is therefore not needed that a function caller repeats a corresponding check. - Thanks-to: Joe Mason - - for the work-around for the OpenSSL bug. - -- BoringSSL: fix build for non-configure builds + This issue was fixed by using the software Coccinelle 1.0.0-rc24. - HAVE_BORINGSSL gets defined now by configure and should be defined by - other build systems in case a BoringSSL build is desired. + Signed-off-by: Markus Elfring -- configure: fix BoringSSL detection and detect libresssl +- [Markus Elfring brought this change] -Steve Holme (22 Jan 2015) -- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions + Bug #149: Deletion of unnecessary checks before calls of the function "free" - Commit 7a8b2885e2 made some functions static and removed the public - Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which - is the naming convention we use in this source file. - -- curl_sasl: Minor code policing following recent commits - -Daniel Stenberg (22 Jan 2015) -- [John Malmberg brought this change] - - openvms: Handle openssl/0.8.9zb version parsing + The function "free" is documented in the way that no action shall occur for + a passed null pointer. It is therefore not needed that a function caller + repeats a corresponding check. + http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first - packages/vms/gnv_link_curl.com was assuming only a single letter suffix - in the openssl version. That assumption has been fixed for 7.40. - -- BoringSSL: detected by configure, switches off NTLM - -- BoringSSL: no PKCS12 support nor ERR_remove_state - -- [Leith Bade brought this change] - - BoringSSL: fix build + This issue was fixed by using the software Coccinelle 1.0.0-rc24. + + Signed-off-by: Markus Elfring -Steve Holme (20 Jan 2015) -- curl_sasl.c: chlglen is not used when cryptography is disabled +- [Jay Satiro brought this change] -- curl_sasl.c: Fixed compilation warning when cyptography is disabled + connect: Fix happy eyeballs logic for IPv4-only builds - curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local - variable - -- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined + Bug: https://github.com/bagder/curl/pull/168 - curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier + (trynextip) + - Don't try the "other" protocol family unless IPv6 is available. In an + IPv4-only build the other family can only be IPv6 which is unavailable. - This error could also happen for non-SSPI builds when cryptography is - disabled (CURL_DISABLE_CRYPTO_AUTH is defined). - -Patrick Monnerat (20 Jan 2015) -- SASL: make some procedures local-scoped - -- SASL: common state engine for imap/pop3/smtp + This change essentially stops IPv4-only builds from attempting the + "happy eyeballs" secondary parallel connection that is supposed to be + used by the "other" address family. + + Prior to this change in IPv4-only builds that secondary parallel + connection attempt could be erroneously used by the same family (IPv4) + which caused a bug where every address after the first for a host could + be tried twice, often in parallel. This change fixes that bug. An + example of the bug is shown below. + + Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4: + + * STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000) + * Rebuilt URL to: http://MTEST/ + * Added connection 0. The cache now contains 1 members + * STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083 + (connection #0) + * Trying 127.0.0.2... + * STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163 + (connection #0) + * Trying 127.0.0.3... + * connect to 127.0.0.2 port 80 failed: Connection refused + * Trying 127.0.0.3... + * connect to 127.0.0.3 port 80 failed: Connection refused + * Trying 127.0.0.4... + * connect to 127.0.0.3 port 80 failed: Connection refused + * Trying 127.0.0.4... + * connect to 127.0.0.4 port 80 failed: Connection refused + * connect to 127.0.0.4 port 80 failed: Connection refused + * Failed to connect to MTEST port 80: Connection refused + * Closing connection 0 + * The cache now contains 0 members + * Expire cleared + curl: (7) Failed to connect to MTEST port 80: Connection refused + + The bug was born in commit bagder/curl@2d435c7. -- SASL: common URL option and auth capabilities decoders for all protocols +- mksymbolsmanpage.pl: use std header and generate better nroff header -- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters. +- [Frank Meier brought this change] -Daniel Stenberg (20 Jan 2015) -- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6 + closesocket: call multi socket cb on close even with custom close - Reported-by: Chris Young + In function Curl_closesocket() in connect.c the call to + Curl_multi_closed() was wrongly omitted if a socket close function + (CURLOPT_CLOSESOCKETFUNCTION) is registered. + + That would lead to not removing the socket from the internal hash table + and not calling the multi socket callback appropriately. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1493 -- [Chris Young brought this change] +- [Tobias Stoeckmann brought this change] - timeval: typecast for better type (on Amiga) + hostip: Fix signal race in Curl_resolv_timeout. - There is an issue with conflicting "struct timeval" definitions with - certain AmigaOS releases and C libraries, depending on what gets - included when. It's a minor difference - the OS one is unsigned, - whereas the common structure has signed elements. If the OS one ends up - getting defined, this causes a timing calculation error in curl. + A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is + configured to interrupt system calls and uses siglongjmp to return into + the function if alarm() goes off. - It's easy enough to resolve this at the curl end, by casting the - potentially errorneous calculation to a signed long. - -- openssl: do public key pinning check independently + The signal handler is installed before curl_jmpenv is initialized. + This means that an already installed alarm timer could trigger the + newly installed signal handler, leading to undefined behavior when it + accesses the uninitialized curl_jmpenv. - ... of the other cert verification checks so that you can set verifyhost - and verifypeer to FALSE and still check the public key. + Even if there is no previously installed alarm available, the code in + Curl_resolv_timeout itself installs an alarm before the environment is + fully set up. If the process is sent into suspend right after that, the + signal handler could be called too early as in previous scenario. - Bug: http://curl.haxx.se/bug/view.cgi?id=1471 - Reported-by: Kyle J. McKay - -Patrick Monnerat (19 Jan 2015) -- OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too. + To fix this, the signal handler should only be installed and the alarm + timer only be set after sigsetjmp has been called. -Steve Holme (18 Jan 2015) -- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP +- http2: detect prematures close without data transfered - For consistency with other USE_WIN32_ defines as well as the - USE_OPENLDAP define. - -- http_negotiate: Use dynamic buffer for SPN generation + ... by using the regular Curl_http_done() method which checks for + that. This makes test 1801 fail consistently with error 56 (which seems + fine) to that test is also updated here. - Use a dynamicly allocated buffer for the temporary SPN variable similar - to how the SASL GSS-API code does, rather than using a fixed buffer of - 2048 characters. - -- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public + Reported-by: Ben Darnell + Bug: https://github.com/bagder/curl/issues/166 -- sasl_gssapi: Fixed memory leak with local SPN variable +Dan Fandrich (13 Mar 2015) +- test320: Expect the Host header to be the first header + + Required for the test to work after a5d994941c2b. -Daniel Stenberg (17 Jan 2015) -- http_negotiate.c: unused variable 'ret' +Daniel Stenberg (12 Mar 2015) +- RELEASE-NOTES: synced with 186e46d88dd -Steve Holme (17 Jan 2015) -- gskit.h: Code policing of function pointer arguments +- openssl: use colons properly in the ciphers list + + While the previous string worked, this is the documented format. + + Reported-by: Richard Moore -- vtls: Removed unimplemented overrides of curlssl_close_all() +- openssl: sort the ciphers on strength - Carrying on from commit 037cd0d991, removed the following unimplemented - instances of curlssl_close_all(): + This makes curl pick better (stronger) ciphers by default. The strongest + available ciphers are fine according to the HTTP/2 spec so an OpenSSL + built curl is no longer rejected by string HTTP/2 servers. - Curl_axtls_close_all() - Curl_darwinssl_close_all() - Curl_cyassl_close_all() - Curl_gskit_close_all() - Curl_gtls_close_all() - Curl_nss_close_all() - Curl_polarssl_close_all() + Bug: http://curl.haxx.se/bug/view.cgi?id=1487 -- vtls: Separate the SSL backend definition from the API setup +- [Fabian Keil brought this change] + + test203[0-3]: Expect the Host header to be the first header - Slight code cleanup as the SSL backend #define is mixed up with the API - function setup. + Required for the tests to work after a5d994941c2b. -- vtls: Fixed compilation errors when SSL not used +- openssl: show the cipher selection to use + +- http: always send Host: header as first header - Fixed the following warning and error from commit 3af90a6e19 when SSL - is not being used: + ...after the method line: - url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined; - assuming extern returning int + "Since the Host field-value is critical information for handling a + request, a user agent SHOULD generate Host as the first header field + following the request-line." / RFC 7230 section 5.4 - error LNK2019: unresolved external symbol Curl_ssl_cert_status_request - referenced in function Curl_setopt - -- http_negotiate: Added empty decoded challenge message info text + Additionally, this will also make libcurl ignore multiple specified + custom Host: headers and only use the first one. Test 1121 has been + updated accordingly + + Bug: http://curl.haxx.se/bug/view.cgi?id=1491 + Reported-by: Rainer Canavan -- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int +- [Alexander Pepper brought this change] -- http_negotiate_sspi: Prefer use of 'attrs' for context attributes + mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q". - Use the same variable name as other areas of SSPI code. + Also unified printing to STDERR by creating the helper method "report". -- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo() +- proxy: re-use proxy connections (regression) - Use the SECURITY_STATUS typedef rather than a unsigned long for the - QuerySecurityPackageInfo() return and rename the variable as per other - areas of SSPI code. - -- http_negotiate_sspi: Use 'CURLcode result' for CURL result code - -- curl_endian: Fixed build when 64-bit integers are not supported (Part 2) + When checking for a connection to re-use, a proxy-using request must + check for and use a proxy connection and not one based on the host + name! - Missed Curl_read64_be() in commit bb12d44471 :( + Added test 1421 to verify + + Bug: http://curl.haxx.se/bug/view.cgi?id=1492 -Daniel Stenberg (16 Jan 2015) -- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0 +- [Jay Satiro brought this change] -- curlver.h: next release is 7.41.0 due to the changes + memanalyze.pl: handle free(NULL) -- RELEASE-NOTES: mention the new OCSP stapling options, bump version +- [Jay Satiro brought this change] -- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile + .travis.yml: Change CI make test to make test-full + + - Change the continuous integration script to use 'make test-full' + instead of just 'make test' so that the diagnostic log output is + printed to stdout when a test fails. + + - Change the continuous integration script to use + './configure --enable-debug' instead of just './configure' so that the + memory analyzer will work during testing. + + Prior to this change Travis used its default C test script: + ./configure && make && make test -- help: add --cert-status to --help output +- [Alessandro Ghedini brought this change] -- copyright years: after OCSP stapling changes + gtls: correctly align certificate status verification messages - [Alessandro Ghedini brought this change] - curl: add --cert-status option - - This enables the CURLOPT_SSL_VERIFYSTATUS functionality. + gtls: don't print double newline after certificate dates - [Alessandro Ghedini brought this change] - nss: add support for the Certificate Status Request TLS extension - - Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. + gtls: print negotiated TLS version and full cipher suite name - This requires NSS 3.15 or higher. + Instead of priting cipher and MAC algorithms names separately, print the + whole cipher suite string which also includes the key exchange algorithm, + along with the negotiated TLS version. + +- gtls: fix compiler warnings - [Alessandro Ghedini brought this change] - gtls: add support for the Certificate Status Request TLS extension - - Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. + gtls: add support for CURLOPT_CAPATH + +- [stopiccot brought this change] + + MacOSX-Framework: use @rpath instead of @executable_path - This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use - at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP - response verfication to fail even on valid responses. + Bug: https://github.com/bagder/curl/pull/157 -- [Alessandro Ghedini brought this change] +- RELEASE-NOTES: synced with c19349951 - url: add CURLOPT_SSL_VERIFYSTATUS option +- multi: fix *getsock() with CONNECT - This option can be used to enable/disable certificate status verification using - the "Certificate Status Request" TLS extension defined in RFC6066 section 8. + The code used some happy eyeballs logic even _after_ CONNECT has been + sent to a proxy, while the happy eyeball phase is already (should be) + over by then. - This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the - certificate status verification fails, and the Curl_ssl_cert_status_request() - function, used to check whether the SSL backend supports the status_request - extension. + This is solved by splitting the multi state into two separate states + introducing the new SENDPROTOCONNECT state. + + Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html + Reported-by: Peter Laser -- TheArtOfHttpScripting: skip the date at the top, we have git +- conncontrol: only log changes to the connection bit -- TheArtOfHttpScripting: phrase it TLS lib agnostic +- http2: use CURL_HTTP_VERSION_* symbols instead of NPN_* + + Since they already exist and will make comparing easier -Steve Holme (16 Jan 2015) -- TODO: Added some SMB ideas +- http2: make the info-message about receiving HTTP2 headers debug-only -- RELEASE-NOTES: Synced with 5f09947d28 +- [Alessandro Ghedini brought this change] -- build-openssl.bat: Added check for Perl installation + urldata: remove unused asked_for_h2 field -- checksrc.bat: Better detection of Perl installation +- [Alessandro Ghedini brought this change] -- curl_endian: Fixed build when 64-bit integers are not supported - - Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html - Reported-by: John E. Malmberg + polarssl: make it possible to enable ALPN/NPN without HTTP2 -Daniel Stenberg (15 Jan 2015) -- [Yun SangHo brought this change] +- [Alessandro Ghedini brought this change] - curl.h: remove extra space + nss: make it possible to enable ALPN/NPN without HTTP2 -- Curl_pretransfer: reset expected transfer sizes - - Reported-by: Mohammad AlSaleh - Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html +- [Alessandro Ghedini brought this change] -Marc Hoersken (12 Jan 2015) -- curl_schannel.c: mark session as removed from cache if not freed - - If the session is still used by active SSL/TLS connections, it - cannot be closed yet. Thus we mark the session as not being cached - any longer so that the reference counting mechanism in - Curl_schannel_shutdown is used to close and free the session. - - Reported-by: Jean-Francois Durand + gtls: make it possible to enable ALPN/NPN without HTTP2 -Steve Holme (9 Jan 2015) -- RELEASE-NOTES: Synced with d21b66835f +- [Alessandro Ghedini brought this change] -Guenter Knauf (9 Jan 2015) -- Merge pull request #134 from vszakats/mingw-m64 + openssl: make it possible to enable ALPN/NPN without HTTP2 + +- metalink: add some error checks - add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS + malloc() and strdup() calls without checking return codes. + + Reported-by: Markus Elfring + Bug: https://github.com/bagder/curl/issues/150 -- Merge pull request #136 from vszakats/mingw-allow-custom-cflags +- curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS - mingw build: allow to pass custom CFLAGS + Reported-by: Jonathan Cardoso -Daniel Stenberg (9 Jan 2015) -- NSS: fix compiler error when built http2-enabled +- urldata: fix gnutls build -Steve Holme (9 Jan 2015) -- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions +Steve Holme (5 Mar 2015) +- openssl: Removed use of USE_SSLEAY from the Visual Studio project files - Better code reuse and consistency in calls to gss_import_name(). - -Viktor Szakats (9 Jan 2015) -- mingw build: allow to pass custom CFLAGS + In addition to commit 709cf76f6b, removed the USE_SSLEAY preprocessor + variable from the Visual Studio project files as it isn't required + anymore. -Daniel Stenberg (8 Jan 2015) -- FTP: if EPSV fails on IPV6 connections, bail out +Daniel Stenberg (5 Mar 2015) +- multi: fix memory-leak on timeout (regression) - ... instead of trying PASV, since PASV can't work with IPv6. + Since 1342a96ecfe0d44, a timeout detected in the multi state machine didn't + necesarily clear everything up, like formpost data. - Reported-by: Vojtěch Král + Bug: https://github.com/bagder/curl/issues/147 + Reported-by: Michel Promonet + Patched-by: Michel Promonet -- FTP: fix IPv6 host using link-local address - - ... and make sure we can connect the data connection to a host name that - is longer than 48 bytes. +- configure: follow-up fix from 709cf76f6 - Also simplifies the code somewhat by re-using the original host name - more, as it is likely still in the DNS cache. + OpenSSL handling was a little broken. + +- openssl: remove all uses of USE_SSLEAY - Original-Patch-by: Vojtěch Král - Bug: http://curl.haxx.se/bug/view.cgi?id=1468 + SSLeay was the name of the library that was subsequently turned into + OpenSSL many moons ago (1999). curl does not work with the old SSLeay + library since years. This is now reflected by only using USE_OPENSSL in + code that depends on OpenSSL. -Steve Holme (8 Jan 2015) -- [Sam Schanken brought this change] +- [Sergei Nikulov brought this change] - winbuild: Added option to build with c-ares + cmake: handle build definitions CURLDEBUG/DEBUGBUILD - Added support for a WITH_CARES option to be used when invoking nmake - via Makefile.vc. This option enables linking against both the DLL and - static versions of the c-ares libraries, as well as the debug and - release varients, depending on the value of DEBUG. The USE_ARES - preprocessor symbol is also defined. + Acked-by: Brad King -Guenter Knauf (8 Jan 2015) -- NetWare build: added TLS-SRP enabled build. +- FAQ: 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? -Steve Holme (8 Jan 2015) -- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API +- symbols.pl: handle '-' in the deprecated field + + ... which otherwise made the script skip the _LAST define for some + symbols. - Bug: http://curl.haxx.se/bug/view.cgi?id=1469 - Reported-by: Thomas Klausner + Reported-by: Jeroen Ooms + Bug: http://curl.haxx.se/mail/lib-2015-03/0052.html -Viktor Szakats (8 Jan 2015) -- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS +- curl.1: fix "The the" typo + + Reported-by: Jon Seymour -Daniel Stenberg (8 Jan 2015) -- bump: start working towards 7.40.1 +- vtls: use curl_printf.h all over + + No need to use _MPRINTF_REPLACE internally. -- THANKS: 14 new contributors from the 7.40.0 release notes +- tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE -Version 7.40.0 (7 Jan 2015) +- tool_writeenv: remove _MPRINTF_REPLACE define, it wasn't used -Daniel Stenberg (7 Jan 2015) -- RELEASE-NOTES: version 7.40.0 +- [Sergei Nikulov brought this change] -- darwinssl: fix session ID keys to only reuse identical sessions - - ...to avoid a session ID getting cached without certificate checking and - then after a subsequent _enabling_ of the check libcurl could still - re-use the session done without cert checks. + libtest: fixed linker errors on msvc - Bug: http://curl.haxx.se/docs/adv_20150108A.html - Reported-by: Marc Hesse + Bug: https://github.com/bagder/curl/pull/144 -- tests: make sure CRLFs can't be used in URLs passed to proxy +- mprintf.h: remove #ifdef CURLDEBUG - Bug: http://curl.haxx.se/docs/adv_20150108B.html + ... and as a consequence, introduce curl_printf.h with that re-define + magic instead and make all libcurl code use that instead. -- url-parsing: reject CRLFs within URLs - - Bug: http://curl.haxx.se/docs/adv_20150108B.html - Reported-by: Andrey Labunets +- tool_getpass: remove unused curl/mprintf.h include -Steve Holme (7 Jan 2015) -- ldap: Convert attribute output to UTF-8 when Unicode +- CONTRIBUTING.md: file for advice on github -- ldap: Convert DN output to UTF-8 when Unicode +- [Viktor Szakáts brought this change] -Daniel Stenberg (7 Jan 2015) -- hostip: remove 'stale' argument from Curl_fetch_addr proto + BINDINGS: add link to Harbour bindings - Also, remove the log output of the resolved name is NOT in the cache in - the spirit of only telling when something is actually happening. + And UTF8-fix a few names -Steve Holme (7 Jan 2015) -- ldap/imap: Fixed spelling mistake in comments and variable names +- CURLOPT_HEADERFUNCTION.3: typo in error code name - Reported-by: Michael Osipov + Reported-by: Jonathan Cardoso -Daniel Stenberg (7 Jan 2015) -- RELEASE-NOTES: updated with ./contributors.sh output +- BINDINGS: tclcurl moved + + Reporte-by: Steve Havelka -Dan Fandrich (5 Jan 2015) -- curl_multibyte.h: Eliminated some trailing whitespace +- [Jay Satiro brought this change] -Steve Holme (4 Jan 2015) -- RELEASE-NOTES: Synced with ea93252ef1 + opts: Fix pipelining examples -- ldap: Fixed Unicode usage for all Win32 builds - - Otherwise, the fixes in the previous commits would only be applicable - to IDN and SSPI based builds and not others such as OpenSSL with LDAP - enabled. +- [Jay Satiro brought this change] -- ldap: Fixed memory leak from commit efb64fdf80 + curl_multi_setopt.3: Link to CURLMOPT_MAXCONNECTS -- ldap: Fix memory leak from commit 3a805c5cc1 +- CONTRIBUTE: the new more github-friendly attitude! -- ldap: Fixed attribute variable warnings when Unicode is enabled +Steve Holme (28 Feb 2015) +- RELEASE-NOTES: Synced with 921d195187 + +Kamil Dudka (28 Feb 2015) +- tool: wrap lines longer than 79 columns - Use 'TCHAR *' for local attribute variable rather than 'char *'. + ... to avoid a build failure when configured with --enable-debug -- ldap: Fixed DN variable warnings when Unicode is enabled +Steve Holme (27 Feb 2015) +- [Tatsuhiro Tsujikawa brought this change] + + http2: Return error if stream was closed with other than NO_ERROR - Use 'TCHAR *' for local DN variable rather than 'char *'. + Previously, we just ignored error code passed to + on_stream_close_callback and just return 0 (success) after stream + closure even if stream was reset with error. This patch records error + code in on_stream_close_callback, and return -1 and use CURLE_HTTP2 + error code on abnormal stream closure. -- ldap: Remove the unescape_elements() function +- tool: Updated the warnf() function to use the GlobalConfig structure - Due to the recent modifications this function is no longer used. + As the 'error' and 'mute' options are now part of the GlobalConfig, + rather than per Operation, updated the warnf() function to use this + structure rather than the OperationConfig. -- ldap.c: Fixed compilation warning +- build: Removed DataExecutionPrevention directive from VC9+ project files - ldap.c:98: warning: extra tokens at end of #endif directive + Removed the DataExecutionPrevention directive from the project files for + Visual Studio 2008 and above. The XML value in the VC9 project files was + set to "0" (Default) whilst the VC10+ project files contained an empty + XML element. -- ldap: Fixed support for Unicode filter in Win32 search call +- build: Use default RandomizedBaseAddress directive in VC9+ project files + + Visual Studio 2008 introduced support for the address space layout + randomization (ASLR) feature of Windows Vista. However, upgrading the + VC8 project files to VC9 and above disabled this feature. + + Removed the RandomizedBaseAddress directive to enabled the default + setting (/DYNAMICBASE). Note: This doesn't appear to have any negative + impact when compiled and ran on Windows XP. -- ldap.c: Fixed compilation warning +- build: Added support to Generate.bat for files in the upcoming vauth folder + +Daniel Stenberg (25 Feb 2015) +- http2: return recv error on unexpected EOF - ldap.c:802: warning: comparison between signed and unsigned integer - expressions + Pointed-out-by: Tatsuhiro Tsujikawa + Bug: http://curl.haxx.se/bug/view.cgi?id=1487 -- ldap: Fixed support for Unicode attributes in Win32 search call +Kamil Dudka (25 Feb 2015) +- dist: add symbol-scan.pl to the tarball + + ... in order to make test1135 succeed -- ldap: Fixed memory leak from commit efb64fdf80 +Daniel Stenberg (25 Feb 2015) +- http2: move lots of verbose output to be debug-only + +Kamil Dudka (25 Feb 2015) +- curl-config.in: eliminate double quotes around CURL_CA_BUNDLE - The unescapped DN was not freed after a successful character conversion. + Otherwise it expands to: + + echo ""/etc/pki/tls/certs/ca-bundle.crt"" + + Detected by ShellCheck: + + curl-config:74:16: warning: The double quotes around this do + nothing. Remove or escape them. [SC2140] -- ldap.c: Fixed compilation error +- nss: do not skip Curl_nss_seed() if data is NULL - ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes - just 1 + In that case, we only skip writing the error message for failed NSS + initialization (while still returning the correct error code). -- ldap.c: Fixed compilation warning +- nss: improve error handling in Curl_nss_random() - ldap.c:89: warning: extra tokens at end of #endif directive + The vtls layer now checks the return value, so it is no longer necessary + to abort if a random number cannot be provided by NSS. This also fixes + the following Coverity report: + + Error: FORWARD_NULL (CWE-476): + lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null. + lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it. + lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data". -- ldap: Fixed support for Unicode DN in Win32 search call +Daniel Stenberg (25 Feb 2015) +- RELEASE-PROCEDURE: add some more future release dates + + ... and remove some old ones -- ldap: Fixed Unicode user and password in Win32 bind calls +- sws: timeout idle CONNECT connections -- ldap: Fixed Unicode host name in Win32 initialisation calls +- bump: start working toward 7.42.0 -- ldap: Use host.dispname for infof() connection failure messages - - As host.name may be encoded use dispname for infof() failure messages. +Version 7.41.0 (25 Feb 2015) -- ldap: Prefer 'CURLcode result' for curl result codes +Daniel Stenberg (25 Feb 2015) +- THANKS: added contributors from the 7.41.0 RELEASE-NOTES -- ldap: Pass write length in all Curl_client_write() calls +- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!) + +Marc Hoersken (25 Feb 2015) +- Revert "telnet.c: fix handling of 0 being returned from custom read function" - As we get the length for the DN and attribute variables, and we know - the length for the line terminator, pass the length values rather than - zero as this will save Curl_client_write() from having to perform an - additional strlen() call. + This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe. -- ldap: Fixed attribute memory leaks on failed client write +- telnet.c: fix invalid use of custom read function if not being set - Fixed memory leaks from commit 086ad79970 as was noted in the commit - comments. + obj_count can be 1 if the custom read function is set or the stdin + handle is a reference to a pipe. Since the pipe should be handled + using the PeekNamedPipe-check below, the custom read function should + only be used if it is actually enabled. -- ldap: Fixed DN memory leaks on failed client write +- telnet.c: fix handling of 0 being returned from custom read function - Fixed memory leaks from commit 086ad79970 as was noted in the commit - comments. + According to [1]: "Returning 0 will signal end-of-file to the library + and cause it to stop the current transfer." + This change makes the Windows telnet code handle this case accordingly. + + [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html -- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d +Daniel Stenberg (24 Feb 2015) +- sws: stop logging about TPC_NODELAY nonsense + +- lib530: make it less timing sensible - curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char - [8]') to parameter of type 'char *' converts - between pointers to integer types with different - sign + ... by making sure the first request is completed before doing the + remainder. -- ntlm: Use extend_key_56_to_64() for all cryptography engines +Kamil Dudka (23 Feb 2015) +- connect: wait for IPv4 connection attempts - Rather than duplicate the code in setup_des_key() for OpenSSL and in - extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is - the same, use extend_key_56_to_64() for all engines. + ... even if the last IPv6 connection attempt has failed. + + Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4 -- RELEASE-NOTES: Synced with 34f0bd110f +- connect: avoid skipping an IPv4 address + + ... in case the protocol versions are mixed in a DNS response + (IPv6 -> IPv4 -> IPv6). + + Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3 -- curl_ntlm_core.c: Fixed compilation warning +Daniel Stenberg (23 Feb 2015) +- RELEASE-NOTES: synced with 5e4395eab839d + +- ROADMAP: curl_easy_setopt.3 has already been split up - curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined - but not used + Remove cmake as marked for removal. It is in much better state now. -- endian: Fixed bit-shift in 64-bit integer read functions +- ROADMAP: extend the HTTP/2 stuff, remove SPDY + +- [Julian Ospald brought this change] + + configure: allow both --with-ca-bundle and --with-ca-path - From commit 43792592ca and 4bb5a351b2. + SSL_CTX_load_verify_locations by default (and if given non-Null + parameters) searches the CAfile first and falls back to CApath. This + allows for CAfile to be a basis (e.g. installed by the package manager) + and CApath to be a user configured directory. + + This wasn't reflected by the previous configure constraint which this + patch fixes. - Reported-by: Michael Osipov + Bug: https://github.com/bagder/curl/pull/139 -- smb: Use endian functions for reading NBT and message size values +- [Ben Boeckel brought this change] -- endian: Added big endian read functions + cmake: install the dll file to the correct directory -- endian: Added 64-bit integer read function +- [Alessandro Ghedini brought this change] -- COPYING: Bumped copyright year to 2015 + nss: fix NPN/ALPN protocol negotiation + + Correctly check for memcmp() return value (it returns 0 if the strings match). + + This is not really important, since curl is going to use http/1.1 anyway, but + it's still a bug I guess. -- version: Bump copyright year to 2015 +- [Alessandro Ghedini brought this change] -- smb.c: Fixed compilation warnings + polarssl: fix ALPN protocol negotiation - smb.c:780: warning: passing 'char *' to parameter of type 'unsigned - char *' converts between pointers to integer types with - different sign - smb.c:781: warning: passing 'char *' to parameter of type 'unsigned - char *' converts between pointers to integer types with - different sign - smb.c:804: warning: passing 'char *' to parameter of type 'unsigned - char *' converts between pointers to integer types with - different sign - -- smb: Use endian functions for reading length and offset values + Correctly check for strncmp() return value (it returns 0 if the strings + match). -- endian: Added 16-bit integer write function +- [Sergei Nikulov brought this change] -- endian: Fixed Linux compilation issues + CMake: Fix generation of tool_hugehelp.c on windows - Having files named endian.[c|h] seemed to cause issues under Linux so - renamed them both to have the curl_ prefix in the filenames. + Use "cmake -E echo" instead of "echo". + + Reviewed-by: Brad King -- [Julien Nabet brought this change] +- [Sergei Nikulov brought this change] - lib1900.c: Fixed cppcheck error + CMake: fix winsock2 detection on windows - lib1900.c:182: (style) Array index 'handlenum' is used before limits - check + Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get + the winsock2 API from windows.h. Simplify the order of checks to + avoid extra conditions. - Bug: https://github.com/bagder/curl/pull/133 + Use check_include_file instead of check_include_file_concat to look + for OpenSSL headers. They do not need to participate in a sequence + of dependent system headers. Also they may cause winsock.h to be + included before ws2tcpip.h, causing the latter to not be detected + in the sequence. + + Reviewed-by: Brad King -- endian: Added standard function descriptions +- [Alessandro Ghedini brought this change] -- endian: Renamed functions for curl API naming convention + gtls: fix build with HTTP2 -- endian: Moved write functions to new module +Steve Holme (16 Feb 2015) +- Makefile.vc6: Corrected typos in rename of darwinssl.obj -- endian: Moved read functions to new module +Nick Zitzmann (15 Feb 2015) +- By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]" -- endian: Introduced endian module - - To allow the little endian functions, currently used in two of the NTLM - source files, to be used by other modules such as the SMB module. +Steve Holme (14 Feb 2015) +- RELEASE-NOTES: Synced with 6f89f86c3d -- sepheaders.c: Applied curl oding standards +- tests/README: Updated to reflect email test ranges -- [Julien Nabet brought this change] +- [Alessandro Ghedini brought this change] - sepheaders.c: Fixed resource leak on failure + curl.1: --cert-status is also supported by OpenSSL now -- vtls: Use '(void) arg' for unused parameters +- build: Removed Visual Studio SuppressStartupBanner directive for VC8+ - Prefer void for unused parameters, rather than assigning an argument to - itself as a) unintelligent compilers won't optimize it out, b) it can't - be used for const parameters, c) it will cause compilation warnings for - clang with -Wself-assign and d) is inconsistent with other areas of the - curl source code. + Visual Studio 2005 and above defaults to disabling the startup banner + for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there + is no need to explicitly set the SuppressStartupBanner directive, as + this is a leftover from the VC7 and VC7.1 projects being upgraded to + VC8 and above. -- smb.c: Fixed compilation warning +Kamil Dudka (12 Feb 2015) +- openssl: fix a compile-time warning - smb.c:586: warning: conversion to 'short unsigned int' from 'int' may - alter its value - -- [Bill Nagel brought this change] + lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive - smb: Use the connection's upload buffer +Steve Holme (11 Feb 2015) +- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection - Use the connection's upload buffer instead of allocating our own send - buffer. + For consistency with other conditionally compiled code in openssl.c, + use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use + HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are + not included. -- RELEASE-NOTES: Synced with 1933f9d33c +Patrick Monnerat (11 Feb 2015) +- ftp: accept all 2xx responses to the PORT command -- schannel: Moved the ISC return flag definitions to the SSPI module +Steve Holme (9 Feb 2015) +- openssl: Disable OCSP in old versions of OpenSSL - Moved our Initialize Security Context return attribute definitions to - the SSPI module, as a) these can be used by other SSPI based providers - and b) the ISC required attributes are defined there. - -- [Bill Nagel brought this change] + Versions of OpenSSL prior to v0.9.8h do not support the necessary + functions for OCSP stapling. - smb: Close the connection after a failed client write +Daniel Stenberg (9 Feb 2015) +- [Tatsuhiro Tsujikawa brought this change] -- darwinssl: Fixed compilation warning + http2: Fix bug that associated stream canceled on PUSH_PROMISE - vtls.c:683:43: warning: unused parameter 'data' + Previously we don't ignore PUSH_PROMISE header fields in on_header + callback. It makes header values mixed with following HEADERS, + resulting protocol error. -- sockfilt.c: Fixed compilation warnings - - sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter - its value - sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter - its value - sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter - its value - sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter - its value +- [Jay Satiro brought this change] -- test1509: Fixed compilation warning + polarssl: Fix exclusive SSL protocol version options - lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may - alter its value - -- test556: Fixed compilation warning + Prior to this change the options for exclusive SSL protocol versions did + not actually set the protocol exclusive. - lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may - alter its value + http://curl.haxx.se/mail/lib-2015-01/0002.html + Reported-by: Dan Fandrich -- sasl_gssapi: Fixed use of dummy username with real username +- [Jay Satiro brought this change] -- vtls: Fixed compilation warning and an ignored return code - - curl_schannel.h:123: warning: right-hand operand of comma expression - has no effect - - Some instances of the curlssl_close_all() function were declared with a - void return type whilst others as int. The schannel version returned - CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the - return code was ignored by the calling function Curl_ssl_close_all(). - - For the time being and to keep the internal API consistent, changed all - declarations to use a void return type. + gskit: Fix exclusive SSLv3 option + +- curl.1: clarify that -X is used for all requests - To reduce code we might want to consider removing the unimplemented - versions and use a void #define like schannel does. + Reported-by: Jon Seymour -Daniel Stenberg (28 Dec 2014) -- TODO: 2.3 Better support for same name resolves +- curl.1: add warning when using -H and redirects -Steve Holme (28 Dec 2014) -- test1520: Fixed initial teething problems +Steve Holme (7 Feb 2015) +- schannel: Removed curl_ prefix from source files - * Missing initialisation of upload status caused a seg fault - * Missing data termination caused corrupt data to be uploaded - * Data verification should be performed in element - * Added missing recipient list cleanup + Removed the curl_ prefix from the schannel source files as discussed + with Marc and Daniel at FOSDEM. -- test1520: Fixed compilation errors +Daniel Stenberg (6 Feb 2015) +- md5: use axTLS's own MD5 functions when available -- tests: Added test for bug #1456 +- MD(4|5): make the MD4_* and MD5_* functions static -- checksrc.bat: Fixed a problem opening files with spaces in the filename +- axtls: fix conversion from size_t to int warning -- openldap: Prefer use of 'CURLcode result' +Steve Holme (5 Feb 2015) +- ftp: Use 'CURLcode result' for curl result codes -- openldap: Use 'LDAPMessage *msg' for messages +Daniel Stenberg (5 Feb 2015) +- openssl: SSL_SESSION->ssl_version no longer exist - This frees up the 'result' variable for CURLcode based result codes. + The struct went private in 1.0.2 so we cannot read the version number + from there anymore. Use SSL_version() instead! + + Reported-by: Gisle Vanem + Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html -- nss: Don't ignore Curl_extract_certinfo() OOM failure +Dan Fandrich (4 Feb 2015) +- unit1600: Fix compilation when NTLM is disabled -- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure +Daniel Stenberg (4 Feb 2015) +- MD5: fix compiler warnings and code style nits -- nss: Use 'CURLcode result' for curl result codes +- MD5: replace implementation - ...and don't use CURLE_OK in failure/success comparisons. + The previous one was "encumbered" by RSA Inc - to avoid the licensing + restrictions it has being replaced. This is the initial import, + inserting the md5.c and md5.h files from + http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 + + Code-by: Alexander Peslyak -- getinfo: Code style policing +- MD4: fix compiler warnings and code style nits -- getinfo: Use 'CURLcode result' for curl result codes +- MD4: replace implementation + + The previous one was "encumbered" by RSA Inc - to avoid the licensing + restrictions it has being replaced. This is the initial import, + inserting the md4.c and md4.h files from + http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4 + + Code-by: Alexander Peslyak -- darwinssl: Use 'CURLcode result' for curl result codes +Steve Holme (4 Feb 2015) +- telnet: Prefer 'CURLcode result' for curl result codes -- polarssl: Use 'CURLcode result' for curl result codes +- hostasyn: Prefer 'CURLcode result' for curl result codes -- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries - - As this feature has been implemented for 7.40.0. +- schannel: Prefer 'CURLcode result' for curl result codes -- asiohiper.cpp: No need to initialise members of ConnInfo - - ...as calloc() automatically clears the area of memory with zeros. +Daniel Stenberg (3 Feb 2015) +- unit1601: MD5 unit tests + +- unit1600: unit test for Curl_ntlm_core_mk_nt_hash + +- unit1600: NTLM unit test + +- tests/README: add a new range, clean up some language + +- [Jay Satiro brought this change] -- asiohiper.cpp: Updated for curl coding standards - - ...with the exception of the start of block statement curly brackets. + opts: CURLOPT_CAINFO availability depends on SSL engine -- code/docs: Use correct case for IPv4 and IPv6 +- getpass: protect include with proper #ifdef - For consistency, as we seem to have a bit of a mixed bag, changed all - instances of ipv4 and ipv6 in comments and documentations to use the - correct case. + Reported-by: Tamir -- runtests: Fixed detection of Unix Sockets feature +- getpass_r: read from stdin, not stdout! - ...following change in curl --version output. - -- code/docs: Use Unix rather than UNIX to avoid use of the trademark + The file number used was wrong. This bug was introduced over 10 years + ago, proving this function isn't used much... - Use Unix when generically writing about Unix based systems as UNIX is - the trademark and should only be used in a particular product's name. + Bug: http://curl.haxx.se/bug/view.cgi?id=1476 + Reported-by: Tamir -- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported +- test1135: verify the CURL_EXTERN order in header files + +- Makefile.am: fix 'make distcheck' - if2ip.c:119: warning: unused parameter 'remote_scope_id' + ... by removing generated files from the *_DIST variable [*] and instead + generate them with a .dist suffix, since that is then handled and put + into the release archive by our generic dist-hook. - ...and some minor code style policing in the same function. + [*] = 'make distcheck' fails with non-existing files listed there -- vtls: Don't set cert info count until memory allocation is successful +Steve Holme (2 Feb 2015) +- curl_sasl.c: More code policing - Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs - member variable to the requested count, which could then be used - incorrectly as libcurl closes down. + Better use of 80 character line limit, comment corrections and line + spacing preferences. -- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type - - The return type for this function was 0 on success and 1 on error. This - was then examined by the calling functions and, in most cases, used to - return CURLE_OUT_OF_MEMORY. - - Instead use CURLcode for the return type and return the out of memory - error directly, propagating it up the call stack. +Daniel Stenberg (2 Feb 2015) +- libcurl-symbols: first basic shot for autogenerated docs -- configure: Use camel case for UNIX sockets feature output +- FAQ: minor edit of 3.22 + +Steve Holme (2 Feb 2015) +- build: Added removal of Visual Studio project files - To match the curl --version output. + Added the removal of the locally generated project files so one + may revert to a clean repository. -Marc Hoersken (26 Dec 2014) -- sockfilt.c: Reduce the number of individual memory allocations +- build: Renamed top level Visual Studio solution files - Merge multiple internal arrays into one, even if some variables - will not not be used. They are all created with the number of - file descriptors as their size. + In preparation for adding the test suite and examples projects renamed + the top level "all" solution files to better describe what they are. - Also fix possible thread handle leak in CloseHandle-loop. + This will also enable us to use "curl" rather than "curlsrc" for the + command line tool solution and project files, which will simplify some + of the configuration. -- sockfilt.c: Replace 100ms sleep with thread throttle - - Improves performance of test cases 574 and 575 by 50%. +- build: Enabled DEBUGBUILD in Visual Studio debug builds - A value of zero causes the thread to relinquish the remainder - of its time slice to any other thread of equal priority that is - ready to run. If there are no other threads of equal priority - ready to run, the function returns immediately, and the thread - continues execution. + Defined the DEBUGBUILD pre-processor variable to allow extra logging, + which is particularly useful in debug builds, as we use this and Visual + Studio typically uses _DEBUG. - http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx + We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is + defined but that would also affect the makefile based builds which we + probably don't want to do. -Steve Holme (25 Dec 2014) -- tool_help: Use camel case for UNIX sockets feature output - - In line with the other features listed in the --version output, - capitalise the UNIX socket feature. +- build: Removed unused Visual Studio bscmake settings -- vtls: Use bool for Curl_ssl_getsessionid() return type +Daniel Stenberg (2 Feb 2015) +- CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0 - The return type of this function is a boolean value, and even uses a - bool internally, so use bool in the function declaration as well as - the variables that store the return value, to avoid any confusion. + And modify the text to refer to HTTP 2 as it isn't called "2.0". + + Reported-By: Michael Wallner -- schannel: Minor code style policing for casts +Marc Hoersken (31 Jan 2015) +- TODO: moved WinSSL/SChannel todo items into docs -- schannel: Prefer 'CURLcode result' for curl result codes +Daniel Stenberg (29 Jan 2015) +- [Michael Kaufmann brought this change] -- cyassl: Prefer 'CURLcode result' for curl result codes + CURLOPT_SEEKFUNCTION.3: also when server closes a connection -- tool_xattr: Use 'CURLcode result' for curl result codes +Steve Holme (29 Jan 2015) +- curl_sasl.c: Fixed compilation warning when cryptography is disabled + + curl_sasl.c:1506: warning: unused variable 'chlg' -- curl_ntlm_core.c: Fixed compilation warnings +- curl_sasl.c: Fixed compilation warning when verbose debug output disabled - curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of - 'CryptImportKey' differ in signedness - curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from - incompatible pointer type - curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam' - from incompatible pointer type + curl_sasl.c:1317: warning: unused parameter 'conn' -- RELEASE-NOTES: Synced with 8830df8b66 +- ntlm_core: Use own odd parity function when crypto engine doesn't have one -- gtls: Use preferred 'CURLcode result' +- ntlm_core: Prefer sizeof(key) rather than hard coded sizes -- openldap: Use standard naming for setup connection function - - Renamed ldap_setup() to ldap_setup_connection() to follow more widely - used function naming. +- ntlm_core: Added consistent comments to DES functions -- rtmp: Use standard naming for setup connection function +- des: Added Curl_des_set_odd_parity() - Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely - used function naming. + Added Curl_des_set_odd_parity() for use when cryptography engines + don't include this functionality. -- smb: Use standard naming for setup connection function - - Renamed smb_setup() to smb_setup_connection() to follow more widely - used function naming. +- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests -- config-win32.h: Fixed line length > 79 columns +- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests -- openssl: Prefer we don't use NULL in comparisons +- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests -- build: Removed WIN32 definition from the Visual Studio projects - - As this pre-processor definition is defined in curl_setup.h there is no - need to include it in the Visual Studio project files. +- sasl: Minor code policing and grammar corrections -- build: Removed WIN64 definition from the libcurl Visual Studio projects - - Removed the WIN64 pre-processor definition from the libcurl project - files as: - - * WIN64 is not used in our source code - * The curl projects files don't define it - * It isn't required by or used in the platform SDK - * For backwards compatability curl_setup.h defines WIN32 - * The compiler automatically defines _WIN64 for x64 builds - - Historically Visual Studio projects have defined WIN32, in addition to - the compiler defined _WIN32 definition, and I had incorrectly changed - that to WIN64 for the x64 libcurl builds but not in the curl projects. - - As such, it is questionable whether this should be defined or not. For - more information see the following cache of a discussion that took - place on the microsoft.public.vc.mfc newsgroup: - - http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html +Daniel Stenberg (28 Jan 2015) +- [Gisle Vanem brought this change] -- openssl.c Fix for compilation errors with older versions of OpenSSL + ldap: build with BoringSSL + +- security: avoid compiler warning - openssl.c:1408: error: 'TLS1_1_VERSION' undeclared - openssl.c:1411: error: 'TLS1_2_VERSION' undeclared + Possible access to uninitialised memory '&nread' at line 140 of + lib/security.c in function 'ftp_send_command'. + + Reported-by: Rich Burridge -Daniel Stenberg (22 Dec 2014) -- [John Malmberg brought this change] +- runtests: identify BoringSSL and libressl - Fix comment edit in vms/backup_gnv_curl_src.com - - packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port. +Patrick Monnerat (27 Jan 2015) +- docs: cite SASL external authentication. -- curl: show size of inhibited data when using -v - - To offer some more info and yet it doesn't use more lines. +- sasl: remove XOAUTH2 from default enabled authentication mechanism. -- openssl: fix SSL/TLS versions in verbose output +- test: add test cases for sasl external authentication (imap/pop3/smtp). -- openssl: make it compile against openssl 1.1.0-DEV master branch +- imap: remove automatic password setting: it breaks external sasl authentication -Marc Hoersken (22 Dec 2014) -- sshserver.pl: clarify and streamline variable names +- sasl: implement EXTERNAL authentication mechanism. + Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and + by not setting the password. -Daniel Stenberg (21 Dec 2014) -- openssl: warn for SRP set if SSLv3 is used, not for TLS version +Steve Holme (27 Jan 2015) +- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE - ... as it requires TLS and it was was left to warn on the default from - when default was SSL... + Modified the Curl_ossl_cert_status_request() function to return FALSE + when built with BoringSSL or when OpenSSL is missing the necessary TLS + extensions. -- smb: use memcpy() instead of strncpy() +- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext' - ... as it never copies the trailing zero anyway and always just the four - bytes so let's not mislead anyone into thinking it is actually treated - as a string. + Fixed the build of openssl.c when OpenSSL is built without the necessary + TLS extensions for OCSP stapling. - Coverity CID: 1260214 + Reported-by: John E. Malmberg -- [John E. Malmberg brought this change] +- [Brad Spencer brought this change] - VMS: Updates for 0740-0D1220 - - lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help. - More defines to set symbols to uppercase. - - src/tool_main.c : Fix parameter to vms_special_exit() call. - - packages/vms/ : - backup_gnv_curl_src.com : Fix the error message to have the correct package. - - build_curl-config_script.com : Rewrite to be more accurate. - - build_libcurl_pc.com : Use tool_version.h now. - - build_vms.com : Fix to handle lib/vtls directory. - - curl_gnv_build_steps.txt : Updated build procedure documentation. - - generate_config_vms_h_curl.com : - * VAX does not support 64 bit ints, so no NTLM support for now. - * VAX HP SSL port is ancient, needs some help. - * Disable NGHTTP2 for now, not ported to VMS. - * Disable UNIX_SOCKETS, not available on VMS yet. - * HP GSSAPI port does not have gss_nt_service_name. - - gnv_link_curl.com : Update for new curl structure. + curl_setup: Disable SMB/CIFS support when HTTP only + +- RELEASE-NOTES: Synced with 37824498a3 + +Daniel Stenberg (22 Jan 2015) +- configure: remove detection of the old yassl emulation API - pcsi_product_gnv_curl.com : Set up to optionally do a complete build. + ... as that is ancient history and not used. -Marc Hoersken (21 Dec 2014) -- sockfilt.c: use non-Ex functions that are available before WinXP - - It was initially reported by Guenter that GetFileSizeEx - requires (_WIN32_WINNT >= 0x0500) to be true. +- OCSP stapling: disabled when build with BoringSSL -- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files - - Second patch to enable Windows support using Cygwin-based OpenSSH. - - Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7. +- [Alessandro Ghedini brought this change] -- tests: support spaces in paths to SSH, SSHD and SFTP binaries + openssl: add support for the Certificate Status Request TLS extension - First patch to enable Windows support using Cygwin-based OpenSSH. - -Steve Holme (20 Dec 2014) -- non-ascii: Reduce variable usage + Also known as "status_request" or OCSP stapling, defined in RFC6066 + section 8. - Removed 'next' variable in Curl_convert_form(). Rather than setting it - from 'form->next' and using that to set 'form' after the conversion - just use 'form = form->next' instead. + Thanks-to: Joe Mason + - for the work-around for the OpenSSL bug. -- non-ascii: Prefer while loop rather than a do loop +- BoringSSL: fix build for non-configure builds - This also removes the need to check that the 'form' argument is valid. + HAVE_BORINGSSL gets defined now by configure and should be defined by + other build systems in case a BoringSSL build is desired. -- non-ascii: Reduce variable scope - - As 'result' isn't used out side the conversion callback code and - previously caused variable shadowing in the libiconv based code. +- configure: fix BoringSSL detection and detect libresssl -- non-ascii: We prefer 'CURLcode result' +Steve Holme (22 Jan 2015) +- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions - This also fixes a variable shadowing issue when HAVE_ICONV is defined - as rc was declared for the result code of libiconv based functions. + Commit 7a8b2885e2 made some functions static and removed the public + Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which + is the naming convention we use in this source file. -Marc Hoersken (19 Dec 2014) -- secureserver.pl: clean up formatting of config and fix verbose output - - Verbose output was not matching the actual configuration file, - because FIPS and Windows conditions were ignored. +- curl_sasl: Minor code policing following recent commits -- secureserver.pl: update Windows detection and fix path conversion +Daniel Stenberg (22 Jan 2015) +- [John Malmberg brought this change] -- secureserver.pl: make OpenSSL CApath and cert absolute path values + openvms: Handle openssl/0.8.9zb version parsing - Recent stunnel versions (5.08) seem to have trouble with relative - paths on Windows. This turns the relative paths into absolute ones. + packages/vms/gnv_link_curl.com was assuming only a single letter suffix + in the openssl version. That assumption has been fixed for 7.40. -Patrick Monnerat (18 Dec 2014) -- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code. +- BoringSSL: detected by configure, switches off NTLM -- [Kyle J. McKay brought this change] +- BoringSSL: no PKCS12 support nor ERR_remove_state - parseurlandfillconn(): fix improper non-numeric scope_id stripping. - Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/ +- [Leith Bade brought this change] -- IPV6: address scope != scope id - There was a confusion between these: this commit tries to disambiguate them. - - Scope can be computed from the address itself. - - Scope id is scope dependent: it is currently defined as 1-based local - interface index for link-local scoped addresses, and as a site index(?) for - (obsolete) site-local addresses. Linux only supports it for link-local - addresses. - The URL parser properly parses a scope id as an interface index, but stores it - in a field named "scope": confusion. The field has been renamed into "scope_id". - Curl_if2ip() used the scope id as it was a scope. This caused failures - to bind to an interface. - Scope is now computed from the addresses and Curl_if2ip() matches them. - If redundantly specified in the URL, scope id is check for mismatch with - the interface index. - - This commit should fix SF bug #1451. + BoringSSL: fix build -- connect: singleipconnect(): properly try other address families after failure +Steve Holme (20 Jan 2015) +- curl_sasl.c: chlglen is not used when cryptography is disabled -Daniel Stenberg (16 Dec 2014) -- SFTP: work-around servers that return zero size on STAT +- curl_sasl.c: Fixed compilation warning when cyptography is disabled - Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html - Pathed-by: Marc Renault + curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local + variable -- glob_next_url: make the loop count upwards +- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined - As the former contruct apparently caused a compiler warning, mentioned - in d8efde07e556c. + curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier + + This error could also happen for non-SSPI builds when cryptography is + disabled (CURL_DISABLE_CRYPTO_AUTH is defined). -- tool_operate: we prefer 'CURLcode result' +Patrick Monnerat (20 Jan 2015) +- SASL: make some procedures local-scoped -- tool_urlglob: unify return codes to use CURLcode - - There was a mix of GlobCode, CURLcode and ints and they were mostly - passing around CURLcode errors. This change makes the functions use only - CURLcode and removes the GlobCode type completely. +- SASL: common state engine for imap/pop3/smtp -- tool_urlglob.c: partly reverse dc19789444 - - The loop in glob_next_url() needs to be done backwards to maintain the - logic. dc19789444 caused test 1235 to fail. +- SASL: common URL option and auth capabilities decoders for all protocols -- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME +- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters. -- [Jay Satiro brought this change] +Daniel Stenberg (20 Jan 2015) +- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6 + + Reported-by: Chris Young - opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS +- [Chris Young brought this change] + + timeval: typecast for better type (on Amiga) - Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and - CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one - that will be used. + There is an issue with conflicting "struct timeval" definitions with + certain AmigaOS releases and C libraries, depending on what gets + included when. It's a minor difference - the OS one is unsigned, + whereas the common structure has signed elements. If the OS one ends up + getting defined, this causes a timing calculation error in curl. - Prior to this change that behavior was only noted in the - CURLOPT_TIMEOUT_MS doc. + It's easy enough to resolve this at the curl end, by casting the + potentially errorneous calculation to a signed long. -Nick Zitzmann (15 Dec 2014) -- darwinssl: fix incorrect usage of aprintf() +- openssl: do public key pinning check independently - Commit b13923f changed an snprintf() to use aprintf(), but the API usage - wasn't correct, and was causing a crash to occur. This fixes it. + ... of the other cert verification checks so that you can set verifyhost + and verifypeer to FALSE and still check the public key. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1471 + Reported-by: Kyle J. McKay -Steve Holme (14 Dec 2014) -- copyright: Updated the copyright year following recent updates +Patrick Monnerat (19 Jan 2015) +- OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too. -Daniel Stenberg (14 Dec 2014) -- tool_urlglob.c: reverse two loops +Steve Holme (18 Jan 2015) +- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP - By counting from 0 and up instead of backwards like before, we remove - the need for the "funny" check of the unsigned variable when decreased - passed zero. Easier to read and less risk for compiler warnings. - -Marc Hoersken (14 Dec 2014) -- tool_urlglob.c: Added braces to clarify the conditions + For consistency with other USE_WIN32_ defines as well as the + USE_OPENLDAP define. -- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop +- http_negotiate: Use dynamic buffer for SPN generation - The >= 0 is actually not required, since i underflows and - the for-loop is stopped using the < condition, but this - makes the VS2012 compiler and code analysis happy. + Use a dynamicly allocated buffer for the temporary SPN variable similar + to how the SASL GSS-API code does, rather than using a fixed buffer of + 2048 characters. -- tool_binmode.c: Explicitly ignore the return code of setmode +- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public + +- sasl_gssapi: Fixed memory leak with local SPN variable + +Daniel Stenberg (17 Jan 2015) +- http_negotiate.c: unused variable 'ret' + +Steve Holme (17 Jan 2015) +- gskit.h: Code policing of function pointer arguments + +- vtls: Removed unimplemented overrides of curlssl_close_all() - Fixes code analysis warning C6031: - return value ignored: could return unexpected value + Carrying on from commit 037cd0d991, removed the following unimplemented + instances of curlssl_close_all(): + + Curl_axtls_close_all() + Curl_darwinssl_close_all() + Curl_cyassl_close_all() + Curl_gskit_close_all() + Curl_gtls_close_all() + Curl_nss_close_all() + Curl_polarssl_close_all() -- lib: Fixed multiple code analysis warnings if SAL are available +- vtls: Separate the SSL backend definition from the API setup - warning C28252: Inconsistent annotation for function: - parameter has another annotation on this instance + Slight code cleanup as the SSL backend #define is mixed up with the API + function setup. -Steve Holme (14 Dec 2014) -- smb.c: Fixed code analysis warning +- vtls: Fixed compilation errors when SSL not used - smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted, - then cast to 64-bit value. Result may not be an expected - value + Fixed the following warning and error from commit 3af90a6e19 when SSL + is not being used: + + url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined; + assuming extern returning int + + error LNK2019: unresolved external symbol Curl_ssl_cert_status_request + referenced in function Curl_setopt -Marc Hoersken (14 Dec 2014) -- tool_util.c: Use GetTickCount64 if it is available +- http_negotiate: Added empty decoded challenge message info text -Steve Holme (14 Dec 2014) -- smb: Use HAVE_PROCESS_H for process.h inclusion - - Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H - pre-processor define when including process.h. +- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int -Daniel Stenberg (14 Dec 2014) -- darwinssl: aprintf() to allocate the session key +- http_negotiate_sspi: Prefer use of 'attrs' for context attributes - ... to avoid using a fixed memory size that risks being too large or too - small. + Use the same variable name as other areas of SSPI code. -Marc Hoersken (14 Dec 2014) -- curl_schannel: Improvements to memory re-allocation strategy +- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo() - - do not grow memory by doubling its size - - do not leak previously allocated memory if reallocation fails - - replace while-loop with a single check to make sure - that the requested amount of data fits into the buffer + Use the SECURITY_STATUS typedef rather than a unsigned long for the + QuerySecurityPackageInfo() return and rename the variable as per other + areas of SSPI code. + +- http_negotiate_sspi: Use 'CURLcode result' for CURL result code + +- curl_endian: Fixed build when 64-bit integers are not supported (Part 2) - Bug: http://curl.haxx.se/bug/view.cgi?id=1450 - Reported-by: Warren Menzer + Missed Curl_read64_be() in commit bb12d44471 :( + +Daniel Stenberg (16 Jan 2015) +- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0 + +- curlver.h: next release is 7.41.0 due to the changes + +- RELEASE-NOTES: mention the new OCSP stapling options, bump version -Steve Holme (14 Dec 2014) -- asyn-ares: We prefer use of 'CURLcode result' +- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile -Marc Hoersken (14 Dec 2014) -- curl_schannel.c: Data may be available before connection shutdown +- help: add --cert-status to --help output -Steve Holme (14 Dec 2014) -- http2: Use 'CURLcode result' for curl result codes +- copyright years: after OCSP stapling changes -- asyn-thread: We prefer 'CURLcode result' +- [Alessandro Ghedini brought this change] -- smb: Fixed unnecessary initialisation of struct member variables + curl: add --cert-status option - There is no need to set the 'state' and 'result' member variables to - SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc() - as calloc() initialises the contents to zero. + This enables the CURLOPT_SSL_VERIFYSTATUS functionality. -- ntlm: Fixed return code for bad type-2 Target Info - - Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security - buffers just like we do for bad decodes. +- [Alessandro Ghedini brought this change] -- ntlm: Remove unnecessary casts in readshort_le() + nss: add support for the Certificate Status Request TLS extension - I don't think both of my fix ups from yesterday were needed to fix the - compilation warning, so remove the one that I think is unnecessary and - let the next Android autobuild prove/disprove it. - -- curl_ntlm_msgs.c: Another attempt to fix compilation warning + Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. - curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from - 'int' may alter its value - -Guenter Knauf (13 Dec 2014) -- synctime.c: added own user-agent string. + This requires NSS 3.15 or higher. -Steve Holme (13 Dec 2014) -- smb.c: Fixed line longer than 79 columns +- [Alessandro Ghedini brought this change] -- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11 + gtls: add support for the Certificate Status Request TLS extension - curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from - 'int' may alter its value + Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. + + This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use + at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP + response verfication to fail even on valid responses. -Guenter Knauf (13 Dec 2014) -- mk-ca-bundle.pl: restored forced run again. +- [Alessandro Ghedini brought this change] -- synctime.c: removed another timeserver URL. + url: add CURLOPT_SSL_VERIFYSTATUS option - worldtimeserver.com seems also no longer available. - -- synctime.c: fixed timeserver URLs. + This option can be used to enable/disable certificate status verification using + the "Certificate Status Request" TLS extension defined in RFC6066 section 8. - For getting the date header its not necessary to access special - pages or even CGI scripts - all pages including the main index - reply with the date header, therefore shortened URLs to domain. - Removed worldtime.com; added pool.ntp.org. + This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the + certificate status verification fails, and the Curl_ssl_cert_status_request() + function, used to check whether the SSL backend supports the status_request + extension. -Steve Holme (13 Dec 2014) -- ftp.c: Fixed compilation warning when no verbose string support - - ftp.c:819: warning: unused parameter 'lineno' +- TheArtOfHttpScripting: skip the date at the top, we have git -- smb: Added state change functions to assist with debugging - - For debugging purposes, and as per other protocols within curl, added - state change functions rather than changing the states directly. +- TheArtOfHttpScripting: phrase it TLS lib agnostic -- ntlm: Use short integer when decoding 16-bit values +Steve Holme (16 Jan 2015) +- TODO: Added some SMB ideas -- RELEASE-NOTES: Synced with 6291a16b20 +- RELEASE-NOTES: Synced with 5f09947d28 -- smtp.c: Fixed compilation warnings - - smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string - does not append to the string - smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string - does not append to the string - smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string - does not append to the string - - Used array index notation instead. +- build-openssl.bat: Added check for Perl installation -- smb: Disable SMB when 64-bit integers are not supported - - This fixes compilation issues with compilers that don't support 64-bit - integers through long long or __int64. +- checksrc.bat: Better detection of Perl installation -- ntlm: Disable NTLM v2 when 64-bit integers are not supported +- curl_endian: Fixed build when 64-bit integers are not supported - This fixes compilation issues with compilers that don't support 64-bit - integers through long long or __int64 which was introduced in commit - 07b66cbfa4. + Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html + Reported-by: John E. Malmberg -- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined - - Previously USE_NTLM2SESSION would only be defined automatically when - USE_NTRESPONSES wasn't already defined. Separated the two definitions - so that the user can manually set USE_NTRESPONSES themselves but - USE_NTLM2SESSION is defined automatically if they don't define it. +Daniel Stenberg (15 Jan 2015) +- [Yun SangHo brought this change] -- smtp.c: Fixed line longer than 79 columns + curl.h: remove extra space -- config-win32.h: Don't enable Windows Crypt API if using OpenSSL +- Curl_pretransfer: reset expected transfer sizes - As the OpenSSL and NSS Crypto engines are prefered by the core NTLM - routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT - automatically when either OpenSSL or NSS are in use - doing so would - disable NTLM2Session responses in NTLM type-3 messages. + Reported-by: Mohammad AlSaleh + Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html -- smtp: Fixed inappropriate free of the scratch buffer +Marc Hoersken (12 Jan 2015) +- curl_schannel.c: mark session as removed from cache if not freed - If the scratch buffer was allocated in a previous call to - Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent - call and no action taken by that call, then an attempt would be made to - try and free the buffer which, by now, would be part of the data->state - structure. + If the session is still used by active SSL/TLS connections, it + cannot be closed yet. Thus we mark the session as not being cached + any longer so that the reference counting mechanism in + Curl_schannel_shutdown is used to close and free the session. - This bug was introduced in commit 4bd860a001. + Reported-by: Jean-Francois Durand -- smtp: Fixed dot stuffing when EOL characters were at end of input buffers - - Fixed a problem with the CRLF. detection when multiple buffers were - used to upload an email to libcurl and the line ending character(s) - appeared at the end of each buffer. This meant any lines which started - with . would not be escaped into .. and could be interpreted as the end - of transmission string instead. +Steve Holme (9 Jan 2015) +- RELEASE-NOTES: Synced with d21b66835f + +Guenter Knauf (9 Jan 2015) +- Merge pull request #134 from vszakats/mingw-m64 - This only affected libcurl based applications that used a read function - and wasn't reproducible with the curl command-line tool. + add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS + +- Merge pull request #136 from vszakats/mingw-allow-custom-cflags - Bug: http://curl.haxx.se/bug/view.cgi?id=1456 - Assisted-by: Patrick Monnerat + mingw build: allow to pass custom CFLAGS -Daniel Stenberg (11 Dec 2014) -- telnet: fix "cast increases required alignment of target type" +Daniel Stenberg (9 Jan 2015) +- NSS: fix compiler error when built http2-enabled -- ntlm_wb_response: fix "statement not reached" - - ... and I could use a break instead of a goto to end the loop. +Steve Holme (9 Jan 2015) +- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions - Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html - Reported-by: Tor Arntsen + Better code reuse and consistency in calls to gss_import_name(). -Steve Holme (10 Dec 2014) -- RELEASE-NOTES: Synced with 1cc5194337 - - Added some bug fixes that I had missed in previous synchronisations. +Viktor Szakats (9 Jan 2015) +- mingw build: allow to pass custom CFLAGS -Daniel Stenberg (10 Dec 2014) -- Curl_unix2addr: avoid using the variable name 'sun' +Daniel Stenberg (8 Jan 2015) +- FTP: if EPSV fails on IPV6 connections, bail out - I suspect this causes compile failures on Solaris: + ... instead of trying PASV, since PASV can't work with IPv6. - Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html + Reported-by: Vojtěch Král -Steve Holme (10 Dec 2014) -- url.c: Fixed compilation warning when USE_NTLM is not defined +- FTP: fix IPv6 host using link-local address - url.c:3078: warning: variable 'credentialsMatch' set but not used - -- parsedate.c: Fixed compilation warning + ... and make sure we can connect the data connection to a host name that + is longer than 48 bytes. - parsedate.c:548: warning: 'parsed' may be used uninitialized in this - function + Also simplifies the code somewhat by re-using the original host name + more, as it is likely still in the DNS cache. - As curl_getdate() returns -1 when parsedate() fails we can initialise - parsed to -1. + Original-Patch-by: Vojtěch Král + Bug: http://curl.haxx.se/bug/view.cgi?id=1468 -Daniel Stenberg (10 Dec 2014) -- TODO: Cache negative name resolves - - Worth exploring +Steve Holme (8 Jan 2015) +- [Sam Schanken brought this change] -- ldap: check Curl_client_write() return codes + winbuild: Added option to build with c-ares - There might be one or two memory leaks left in the error paths. - -- ldap: rename variables to comply to curl standards + Added support for a WITH_CARES option to be used when invoking nmake + via Makefile.vc. This option enables linking against both the DLL and + static versions of the c-ares libraries, as well as the debug and + release varients, depending on the value of DEBUG. The USE_ARES + preprocessor symbol is also defined. -Dan Fandrich (10 Dec 2014) -- sws.c: Fixed 'rc' may be used uninitialized warning +Guenter Knauf (8 Jan 2015) +- NetWare build: added TLS-SRP enabled build. -- cookies: Improved OOM handling in cookies +Steve Holme (8 Jan 2015) +- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API - This fixes the test 506 torture test. The internal cookie API really - ought to be improved to separate cookie parsing errors (which may be - ignored) with OOM errors (which should be fatal). + Bug: http://curl.haxx.se/bug/view.cgi?id=1469 + Reported-by: Thomas Klausner -Guenter Knauf (9 Dec 2014) -- synctime.c: fixed user-agent setting. - - Some websites meanwhile refuse to reply to requests from ancient - browsers like IE6, therefore I've comment out this setting, but - also fixed the string to now fake IE8 if someone enables it. +Viktor Szakats (8 Jan 2015) +- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS -Daniel Stenberg (9 Dec 2014) -- smb: fix unused return code warning +Daniel Stenberg (8 Jan 2015) +- bump: start working towards 7.40.1 -Patrick Monnerat (9 Dec 2014) -- Curl_client_write() & al.: chop long data, convert data only once. +- THANKS: 14 new contributors from the 7.40.0 release notes -Guenter Knauf (9 Dec 2014) -- VC build: added sspi define for winssl-zlib builds. +Version 7.40.0 (7 Jan 2015) -Daniel Stenberg (9 Dec 2014) -- schannel_recv: return the correct code +Daniel Stenberg (7 Jan 2015) +- RELEASE-NOTES: version 7.40.0 + +- darwinssl: fix session ID keys to only reuse identical sessions - Bug: http://curl.haxx.se/bug/view.cgi?id=1462 - Reported-by: Tae Hyoung Ahn + ...to avoid a session ID getting cached without certificate checking and + then after a subsequent _enabling_ of the check libcurl could still + re-use the session done without cert checks. + + Bug: http://curl.haxx.se/docs/adv_20150108A.html + Reported-by: Marc Hesse -- http2: avoid logging neg "failure" if h2 was not requested +- tests: make sure CRLFs can't be used in URLs passed to proxy + + Bug: http://curl.haxx.se/docs/adv_20150108B.html -- openldap: do not ignore Curl_client_write() return codes +- url-parsing: reject CRLFs within URLs + + Bug: http://curl.haxx.se/docs/adv_20150108B.html + Reported-by: Andrey Labunets -- compile: warn on unused return code from Curl_client_write() +Steve Holme (7 Jan 2015) +- ldap: Convert attribute output to UTF-8 when Unicode -Patrick Monnerat (8 Dec 2014) -- SMB: Fix a data size mismatch that broke SMB on big-endian platforms +- ldap: Convert DN output to UTF-8 when Unicode -Steve Holme (7 Dec 2014) -- smb: Fixed Windows autoconf builds following commit eb88d778e7 - - As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO - either explicitly through --enable-win32-cypto or automatically on - _WIN32 based platforms, subsequent builds broke with the following - error message: +Daniel Stenberg (7 Jan 2015) +- hostip: remove 'stale' argument from Curl_fetch_addr proto - "Can't compile NTLM support without a crypto library." + Also, remove the log output of the resolved name is NOT in the cache in + the spirit of only telling when something is actually happening. -- RELEASE-NOTES: Synced with 526603ff05 +Steve Holme (7 Jan 2015) +- ldap/imap: Fixed spelling mistake in comments and variable names + + Reported-by: Michael Osipov -- [Bill Nagel brought this change] +Daniel Stenberg (7 Jan 2015) +- RELEASE-NOTES: updated with ./contributors.sh output - smb: Build with SSPI enabled - - Build SMB/CIFS protocol support when SSPI is enabled. +Dan Fandrich (5 Jan 2015) +- curl_multibyte.h: Eliminated some trailing whitespace -- [Bill Nagel brought this change] +Steve Holme (4 Jan 2015) +- RELEASE-NOTES: Synced with ea93252ef1 - ntlm: Use Windows Crypt API +- ldap: Fixed Unicode usage for all Win32 builds - Allow the use of the Windows Crypt API for NTLMv1 functions. + Otherwise, the fixes in the previous commits would only be applicable + to IDN and SSPI based builds and not others such as OpenSSL with LDAP + enabled. -Dan Fandrich (7 Dec 2014) -- cookie.c: Refactored cleanup code to simplify - - Also, fixed the outdated comments on the cookie API. +- ldap: Fixed memory leak from commit efb64fdf80 -- get_url_file_name: Fixed crash on OOM on debug build - - This caused a null-pointer dereference which caused a few dozen - torture tests to fail. +- ldap: Fix memory leak from commit 3a805c5cc1 -Steve Holme (6 Dec 2014) -- sws.c: Fixed compilation warning +- ldap: Fixed attribute variable warnings when Unicode is enabled - sws.c:2191 warning: 'rc' may be used uninitialized in this function + Use 'TCHAR *' for local attribute variable rather than 'char *'. -- ftp.c: Fixed compilation warnings when proxy support disabled +- ldap: Fixed DN variable warnings when Unicode is enabled - ftp.c:1827 warning: unused parameter 'newhost' - ftp.c:1827 warning: unused parameter 'newport' + Use 'TCHAR *' for local DN variable rather than 'char *'. -- smb: Fixed a problem with large file transfers +- ldap: Remove the unescape_elements() function - Fixed an issue with the message size calculation where the raw bytes - from the buffer were interpreted as signed values rather than unsigned - values. + Due to the recent modifications this function is no longer used. + +- ldap.c: Fixed compilation warning - Reported-by: Gisle Vanem - Assisted-by: Bill Nagel + ldap.c:98: warning: extra tokens at end of #endif directive -- smb: Moved the URL decoding into a separate function +- ldap: Fixed support for Unicode filter in Win32 search call -- smb: Fixed URL encoded URLs not working +- ldap.c: Fixed compilation warning + + ldap.c:802: warning: comparison between signed and unsigned integer + expressions -- Makefile.inc: Added our standard header and updated file formatting +- ldap: Fixed support for Unicode attributes in Win32 search call -- Makefile.inc: Updated file formatting +- ldap: Fixed memory leak from commit efb64fdf80 - Aligned continuation character and used space as the separator - character as per other makefile files. + The unescapped DN was not freed after a successful character conversion. -- curl_md4.h: Updated copyright year following recent edit +- ldap.c: Fixed compilation error - ...and minor layout adjustment. - -Patrick Monnerat (5 Dec 2014) -- SMB: Fix big endian problems. Make it OS/400 aware. - -- OS400: enable NTLM authentication + ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes + just 1 -Steve Holme (5 Dec 2014) -- multi.c: Fixed compilation warning +- ldap.c: Fixed compilation warning - multi.c:2695: warning: declaration of `exp' shadows a global declaration + ldap.c:89: warning: extra tokens at end of #endif directive -Guenter Knauf (5 Dec 2014) -- build: updated dependencies in makefiles. +- ldap: Fixed support for Unicode DN in Win32 search call -Steve Holme (5 Dec 2014) -- sasl: Corrected formatting of function descriptions +- ldap: Fixed Unicode user and password in Win32 bind calls -- sasl_gssapi: Added missing function description +- ldap: Fixed Unicode host name in Win32 initialisation calls -- RELEASE-NOTES: Provided better descriptions +- ldap: Use host.dispname for infof() connection failure messages - As it is often difficult to choose the best description for a single - feature when it spans many commits, updated the descriptions for the - recent SMB/CIFS protocol and GSS-API additions. + As host.name may be encoded use dispname for infof() failure messages. -- sasl_sspi: Corrected some typos +- ldap: Prefer 'CURLcode result' for curl result codes -- sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data +- ldap: Pass write length in all Curl_client_write() calls - Don't use a hard coded size of 4 for the security layer and buffer size - in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as - we have done in the sasl_gssapi module. + As we get the length for the DN and attribute variables, and we know + the length for the line terminator, pass the length values rather than + zero as this will save Curl_client_write() from having to perform an + additional strlen() call. -- sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it +- ldap: Fixed attribute memory leaks on failed client write - Reduced the amount of free's required for the decoded challenge message - in Curl_sasl_create_gssapi_security_message() as a result of coding it - differently in the sasl_gssapi module. - -- gssapi: Corrected typo in comments + Fixed memory leaks from commit 086ad79970 as was noted in the commit + comments. -- sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message() +- ldap: Fixed DN memory leaks on failed client write + + Fixed memory leaks from commit 086ad79970 as was noted in the commit + comments. -Daniel Stenberg (4 Dec 2014) -- [Stefan Bühler brought this change] +- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d + + curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char + [8]') to parameter of type 'char *' converts + between pointers to integer types with different + sign - http_perhapsrewind: don't abort CONNECT requests +- ntlm: Use extend_key_56_to_64() for all cryptography engines - ...they never have a body + Rather than duplicate the code in setup_des_key() for OpenSSL and in + extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is + the same, use extend_key_56_to_64() for all engines. -- [Stefan Bühler brought this change] +- RELEASE-NOTES: Synced with 34f0bd110f - HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request +- curl_ntlm_core.c: Fixed compilation warning - Sending NTLM/Negotiate header again after successful authentication - breaks the connection with certain Proxies and request types (POST to MS - Forefront). - -- [Stefan Bühler brought this change] + curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined + but not used - HTTP: don't abort connections with pending Negotiate authentication +- endian: Fixed bit-shift in 64-bit integer read functions - ... similarly to how NTLM works as Negotiate is in fact often NTLM with - another name. + From commit 43792592ca and 4bb5a351b2. + + Reported-by: Michael Osipov -- [Stefan Bühler brought this change] +- smb: Use endian functions for reading NBT and message size values - fix gdb libtool invocation path +- endian: Added big endian read functions -Steve Holme (4 Dec 2014) -- sasl_gssapi: Fixed missing include from commit d3cca934ee +- endian: Added 64-bit integer read function -Daniel Stenberg (4 Dec 2014) -- [Jay Satiro brought this change] +- COPYING: Bumped copyright year to 2015 - examples: remove sony.com from 10-at-a-time +- version: Bump copyright year to 2015 + +- smb.c: Fixed compilation warnings - Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR - for the sony website because it ends the connection when the request is - missing a user agent. + smb.c:780: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign + smb.c:781: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign + smb.c:804: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign -Steve Holme (4 Dec 2014) -- sasl_gssapi: Fixed missing decoding debug failure message +- smb: Use endian functions for reading length and offset values -- sasl_gssapi: Fixed honouring of no mutual authentication +- endian: Added 16-bit integer write function -- sasl_sspi: Added more Kerberos V5 decoding debug failure messages +- endian: Fixed Linux compilation issues + + Having files named endian.[c|h] seemed to cause issues under Linux so + renamed them both to have the curl_ prefix in the filenames. -Daniel Stenberg (4 Dec 2014) -- [Anthon Pang brought this change] +- [Julien Nabet brought this change] - docs: Fix FAILONERROR typos + lib1900.c: Fixed cppcheck error - It returns error for >= 400 HTTP responses. + lib1900.c:182: (style) Array index 'handlenum' is used before limits + check - Bug: https://github.com/bagder/curl/pull/129 + Bug: https://github.com/bagder/curl/pull/133 -- [Peter Wu brought this change] +- endian: Added standard function descriptions - tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output - - Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as - option in the file generated by --libcurl. - - Signed-off-by: Peter Wu +- endian: Renamed functions for curl API naming convention -- [Peter Wu brought this change] +- endian: Moved write functions to new module - opts: fix CURLOPT_UNIX_SOCKET_PATH formatting - - Add .nf and .fi such that the code gets wrapped in a pre on the web. - Fixed grammar, fixed formatting of the "See also" items. +- endian: Moved read functions to new module + +- endian: Introduced endian module - Signed-off-by: Peter Wu + To allow the little endian functions, currently used in two of the NTLM + source files, to be used by other modules such as the SMB module. -Patrick Monnerat (4 Dec 2014) -- OS400: enable Unix sockets. +- sepheaders.c: Applied curl oding standards -Daniel Stenberg (3 Dec 2014) -- RELEASE-NOTES: synced with b216427e73b5e9 +- [Julien Nabet brought this change] -- opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am + sepheaders.c: Fixed resource leak on failure -- updateconninfo: clear destination struct before getsockname() +- vtls: Use '(void) arg' for unused parameters - Otherwise we may read uninitialized bytes later in the unix-domain - sockets case. + Prefer void for unused parameters, rather than assigning an argument to + itself as a) unintelligent compilers won't optimize it out, b) it can't + be used for const parameters, c) it will cause compilation warnings for + clang with -Wself-assign and d) is inconsistent with other areas of the + curl source code. -- curl.1: added --unix-socket +- smb.c: Fixed compilation warning + + smb.c:586: warning: conversion to 'short unsigned int' from 'int' may + alter its value -- [Peter Wu brought this change] +- [Bill Nagel brought this change] - tool: add --unix-socket option + smb: Use the connection's upload buffer - Signed-off-by: Peter Wu + Use the connection's upload buffer instead of allocating our own send + buffer. -- [Peter Wu brought this change] +- RELEASE-NOTES: Synced with 1933f9d33c - libcurl: add UNIX domain sockets support - - The ability to do HTTP requests over a UNIX domain socket has been - requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a - discussion happened, no patch seems to get through. I decided to give it - a go since I need to test a nginx HTTP server which listens on a UNIX - domain socket. - - One patch [3] seems to make it possible to use the - CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket. - Another person wrote a Go program which can do HTTP over a UNIX socket - for Docker[4] which uses a special URL scheme (though the name contains - cURL, it has no relation to the cURL library). +- schannel: Moved the ISC return flag definitions to the SSPI module - This patch considers support for UNIX domain sockets at the same level - as HTTP proxies / IPv6, it acts as an intermediate socket provider and - not as a separate protocol. Since this feature affects network - operations, a new feature flag was added ("unix-sockets") with a - corresponding CURL_VERSION_UNIX_SOCKETS macro. + Moved our Initialize Security Context return attribute definitions to + the SSPI module, as a) these can be used by other SSPI based providers + and b) the ISC required attributes are defined there. + +- [Bill Nagel brought this change] + + smb: Close the connection after a failed client write + +- darwinssl: Fixed compilation warning - A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This - option enables UNIX domain sockets support for all requests on the - handle (replacing IP sockets and skipping proxies). + vtls.c:683:43: warning: unused parameter 'data' + +- sockfilt.c: Fixed compilation warnings - A new configure option (--enable-unix-sockets) and CMake option - (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I - deliberately did not mark this feature as advanced, this is a - feature/component that should easily be available. + sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter + its value + +- test1509: Fixed compilation warning - [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html - [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/ - [2]: http://sourceforge.net/p/curl/feature-requests/53/ - [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html - [4]: https://github.com/Soulou/curl-unix-socket + lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may + alter its value + +- test556: Fixed compilation warning - Signed-off-by: Peter Wu + lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may + alter its value -- [Peter Wu brought this change] +- sasl_gssapi: Fixed use of dummy username with real username - tests: add two HTTP over UNIX socket tests +- vtls: Fixed compilation warning and an ignored return code - test1435: a simple test that checks whether a HTTP request can be - performed over the UNIX socket. The hostname/port are interpreted - by sws and should be ignored by cURL. + curl_schannel.h:123: warning: right-hand operand of comma expression + has no effect - test1436: test for the ability to do two requests to the same host, - interleaved with one to a different hostname. + Some instances of the curlssl_close_all() function were declared with a + void return type whilst others as int. The schannel version returned + CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the + return code was ignored by the calling function Curl_ssl_close_all(). - Signed-off-by: Peter Wu + For the time being and to keep the internal API consistent, changed all + declarations to use a void return type. + + To reduce code we might want to consider removing the unimplemented + versions and use a void #define like schannel does. -- [Peter Wu brought this change] +Daniel Stenberg (28 Dec 2014) +- TODO: 2.3 Better support for same name resolves - tests: add HTTP UNIX socket server testing support - - The variable `$ipvnum` can now contain "unix" besides the integers 4 - and 6 since the variable. Functions which receive this parameter - have their `$port` parameter renamed to `$port_or_path` to support a - path to the UNIX domain socket (as a "port" is only meaningful for TCP). +Steve Holme (28 Dec 2014) +- test1520: Fixed initial teething problems - Signed-off-by: Peter Wu + * Missing initialisation of upload status caused a seg fault + * Missing data termination caused corrupt data to be uploaded + * Data verification should be performed in element + * Added missing recipient list cleanup -- [Peter Wu brought this change] +- test1520: Fixed compilation errors - sws: try to remove socket and retry bind - - If sws is killed it might leave a stale socket file on the filesystem - which would cause an EADDRINUSE error. After this patch, it is checked - whether the socket is really stale and if so, the socket file gets - removed and another bind is executed. - - Signed-off-by: Peter Wu +- tests: Added test for bug #1456 -- [Peter Wu brought this change] +- checksrc.bat: Fixed a problem opening files with spaces in the filename - sws: add UNIX domain socket support - - This extends sws with a --unix-socket option which causes the port to - be ignored (as the server now listens on the path specified by - --unix-socket). This feature will be available in the following patch - that enables checking for UNIX domain socket support. - - Proxy support (CONNECT) is not considered nor tested. It does not make - sense anyway, first connecting through a TCP proxy, then let that TCP - proxy connect to a UNIX socket. +- openldap: Prefer use of 'CURLcode result' + +- openldap: Use 'LDAPMessage *msg' for messages - Signed-off-by: Peter Wu + This frees up the 'result' variable for CURLcode based result codes. -- [Peter Wu brought this change] +- nss: Don't ignore Curl_extract_certinfo() OOM failure - sws: restrict TCP_NODELAY to IP sockets - - TCP_NODELAY does not make sense for Unix sockets, so enable it only if - the socket is using IP. +- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure + +- nss: Use 'CURLcode result' for curl result codes - Signed-off-by: Peter Wu + ...and don't use CURLE_OK in failure/success comparisons. -Dan Fandrich (3 Dec 2014) -- [Dave Reisner brought this change] +- getinfo: Code style policing - curl.1: fix trivial typo +- getinfo: Use 'CURLcode result' for curl result codes -Steve Holme (3 Dec 2014) -- sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message() +- darwinssl: Use 'CURLcode result' for curl result codes -- sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup() +- polarssl: Use 'CURLcode result' for curl result codes -- sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function +- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries - Added helper function for returning a GSS-API compatible SPN. + As this feature has been implemented for 7.40.0. -Daniel Stenberg (3 Dec 2014) -- NSS: enable the CAPATH option +- asiohiper.cpp: No need to initialise members of ConnInfo - Bug: http://curl.haxx.se/bug/view.cgi?id=1457 - Patch-by: Tomasz Kojm - -Steve Holme (3 Dec 2014) -- sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds + ...as calloc() automatically clears the area of memory with zeros. -- sasl_gssapi: Added GSS-API based Kerberos V5 variables +- asiohiper.cpp: Updated for curl coding standards + + ...with the exception of the start of block statement curly brackets. -- sws.c: Fixed compilation warning when IPv6 is disabled +- code/docs: Use correct case for IPv4 and IPv6 - sws.c:69: warning: comma at end of enumerator list + For consistency, as we seem to have a bit of a mixed bag, changed all + instances of ipv4 and ipv6 in comments and documentations to use the + correct case. -- sasl_gssapi: Made log_gss_error() a common GSS-API function +- runtests: Fixed detection of Unix Sockets feature - Made log_gss_error() a common function so that it can be used in both - the http_negotiate code as well as the curl_sasl_gssapi code. + ...following change in curl --version output. -- sasl_gssapi: Introduced GSS-API based SASL module +- code/docs: Use Unix rather than UNIX to avoid use of the trademark - Added the initial version of curl_sasl_gssapi.c and updated the project - files in preparation for adding GSS-API based Kerberos V5 support. + Use Unix when generically writing about Unix based systems as UNIX is + the trademark and should only be used in a particular product's name. -- smb: Don't try to connect with empty credentials +- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported - On some platforms curl would crash if no credentials were used. As such - added detection of such a use case to prevent this from happening. + if2ip.c:119: warning: unused parameter 'remote_scope_id' - Reported-by: Gisle Vanem - -- smb.c: Coding policing of pointer usage - -- configure: Fixed inclusion of SMB when no crypto engines available - -Guenter Knauf (1 Dec 2014) -- build: in Makefile.m32 simplified autodetection. + ...and some minor code style policing in the same function. -Daniel Stenberg (30 Nov 2014) -- [Peter Wu brought this change] +- vtls: Don't set cert info count until memory allocation is successful + + Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs + member variable to the requested count, which could then be used + incorrectly as libcurl closes down. - sws: move away from IPv4/IPv4-only assumption +- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type - Instead of depending the socket domain type on use_ipv6, specify the - domain type (AF_INET / AF_INET6) as variable. An enum is used here with - switch to avoid compiler warnings in connect_to, complaining that rc - is possibly undefined (which is not possible as socket_domain is - always set). + The return type for this function was 0 on success and 1 on error. This + was then examined by the calling functions and, in most cases, used to + return CURLE_OUT_OF_MEMORY. - Besides abstracting the socket type, make the debugging messages be - independent on IP (introduce location_str which points to "port XXXXX"). - Rename "ipv_inuse" to "socket_type" and tighten the scope (main). + Instead use CURLcode for the return type and return the out of memory + error directly, propagating it up the call stack. + +- configure: Use camel case for UNIX sockets feature output - Signed-off-by: Peter Wu + To match the curl --version output. -- [Peter Wu brought this change] +Marc Hoersken (26 Dec 2014) +- sockfilt.c: Reduce the number of individual memory allocations + + Merge multiple internal arrays into one, even if some variables + will not not be used. They are all created with the number of + file descriptors as their size. + + Also fix possible thread handle leak in CloseHandle-loop. - lib/connect: restrict IP/TCP options to said sockets +- sockfilt.c: Replace 100ms sleep with thread throttle - This patch prepares for adding UNIX domain sockets support. + Improves performance of test cases 574 and 575 by 50%. - TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not - apply these to other socket types. bindlocal only works for IP sockets - (independent of TCP/UDP), so filter that out too for other types. + A value of zero causes the thread to relinquish the remainder + of its time slice to any other thread of equal priority that is + ready to run. If there are no other threads of equal priority + ready to run, the function returns immediately, and the thread + continues execution. - Signed-off-by: Peter Wu + http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx -- smb.c: use size_t as input argument types for msg sizes +Steve Holme (25 Dec 2014) +- tool_help: Use camel case for UNIX sockets feature output - This fixes warnings about conversions to int - -Steve Holme (30 Nov 2014) -- version: The next release will become 7.40.0 - -- [Bill Nagel brought this change] + In line with the other features listed in the --version output, + capitalise the UNIX socket feature. - docs: Updated for the SMB protocol +- vtls: Use bool for Curl_ssl_getsessionid() return type - This patch updates the documentation for the SMB/CIFS protocol. + The return type of this function is a boolean value, and even uses a + bool internally, so use bool in the function declaration as well as + the variables that store the return value, to avoid any confusion. -- curl tool: Exclude SMB from the protocol redirect - - As local files could be accessed through \\localhost\c$. +- schannel: Minor code style policing for casts -- [Bill Nagel brought this change] +- schannel: Prefer 'CURLcode result' for curl result codes - curl tool: Enable support for the SMB protocol - - This patch enables SMB/CIFS support in the curl command-line tool. +- cyassl: Prefer 'CURLcode result' for curl result codes -- smb.c: Fixed compilation warnings - - smb.c:398: warning: comparison of integers of different signs: - 'ssize_t' (aka 'long') and 'unsigned long' - smb.c:443: warning: comparison of integers of different signs: - 'ssize_t' (aka 'long') and 'unsigned long' +- tool_xattr: Use 'CURLcode result' for curl result codes -- libcurl: Exclude SMB from the protocol redirect +- curl_ntlm_core.c: Fixed compilation warnings - As local files could be accessed through \\localhost\c$. - -- [Bill Nagel brought this change] + curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of + 'CryptImportKey' differ in signedness + curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from + incompatible pointer type + curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam' + from incompatible pointer type - libcurl: Enable support for the SMB protocol - - This patch enables SMB/CIFS support in libcurl. +- RELEASE-NOTES: Synced with 8830df8b66 -- smb.c: Fixed compilation warnings - - smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned - int' may alter its value - smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned - int' may alter its value - smb.c:482: warning: conversion to 'short unsigned int' from 'int' may - alter its value - smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may - alter its value - smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may - alter its value - smb.c:550: warning: conversion to 'short unsigned int' from 'int' may - alter its value +- gtls: Use preferred 'CURLcode result' -- smb.c: Renamed SMB command message variables to avoid compiler warnings +- openldap: Use standard naming for setup connection function - smb.c:489: warning: declaration of 'close' shadows a global declaration - smb.c:511: warning: declaration of 'read' shadows a global declaration - smb.c:528: warning: declaration of 'write' shadows a global declaration + Renamed ldap_setup() to ldap_setup_connection() to follow more widely + used function naming. -- smb.c: Fixed compilation warnings +- rtmp: Use standard naming for setup connection function - smb.c:212: warning: unused parameter 'done' - smb.c:380: warning: ISO C does not allow extra ';' outside of a function - smb.c:812: warning: unused parameter 'premature' - smb.c:822: warning: unused parameter 'dead' + Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely + used function naming. -- smb.c: Fixed compilation warnings +- smb: Use standard naming for setup connection function - smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short', - possible loss of data - smb.c:425: warning: conversion from '__int64' to 'unsigned short', - possible loss of data - smb.c:452: warning: conversion from '__int64' to 'unsigned short', - possible loss of data + Renamed smb_setup() to smb_setup_connection() to follow more widely + used function naming. -- smb.c: Fixed compilation warnings - - smb.c:162: error: comma at end of enumerator list - smb.c:469: warning: conversion from 'size_t' to 'unsigned short', - possible loss of data - smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int', - possible loss of data - smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int', - possible loss of data +- config-win32.h: Fixed line length > 79 columns -- [Bill Nagel brought this change] +- openssl: Prefer we don't use NULL in comparisons - smb: Added initial SMB functionality +- build: Removed WIN32 definition from the Visual Studio projects - Initial implementation of the SMB/CIFS protocol. - -- [Bill Nagel brought this change] + As this pre-processor definition is defined in curl_setup.h there is no + need to include it in the Visual Studio project files. - smb: Added SMB handler interfaces +- build: Removed WIN64 definition from the libcurl Visual Studio projects - Added the SMB and SMBS handler interface structures and associated - functions required for SMB/CIFS operation. - -- transfer: Code style policing + Removed the WIN64 pre-processor definition from the libcurl project + files as: - Prefer ! rather than NULL in if statements, added comments and updated - function spacing, argument spacing and line spacing to be more readble. - -- transfer: Fixed existing scratch buffer being checked for NULL twice + * WIN64 is not used in our source code + * The curl projects files don't define it + * It isn't required by or used in the platform SDK + * For backwards compatability curl_setup.h defines WIN32 + * The compiler automatically defines _WIN64 for x64 builds - If the scratch buffer already existed when the CRLF conversion was - performed then the buffer pointer would be checked twice for NULL. This - second check is only necessary if the call to malloc() was performed by - the first check. - -- smtp: Fixed dot stuffing being performed when no new data read + Historically Visual Studio projects have defined WIN32, in addition to + the compiler defined _WIN32 definition, and I had incorrectly changed + that to WIN64 for the x64 libcurl builds but not in the curl projects. - Whilst I had moved the dot stuffing code from being performed before - CRLF conversion takes place to after it, in commit 4bd860a001, I had - moved it outside the 'when something read' block of code when meant - it could perform the dot stuffing twice on partial send if nread - happened to contain the right values. It also meant the function could - potentially read past the end of buffer. This was highlighted by the - following warning: + As such, it is questionable whether this should be defined or not. For + more information see the following cache of a discussion that took + place on the microsoft.public.vc.mfc newsgroup: - warning: `nread' might be used uninitialized in this function + http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html -Daniel Stenberg (29 Nov 2014) -- smb.h: fixed picky compiler warning +- openssl.c Fix for compilation errors with older versions of OpenSSL - smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic] + openssl.c:1408: error: 'TLS1_1_VERSION' undeclared + openssl.c:1411: error: 'TLS1_2_VERSION' undeclared -Steve Holme (29 Nov 2014) -- tests: Disable test 1013 until SMB is fully added +Daniel Stenberg (22 Dec 2014) +- [John Malmberg brought this change] -- [Bill Nagel brought this change] + Fix comment edit in vms/backup_gnv_curl_src.com + + packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port. - smb: Added SMB protocol and port definitions +- curl: show size of inhibited data when using -v - Added the necessary protocol and port definitions in order to support - SMB/CIFS. + To offer some more info and yet it doesn't use more lines. -- [Bill Nagel brought this change] +- openssl: fix SSL/TLS versions in verbose output - smb: Added internal SMB definitions and structures - - Added the internal definitions and structures necessary for SMB/CIFS - support. +- openssl: make it compile against openssl 1.1.0-DEV master branch -- [Bill Nagel brought this change] +Marc Hoersken (22 Dec 2014) +- sshserver.pl: clarify and streamline variable names - smb: Added SMB connection structure +Daniel Stenberg (21 Dec 2014) +- openssl: warn for SRP set if SSLv3 is used, not for TLS version - Added the connection structure that will be required in urldata.h for - SMB/CIFS based connections. - -- [Bill Nagel brought this change] + ... as it requires TLS and it was was left to warn on the default from + when default was SSL... - smb: Added initial source files for SMB +- smb: use memcpy() instead of strncpy() - Added the initial source files and updated the relevant project files in - order to support SMB/CIFS. + ... as it never copies the trailing zero anyway and always just the four + bytes so let's not mislead anyone into thinking it is actually treated + as a string. + + Coverity CID: 1260214 -- [Bill Nagel brought this change] +- [John E. Malmberg brought this change] - smb: Added configuration options for SMB + VMS: Updates for 0740-0D1220 - Added --enable-smb and --disable-smb configuration options for the - upcoming SMB/CIFS protocol support. - -Daniel Stenberg (28 Nov 2014) -- [Peter Wu brought this change] + lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help. + More defines to set symbols to uppercase. + + src/tool_main.c : Fix parameter to vms_special_exit() call. + + packages/vms/ : + backup_gnv_curl_src.com : Fix the error message to have the correct package. + + build_curl-config_script.com : Rewrite to be more accurate. + + build_libcurl_pc.com : Use tool_version.h now. + + build_vms.com : Fix to handle lib/vtls directory. + + curl_gnv_build_steps.txt : Updated build procedure documentation. + + generate_config_vms_h_curl.com : + * VAX does not support 64 bit ints, so no NTLM support for now. + * VAX HP SSL port is ancient, needs some help. + * Disable NGHTTP2 for now, not ported to VMS. + * Disable UNIX_SOCKETS, not available on VMS yet. + * HP GSSAPI port does not have gss_nt_service_name. + + gnv_link_curl.com : Update for new curl structure. + + pcsi_product_gnv_curl.com : Set up to optionally do a complete build. - runtests.pl: fix startup of IPv6 servers +Marc Hoersken (21 Dec 2014) +- sockfilt.c: use non-Ex functions that are available before WinXP - Commit curl-7_23_1-143-g8218064 changed the parameter of - responsive_http_server to accept types other than IPv6 (converting - from a boolean to a string), but only considered the lower-case "ipv6" - and not the "IPv6" variant. This caused all servers to start in IPv4 - mode instead. + It was initially reported by Guenter that GetFileSizeEx + requires (_WIN32_WINNT >= 0x0500) to be true. + +- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files - This patch converts the remaining cases to "ipv6". While not strictly - necessary for the run*server variants, these got also converted for - consistency and to prevent future errors. + Second patch to enable Windows support using Cygwin-based OpenSSH. - Signed-off-by: Peter Wu + Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7. -- [Peter Wu brought this change] +- tests: support spaces in paths to SSH, SSHD and SFTP binaries + + First patch to enable Windows support using Cygwin-based OpenSSH. - runtests.pl: fix warning message, remove duplicate value +Steve Holme (20 Dec 2014) +- non-ascii: Reduce variable usage - Signed-off-by: Peter Wu + Removed 'next' variable in Curl_convert_form(). Rather than setting it + from 'form->next' and using that to set 'form' after the conversion + just use 'form = form->next' instead. -Steve Holme (27 Nov 2014) -- http.c: Fixed compilation warnings from features being disabled +- non-ascii: Prefer while loop rather than a do loop - warning: unused variable 'data' - warning: variable 'addcookies' set but not used + This also removes the need to check that the 'form' argument is valid. + +- non-ascii: Reduce variable scope - ...and some very minor coding style policing. + As 'result' isn't used out side the conversion callback code and + previously caused variable shadowing in the libiconv based code. -- RELEASE-NOTES: Synced with c5399c827d +- non-ascii: We prefer 'CURLcode result' + + This also fixes a variable shadowing issue when HAVE_ICONV is defined + as rc was declared for the result code of libiconv based functions. -- tests: Added SMTP with --crlf test case +Marc Hoersken (19 Dec 2014) +- secureserver.pl: clean up formatting of config and fix verbose output + + Verbose output was not matching the actual configuration file, + because FIPS and Windows conditions were ignored. -- docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion +- secureserver.pl: update Windows detection and fix path conversion -- smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob() +- secureserver.pl: make OpenSSL CApath and cert absolute path values - ...and some comment typos! + Recent stunnel versions (5.08) seem to have trouble with relative + paths on Windows. This turns the relative paths into absolute ones. -- smtp: Added support for the conversion of Unix newlines during mail send - - Added support for the automatic conversion of Unix newlines to CRLF - during mail uploads. - - Feature: http://curl.haxx.se/bug/view.cgi?id=1456 +Patrick Monnerat (18 Dec 2014) +- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code. -- CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols +- [Kyle J. McKay brought this change] -Daniel Stenberg (25 Nov 2014) -- curl*3: added small examples - - and some minor edits + parseurlandfillconn(): fix improper non-numeric scope_id stripping. + Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/ -- libcurl.3: fix formatting +- IPV6: address scope != scope id + There was a confusion between these: this commit tries to disambiguate them. + - Scope can be computed from the address itself. + - Scope id is scope dependent: it is currently defined as 1-based local + interface index for link-local scoped addresses, and as a site index(?) for + (obsolete) site-local addresses. Linux only supports it for link-local + addresses. + The URL parser properly parses a scope id as an interface index, but stores it + in a field named "scope": confusion. The field has been renamed into "scope_id". + Curl_if2ip() used the scope id as it was a scope. This caused failures + to bind to an interface. + Scope is now computed from the addresses and Curl_if2ip() matches them. + If redundantly specified in the URL, scope id is check for mismatch with + the interface index. - refer to functions with the man page section properly + This commit should fix SF bug #1451. -- man pages: SEE ALSO curl_multi_wait +- connect: singleipconnect(): properly try other address families after failure -- curl_multi_wait.3: clarify numfds being used if not NULL +Daniel Stenberg (16 Dec 2014) +- SFTP: work-around servers that return zero size on STAT + + Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html + Pathed-by: Marc Renault -- multi-single.c: switch to use curl_multi_wait +- glob_next_url: make the loop count upwards - Makes the example much easier and straight-forward! + As the former contruct apparently caused a compiler warning, mentioned + in d8efde07e556c. -- testcurl: bump the version of this script! +- tool_operate: we prefer 'CURLcode result' -- testcurl: skip reading the setup file if given enough cmdline info +- tool_urlglob: unify return codes to use CURLcode - This makes it much easier to run multiple tests in the same directory, - just altering the command lines used. + There was a mix of GlobCode, CURLcode and ints and they were mostly + passing around CURLcode errors. This change makes the functions use only + CURLcode and removes the GlobCode type completely. -- select.c: fix compilation for VxWorks +- tool_urlglob.c: partly reverse dc19789444 - Reported-by: Brian - Bug: http://curl.haxx.se/bug/view.cgi?id=1455 + The loop in glob_next_url() needs to be done backwards to maintain the + logic. dc19789444 caused test 1235 to fail. -Patrick Monnerat (24 Nov 2014) -- [moparisthebest brought this change] +- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME - SSL: Add PEM format support for public key pinning +- [Jay Satiro brought this change] -Kamil Dudka (24 Nov 2014) -- Revert "repository: ignore patch files generated by git" + opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS - This reverts commit 217024a687ce86eb6d2317822ed81c7e5abc4b61. + Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and + CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one + that will be used. - Bug: https://github.com/bagder/curl/commit/217024a6#commitcomment-8693738 + Prior to this change that behavior was only noted in the + CURLOPT_TIMEOUT_MS doc. -Steve Holme (23 Nov 2014) -- multi.c: Fixed compilation warnings when no verbose string support +Nick Zitzmann (15 Dec 2014) +- darwinssl: fix incorrect usage of aprintf() - warning: variable 'connection_id' set but not used - warning: unused parameter 'lineno' - -- RELEASE-NOTES: Synced with 1450712e76 - -- sasl: Tidied up some parameter comments - -- sasl: Reduced the need for two sets of NTLM functions + Commit b13923f changed an snprintf() to use aprintf(), but the API usage + wasn't correct, and was causing a crash to occur. This fixes it. -- ntlm: Moved NSS initialisation to base decode function +Steve Holme (14 Dec 2014) +- copyright: Updated the copyright year following recent updates -- http_ntlm: Fixed additional NSS initialisation call when decoding type-2 +Daniel Stenberg (14 Dec 2014) +- tool_urlglob.c: reverse two loops - After commit 48d19acb7c the HTTP code would call Curl_nss_force_init() - twice when decoding a NTLM type-2 message, once directly and the other - through the call to Curl_sasl_decode_ntlm_type2_message(). - -- ntlm: Fixed static'ness of local decode function + By counting from 0 and up instead of backwards like before, we remove + the need for the "funny" check of the unsigned variable when decreased + passed zero. Easier to read and less risk for compiler warnings. -- ntlm: Corrected some parameter names and comments +Marc Hoersken (14 Dec 2014) +- tool_urlglob.c: Added braces to clarify the conditions -- runtests.pl: Re-aligned feature support comments +- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop + + The >= 0 is actually not required, since i underflows and + the for-loop is stopped using the < condition, but this + makes the VS2012 compiler and code analysis happy. -- runtests.pl: Use Kerberos and SPNEGO as proxies for the crypto feature +- tool_binmode.c: Explicitly ignore the return code of setmode - In addition to NTLM, use Kerberos and SPNEGO as proxies to the crypto - feature. + Fixes code analysis warning C6031: + return value ignored: could return unexpected value + +- lib: Fixed multiple code analysis warnings if SAL are available - ...and converted tab characters, from commit 4b4e8a5853, to spaces. + warning C28252: Inconsistent annotation for function: + parameter has another annotation on this instance -- runtests.pl: Added support for SPNEGO +Steve Holme (14 Dec 2014) +- smb.c: Fixed code analysis warning + + smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted, + then cast to 64-bit value. Result may not be an expected + value -- runtests.pl: Added Kerberos detection +Marc Hoersken (14 Dec 2014) +- tool_util.c: Use GetTickCount64 if it is available -- runtests.pl: Added GSS-API detection +Steve Holme (14 Dec 2014) +- smb: Use HAVE_PROCESS_H for process.h inclusion + + Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H + pre-processor define when including process.h. -- FILEFORMAT: Added SSPI, GSS-API and Kerberos to the features list +Daniel Stenberg (14 Dec 2014) +- darwinssl: aprintf() to allocate the session key + + ... to avoid using a fixed memory size that risks being too large or too + small. -- FILEFORMAT: Added test requires feature not present information +Marc Hoersken (14 Dec 2014) +- curl_schannel: Improvements to memory re-allocation strategy - Such as !SSPI as we do for the NTLM and Digest tests. + - do not grow memory by doubling its size + - do not leak previously allocated memory if reallocation fails + - replace while-loop with a single check to make sure + that the requested amount of data fits into the buffer + + Bug: http://curl.haxx.se/bug/view.cgi?id=1450 + Reported-by: Warren Menzer -Daniel Stenberg (20 Nov 2014) -- http.c: log if it notices HTTP 1.1 after a upgrade to http2 +Steve Holme (14 Dec 2014) +- asyn-ares: We prefer use of 'CURLcode result' -- test1801: first real http2 test case +Marc Hoersken (14 Dec 2014) +- curl_schannel.c: Data may be available before connection shutdown -- sws: initial tiny steps toward http2 support +Steve Holme (14 Dec 2014) +- http2: Use 'CURLcode result' for curl result codes -- FILEFORMAT: mention the new upgrade support +- asyn-thread: We prefer 'CURLcode result' -- test1800: first plain-text http2 test case +- smb: Fixed unnecessary initialisation of struct member variables - Verifies the upgrade request, but gets a plain 1.1 response + There is no need to set the 'state' and 'result' member variables to + SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc() + as calloc() initialises the contents to zero. -- [Tatsuhiro Tsujikawa brought this change] +- ntlm: Fixed return code for bad type-2 Target Info + + Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security + buffers just like we do for bad decodes. - http: Disable pipelining for HTTP/2 and upgraded connections +- ntlm: Remove unnecessary casts in readshort_le() - This commit disables pipelining for HTTP/2 or upgraded connections. For - HTTP/2, we do not support multiplexing. In general, requests cannot be - pipelined in an upgraded connection, since it is now different protocol. + I don't think both of my fix ups from yesterday were needed to fix the + compilation warning, so remove the one that I think is unnecessary and + let the next Android autobuild prove/disprove it. -- [Brad Harder brought this change] +- curl_ntlm_msgs.c: Another attempt to fix compilation warning + + curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from + 'int' may alter its value - CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option +Guenter Knauf (13 Dec 2014) +- synctime.c: added own user-agent string. -Steve Holme (19 Nov 2014) -- multi-uv.c: Updated for curl coding standards +Steve Holme (13 Dec 2014) +- smb.c: Fixed line longer than 79 columns -- conncache: Fixed specifiers in infof() for long and size_t variables +- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11 + + curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from + 'int' may alter its value -- [Peter Wu brought this change] +Guenter Knauf (13 Dec 2014) +- mk-ca-bundle.pl: restored forced run again. - cmake: add Kerberos to the supported features - - Updated following commit eda919f and a4b7f71. +- synctime.c: removed another timeserver URL. - Acked-by: Brad King - Signed-off-by: Peter Wu + worldtimeserver.com seems also no longer available. -- [Peter Wu brought this change] +- synctime.c: fixed timeserver URLs. + + For getting the date header its not necessary to access special + pages or even CGI scripts - all pages including the main index + reply with the date header, therefore shortened URLs to domain. + Removed worldtime.com; added pool.ntp.org. - cmake: fix NTLM detection when CURL_DISABLE_HTTP defined +Steve Holme (13 Dec 2014) +- ftp.c: Fixed compilation warning when no verbose string support - Updated following changes in commit f0d860d. + ftp.c:819: warning: unused parameter 'lineno' + +- smb: Added state change functions to assist with debugging - Acked-by: Brad King - Signed-off-by: Peter Wu + For debugging purposes, and as per other protocols within curl, added + state change functions rather than changing the states directly. -Daniel Stenberg (19 Nov 2014) -- RELEASE-NOTES: synced with cb13fad733e +- ntlm: Use short integer when decoding 16-bit values -- [Jay Satiro brought this change] +- RELEASE-NOTES: Synced with 6291a16b20 - examples: Wait recommended 100ms when no file descriptors are ready +- smtp.c: Fixed compilation warnings - Prior to this change when no file descriptors were ready on platforms - other than Windows the multi examples would sleep whatever was in - timeout, which may or may not have been less than the minimum - recommended value [1] of 100ms. + smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string + smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string + smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string - [1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html - -- [Waldek Kozba brought this change] - - multi-uv.c: close the file handle after download + Used array index notation instead. -- [Jon Spencer brought this change] +- smb: Disable SMB when 64-bit integers are not supported + + This fixes compilation issues with compilers that don't support 64-bit + integers through long long or __int64. - multi: inform about closed sockets before they are closed +- ntlm: Disable NTLM v2 when 64-bit integers are not supported - When the connection code decides to close a socket it informs the multi - system via the Curl_multi_closed function. The multi system may, in - turn, invoke the CURLMOPT_SOCKETFUNCTION function with - CURL_POLL_REMOVE. This happens after the socket has already been - closed. Reorder the code so that CURL_POLL_REMOVE is called before the - socket is closed. + This fixes compilation issues with compilers that don't support 64-bit + integers through long long or __int64 which was introduced in commit + 07b66cbfa4. -Guenter Knauf (19 Nov 2014) -- build: in Makefile.m32 moved target autodetection. +- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined - Moved target autodetection block after defining CC macro. + Previously USE_NTLM2SESSION would only be defined automatically when + USE_NTRESPONSES wasn't already defined. Separated the two definitions + so that the user can manually set USE_NTRESPONSES themselves but + USE_NTLM2SESSION is defined automatically if they don't define it. -- build: in Makefile.m32 simplify platform flags. +- smtp.c: Fixed line longer than 79 columns -- build: in Makefile.m32 try to detect 64bit target. +- config-win32.h: Don't enable Windows Crypt API if using OpenSSL + + As the OpenSSL and NSS Crypto engines are prefered by the core NTLM + routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT + automatically when either OpenSSL or NSS are in use - doing so would + disable NTLM2Session responses in NTLM type-3 messages. -Daniel Stenberg (19 Nov 2014) -- [Brad King brought this change] +- smtp: Fixed inappropriate free of the scratch buffer + + If the scratch buffer was allocated in a previous call to + Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent + call and no action taken by that call, then an attempt would be made to + try and free the buffer which, by now, would be part of the data->state + structure. + + This bug was introduced in commit 4bd860a001. - CMake: Simplify if() conditions on check result variables +- smtp: Fixed dot stuffing when EOL characters were at end of input buffers - Remove use of an old hack that takes advantage of the auto-dereference - behavior of the if() command to detect if a variable is defined. The - hack has the form: + Fixed a problem with the CRLF. detection when multiple buffers were + used to upload an email to libcurl and the line ending character(s) + appeared at the end of each buffer. This meant any lines which started + with . would not be escaped into .. and could be interpreted as the end + of transmission string instead. - if("${VAR} MATCHES "^${VAR}$") + This only affected libcurl based applications that used a read function + and wasn't reproducible with the curl command-line tool. - where "${VAR}" is a macro argument reference. Use if(DEFINED) instead. - This also avoids warnings for CMake Policy CMP0054 in CMake 3.1. - -- TODO-RELEASE: removed + Bug: http://curl.haxx.se/bug/view.cgi?id=1456 + Assisted-by: Patrick Monnerat -- [Carlo Wood brought this change] +Daniel Stenberg (11 Dec 2014) +- telnet: fix "cast increases required alignment of target type" - debug: added new connection cache output, plus fixups - - Debug output 'typo' fix. +- ntlm_wb_response: fix "statement not reached" - Don't print an extra "0x" in - * Pipe broke: handle 0x0x2546d88, url = / + ... and I could use a break instead of a goto to end the loop. - Add debug output. - Print the number of connections in the connection cache when - adding one, and not only when one is removed. + Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html + Reported-by: Tor Arntsen + +Steve Holme (10 Dec 2014) +- RELEASE-NOTES: Synced with 1cc5194337 - Fix typos in comments. + Added some bug fixes that I had missed in previous synchronisations. -- multi: move the ending condition into the loop as well +Daniel Stenberg (10 Dec 2014) +- Curl_unix2addr: avoid using the variable name 'sun' - ... as it was before I changed the loop in commit e04ccbd50. It caused - test 2030 and 2032 to fail. + I suspect this causes compile failures on Solaris: + + Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html -Steve Holme (18 Nov 2014) -- multi: Prefer we don't use CURLE_OK and NULL in comparisons +Steve Holme (10 Dec 2014) +- url.c: Fixed compilation warning when USE_NTLM is not defined + + url.c:3078: warning: variable 'credentialsMatch' set but not used -Daniel Stenberg (18 Nov 2014) -- multi_runsingle: use 'result' for local CURLcode storage +- parsedate.c: Fixed compilation warning - ... and assign data->result only at the end. Makes the code more compact - (easier to read) and more similar to other code. + parsedate.c:548: warning: 'parsed' may be used uninitialized in this + function + + As curl_getdate() returns -1 when parsedate() fails we can initialise + parsed to -1. -- multi_runsingle: rename result to rc +Daniel Stenberg (10 Dec 2014) +- TODO: Cache negative name resolves - save 'result' for CURLcode types + Worth exploring -- multi: make multi_runsingle loop internally +- ldap: check Curl_client_write() return codes - simplifies the use of this function at little cost. + There might be one or two memory leaks left in the error paths. -- [Carlo Wood brought this change] +- ldap: rename variables to comply to curl standards - multi: when leaving for timeout, close accordingly +Dan Fandrich (10 Dec 2014) +- sws.c: Fixed 'rc' may be used uninitialized warning + +- cookies: Improved OOM handling in cookies - Fixes the problem when a transfer in a pipeline times out. + This fixes the test 506 torture test. The internal cookie API really + ought to be improved to separate cookie parsing errors (which may be + ignored) with OOM errors (which should be fatal). -Guenter Knauf (18 Nov 2014) -- build: in Makefile.m32 add -m32 flag for 32bit. +Guenter Knauf (9 Dec 2014) +- synctime.c: fixed user-agent setting. + + Some websites meanwhile refuse to reply to requests from ancient + browsers like IE6, therefore I've comment out this setting, but + also fixed the string to now fake IE8 if someone enables it. -- mk-ca-bundle.vbs: update copyright year. +Daniel Stenberg (9 Dec 2014) +- smb: fix unused return code warning -- build: in Makefile.m32 pass -F flag to windres. +Patrick Monnerat (9 Dec 2014) +- Curl_client_write() & al.: chop long data, convert data only once. -Steve Holme (17 Nov 2014) -- config-win32: Fixed build targets for the VS2012+ Windows XP toolset +Guenter Knauf (9 Dec 2014) +- VC build: added sspi define for winssl-zlib builds. + +Daniel Stenberg (9 Dec 2014) +- schannel_recv: return the correct code - Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had - forgotten to include the relevant pre-processor definitions. + Bug: http://curl.haxx.se/bug/view.cgi?id=1462 + Reported-by: Tae Hyoung Ahn -- sasl_sspi: Removed note about the NTLM functions being a wrapper +- http2: avoid logging neg "failure" if h2 was not requested -- connect.c: Fixed compilation warning when no verbose string support - - warning: unused parameter 'reason' +- openldap: do not ignore Curl_client_write() return codes -- easy.c: Fixed compilation warning when no verbose string support - - warning: unused parameter 'easy' +- compile: warn on unused return code from Curl_client_write() -- win32: Updated some legacy APIs to use the newer extended versions +Patrick Monnerat (8 Dec 2014) +- SMB: Fix a data size mismatch that broke SMB on big-endian platforms + +Steve Holme (7 Dec 2014) +- smb: Fixed Windows autoconf builds following commit eb88d778e7 - Updated the usage of some legacy APIs, that are preventing curl from - compiling for Windows Store and Windows Phone build targets. + As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO + either explicitly through --enable-win32-cypto or automatically on + _WIN32 based platforms, subsequent builds broke with the following + error message: - Suggested-by: Stefan Neis - Feature: http://sourceforge.net/p/curl/feature-requests/82/ + "Can't compile NTLM support without a crypto library." -- config-win32: Introduce build targets for VS2012+ - - Visual Studio 2012 introduced support for Windows Store apps as well as - supporting Windows Phone 8. Introduced build targets that allow more - modern APIs to be used as certain legacy ones are not available on these - new platforms. +- RELEASE-NOTES: Synced with 526603ff05 -- sasl_sspi: Fixed compilation warnings when no verbose string support +- [Bill Nagel brought this change] -- sasl_sspi: Added base64 decoding debug failure messages + smb: Build with SSPI enabled - Just like in the NTLM code, added infof() failure messages for - DIGEST-MD5 and GSSAPI authentication when base64 decoding fails. - -- ntlm: Moved the SSPI based Type-3 message generation into the SASL module + Build SMB/CIFS protocol support when SSPI is enabled. -- ntlm: Moved the SSPI based Type-2 message decoding into the SASL module +- [Bill Nagel brought this change] -- ntlm: Moved the SSPI based Type-1 message generation into the SASL module + ntlm: Use Windows Crypt API + + Allow the use of the Windows Crypt API for NTLMv1 functions. -- [Michael Osipov brought this change] +Dan Fandrich (7 Dec 2014) +- cookie.c: Refactored cleanup code to simplify + + Also, fixed the outdated comments on the cookie API. - kerberos: Use symbol qualified with _KERBEROS5 +- get_url_file_name: Fixed crash on OOM on debug build - For consistency renamed USE_KRB5 to USE_KERBEROS5. + This caused a null-pointer dereference which caused a few dozen + torture tests to fail. -Daniel Stenberg (15 Nov 2014) -- [Jay Satiro brought this change] +Steve Holme (6 Dec 2014) +- sws.c: Fixed compilation warning + + sws.c:2191 warning: 'rc' may be used uninitialized in this function - examples: Don't call select() to sleep on windows +- ftp.c: Fixed compilation warnings when proxy support disabled - Windows does not support using select() for sleeping without a dummy - socket. Instead use Windows' Sleep() and sleep for 100ms which is the - minimum suggested value in the curl_multi_fdset() doc. + ftp.c:1827 warning: unused parameter 'newhost' + ftp.c:1827 warning: unused parameter 'newport' + +- smb: Fixed a problem with large file transfers - Prior to this change the multi examples would exit prematurely since - select() would error instead of sleeping when called without an fd. + Fixed an issue with the message size calculation where the raw bytes + from the buffer were interpreted as signed values rather than unsigned + values. - Reported-by: Johan Lantz - Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html + Reported-by: Gisle Vanem + Assisted-by: Bill Nagel -- [Tatsuhiro Tsujikawa brought this change] +- smb: Moved the URL decoding into a separate function - http2: Don't send Upgrade headers when we already do HTTP/2 +- smb: Fixed URL encoded URLs not working -Steve Holme (15 Nov 2014) -- sasl: Corrected Curl_sasl_build_spn() function description +- Makefile.inc: Added our standard header and updated file formatting + +- Makefile.inc: Updated file formatting - There was a mismatch in function parameter names. + Aligned continuation character and used space as the separator + character as per other makefile files. -- tool: Removed krb4 from the supported features +- curl_md4.h: Updated copyright year following recent edit - Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33, - so would not be output with --version, removed krb4 from the supported - features output. + ...and minor layout adjustment. -- [Michael Osipov brought this change] +Patrick Monnerat (5 Dec 2014) +- SMB: Fix big endian problems. Make it OS/400 aware. - tool: Use Kerberos for supported features +- OS400: enable NTLM authentication -- urldata: Don't define sec_complete when no GSS-API support present +Steve Holme (5 Dec 2014) +- multi.c: Fixed compilation warning - This variable is only used with HAVE_GSSAPI is defined by the FTP code - so let's place the definition with the other GSS-API based variables. - -- [Michael Osipov brought this change] + multi.c:2695: warning: declaration of `exp' shadows a global declaration - docs: Use consistent naming for Kerberos +Guenter Knauf (5 Dec 2014) +- build: updated dependencies in makefiles. -- TODO: Lets support QOP options in GSSAPI authentication +Steve Holme (5 Dec 2014) +- sasl: Corrected formatting of function descriptions -- sasl_sspi: Corrected a couple of comment typos +- sasl_gssapi: Added missing function description -- sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file +- RELEASE-NOTES: Provided better descriptions - Rather than define the function as extern in the source files that use - it, moved the function declaration into the SASL header file just like - the Digest and NTLM clean-up functions. + As it is often difficult to choose the best description for a single + feature when it spans many commits, updated the descriptions for the + recent SMB/CIFS protocol and GSS-API additions. + +- sasl_sspi: Corrected some typos + +- sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data - Additionally, added a function description comment block. + Don't use a hard coded size of 4 for the security layer and buffer size + in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as + we have done in the sasl_gssapi module. -- sasl_sspi: Added missing RFC reference for HTTP Digest authentication +- sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it + + Reduced the amount of free's required for the decoded challenge message + in Curl_sasl_create_gssapi_security_message() as a result of coding it + differently in the sasl_gssapi module. -- ntlm: Clean-up and standardisation of base64 decoding +- gssapi: Corrected typo in comments -- ntlm: We prefer 'CURLcode result' +- sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message() -Daniel Stenberg (13 Nov 2014) -- [Brad King brought this change] +Daniel Stenberg (4 Dec 2014) +- [Stefan Bühler brought this change] - CMake: Restore order-dependent library checks - - Revert commit 2257deb502 (Cmake: Avoid cycle directory dependencies, - 2014-08-22) and add a comment explaining the purpose of the original - code. - - The check_library_exists_concat macro is intended to be called multiple - times on a sequence of possibly dependent libraries. Later libraries - may depend on earlier libraries when they are static. They cannot be - safely linked in reverse order on some platforms. + http_perhapsrewind: don't abort CONNECT requests - Signed-off-by: Brad King + ...they never have a body -- [Brad King brought this change] +- [Stefan Bühler brought this change] - CMake: Restore order-dependent header checks - - Revert commit 1269df2e3b (Cmake: Don't check for all headers each - time, 2014-08-15) and add a comment explaining the purpose of the - original code. - - The check_include_file_concat macro is intended to be called multiple - times on a sequence of possibly dependent headers. Later headers - may depend on earlier headers to provide declarations. They cannot - be safely included independently on some platforms. - - For example, many POSIX APIs document including sys/types.h before some - other headers. Also on some OS X versions sys/socket.h must be included - before net/if.h or the check for the latter will fail. + HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request - Signed-off-by: Brad King + Sending NTLM/Negotiate header again after successful authentication + breaks the connection with certain Proxies and request types (POST to MS + Forefront). -- [Peter Wu brought this change] +- [Stefan Bühler brought this change] - test22: expand a backtick command - - This is the only user of the backtick operator in the command. As the - commands will soon not be executed by a shell anymore (but by perl), - replace the command with its output. + HTTP: don't abort connections with pending Negotiate authentication - Signed-off-by: Peter Wu + ... similarly to how NTLM works as Negotiate is in fact often NTLM with + another name. -- RELEASE-NOTES: synced with 2ee3c63b13 +- [Stefan Bühler brought this change] -- http2: fix switched macro when http2 is not enabled + fix gdb libtool invocation path -- [Tatsuhiro Tsujikawa brought this change] +Steve Holme (4 Dec 2014) +- sasl_gssapi: Fixed missing include from commit d3cca934ee - http2: Deal with HTTP/2 data inside response header buffer - - Previously if HTTP/2 traffic is appended to HTTP Upgrade response header - (thus they are in the same buffer), the trailing HTTP/2 traffic is not - processed and lost. The appended data is most likely SETTINGS frame. - If it is lost, nghttp2 library complains server does not obey the HTTP/2 - protocol and issues GOAWAY frame and curl eventually drops connection. - This commit fixes this problem and now trailing data is processed. +Daniel Stenberg (4 Dec 2014) +- [Jay Satiro brought this change] -Steve Holme (11 Nov 2014) -- configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined + examples: remove sony.com from 10-at-a-time - Commit fe0f8967bf fixed a problem with krb5 not being defined as a - supported feature when HAVE_GSSAPI is defined, however, it should - only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when - SPNEGO is listed as a feature. + Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR + for the sony website because it ends the connection when the request is + missing a user agent. + +Steve Holme (4 Dec 2014) +- sasl_gssapi: Fixed missing decoding debug failure message + +- sasl_gssapi: Fixed honouring of no mutual authentication -Daniel Stenberg (10 Nov 2014) -- multi: removed Curl_multi_set_easy_connection +- sasl_sspi: Added more Kerberos V5 decoding debug failure messages + +Daniel Stenberg (4 Dec 2014) +- [Anthon Pang brought this change] + + docs: Fix FAILONERROR typos - It isn't used anywhere! + It returns error for >= 400 HTTP responses. - Reported-by: Carlo Wood + Bug: https://github.com/bagder/curl/pull/129 - [Peter Wu brought this change] - symbol-scan.pl: do not require autotools - - Makes test1119 pass when building with cmake. + tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output - configurehelp.pm is generated by configure (autotools). As cmake does - not provide a separate variable for the C preprocessor, default to cpp. - Before commit ef24ecde68a5f577a7f0f423a767620f09a0ab16 ("symbol-scan: - use configure script knowledge about how to run the C preprocessor"), - this tool would also use 'cpp'. + Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as + option in the file generated by --libcurl. Signed-off-by: Peter Wu - [Peter Wu brought this change] - cmake: add ENABLE_THREADED_RESOLVER, rename ARES + opts: fix CURLOPT_UNIX_SOCKET_PATH formatting - Fix detection of the AsynchDNS feature which not just depends on - pthreads support, but also on whether USE_POSIX_THREADS is set or not. - Caught by test 1014. - - This patch adds a new ENABLE_THREADED_RESOLVER option (corresponding to - --enable-threaded-resolver of autotools) which also needs a check for - HAVE_PTHREAD_H. - - For symmetry with autotools, CURL_USE_ARES is renamed to ENABLE_ARES - (--enable-ares). Checks that test for the availability actually use - USE_ARES instead as that is the result of whether a-res is available or - not (in practice this does not matter as CARES is marked as required - package, but nevertheless it is better to write the intent). + Add .nf and .fi such that the code gets wrapped in a pre on the web. + Fixed grammar, fixed formatting of the "See also" items. Signed-off-by: Peter Wu -- [Peter Wu brought this change] +Patrick Monnerat (4 Dec 2014) +- OS400: enable Unix sockets. - cmake: build libhostname for test suite - - Used by some test cases via LD_PRELOAD in order to fake the host name. +Daniel Stenberg (3 Dec 2014) +- RELEASE-NOTES: synced with b216427e73b5e9 + +- opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am + +- updateconninfo: clear destination struct before getsockname() - Signed-off-by: Peter Wu + Otherwise we may read uninitialized bytes later in the unix-domain + sockets case. + +- curl.1: added --unix-socket - [Peter Wu brought this change] - cmake: fix HAVE_GETHOSTNAME definition - - Otherwise Curl_gethostname always fails. Windows has gethostname - since Vista according to - http://msdn.microsoft.com/en-us/library/ms738527%28VS.85%29.aspx, but - accordings to byte_bucket's VC 2005 documentation, it is available even - in Windows 95. (possibly after installing a Platform SDK, the - Windows Server 2003 SP1 Platform SDK should be sufficient). + tool: add --unix-socket option Signed-off-by: Peter Wu - [Peter Wu brought this change] - tests: fix libhostname visibility + libcurl: add UNIX domain sockets support + + The ability to do HTTP requests over a UNIX domain socket has been + requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a + discussion happened, no patch seems to get through. I decided to give it + a go since I need to test a nginx HTTP server which listens on a UNIX + domain socket. + + One patch [3] seems to make it possible to use the + CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket. + Another person wrote a Go program which can do HTTP over a UNIX socket + for Docker[4] which uses a special URL scheme (though the name contains + cURL, it has no relation to the cURL library). - I noticed that a patched cmake build would pass tests with a fake local - hostname, but the autotools build skips them: + This patch considers support for UNIX domain sockets at the same level + as HTTP proxies / IPv6, it acts as an intermediate socket provider and + not as a separate protocol. Since this feature affects network + operations, a new feature flag was added ("unix-sockets") with a + corresponding CURL_VERSION_UNIX_SOCKETS macro. - got unexpected host name back, LD_PRELOAD failed + A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This + option enables UNIX domain sockets support for all requests on the + handle (replacing IP sockets and skipping proxies). - It turns out that -fvisibility=hidden hides the symbol, and since the - tests are not part of libcurl, it fails too. Just remove the LIBCURL - guard. + A new configure option (--enable-unix-sockets) and CMake option + (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I + deliberately did not mark this feature as advanced, this is a + feature/component that should easily be available. - Broken since cURL 7.30 (commit 83a42ee20ea7fc25abb61c0b7ef56ebe712d7093, - "curl.h: stricter CURL_EXTERN linkage decorations logic"). + [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html + [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/ + [2]: http://sourceforge.net/p/curl/feature-requests/53/ + [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html + [4]: https://github.com/Soulou/curl-unix-socket Signed-off-by: Peter Wu - [Peter Wu brought this change] - tests: fix memleak in server/resolve.c - - This makes LeakSanitizer happy. + tests: add two HTTP over UNIX socket tests - Signed-off-by: Peter Wu - -- configure: assume krb5 when gss-api works + test1435: a simple test that checks whether a HTTP request can be + performed over the UNIX socket. The hostname/port are interpreted + by sws and should be ignored by cURL. - To please test 1014 while we work out if this is truly the a correct - assumption. - -Steve Holme (9 Nov 2014) -- vtls.h: Fixed compiler warning when compiled without SSL + test1436: test for the ability to do two requests to the same host, + interleaved with one to a different hostname. - vtls.c:185:46: warning: unused parameter 'data' - -- RELEASE-NOTES: Synced with 2fbf23875f + Signed-off-by: Peter Wu -- ntlm: Added separate SSPI based functions - - In preparation for moving the NTLM message code into the SASL module, - and separating the native code from the SSPI code, added functions that - simply call the functions in curl_ntlm_msg.c. +- [Peter Wu brought this change] -- http_ntlm: Use the SASL functions instead + tests: add HTTP UNIX socket server testing support - In preparation for moving the NTLM message code into the SASL module - use the SASL functions in the HTTP code instead. - -Daniel Stenberg (9 Nov 2014) -- libssh2: detect features based on version, not configure checks + The variable `$ipvnum` can now contain "unix" besides the integers 4 + and 6 since the variable. Functions which receive this parameter + have their `$port` parameter renamed to `$port_or_path` to support a + path to the UNIX domain socket (as a "port" is only meaningful for TCP). - ... so that non-configure builds get the correct functions too based on - the libssh2 version used. + Signed-off-by: Peter Wu -- [Nobuhiro Ban brought this change] +- [Peter Wu brought this change] - SSH: use the port number as well for known_known checks - - ... if the libssh2 version is new enough. + sws: try to remove socket and retry bind - Bug: http://curl.haxx.se/bug/view.cgi?id=1448 - -Steve Holme (9 Nov 2014) -- INSTALL: Updated pre-processor references to the old VC6 project files + If sws is killed it might leave a stale socket file on the filesystem + which would cause an EADDRINUSE error. After this patch, it is checked + whether the socket is really stale and if so, the socket file gets + removed and another bind is executed. - Reworked the two sections that discuss modifying the Visual Studio pre- - processor settings, and vc6libcurl.dsw/vc6libcurl.dsp, to remove the - project files references as they have been superseded by a more thorough - set of project files for VC6 through VC12, but to also give the correct - reference to this setting in later versions of Visual Studio. - -- INSTALL: Added email protocols to the "Disabling in Win32 builds" section + Signed-off-by: Peter Wu -- configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined +- [Peter Wu brought this change] -- build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined - - USE_NTLM would only be defined if: HTTP support was enabled, NTLM and - cryptography weren't disabled, and either a supporting cryptography - library or Windows SSPI was being compiled against. - - This means it was not possible to build libcurl without HTTP support - and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather - than introduce a new SASL pre-processor definition, removed the HTTP - prerequisite just like USE_SPNEGO and USE_KRB5. + sws: add UNIX domain socket support - Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP - as it is only available to HTTP at present. + This extends sws with a --unix-socket option which causes the port to + be ignored (as the server now listens on the path specified by + --unix-socket). This feature will be available in the following patch + that enables checking for UNIX domain socket support. - This bug dates back to August 2011 when I started to add support for - NTLM to SMTP. - -- ntlm: Removed an unnecessary free of native Target Info + Proxy support (CONNECT) is not considered nor tested. It does not make + sense anyway, first connecting through a TCP proxy, then let that TCP + proxy connect to a UNIX socket. - Due to commit 40ee1ba0dc the free in Curl_ntlm_decode_type2_target() is - longer required. - -- ntlm: Moved the native Target Info clean-up from HTTP specific function - -- ntlm: Moved SSPI clean-up code into SASL module - -- Makefile.dist: Added support for WinIDN - -- Makefile.vc6: Added support for WinIDN - -- Makefile.dist: Added some missing SSPI configurations - -- Makefile.dist: Separated the groups of SSL configurations from each other + Signed-off-by: Peter Wu -- Makefile.dist: Grouped the x64 configurations next to their x86 counterparts +- [Peter Wu brought this change] -- curl.h: Tidy up of CURL_VERSION_* flags + sws: restrict TCP_NODELAY to IP sockets - As the list has gotten a little messy and hard to read, especially with - the introduction of deprecated items, aligned the values and comments - into clean columns and reworked some of the comments in the process. - -- curl_tool: Added krb5 to the supported features - -- configure: Added krb5 to the supported features - -- version info: Added Kerberos V5 to the supported features - -Guenter Knauf (7 Nov 2014) -- mk-ca-bundle.vbs: switch to new certdata.txt url. - -Steve Holme (7 Nov 2014) -- RELEASE-NOTES: Synced with dcad09e125 - -- http_digest: Fixed some memory leaks introduced in commit 6f8d8131b1 + TCP_NODELAY does not make sense for Unix sockets, so enable it only if + the socket is using IP. - Fixed a couple of memory leaks as a result of moving code that used to - populate allocuserpwd and relied on it's clean up. + Signed-off-by: Peter Wu -- docs: Updated following the addition of SSPI based HTTP digest auth +Dan Fandrich (3 Dec 2014) +- [Dave Reisner brought this change] -- sasl_sspi: Tidy up of the existing digest code - - Following the addition of SSPI support for HTTP digest, synchronised - elements of the email digest code with that of the new HTTP code. + curl.1: fix trivial typo -- http_digest: Post SSPI support tidy up - - Post tidy up to ensure commonality of code style and variable names. +Steve Holme (3 Dec 2014) +- sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message() + +- sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup() -Dan Fandrich (6 Nov 2014) -- test552: Don't run HTTP digest tests for SSPI based builds +- sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function - Technical difficulties prevented this from going into the - previous commit. + Added helper function for returning a GSS-API compatible SPN. -Steve Holme (6 Nov 2014) -- tests: Don't run HTTP digest tests for SSPI based builds +Daniel Stenberg (3 Dec 2014) +- NSS: enable the CAPATH option - Added !SSPI to the features list of the HTTP digest tests, as SSPI - based builds now use the Windows SSPI messaging API rather than the - internal functions, and we can't control the random numbers that get - used as part of the digest. + Bug: http://curl.haxx.se/bug/view.cgi?id=1457 + Patch-by: Tomasz Kojm -Daniel Stenberg (6 Nov 2014) -- curl.1: show zone index use in a URL +Steve Holme (3 Dec 2014) +- sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds -Steve Holme (6 Nov 2014) -- http_digest: Fixed auth retry loop when SSPI based authentication fails +- sasl_gssapi: Added GSS-API based Kerberos V5 variables -- http_digest: Reworked the SSPI based input token storage +- sws.c: Fixed compilation warning when IPv6 is disabled - Reworked the input token (challenge message) storage as what is passed - to the buf and desc in the response generation are typically blobs of - data rather than strings, so this is more in keeping with other areas - of the SSPI code, such as the NTLM message functions. + sws.c:69: warning: comma at end of enumerator list -- sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9 +- sasl_gssapi: Made log_gss_error() a common GSS-API function - Added void reference to unused 'data' parameter back to fix compilation - warning. - -- sspi: Align definition values to even columns as we use 2 char spacing + Made log_gss_error() a common function so that it can be used in both + the http_negotiate code as well as the curl_sasl_gssapi code. -- sspi: Fixed missing definition of ISC_REQ_USE_HTTP_STYLE +- sasl_gssapi: Introduced GSS-API based SASL module - Some versions of Microsoft's sspi.h don't define this. + Added the initial version of curl_sasl_gssapi.c and updated the project + files in preparation for adding GSS-API based Kerberos V5 support. -- sasl: Removed non-SSPI Digest functions and defines from SSPI based builds +- smb: Don't try to connect with empty credentials - Introduced in commit 7e6d51a73c these functions and definitions are only - required by the internal challenge-response functions now. - -- sasl_sspi: Added HTTP digest response generation code - -- http_digest: Added SSPI based challenge decoding code - -- http_digest: Added SSPI based clean-up code - -- http_digest: Added SSPI based authentication functions + On some platforms curl would crash if no credentials were used. As such + added detection of such a use case to prevent this from happening. - This temporarily breaks HTTP digest authentication in SSPI based builds, - causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will - resume normal operation. - -- http_digest: Added required SSPI based variables to digest structure + Reported-by: Gisle Vanem -Daniel Stenberg (6 Nov 2014) -- [Frank Gevaerts brought this change] +- smb.c: Coding policing of pointer usage - contributors.sh: --releasenotes reads in names from RELEASE-NOTES - - This is very handy when updating the RELEASE-NOTES as then we sometimes - have names added manually in the existing list and we use this script to - update the set. +- configure: Fixed inclusion of SMB when no crypto engines available -- RELEASE-NOTES: synced with 68542e72a9 +Guenter Knauf (1 Dec 2014) +- build: in Makefile.m32 simplified autodetection. -- curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY - - Reported-by: Christian Hägele - Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html +Daniel Stenberg (30 Nov 2014) +- [Peter Wu brought this change] -Steve Holme (5 Nov 2014) -- build: Fixed Visual Studio project file generation of strdup.[c|h] + sws: move away from IPv4/IPv4-only assumption - As the curl command-line tool now includes it's own version of strdup(), - for platforms that don't have it, fixed up the git respository Visual - Studio project file generator to not include the version from lib in the - tool project files, rather than having both lib\strdup.[c|h] and - src\tool_strdup.[c|h] present. - -Daniel Stenberg (5 Nov 2014) -- tool_strdup.c: include the tool strdup.h + Instead of depending the socket domain type on use_ipv6, specify the + domain type (AF_INET / AF_INET6) as variable. An enum is used here with + switch to avoid compiler warnings in connect_to, complaining that rc + is possibly undefined (which is not possible as socket_domain is + always set). - ... not the lib/ one that the tool no longer uses! - -- THANKS-filter: added another Michał Górny version we've used - -- contributors.sh: split lists using " and " + Besides abstracting the socket type, make the debugging messages be + independent on IP (introduce location_str which points to "port XXXXX"). + Rename "ipv_inuse" to "socket_type" and tighten the scope (main). - ... and require the space after the filtering to make the filter able to - remove names. + Signed-off-by: Peter Wu -Steve Holme (5 Nov 2014) -- http_digest: Fixed memory leaks from commit 6f8d8131b1 +- [Peter Wu brought this change] -- sasl: Fixed compilation warning from commit 25264131e2 - - Added forward declaration of digestdata to overcome the following - compilation warning: + lib/connect: restrict IP/TCP options to said sockets - warning: 'struct digestdata' declared inside parameter list + This patch prepares for adding UNIX domain sockets support. - Additionally made the ntlmdata forward declaration dependent on - USE_NTLM similar to how digestdata and kerberosdata are. - -- sasl: Fixed HTTP digest challenges with spaces between auth parameters + TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not + apply these to other socket types. bindlocal only works for IP sockets + (independent of TCP/UDP), so filter that out too for other types. - Broken as part of the rework, in commit 7e6d51a73c, to assist with the - addition of HTTP digest via Windows SSPI. + Signed-off-by: Peter Wu -- http_digest: Fixed compilation errors from commit 6f8d8131b1 +- smb.c: use size_t as input argument types for msg sizes - error: invalid operands to binary - warning: pointer targets in assignment differ in signedness - -- http_digest: Moved response generation into SASL module - -- http_digest: Moved challenge decoding into SASL module - -- http_digest: Moved clean-up function into SASL module + This fixes warnings about conversions to int -- http_digest: Moved algorithm definitions to SASL module +Steve Holme (30 Nov 2014) +- version: The next release will become 7.40.0 -- [Gisle Vanem brought this change] +- [Bill Nagel brought this change] - ssh: Fixed build on platforms where R_OK is not defined + docs: Updated for the SMB protocol - Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html - Reported-by: Jan Ehrhardt + This patch updates the documentation for the SMB/CIFS protocol. -- strdup: Removed irrelevant comment +- curl tool: Exclude SMB from the protocol redirect - ...as Curl_memdup() duplicates an area of fix size memory, that may be - binary, and not a null terminated string. + As local files could be accessed through \\localhost\c$. -- url.c: Fixed compilation warning - - conversion from 'curl_off_t' to 'size_t', possible loss of data +- [Bill Nagel brought this change] -- http_digest: Use CURLcode instead of CURLdigest + curl tool: Enable support for the SMB protocol - To provide consistent behaviour between the various HTTP authentication - functions use CURLcode based error codes for Curl_input_digest() - especially as the calling code doesn't use the specific error code just - that it failed. + This patch enables SMB/CIFS support in the curl command-line tool. -Daniel Stenberg (5 Nov 2014) -- contributors.sh: filter common alternative name spellings +- smb.c: Fixed compilation warnings - docs/THANKS-filter is a new filter file for converting contributor names - we get or have recorded in alternative formats to the one we already use - in THANKS. To help us show individual contributors using a single - presentation of their names. + smb.c:398: warning: comparison of integers of different signs: + 'ssize_t' (aka 'long') and 'unsigned long' + smb.c:443: warning: comparison of integers of different signs: + 'ssize_t' (aka 'long') and 'unsigned long' -- THANKS: added missing contributor from 2012 +- libcurl: Exclude SMB from the protocol redirect + + As local files could be accessed through \\localhost\c$. -- [Frank Gevaerts brought this change] +- [Bill Nagel brought this change] - Remove duplicate names. + libcurl: Enable support for the SMB protocol - The removed names also appear as: - Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien - Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su, - S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder + This patch enables SMB/CIFS support in libcurl. -Steve Holme (5 Nov 2014) -- sspi: Define authentication package name constants - - These were previously hard coded, and whilst defined in security.h, - they may or may not be present in old header files given that these - defines were never used in the original code. +- smb.c: Fixed compilation warnings - Not only that, but there appears to be some ambiguity between the ANSI - and UNICODE NTLM definition name in security.h. - -Patrick Monnerat (5 Nov 2014) -- Adjust OS400-specific support to last release + smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned + int' may alter its value + smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned + int' may alter its value + smb.c:482: warning: conversion to 'short unsigned int' from 'int' may + alter its value + smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may + alter its value + smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may + alter its value + smb.c:550: warning: conversion to 'short unsigned int' from 'int' may + alter its value -Daniel Stenberg (5 Nov 2014) -- THANKS: added two missing names and removed a duplicate - - ./contributors.sh found these extra ones that somehow had fallen - through the cracks and never gotten added here. +- smb.c: Renamed SMB command message variables to avoid compiler warnings - Reported-by: Frank Gevaerts - -- bump: towards next release - -- THANKS: added names from 7.39.0 release notes - -Version 7.39.0 (5 Nov 2014) - -Daniel Stenberg (5 Nov 2014) -- RELEASE-NOTES: 7.39.0 release (commit b3875606925) + smb.c:489: warning: declaration of 'close' shadows a global declaration + smb.c:511: warning: declaration of 'read' shadows a global declaration + smb.c:528: warning: declaration of 'write' shadows a global declaration -- curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds - - When duplicating a handle, the data to post was duplicated using - strdup() when it could be binary and contain zeroes and it was not even - zero terminated! This caused read out of bounds crashes/segfaults. - - Since the lib/strdup.c file no longer is easily shared with the curl - tool with this change, it now uses its own version instead. +- smb.c: Fixed compilation warnings - Bug: http://curl.haxx.se/docs/adv_20141105.html - CVE: CVE-2014-3707 - Reported-By: Symeon Paraschoudis + smb.c:212: warning: unused parameter 'done' + smb.c:380: warning: ISO C does not allow extra ';' outside of a function + smb.c:812: warning: unused parameter 'premature' + smb.c:822: warning: unused parameter 'dead' -- lib544.c: use duphandle for test 545 +- smb.c: Fixed compilation warnings - To verify that curl_easy_duphandle() works fine on a handle that has - gotten data stored with *_COPYPOSTFIELDS. + smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short', + possible loss of data + smb.c:425: warning: conversion from '__int64' to 'unsigned short', + possible loss of data + smb.c:452: warning: conversion from '__int64' to 'unsigned short', + possible loss of data -- tests: add new feature 'SSLpinning' +- smb.c: Fixed compilation warnings - ... and make test 2034 and 2035 require it, and have it set when built - with OpenSSL or GnuTLS. - -- buildconf: update copyright year + smb.c:162: error: comma at end of enumerator list + smb.c:469: warning: conversion from 'size_t' to 'unsigned short', + possible loss of data + smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int', + possible loss of data + smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int', + possible loss of data -Steve Holme (4 Nov 2014) -- INSTALL: Consistent spacing in section headings, paragraphs and examples +- [Bill Nagel brought this change] -Daniel Stenberg (4 Nov 2014) -- buildconf: stop checking for libtool + smb: Added initial SMB functionality - As we only use libtoolize, only check for that! - -Steve Holme (4 Nov 2014) -- INSTALL: Corrected MIT Kerberos and Heimdal package names + Initial implementation of the SMB/CIFS protocol. -- README: Corrected inconsistent use of --help +- [Bill Nagel brought this change] -- INSTALL: Use GSS-API rather than GSSAPI - - As implementations are refereed to GSS-API libraries as per the RFC and - GSSAPI typically refers to the SASL authentication mechanism. + smb: Added SMB handler interfaces - ...and minor rewording on the same paragraph. + Added the SMB and SMBS handler interface structures and associated + functions required for SMB/CIFS operation. -- README: Added note about using Visual Studio projects out of git repository +- transfer: Code style policing + + Prefer ! rather than NULL in if statements, added comments and updated + function spacing, argument spacing and line spacing to be more readble. -Daniel Stenberg (4 Nov 2014) -- [K. R. Walker brought this change] +- transfer: Fixed existing scratch buffer being checked for NULL twice + + If the scratch buffer already existed when the CRLF conversion was + performed then the buffer pointer would be checked twice for NULL. This + second check is only necessary if the call to malloc() was performed by + the first check. - cmake: fix ZLIB_INCLUDE_DIRS use +- smtp: Fixed dot stuffing being performed when no new data read - CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see - http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB + Whilst I had moved the dot stuffing code from being performed before + CRLF conversion takes place to after it, in commit 4bd860a001, I had + moved it outside the 'when something read' block of code when meant + it could perform the dot stuffing twice on partial send if nread + happened to contain the right values. It also meant the function could + potentially read past the end of buffer. This was highlighted by the + following warning: - Bug: https://github.com/bagder/curl/pull/123 - -- [Jay Satiro brought this change] + warning: `nread' might be used uninitialized in this function - SSL: PolarSSL default min SSL version TLS 1.0 +Daniel Stenberg (29 Nov 2014) +- smb.h: fixed picky compiler warning - - Prior to this change no SSL minimum version was set by default at - runtime for PolarSSL. Therefore in most cases PolarSSL would probably - have defaulted to a minimum version of SSLv3 which is no longer secure. + smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic] + +Steve Holme (29 Nov 2014) +- tests: Disable test 1013 until SMB is fully added -- opts-Makefile: put more man pages into dist and make hmtl+pdf +- [Bill Nagel brought this change] -- curl_multi_setopt.3: refer to stand-alone pages + smb: Added SMB protocol and port definitions - ... instead of duplicating info. + Added the necessary protocol and port definitions in order to support + SMB/CIFS. -- opts: more multi options as stand-alone man pages +- [Bill Nagel brought this change] -- Makefile.am: two cmake files are gone + smb: Added internal SMB definitions and structures - 8cb010144 removed the CurlCheckCSourceCompiles.cmake and - CurlCheckCSourceRuns.cmake files - -- opts: made stand-alone man-pages for several multi options + Added the internal definitions and structures necessary for SMB/CIFS + support. -- [Carlo Wood brought this change] +- [Bill Nagel brought this change] - Curl_single_getsock: fix hold/pause sock handling + smb: Added SMB connection structure - The previous condition that checked if the socket was marked as readable - when also adding a writable one, was incorrect and didn't take the pause - bits properly into account. + Added the connection structure that will be required in urldata.h for + SMB/CIFS based connections. -- [Peter Wu brought this change] +- [Bill Nagel brought this change] - cmake: fix struct sockaddr_storage check - - CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which - was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion - of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem - to affect the tests, so remove it too[2]. - - For the non-windows case, remove inet headers as POSIX only requires - sys/socket.h. - - [1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx - [2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly + smb: Added initial source files for SMB - Signed-off-by: Peter Wu + Added the initial source files and updated the relevant project files in + order to support SMB/CIFS. -- [Peter Wu brought this change] +- [Bill Nagel brought this change] - cmake: clean OtherTests, fixing -Werror - - There were several -Wunused warnings and one duplicate macro definition. - The EXTRA_DEFINES variable of the CurlCheckCSources macro was being - abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to - insert extra C code. Avoid this broken abstraction and use cmake's - check_c_source_compiles directly (works fine with CMake 2.8, maybe - even cmake 2.6). - - After cleaning up all related variables (EXTRA_DEFINES, - HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate - add_headers_include macro and remove duplicate header additions before - the struct timeval check. - - Oh, and now the code is converted to use CheckCSourceRuns and - CheckCSourceCompiles, the two curl-specific helpers can be removed. - Unfortunately, the cmake output is now slightly more verbose. Before: - - Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed - - Since check_c_source_compiles prints the varname, now you see: - - Performing Test curl_cv_func_send_test - Performing Test curl_cv_func_send_test - Failed - Tested: int send(int, const void *, size_t, int) - - Compared cmake output with each other using vimdiff, no functional - differences were found. Tested with GCC 4.9.1 and Clang 3.5.0. + smb: Added configuration options for SMB - Signed-off-by: Peter Wu + Added --enable-smb and --disable-smb configuration options for the + upcoming SMB/CIFS protocol support. +Daniel Stenberg (28 Nov 2014) - [Peter Wu brought this change] - cmake: fix gethostby{addr,name}_r in CurlTests - - This patch cleans up the automatically-generated (?) code and fixes one - case that will always fail due to syntax error. - - HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing - character ("int length;q"). Several parameter type and unused variable - warnings popped up. This causes a detection failure with -Werror. - - Observe that the REENTRANT cases are exactly the same as their - non-REENTRANT cases except for a `_REENTRANT` macro definition. - Merge all these pieces and build one big main function with different - cases, but reusing variables where logical. + runtests.pl: fix startup of IPv6 servers - For the cases where the parameters where NULL, I looked at - lib/hostip4.c to get an idea of the parameters types. + Commit curl-7_23_1-143-g8218064 changed the parameter of + responsive_http_server to accept types other than IPv6 (converting + from a boolean to a string), but only considered the lower-case "ipv6" + and not the "IPv6" variant. This caused all servers to start in IPv4 + mode instead. - void-cast variables such as 'rc' to avoid -Wuninitialized errors. + This patch converts the remaining cases to "ipv6". While not strictly + necessary for the run*server variants, these got also converted for + consistency and to prevent future errors. Signed-off-by: Peter Wu - [Peter Wu brought this change] - cmake: drop _BSD_SOURCE macro usage - - autotools does not use features.h nor _BSD_SOURCE. As this macro - triggers warnings since glibc 2.20, remove it. It should not have - functional differences. + runtests.pl: fix warning message, remove duplicate value Signed-off-by: Peter Wu -Steve Holme (2 Nov 2014) -- RELEASE-NOTES: Synced with d71ea7c01e - - Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change - as GSSAPI can be confused with the authentication mechanism rather than - a GSS-API implementation library such as MIT or Heimdal. - -- build: Added WinIDN build configuration options - - Added support for WinIDN build configurations to the VC6 project files. - -- build: Added WinIDN build configuration options - - Added support for WinIDN build configurations to the VC7 and VC7.1 - project files. - -- build: Fixed the pre-processor separator in Visual Studio project files - - A left over from the VC6 project files, so mainly cosmetic in Visual - Studio .NET as it can handle both comma and semi-colon characters for - separating multiple pre-processor definitions. - - However, the IDE uses semi-colons if the value is edited, and as such, - this may cause problems in future for anyone updating the files or - merging patches. - - Used the Visual Studio IDE to correct the separator character. - -- build: Added optional specific version generation of VC project files - - ..when working from the git repository. This is particularly useful - for single development environments where the project files for all - supported versions of Visual Studio may not be required. - -- [Jay Satiro brought this change] - - build-openssl.bat: Fix x64 release build - - Prior to this change if x64 release was specified a failed attempt was - made to build x86 release instead. - -- CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version number - -- CURLOPT_SASL_IR.3: Added supported mechanism information - - ...and removed duplication of what protocols are supported from the - description text. - -- opts: Use common wording for MAIL related names - -- opts: Use common wording for TLS user/password option names +Steve Holme (27 Nov 2014) +- http.c: Fixed compilation warnings from features being disabled - ...and revised the proxy wording a little as well. - -- CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusing + warning: unused variable 'data' + warning: variable 'addcookies' set but not used - ...and corrected a related typo in curl_easy_setopt.3. + ...and some very minor coding style policing. -Guenter Knauf (2 Nov 2014) -- RELEASE-NOTES: removed obsolete entry; fixed entry. +- RELEASE-NOTES: Synced with c5399c827d -Steve Holme (2 Nov 2014) -- RELEASE-NOTES: Synced with e7da67f5d3 +- tests: Added SMTP with --crlf test case -- docs: Added mention of Kerberos for CURL_VERSION_SSPI - - As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP, - POP3 and SMTP authentication since v7.38.0. +- docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion -- CURL_VERSION_KERBEROS4: Mark as deprecated +- smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob() - Support for Kerberos V4 was removed in v7.33.0. + ...and some comment typos! -- sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used - - Typically the USE_WINDOWS_SSPI definition would not be used when the - CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build - configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication - data structures and functions would incorrectly be used when they - shouldn't be. +- smtp: Added support for the conversion of Unix newlines during mail send - Introduced a new USE_KRB5 definition that takes into account the use of - CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do. - -- openssl: Use 'CURLcode result' + Added support for the automatic conversion of Unix newlines to CRLF + during mail uploads. - More CURLcode fixes. + Feature: http://curl.haxx.se/bug/view.cgi?id=1456 -Daniel Stenberg (1 Nov 2014) -- resume: consider a resume from [content-length] to be OK - - Basically since servers often then don't respond well to this and - instead send the full contents and then libcurl would instead error out - with the assumption that the server doesn't support resume. As the data - is then already transfered, this is now considered fine. - - Test case 1434 added to verify this. Test case 1042 slightly modified. - - Reported-by: hugo - Bug: http://curl.haxx.se/bug/view.cgi?id=1443 +- CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols -Steve Holme (1 Nov 2014) -- openssl: Use 'CURLcode result' +Daniel Stenberg (25 Nov 2014) +- curl*3: added small examples - More standardisation of CURLcode usage and coding style. + and some minor edits -- openssl: Use 'CURLcode result' +- libcurl.3: fix formatting - ...and some minor code style changes. + refer to functions with the man page section properly -- ftplistparser: We prefer 'CURLcode result' +- man pages: SEE ALSO curl_multi_wait -- opts: Use common wording for user/password option names +- curl_multi_wait.3: clarify numfds being used if not NULL -- CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." text +- multi-single.c: switch to use curl_multi_wait - As this is covered by the PROTOCOLS section and saves having to update - two parts of the document with the same information in future. + Makes the example much easier and straight-forward! + +- testcurl: bump the version of this script! -- CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPI +- testcurl: skip reading the setup file if given enough cmdline info - As implementations are refereed to GSS-API libraries as per the RFC and - GSSAPI typically refers to an authentication mechanism. + This makes it much easier to run multiple tests in the same directory, + just altering the command lines used. -- CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol list +- select.c: fix compilation for VxWorks - Added missing IMAP to the protocol list. + Reported-by: Brian + Bug: http://curl.haxx.se/bug/view.cgi?id=1455 -- code cleanup: Use 'CURLcode result' +Patrick Monnerat (24 Nov 2014) +- [moparisthebest brought this change] -- curl_easy_setopt.3: Fixed lots of typos + SSL: Add PEM format support for public key pinning -- curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONS +Kamil Dudka (24 Nov 2014) +- Revert "repository: ignore patch files generated by git" + + This reverts commit 217024a687ce86eb6d2317822ed81c7e5abc4b61. - ...as this option affects more that just FTP. + Bug: https://github.com/bagder/curl/commit/217024a6#commitcomment-8693738 -Guenter Knauf (30 Oct 2014) -- build: added Watcom support to build with WinSSL. +Steve Holme (23 Nov 2014) +- multi.c: Fixed compilation warnings when no verbose string support + + warning: variable 'connection_id' set but not used + warning: unused parameter 'lineno' -Daniel Stenberg (30 Oct 2014) -- CURLOPT_PINNEDPUBLICKEY.3: added details +- RELEASE-NOTES: Synced with 1450712e76 -Steve Holme (30 Oct 2014) -- CURLOPT_CUSTOMREQUEST.3: Fixed incomplete protocol list - - Whilst the description included information about SMTP, the protocol - list only showed "TTP, FTP, IMAP, POP3". +- sasl: Tidied up some parameter comments -- CURLOPT_DIRLISTONLY.3: Added information about the usage in POP3 +- sasl: Reduced the need for two sets of NTLM functions -Daniel Stenberg (29 Oct 2014) -- openssl: enable NPN separately from ALPN - - ... and allow building with nghttp2 but completely without NPN and ALPN, - as nghttp2 can still be used for plain-text HTTP. - - Reported-by: Lucas Pardue +- ntlm: Moved NSS initialisation to base decode function -- configure.ac: remove checks for OpenSSL NPN/ALPN funcs again +- http_ntlm: Fixed additional NSS initialisation call when decoding type-2 - ... since the conditional in the code are now based on OpenSSL versions - instead to better support non-configure builds. - -- opts: added some "SEE ALSO" references + After commit 48d19acb7c the HTTP code would call Curl_nss_force_init() + twice when decoding a NTLM type-2 message, once directly and the other + through the call to Curl_sasl_decode_ntlm_type2_message(). -Steve Holme (29 Oct 2014) -- RELEASE-NOTES: Synced with 32913182dc +- ntlm: Fixed static'ness of local decode function -- vtls.c: Fixed compilation warning - - conversion from 'size_t' to 'unsigned int', possible loss of data +- ntlm: Corrected some parameter names and comments -- sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure - - Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when - acquiring the credentials handle fails. This is then consistent with - the code prior to commit f7e24683c4 when log-in credentials were empty. +- runtests.pl: Re-aligned feature support comments -- sasl_sspi: Allow DIGEST-MD5 to use current windows credentials - - Fixed the ability to use the current log-in credentials with DIGEST-MD5. - I had previously disabled this functionality in commit 607883f13c as I - couldn't get this to work under Windows 8, however, from testing HTTP - Digest authentication through Windows SSPI and then further testing of - this code I have found it works in Windows 7. +- runtests.pl: Use Kerberos and SPNEGO as proxies for the crypto feature - Some further investigation is required to see what the differences are - between Windows 7 and 8, but for now enable this functionality as the - code will return an error when AcquireCredentialsHandle() fails. - -Kamil Dudka (29 Oct 2014) -- transfer: drop the code handling the ssl_connect_retry flag + In addition to NTLM, use Kerberos and SPNEGO as proxies to the crypto + feature. - Its last use has been removed by the previous commit. + ...and converted tab characters, from commit 4b4e8a5853, to spaces. -- nss: drop the code for libcurl-level downgrade to SSLv3 - - This code was already deactivated by commit - ec783dc142129d3860e542b443caaa78a6172d56. +- runtests.pl: Added support for SPNEGO -- openssl: fix a line length warning +- runtests.pl: Added Kerberos detection -Guenter Knauf (29 Oct 2014) -- Added NetWare support to build with nghttp2. +- runtests.pl: Added GSS-API detection -- Fixed error message since we require ALPN support. +- FILEFORMAT: Added SSPI, GSS-API and Kerberos to the features list -- Check for ALPN via OpenSSL version number. +- FILEFORMAT: Added test requires feature not present information - This check works also with to non-configure platforms. + Such as !SSPI as we do for the NTLM and Digest tests. -Steve Holme (28 Oct 2014) -- sasl_sspi: Fixed typo in comment +Daniel Stenberg (20 Nov 2014) +- http.c: log if it notices HTTP 1.1 after a upgrade to http2 -- code cleanup: We prefer 'CURLcode result' +- test1801: first real http2 test case -Daniel Stenberg (28 Oct 2014) -- TODO: consider supporting STAT +- sws: initial tiny steps toward http2 support -- mk-ca-bundle: spell fix "version" +- FILEFORMAT: mention the new upgrade support -- HTTP: return larger than 3 digit response codes too - - HTTP 1.1 is clearly specified to only allow three digit response codes, - and libcurl used sscanf("%3d") for that purpose. This made libcurl - support smaller numbers but not larger. It does now, but we will not - make any specific promises nor document this further since it is going - outside of what HTTP is. +- test1800: first plain-text http2 test case - Bug: http://curl.haxx.se/bug/view.cgi?id=1441 - Reported-by: Balaji + Verifies the upgrade request, but gets a plain 1.1 response -- src/: remove version.h.dist from gitignore - - It has not been used since commit f7bfdbab in 2011 +- [Tatsuhiro Tsujikawa brought this change] -Steve Holme (26 Oct 2014) -- ntlm: We prefer 'CURLcode result' + http: Disable pipelining for HTTP/2 and upgraded connections - Continuing commit 0eb3d15ccb more return code variable name changes. + This commit disables pipelining for HTTP/2 or upgraded connections. For + HTTP/2, we do not support multiplexing. In general, requests cannot be + pipelined in an upgraded connection, since it is now different protocol. -Guenter Knauf (26 Oct 2014) -- Cosmetics: lowercase non-special subroutine names. +- [Brad Harder brought this change] -Steve Holme (26 Oct 2014) -- RELEASE-NOTES: Synced with 07ac29a058 + CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option -- http_negotiate: We prefer 'CURLcode result' - - Continuing commit 0eb3d15ccb more return code variable name changes. +Steve Holme (19 Nov 2014) +- multi-uv.c: Updated for curl coding standards -- http_negotiate: Fixed missing check for USE_SPNEGO +- conncache: Fixed specifiers in infof() for long and size_t variables -- sspi: Synchronization of cleanup code between auth mechanisms +- [Peter Wu brought this change] -- sspi: Renamed max token length variables + cmake: add Kerberos to the supported features - Code cleanup to try and synchronise code between the different SSPI - based authentication mechanisms. - -- sspi: Renamed expiry time stamp variables + Updated following commit eda919f and a4b7f71. - Code cleanup to try and synchronise code between the different SSPI - based authentication mechanisms. + Acked-by: Brad King + Signed-off-by: Peter Wu -- sspi: Only call CompleteAuthToken() when complete is needed - - Don't call CompleteAuthToken() after InitializeSecurityContext() has - returned SEC_I_CONTINUE_NEEDED as this return code only indicates the - function should be called again after receiving a response back from - the server. - - This only affected the Digest and NTLM authentication code. +- [Peter Wu brought this change] -Dan Fandrich (26 Oct 2014) -- Added the "flaky" keyword to a number of tests + cmake: fix NTLM detection when CURL_DISABLE_HTTP defined - Each shows evidence of flakiness on at least one platform on - the autobuilds. Users can use this keyword to skip these tests - if desired. - -Steve Holme (26 Oct 2014) -- ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash() + Updated following changes in commit f0d860d. - For consistency with other areas of the NTLM code propagate all errors - from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just - CURLE_OUT_OF_MEMORY. - -- ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash() + Acked-by: Brad King + Signed-off-by: Peter Wu -- ntlm: Use 'CURLcode result' - - Continuing commit 0eb3d15ccb more return code variable name changes. +Daniel Stenberg (19 Nov 2014) +- RELEASE-NOTES: synced with cb13fad733e -- ntlm: Only define ntlm data structure when USE_NTLM is defined +- [Jay Satiro brought this change] -- ntlm: Changed handles to be dynamic like other SSPI handles + examples: Wait recommended 100ms when no file descriptors are ready - Code cleanup to try and synchronise code between the different SSPI - based authentication mechanisms. - -- ntlm: Renamed handle variables to match other SSPI structures + Prior to this change when no file descriptors were ready on platforms + other than Windows the multi examples would sleep whatever was in + timeout, which may or may not have been less than the minimum + recommended value [1] of 100ms. - Code cleanup to try and synchronise code between the different SSPI - based authentication mechanisms. + [1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html -- ntlm: Renamed SSPI based input token variables - - Code cleanup to try and synchronise code between the different SSPI - based authentication mechanisms. +- [Waldek Kozba brought this change] -- ntlm: We prefer 'CURLcode result' - - Continuing commit 0eb3d15ccb more return code variable name changes. + multi-uv.c: close the file handle after download + +- [Jon Spencer brought this change] -- build: Added WinIDN build configuration options + multi: inform about closed sockets before they are closed - Added support for WinIDN build configurations to the VC8 and VC9 - project files. + When the connection code decides to close a socket it informs the multi + system via the Curl_multi_closed function. The multi system may, in + turn, invoke the CURLMOPT_SOCKETFUNCTION function with + CURL_POLL_REMOVE. This happens after the socket has already been + closed. Reorder the code so that CURL_POLL_REMOVE is called before the + socket is closed. -Nick Zitzmann (24 Oct 2014) -- darwinssl: detect possible future removal of SSLv3 from the framework +Guenter Knauf (19 Nov 2014) +- build: in Makefile.m32 moved target autodetection. - If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3. + Moved target autodetection block after defining CC macro. -Patrick Monnerat (24 Oct 2014) -- gskit.c: remove SSLv3 from SSL default. +- build: in Makefile.m32 simplify platform flags. -- gskit.c: use 'CURLcode result' +- build: in Makefile.m32 try to detect 64bit target. -Daniel Stenberg (24 Oct 2014) -- [Jay Satiro brought this change] +Daniel Stenberg (19 Nov 2014) +- [Brad King brought this change] - SSL: Remove SSLv3 from SSL default due to POODLE attack + CMake: Simplify if() conditions on check result variables + + Remove use of an old hack that takes advantage of the auto-dereference + behavior of the if() command to detect if a variable is defined. The + hack has the form: - - Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, - openssl effectively making the default TLS 1.x. axTLS is not affected - since it supports only TLS, and gnutls is not affected since it already - defaults to TLS 1.x. + if("${VAR} MATCHES "^${VAR}$") - - Update CURLOPT_SSLVERSION doc - -- pipelining: only output "is not blacklisted" in debug builds - -- *.3: add/extend "SEE ALSO" sections - -- curl_easy_pause.3: minor wording edit - -- curl_getdate.3: provide a "SEE ALSO" section + where "${VAR}" is a macro argument reference. Use if(DEFINED) instead. + This also avoids warnings for CMake Policy CMP0054 in CMake 3.1. -- curl_global_init.3: minor formatting fix, add version info +- TODO-RELEASE: removed -- url.c: use 'CURLcode result' +- [Carlo Wood brought this change] -- code cleanup: we prefer 'CURLcode result' - - ... for the local variable name in functions holding the return - code. Using the same name universally makes code easier to read and - follow. + debug: added new connection cache output, plus fixups - Also, unify code for checking for CURLcode errors with: + Debug output 'typo' fix. - if(result) or if(!result) + Don't print an extra "0x" in + * Pipe broke: handle 0x0x2546d88, url = / - instead of + Add debug output. + Print the number of connections in the connection cache when + adding one, and not only when one is removed. - if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK) + Fix typos in comments. -- Curl_add_timecondition: skip superfluous varible assignment +- multi: move the ending condition into the loop as well - Detected by cppcheck. + ... as it was before I changed the loop in commit e04ccbd50. It caused + test 2030 and 2032 to fail. -- Curl_pp_flushsend: skip superfluous assignment - - Detected by cppcheck. +Steve Holme (18 Nov 2014) +- multi: Prefer we don't use CURLE_OK and NULL in comparisons -- Curl_pp_readresp: remove superfluous assignment +Daniel Stenberg (18 Nov 2014) +- multi_runsingle: use 'result' for local CURLcode storage - Variable already assigned a few lines up. + ... and assign data->result only at the end. Makes the code more compact + (easier to read) and more similar to other code. + +- multi_runsingle: rename result to rc - Detected by cppcheck. + save 'result' for CURLcode types -- Curl_proxyCONNECT: remove superfluous statement +- multi: make multi_runsingle loop internally - The variable is already assigned, skip the duplicate assignment. + simplifies the use of this function at little cost. + +- [Carlo Wood brought this change] + + multi: when leaving for timeout, close accordingly - Pointed out by cppcheck. + Fixes the problem when a transfer in a pipeline times out. -Guenter Knauf (24 Oct 2014) -- Added MinGW support to build with nghttp2. +Guenter Knauf (18 Nov 2014) +- build: in Makefile.m32 add -m32 flag for 32bit. -- Added VC ssh2 target to main Makefile. +- mk-ca-bundle.vbs: update copyright year. -- Some cosmetics and simplifies. +- build: in Makefile.m32 pass -F flag to windres. -- Remove dependency on openssl and cut. +Steve Holme (17 Nov 2014) +- config-win32: Fixed build targets for the VS2012+ Windows XP toolset - Prefer usage of Perl modules for sha1 calculation since there - might be systems where openssl is not installed or not in path. - If openssl is used for sha1 calculation then dont rely on cut - since it is usually not available on other systems than Linux. + Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had + forgotten to include the relevant pre-processor definitions. -Daniel Stenberg (23 Oct 2014) -- RELEASE-NOTES: synced with e116d0a62 +- sasl_sspi: Removed note about the NTLM functions being a wrapper -- CURLOPT_RESOLVE.3: add an example +- connect.c: Fixed compilation warning when no verbose string support + + warning: unused parameter 'reason' -- gnutls: removed dead code +- easy.c: Fixed compilation warning when no verbose string support - Bug: http://curl.haxx.se/bug/view.cgi?id=1437 - Reported-by: Julien + warning: unused parameter 'easy' -- Curl_rand: Uninitialized variable: r +- win32: Updated some legacy APIs to use the newer extended versions - This is not actually used uninitialized but we silence warnings. + Updated the usage of some legacy APIs, that are preventing curl from + compiling for Windows Store and Windows Phone build targets. - Bug: http://curl.haxx.se/bug/view.cgi?id=1437 - Reported-by: Julien - -- opts: provide more and updated examples + Suggested-by: Stefan Neis + Feature: http://sourceforge.net/p/curl/feature-requests/82/ -- CURLOPT_RANGE.3: works for SFTP as well +- config-win32: Introduce build targets for VS2012+ - ... and added a small example + Visual Studio 2012 introduced support for Windows Store apps as well as + supporting Windows Phone 8. Introduced build targets that allow more + modern APIs to be used as certain legacy ones are not available on these + new platforms. -- curl.1: edited for clarity +- sasl_sspi: Fixed compilation warnings when no verbose string support -- CURLOPT_SSLVERSION.3: provide an example +- sasl_sspi: Added base64 decoding debug failure messages + + Just like in the NTLM code, added infof() failure messages for + DIGEST-MD5 and GSSAPI authentication when base64 decoding fails. -- docs/libcurl/ABI: more markdown friendly +- ntlm: Moved the SSPI based Type-3 message generation into the SASL module -- docs: edited lots of libcurl docs for clarity +- ntlm: Moved the SSPI based Type-2 message decoding into the SASL module -- opts: added examples +- ntlm: Moved the SSPI based Type-1 message generation into the SASL module -- HISTORY: two glimpses in 2014 +- [Michael Osipov brought this change] -Kamil Dudka (20 Oct 2014) -- nss: reset SSL handshake state machine - - ... when the handshake succeeds + kerberos: Use symbol qualified with _KERBEROS5 - This fixes a connection failure when FTPS handle is reused. + For consistency renamed USE_KRB5 to USE_KERBEROS5. -Daniel Stenberg (20 Oct 2014) -- [Peter Wu brought this change] +Daniel Stenberg (15 Nov 2014) +- [Jay Satiro brought this change] - cmake: generate pkg-config and curl-config - - Initial work to generate a pkg-config and curl-config script. Static - linking (`curl-config --static-libs` and `pkg-config --shared --libs - libcurl`) is broken and therefore disabled. - - CONFIGURE_OPTIONS does not make sense for CMake, use an empty string - for now. - - At least `curl-config --features` and `curl-config --protocols` work - which is needed by runtests.pl. + examples: Don't call select() to sleep on windows - Signed-off-by: Peter Wu - -- [Peter Wu brought this change] - - cmake: use LIBCURL_VERSION from curlver.h + Windows does not support using select() for sleeping without a dummy + socket. Instead use Windows' Sleep() and sleep for 100ms which is the + minimum suggested value in the curl_multi_fdset() doc. - This matches the behavior from autotools. The auxiliary major, minor - and patch components are not needed anymore and therefore removed. + Prior to this change the multi examples would exit prematurely since + select() would error instead of sleeping when called without an fd. - Signed-off-by: Peter Wu - -- [Peter Wu brought this change] + Reported-by: Johan Lantz + Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html - cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS - - For compatibility with autoconf, it will be used later for curl-config - and pkg-config. Not all features and or protocols can be enabled as - these are missing additional checks (see new TODOs). - - SUPPORT_PROTOCOLS is partially scripted (grep for SUPPORT_PROTOCOLS=) - and manually verified/modified. SUPPORT_FEATURES is manually added. - - Signed-off-by: Peter Wu +- [Tatsuhiro Tsujikawa brought this change] -- cmake: add CMake/Macros.cmake to the release tarball + http2: Don't send Upgrade headers when we already do HTTP/2 -- test545: make it not use a trailing zero +Steve Holme (15 Nov 2014) +- sasl: Corrected Curl_sasl_build_spn() function description - CURLOPT_COPYPOSTFIELDS with a given CURLOPT_POSTFIELDSIZE does not - require a trailing zero of the data and by making sure this test doesn't - use one we know it works (combined with valgrind). + There was a mismatch in function parameter names. -Steve Holme (16 Oct 2014) -- ntlm: Fixed empty type-2 decoded message info text +- tool: Removed krb4 from the supported features - Updated the info text when the base-64 decode of the type-2 message - returns a null buffer to be more specific. + Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33, + so would not be output with --version, removed krb4 from the supported + features output. -- ntlm: Fixed empty/bad base-64 decoded buffer return codes +- [Michael Osipov brought this change] -- ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token + tool: Use Kerberos for supported features -Daniel Stenberg (16 Oct 2014) -- httpcustomheader.c: make use of more CURLOPT_HTTPHEADER features +- urldata: Don't define sec_complete when no GSS-API support present - ... and only do a single request for clarity. + This variable is only used with HAVE_GSSAPI is defined by the FTP code + so let's place the definition with the other GSS-API based variables. -Steve Holme (15 Oct 2014) -- sasl_sspi: Fixed some typos +- [Michael Osipov brought this change] -- sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSO + docs: Use consistent naming for Kerberos -Daniel Stenberg (15 Oct 2014) -- [Bruno Thomsen brought this change] +- TODO: Lets support QOP options in GSSAPI authentication - mk-ca-bundle: added SHA-384 signature algorithm - - Certificates based on SHA-1 are being phased out[1]. - So we should expect a rise in certificates based on SHA-2. - Adding SHA-384 as a valid signature algorithm. +- sasl_sspi: Corrected a couple of comment typos + +- sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file - [1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ + Rather than define the function as extern in the source files that use + it, moved the function declaration into the SASL header file just like + the Digest and NTLM clean-up functions. - Signed-off-by: Bruno Thomsen + Additionally, added a function description comment block. -Patrick Monnerat (14 Oct 2014) -- OS400: fix bugs in curl_*escape_ccsid() and reduce variables scope +- sasl_sspi: Added missing RFC reference for HTTP Digest authentication -- Implement pinned public key in GSKit backend +- ntlm: Clean-up and standardisation of base64 decoding diff -Nru curl-7.42.1/configure curl-7.43.0/configure --- curl-7.42.1/configure 2015-04-29 06:07:46.000000000 +0000 +++ curl-7.43.0/configure 2015-06-15 21:31:47.000000000 +0000 @@ -4937,14 +4937,21 @@ ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` -test x"${MISSING+set}" = xset || MISSING="\${SHELL} \"$am_aux_dir/missing\"" +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi # Use eval to expand $SHELL -if eval "$MISSING --run true"; then - am_missing_run="$MISSING --run " +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " else am_missing_run= - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 -$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then @@ -21129,8 +21136,6 @@ if test -z "$GSSAPI_INCS"; then if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then - GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi` elif test -f "$KRB5CONFIG"; then GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` elif test "$GSSAPI_ROOT" != "yes"; then @@ -22082,6 +22087,7 @@ esac case $tst_api in 0x110) tst_show="1.1.0" ;; + 0x102) tst_show="1.0.2" ;; 0x101) tst_show="1.0.1" ;; 0x100) tst_show="1.0.0" ;; 0x099) tst_show="0.9.9" ;; @@ -22191,6 +22197,42 @@ /* end confdefs.h. */ +#define SSL_CONF_CTX_new innocuous_SSL_CONF_CTX_new +#ifdef __STDC__ +# include +#else +# include +#endif +#undef SSL_CONF_CTX_new +#ifdef __cplusplus +extern "C" +#endif +char SSL_CONF_CTX_new (); +#if defined __stub_SSL_CONF_CTX_new || defined __stub___SSL_CONF_CTX_new +choke me +#endif + +int main (void) +{ +return SSL_CONF_CTX_new (); + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + tst_api="0x102" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + if test "$tst_api" = "unknown"; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define SSL_renegotiate_abbreviated innocuous_SSL_renegotiate_abbreviated #ifdef __STDC__ # include @@ -22548,6 +22590,7 @@ fi case $tst_api in 0x110) tst_show="1.1.0" ;; + 0x102) tst_show="1.0.2" ;; 0x101) tst_show="1.0.1" ;; 0x100) tst_show="1.0.0" ;; 0x099) tst_show="0.9.9" ;; @@ -24264,7 +24307,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $capath (capath)" >&5 $as_echo "$capath (capath)" >&6; } fi - if test "x$ca" == "xno" && test "x$capath" == "xno"; then + if test "x$ca" = "xno" && test "x$capath" = "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -26006,9 +26049,11 @@ CPPFLAGS="$CPPFLAGS $CPP_H2" LIBS="$LIB_H2 $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2_session_callbacks_set_send_callback in -lnghttp2" >&5 -$as_echo_n "checking for nghttp2_session_callbacks_set_send_callback in -lnghttp2... " >&6; } -if ${ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback+:} false; then : + # use nghttp2_option_set_no_recv_client_magic to require nghttp2 + # >= 1.0.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2_option_set_no_recv_client_magic in -lnghttp2" >&5 +$as_echo_n "checking for nghttp2_option_set_no_recv_client_magic in -lnghttp2... " >&6; } +if ${ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS @@ -26020,26 +26065,26 @@ #ifdef __cplusplus extern "C" #endif -char nghttp2_session_callbacks_set_send_callback (); +char nghttp2_option_set_no_recv_client_magic (); int main (void) { -return nghttp2_session_callbacks_set_send_callback (); +return nghttp2_option_set_no_recv_client_magic (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback=yes + ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic=yes else - ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback=no + ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" >&5 -$as_echo "$ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" >&6; } -if test "x$ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" = xyes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" >&5 +$as_echo "$ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" >&6; } +if test "x$ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" = xyes; then : for ac_header in nghttp2/nghttp2.h do : diff -Nru curl-7.42.1/configure.ac curl-7.43.0/configure.ac --- curl-7.42.1/configure.ac 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/configure.ac 2015-06-11 17:50:43.000000000 +0000 @@ -1194,8 +1194,6 @@ if test -z "$GSSAPI_INCS"; then if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then - GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi` elif test -f "$KRB5CONFIG"; then GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` elif test "$GSSAPI_ROOT" != "yes"; then @@ -2843,7 +2841,9 @@ CPPFLAGS="$CPPFLAGS $CPP_H2" LIBS="$LIB_H2 $LIBS" - AC_CHECK_LIB(nghttp2, nghttp2_session_callbacks_set_send_callback, + # use nghttp2_option_set_no_recv_client_magic to require nghttp2 + # >= 1.0.0 + AC_CHECK_LIB(nghttp2, nghttp2_option_set_no_recv_client_magic, [ AC_CHECK_HEADERS(nghttp2/nghttp2.h, curl_h2_msg="enabled (nghttp2)" diff -Nru curl-7.42.1/debian/changelog curl-7.43.0/debian/changelog --- curl-7.42.1/debian/changelog 2015-06-12 15:22:40.000000000 +0000 +++ curl-7.43.0/debian/changelog 2015-06-18 11:40:36.000000000 +0000 @@ -1,3 +1,24 @@ +curl (7.43.0-1ubuntu1) wily; urgency=medium + + * Merge from Debian. Remaining changes: + - Drop dependencies not in main: + + Build-Depends: Drop stunnel4 and libssh2-1-dev. + + Drop libssh2-1-dev from binary package Depends. + + -- Marc Deslauriers Thu, 18 Jun 2015 07:39:39 -0400 + +curl (7.43.0-1) unstable; urgency=medium + + * New upstream release + - Fix lingering HTTP credentials in connection re-use as per CVE-2015-3236 + http://curl.haxx.se/docs/adv_20150617A.html + - Fix SMB send off unrelated memory contents as per CVE-2015-3237 + http://curl.haxx.se/docs/adv_20150617B.html + * Refresh patches + * Fix spelling-error-in-description + + -- Alessandro Ghedini Wed, 17 Jun 2015 10:21:34 +0200 + curl (7.42.1-3ubuntu1) wily; urgency=low * Merge from Debian (LP: #1459685). Remaining changes: diff -Nru curl-7.42.1/debian/control curl-7.43.0/debian/control --- curl-7.42.1/debian/control 2015-06-12 15:22:40.000000000 +0000 +++ curl-7.43.0/debian/control 2015-06-18 11:39:56.000000000 +0000 @@ -146,7 +146,7 @@ successful companies and numerous applications. . This package provides the development files (ie. includes, static library, - manual pages) that allow to build software which uses libcurl. + manual pages) that allow one to build software which uses libcurl. . SSL support is provided by OpenSSL. @@ -183,7 +183,7 @@ successful companies and numerous applications. . This package provides the development files (ie. includes, static library, - manual pages) that allow to build software which uses libcurl. + manual pages) that allow one to build software which uses libcurl. . SSL support is provided by GnuTLS. @@ -220,7 +220,7 @@ successful companies and numerous applications. . This package provides the development files (ie. includes, static library, - manual pages) that allow to build software which uses libcurl. + manual pages) that allow one to build software which uses libcurl. . SSL support is provided by NSS. diff -Nru curl-7.42.1/debian/patches/01_runtests_gdb.patch curl-7.43.0/debian/patches/01_runtests_gdb.patch --- curl-7.42.1/debian/patches/01_runtests_gdb.patch 2015-06-07 16:15:42.000000000 +0000 +++ curl-7.43.0/debian/patches/01_runtests_gdb.patch 2015-06-17 08:21:41.000000000 +0000 @@ -7,7 +7,7 @@ --- a/tests/runtests.pl +++ b/tests/runtests.pl -@@ -3546,11 +3546,11 @@ +@@ -3548,11 +3548,11 @@ # run the command line we built if ($torture) { $cmdres = torture($CMDLINE, @@ -21,7 +21,7 @@ $cmdres=0; # makes it always continue after a debugged run } else { -@@ -3584,7 +3584,7 @@ +@@ -3586,7 +3586,7 @@ open(GDBCMD, ">$LOGDIR/gdbcmd2"); print GDBCMD "bt\n"; close(GDBCMD); diff -Nru curl-7.42.1/debian/patches/90_gnutls.patch curl-7.43.0/debian/patches/90_gnutls.patch --- curl-7.42.1/debian/patches/90_gnutls.patch 2015-06-07 16:15:42.000000000 +0000 +++ curl-7.43.0/debian/patches/90_gnutls.patch 2015-06-17 08:21:41.000000000 +0000 @@ -21,7 +21,7 @@ # Makefile.inc provides the check_PROGRAMS and COMPLICATED_EXAMPLES defines --- a/lib/Makefile.am +++ b/lib/Makefile.am -@@ -36,7 +36,7 @@ +@@ -32,7 +32,7 @@ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \ objnames-test08.sh objnames-test10.sh objnames.inc checksrc.whitelist @@ -30,7 +30,7 @@ if BUILD_UNITTESTS noinst_LTLIBRARIES = libcurlu.la -@@ -106,38 +106,38 @@ +@@ -102,38 +102,38 @@ AM_LDFLAGS = AM_CFLAGS = @@ -82,7 +82,7 @@ libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS) -@@ -146,7 +146,7 @@ +@@ -142,7 +142,7 @@ # Makefile.inc provides the CSOURCES and HHEADERS defines include Makefile.inc diff -Nru curl-7.42.1/debian/patches/99_nss.patch curl-7.43.0/debian/patches/99_nss.patch --- curl-7.42.1/debian/patches/99_nss.patch 2015-06-07 16:15:42.000000000 +0000 +++ curl-7.43.0/debian/patches/99_nss.patch 2015-06-17 08:21:41.000000000 +0000 @@ -21,7 +21,7 @@ # Makefile.inc provides the check_PROGRAMS and COMPLICATED_EXAMPLES defines --- a/lib/Makefile.am +++ b/lib/Makefile.am -@@ -36,7 +36,7 @@ +@@ -32,7 +32,7 @@ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \ objnames-test08.sh objnames-test10.sh objnames.inc checksrc.whitelist @@ -30,7 +30,7 @@ if BUILD_UNITTESTS noinst_LTLIBRARIES = libcurlu.la -@@ -106,38 +106,38 @@ +@@ -102,38 +102,38 @@ AM_LDFLAGS = AM_CFLAGS = @@ -82,7 +82,7 @@ libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS) -@@ -146,7 +146,7 @@ +@@ -142,7 +142,7 @@ # Makefile.inc provides the CSOURCES and HHEADERS defines include Makefile.inc diff -Nru curl-7.42.1/docs/BINDINGS curl-7.43.0/docs/BINDINGS --- curl-7.42.1/docs/BINDINGS 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/BINDINGS 2015-06-16 07:13:02.000000000 +0000 @@ -50,7 +50,7 @@ D Written by Kenneth Bogert - http://curl.haxx.se/libcurl/d/ + http://dlang.org/library/std/net/curl.html Dylan @@ -60,7 +60,7 @@ Eiffel Written by Eiffel Software - http://curl.haxx.se/libcurl/eiffel/ + https://room.eiffel.com/library/curl Euphoria @@ -78,7 +78,7 @@ Gambas - http://gambas.sourceforge.net + http://gambas.sourceforge.net/ glib/GTK+ @@ -102,8 +102,7 @@ Java - Maintained by [blank] - http://curl.haxx.se/libcurl/java/ + https://github.com/pjlegato/curl-java Julia @@ -131,7 +130,7 @@ .NET libcurl-net by Jeffrey Phillips - http://sourceforge.net/projects/libcurl-net/ + https://sourceforge.net/projects/libcurl-net/ node.js @@ -146,7 +145,7 @@ O'Caml Written by Lars Nilsson - http://sourceforge.net/projects/ocurl/ + https://sourceforge.net/projects/ocurl/ Pascal @@ -155,13 +154,13 @@ Perl - Maintained by Cris Bailiff - http://curl.haxx.se/libcurl/perl/ + Maintained by Cris Bailiff and Bálint Szilakszi + https://github.com/szbalint/WWW--Curl PHP Written by Sterling Hughes - http://curl.haxx.se/libcurl/php/ + https://php.net/curl PostgreSQL @@ -175,8 +174,7 @@ R - RCurl by Duncan Temple Lang - http://www.omegahat.org/RCurl/ + http://cran.r-project.org/package=curl Rexx @@ -197,10 +195,15 @@ ruby-curl-multi - written by Kristjan Petursson and Keith Rarick http://curl-multi.rubyforge.org/ +Rust + + curl-rust - by Carl Lerche + https://github.com/carllerche/curl-rust + Scheme Bigloo binding by Kirill Lisovsky - http://curl.haxx.se/libcurl/scheme/ + http://www.metapaper.net/lisovsky/web/curl/ S-Lang @@ -230,7 +233,7 @@ Visual Basic libcurl-vb by Jeffrey Phillips - http://sourceforge.net/projects/libcurl-vb/ + https://sourceforge.net/projects/libcurl-vb/ Visual Foxpro @@ -250,3 +253,8 @@ Written by David Szafranski http://perso.wanadoo.fr/xblite/libraries.html + +Xojo + + Written by Andrew Lambert + https://github.com/charonn0/RB-libcURL diff -Nru curl-7.42.1/docs/CONTRIBUTE curl-7.43.0/docs/CONTRIBUTE --- curl-7.42.1/docs/CONTRIBUTE 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/CONTRIBUTE 2015-06-16 07:13:02.000000000 +0000 @@ -203,7 +203,7 @@ You need to first checkout the repository: - git clone git://github.com/bagder/curl.git + git clone https://github.com/bagder/curl.git You then proceed and edit all the files you like and you commit them to your local repository: @@ -245,8 +245,8 @@ For unix-like operating systems: - http://www.gnu.org/software/patch/patch.html - http://www.gnu.org/directory/diffutils.html + https://savannah.gnu.org/projects/patch/ + https://www.gnu.org/software/diffutils/ For Windows: diff -Nru curl-7.42.1/docs/curl.1 curl-7.43.0/docs/curl.1 --- curl-7.42.1/docs/curl.1 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/docs/curl.1 2015-06-16 07:13:02.000000000 +0000 @@ -39,8 +39,7 @@ make your head spin! curl is powered by libcurl for all transfer-related features. See -.BR libcurl (3) -for details. +\fIlibcurl(3)\fP for details. .SH URL The URL syntax is protocol-dependent. You'll find a detailed description in RFC 3986. @@ -269,11 +268,11 @@ .IP "--ciphers " (SSL) Specifies which ciphers to use in the connection. The list of ciphers must specify valid ciphers. Read up on SSL cipher list details on this URL: -\fIhttp://www.openssl.org/docs/apps/ciphers.html\fP +\fIhttps://www.openssl.org/docs/apps/ciphers.html\fP NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of NSS ciphers is in the NSSCipherSuite entry at this URL: -\fIhttp://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP +\fIhttps://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP If this option is used several times, the last one will be used. .IP "--compressed" @@ -315,9 +314,10 @@ using the content-type application/x-www-form-urlencoded. Compare to \fI-F, --form\fP. -\fI-d, --data\fP is the same as \fI--data-ascii\fP. To post data purely binary, -you should instead use the \fI--data-binary\fP option. To URL-encode the value -of a form field you may use \fI--data-urlencode\fP. +\fI-d, --data\fP is the same as \fI--data-ascii\fP. \fI--data-raw\fP is almost +the same but does not have a special interpretation of the @ character. To +post data purely binary, you should instead use the \fI--data-binary\fP option. +To URL-encode the value of a form field you may use \fI--data-urlencode\fP. If any of these options is used more than once on the same command line, the data pieces specified will be merged together with a separating @@ -329,7 +329,8 @@ stdin. Multiple files can also be specified. Posting data from a file named 'foobar' would thus be done with \fI--data\fP @foobar. When --data is told to read from a file like that, carriage returns and newlines will be -stripped out. +stripped out. If you don't want the @ character to have a special +interpretation use \fI--data-raw\fP instead. .IP "-D, --dump-header " Write the protocol headers to the specified file. @@ -354,6 +355,10 @@ If this option is used several times, the ones following the first will append data as described in \fI-d, --data\fP. +.IP "--data-raw " +(HTTP) This posts data similarly to \fI--data\fP but without the special +interpretation of the @ character. See \fI-d, --data\fP. +(Added in 7.43.0) .IP "--data-urlencode " (HTTP) This posts data, similar to the other --data options with the exception that this performs URL-encoding. (Added in 7.18.0) @@ -548,10 +553,10 @@ if it does not exactly match the public key provided to this option, curl will abort the connection before sending or receiving any data. -This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends. +Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and +wolfSSL/CyaSSL. Other SSL backends not supported. If this option is used several times, the last one will be used. -(Added in 7.39.0) .IP "--cert-status" (SSL) Tells curl to verify the status of the server certificate by using the Certificate Status Request (aka. OCSP stapling) TLS extension. @@ -560,7 +565,7 @@ response, if the response suggests that the server certificate has been revoked, or no response at all is received, the verification fails. -This is currently only implemented in the OpenSSL, GnuTLS and NSS backends. +This is currently only implemented in the OpenSSL, GnuTLS and NSS backends. (Added in 7.41.0) .IP "--false-start" @@ -661,6 +666,7 @@ \&"normally" (like in the multicwd case). This is somewhat more standards compliant than 'nocwd' but without the full penalty of 'multicwd'. .RE +.IP (Added in 7.15.1) .IP "--ftp-pasv" (FTP) Use passive mode for the data connection. Passive is the internal default @@ -1053,13 +1059,10 @@ Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's home directory for login name and password. This is typically used for FTP on Unix. If used with HTTP, curl will enable user authentication. See -.BR netrc(4) -or -.BR ftp(1) -for details on the file format. Curl will not complain if that file -doesn't have the right permissions (it should not be either world- or -group-readable). The environment variable "HOME" is used to find the home -directory. +\fInetrc(5)\fP \fIftp(1)\fP for details on the file format. Curl will not +complain if that file doesn't have the right permissions (it should not be +either world- or group-readable). The environment variable "HOME" is used to +find the home directory. A quick and very simple example of how to setup a \fI.netrc\fP to allow curl to FTP to the machine host.domain.com with user name \&'myself' and password @@ -1221,7 +1224,7 @@ make curl pick the same IP address that is already used for the control connection .RE - +.IP If this option is used several times, the last one will be used. Disable the use of PORT with \fI--ftp-pasv\fP. Disable the attempt to use the EPRT command instead of PORT by using \fI--disable-eprt\fP. EPRT is really PORT++. @@ -1326,6 +1329,11 @@ .IP "--proxy-ntlm" Tells curl to use HTTP NTLM authentication when communicating with the given proxy. Use \fI--ntlm\fP for enabling NTLM with a remote host. +.IP "--proxy-service-name " +This option allows you to change the service name for proxy negotiation. + +Examples: --proxy-negotiate proxy-name \fI--proxy-service-name\fP sockd would use +sockd/proxy-name. (Added in 7.43.0). .IP "--proxy1.0 " Use the specified HTTP 1.0 proxy. If the port number is not specified, it is assumed at port 1080. @@ -1423,7 +1431,7 @@ .B 100-199,500-599 specifies two separate 100-byte ranges(*)(H) .RE - +.IP (*) = NOTE that this will cause the server to reply with a multipart response! @@ -1507,6 +1515,11 @@ .IP "--sasl-ir" Enable initial response in SASL authentication. (Added in 7.31.0) +.IP "--service-name " +This option allows you to change the service name for SPNEGO. + +Examples: --negotiate \fI--service-name\fP sockd would use +sockd/server-name. (Added in 7.43.0). .IP "-S, --show-error" When used with \fI-s\fP it makes curl show an error message if it fails. .IP "--ssl" @@ -1882,7 +1895,7 @@ The URL that was fetched last. This is most meaningful if you've told curl to follow location: headers. .RE - +.IP If this option is used several times, the last one will be used. .IP "-x, --proxy <[protocol://][user:password@]proxyhost[:port]>" Use the specified proxy. Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/curl-config.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/curl-config.pdf differ diff -Nru curl-7.42.1/docs/curl.html curl-7.43.0/docs/curl.html --- curl-7.42.1/docs/curl.html 2015-04-29 06:08:09.000000000 +0000 +++ curl-7.43.0/docs/curl.html 2015-06-17 05:56:24.000000000 +0000 @@ -55,7 +55,7 @@

curl [options] [URL...]

DESCRIPTION

curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command is designed to work without user interaction.

curl offers a busload of useful tricks like proxy support, user authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer resume, Metalink, and more. As you will see below, the number of features will make your head spin! -

curl is powered by libcurl for all transfer-related features. See libcurl (3) for details.

URL

+

curl is powered by libcurl for all transfer-related features. See libcurl(3) for details.

URL

The URL syntax is protocol-dependent. You'll find a detailed description in RFC 3986.

You can specify multiple URLs or parts of URLs by writing part sets within braces as in:

  http://site.{one,two,three}.com @@ -139,8 +139,8 @@

Use "-C -" to tell curl to automatically find out where/how to resume the transfer. It then uses the given output/input files to figure that out.

If this option is used several times, the last one will be used.

--ciphers <list of ciphers> -

(SSL) Specifies which ciphers to use in the connection. The list of ciphers must specify valid ciphers. Read up on SSL cipher list details on this URL: http://www.openssl.org/docs/apps/ciphers.html -

NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of NSS ciphers is in the NSSCipherSuite entry at this URL: http://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives +

(SSL) Specifies which ciphers to use in the connection. The list of ciphers must specify valid ciphers. Read up on SSL cipher list details on this URL: https://www.openssl.org/docs/apps/ciphers.html +

NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of NSS ciphers is in the NSSCipherSuite entry at this URL: https://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives

If this option is used several times, the last one will be used.

--compressed

(HTTP) Request a compressed response using one of the algorithms curl supports, and save the uncompressed document. If this option is used and the server sends an unsupported encoding, curl will report an error. @@ -160,9 +160,9 @@

(Added in 7.19.7)

-d, --data <data>

(HTTP) Sends the specified data in a POST request to the HTTP server, in the same way that a browser does when a user has filled in an HTML form and presses the submit button. This will cause curl to pass the data to the server using the content-type application/x-www-form-urlencoded. Compare to -F, --form. -

-d, --data is the same as --data-ascii. To post data purely binary, you should instead use the --data-binary option. To URL-encode the value of a form field you may use --data-urlencode. +

-d, --data is the same as --data-ascii. --data-raw is almost the same but does not have a special interpretation of the @ character. To post data purely binary, you should instead use the --data-binary option. To URL-encode the value of a form field you may use --data-urlencode.

If any of these options is used more than once on the same command line, the data pieces specified will be merged together with a separating &-symbol. Thus, using '-d name=daniel -d skill=lousy' would generate a post chunk that looks like 'name=daniel&skill=lousy'. -

If you start the data with the letter @, the rest should be a file name to read the data from, or - if you want curl to read the data from stdin. Multiple files can also be specified. Posting data from a file named 'foobar' would thus be done with --data @foobar. When --data is told to read from a file like that, carriage returns and newlines will be stripped out. +

If you start the data with the letter @, the rest should be a file name to read the data from, or - if you want curl to read the data from stdin. Multiple files can also be specified. Posting data from a file named 'foobar' would thus be done with --data @foobar. When --data is told to read from a file like that, carriage returns and newlines will be stripped out. If you don't want the @ character to have a special interpretation use --data-raw instead.

-D, --dump-header <file>

Write the protocol headers to the specified file.

This option is handy to use when you want to store the headers that an HTTP site sends to you. Cookies from the headers could then be read in a second curl invocation by using the -b, --cookie option! The -c, --cookie-jar option is a better way to store cookies. @@ -174,6 +174,8 @@

(HTTP) This posts data exactly as specified with no extra processing whatsoever.

If you start the data with the letter @, the rest should be a filename. Data is posted in a similar manner as --data-ascii does, except that newlines and carriage returns are preserved and conversions are never done.

If this option is used several times, the ones following the first will append data as described in -d, --data. +

--data-raw <data> +

(HTTP) This posts data similarly to --data but without the special interpretation of the @ character. See -d, --data. (Added in 7.43.0)

--data-urlencode <data>

(HTTP) This posts data, similar to the other --data options with the exception that this performs URL-encoding. (Added in 7.18.0)

To be CGI-compliant, the <data> part should begin with a name followed by a separator and a content specification. The <data> part can be passed to curl using one of the following syntaxes: @@ -251,8 +253,8 @@

--pinnedpubkey <pinned public key>

(SSL) Tells curl to use the specified public key file to verify the peer. The file must contain a single public key in PEM or DER format.

When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, curl will abort the connection before sending or receiving any data. -

This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends. -

If this option is used several times, the last one will be used. (Added in 7.39.0) +

Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and wolfSSL/CyaSSL. Other SSL backends not supported. +

If this option is used several times, the last one will be used.

--cert-status

(SSL) Tells curl to verify the status of the server certificate by using the Certificate Status Request (aka. OCSP stapling) TLS extension.

If this option is enabled and the server sends an invalid (e.g. expired) response, if the response suggests that the server certificate has been revoked, or no response at all is received, the verification fails. @@ -298,6 +300,8 @@

curl does no CWD at all. curl will do SIZE, RETR, STOR etc and give a full path to the server for all these commands. This is the fastest behavior.

singlecwd

curl does one CWD with the full target directory and then operates on the file "normally" (like in the multicwd case). This is somewhat more standards compliant than 'nocwd' but without the full penalty of 'multicwd'. +

+

(Added in 7.15.1)

--ftp-pasv

(FTP) Use passive mode for the data connection. Passive is the internal default behavior, but using this option can be used to override a previous -P/-ftp-port option. (Added in 7.11.0) @@ -367,7 +371,7 @@ url = "curl.haxx.se" output = "curlhere.html" user-agent = "superagent/1.0" - +  # and fetch another URL too url = "curl.haxx.se/docs/manpage.html" -O @@ -445,7 +449,7 @@

Please note that if FILE protocol is disabled, there is no way to use a local Metalink file at the time of this writing. Also note that if --metalink and --include are used together, --include will be ignored. This is because including headers in the response will break Metalink parser and if the headers are included in the file described in Metalink file, hash check will fail.

(Added in 7.27.0, if built against the libmetalink library.)

-n, --netrc -

Makes curl scan the .netrc (_netrc on Windows) file in the user's home directory for login name and password. This is typically used for FTP on Unix. If used with HTTP, curl will enable user authentication. See netrc(4) or ftp(1) for details on the file format. Curl will not complain if that file doesn't have the right permissions (it should not be either world- or group-readable). The environment variable "HOME" is used to find the home directory. +

Makes curl scan the .netrc (_netrc on Windows) file in the user's home directory for login name and password. This is typically used for FTP on Unix. If used with HTTP, curl will enable user authentication. See netrc(5) ftp(1) for details on the file format. Curl will not complain if that file doesn't have the right permissions (it should not be either world- or group-readable). The environment variable "HOME" is used to find the home directory.

A quick and very simple example of how to setup a .netrc to allow curl to FTP to the machine host.domain.com with user name 'myself' and password 'secret' should look similar to:

machine host.domain.com login myself password secret

-N, --no-buffer @@ -514,6 +518,7 @@

-

make curl pick the same IP address that is already used for the control connection

+

If this option is used several times, the last one will be used. Disable the use of PORT with --ftp-pasv. Disable the attempt to use the EPRT command instead of PORT by using --disable-eprt. EPRT is really PORT++.

Starting in 7.19.5, you can append ":[start]-[end]" to the right of the address, to tell curl what TCP port range to use. That means you specify a port range, from a lower to a higher number. A single number works as well, but do note that it increases the risk of failure since the port may not be available.

--pass <phrase> @@ -559,6 +564,9 @@

Tells curl to use HTTP Negotiate (SPNEGO) authentication when communicating with the given proxy. Use --negotiate for enabling HTTP Negotiate (SPNEGO) with a remote host. (Added in 7.17.1)

--proxy-ntlm

Tells curl to use HTTP NTLM authentication when communicating with the given proxy. Use --ntlm for enabling NTLM with a remote host. +

--proxy-service-name <servicename> +

This option allows you to change the service name for proxy negotiation. +

Examples: --proxy-negotiate proxy-name --proxy-service-name sockd would use sockd/proxy-name. (Added in 7.43.0).

--proxy1.0 <proxyhost[:port]>

Use the specified HTTP 1.0 proxy. If the port number is not specified, it is assumed at port 1080.

The only difference between this and the HTTP proxy option (-x, --proxy), is that attempts to use CONNECT through the proxy will specify an HTTP 1.0 protocol instead of the default HTTP 1.1. @@ -604,6 +612,7 @@

500-700,600-799 specifies 300 bytes from offset 500(H)

100-199,500-599 specifies two separate 100-byte ranges(*)(H)

+

(*) = NOTE that this will cause the server to reply with a multipart response!

Only digit characters (0-9) are valid in the 'start' and 'stop' fields of the 'start-stop' range syntax. If a non-digit character is given in the range, the server's response will be unspecified, depending on the server's configuration.

You should also be aware that many HTTP/1.1 servers do not have this feature enabled, so that when you attempt to get a range, you'll instead get the whole document. @@ -635,6 +644,9 @@

Silent or quiet mode. Don't show progress meter or error messages. Makes Curl mute. It will still output the data you ask for, potentially even to the terminal/stdout unless you redirect it.

--sasl-ir

Enable initial response in SASL authentication. (Added in 7.31.0) +

--service-name <servicename> +

This option allows you to change the service name for SPNEGO. +

Examples: --negotiate --service-name sockd would use sockd/server-name. (Added in 7.43.0).

-S, --show-error

When used with -s it makes curl show an error message if it fails.

--ssl @@ -776,6 +788,7 @@

time_total The total time, in seconds, that the full operation lasted. The time will be displayed with millisecond resolution.

url_effective The URL that was fetched last. This is most meaningful if you've told curl to follow location: headers.

+

If this option is used several times, the last one will be used.

-x, --proxy <[protocol://][user:password@]proxyhost[:port]>

Use the specified proxy. Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/curl.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/curl.pdf differ diff -Nru curl-7.42.1/docs/DISTRO-DILEMMA curl-7.43.0/docs/DISTRO-DILEMMA --- curl-7.42.1/docs/DISTRO-DILEMMA 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/DISTRO-DILEMMA 2015-06-16 07:13:02.000000000 +0000 @@ -112,7 +112,7 @@ In Debian land, there seems to be a common opinion that LGPL is "maximally compatible" with apps while Original BSD is not. Like this: - http://lists.debian.org/debian-devel/2005/09/msg01417.html + https://lists.debian.org/debian-devel/2005/09/msg01417.html More SSL Libraries @@ -163,13 +163,13 @@ Footnotes [1] = http://www.xfree86.org/3.3.6/COPYRIGHT2.html#6 - [2] = http://www.fsf.org/licensing/essays/bsd.html - [3] = http://www.fsf.org/licensing/licenses/gpl.html + [2] = https://www.gnu.org/philosophy/bsd.html + [3] = https://www.gnu.org/licenses/gpl.html [4] = http://curl.haxx.se/docs/copyright.html - [5] = http://www.openssl.org/source/license.html - [6] = http://www.fsf.org/licensing/licenses/gpl.html end of section 3 - [7] = http://www.fsf.org/licensing/licenses/lgpl.html - [8] = http://en.wikipedia.org/wiki/OpenSSL_exception + [5] = https://www.openssl.org/source/license.html + [6] = https://www.gnu.org/licenses/gpl.html end of section 3 + [7] = https://www.gnu.org/licenses/lgpl.html + [8] = https://en.wikipedia.org/wiki/OpenSSL_exception Feedback/Updates provided by diff -Nru curl-7.42.1/docs/examples/cookie_interface.c curl-7.43.0/docs/examples/cookie_interface.c --- curl-7.42.1/docs/examples/cookie_interface.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/cookie_interface.c 2015-06-11 17:50:43.000000000 +0000 @@ -96,7 +96,12 @@ return 1; } - /* HTTP-header style cookie */ + /* HTTP-header style cookie. If you use the Set-Cookie format and don't + specify a domain then the cookie is sent for any domain and will not be + modified, likely not what you intended. Starting in 7.43.0 any-domain + cookies will not be exported either. For more information refer to the + CURLOPT_COOKIELIST documentation. + */ snprintf(nline, sizeof(nline), "Set-Cookie: OLD_PREF=3d141414bf4209321; " "expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com"); diff -Nru curl-7.42.1/docs/examples/curlx.c curl-7.43.0/docs/examples/curlx.c --- curl-7.42.1/docs/examples/curlx.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/curlx.c 2015-06-14 21:31:01.000000000 +0000 @@ -490,7 +490,7 @@ BIO_printf(p.errorbio,"the response has a correct mimetype : %s\n", response); else - BIO_printf(p.errorbio,"the reponse doesn\'t has an acceptable " + BIO_printf(p.errorbio,"the response doesn\'t have an acceptable " "mime type, it is %s instead of %s\n", response,mimetypeaccept); } diff -Nru curl-7.42.1/docs/examples/fopen.c curl-7.43.0/docs/examples/fopen.c --- curl-7.42.1/docs/examples/fopen.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/fopen.c 2015-06-14 21:31:01.000000000 +0000 @@ -108,7 +108,7 @@ size=rembuff; } else { - /* realloc suceeded increase buffer size*/ + /* realloc succeeded increase buffer size*/ url->buffer_len+=size - rembuff; url->buffer=newbuff; } @@ -131,7 +131,7 @@ CURLMcode mc; /* curl_multi_fdset() return code */ /* only attempt to fill buffer if transactions still running and buffer - * doesnt exceed required size already + * doesn't exceed required size already */ if((!file->still_running) || (file->buffer_pos > want)) return 0; @@ -205,7 +205,7 @@ } /* use to remove want bytes from the front of a files buffer */ -static int use_buffer(URL_FILE *file,int want) +static int use_buffer(URL_FILE *file, size_t want) { /* sort out buffer */ if((file->buffer_pos - want) <=0) { @@ -229,7 +229,7 @@ URL_FILE *url_fopen(const char *url,const char *operation) { /* this code could check for URLs or types in the 'url' and - basicly use the real fopen() for standard files */ + basically use the real fopen() for standard files */ URL_FILE *file; (void)operation; @@ -375,7 +375,7 @@ switch(file->type) { case CFTYPE_FILE: - ptr = fgets(ptr,size,file->handle.file); + ptr = fgets(ptr, (int)size, file->handle.file); break; case CFTYPE_CURL: @@ -451,7 +451,7 @@ URL_FILE *handle; FILE *outf; - int nread; + size_t nread; char buffer[256]; const char *url; @@ -499,7 +499,7 @@ } do { - nread = url_fread(buffer, 1,sizeof(buffer), handle); + nread = url_fread(buffer, 1, sizeof(buffer), handle); fwrite(buffer,1,nread,outf); } while(nread); diff -Nru curl-7.42.1/docs/examples/ftpget.c curl-7.43.0/docs/examples/ftpget.c --- curl-7.42.1/docs/examples/ftpget.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/ftpget.c 2015-06-14 21:31:01.000000000 +0000 @@ -53,7 +53,7 @@ CURL *curl; CURLcode res; struct FtpFile ftpfile={ - "curl.tar.gz", /* name to store the file as if succesful */ + "curl.tar.gz", /* name to store the file as if successful */ NULL }; diff -Nru curl-7.42.1/docs/examples/ftpsget.c curl-7.43.0/docs/examples/ftpsget.c --- curl-7.42.1/docs/examples/ftpsget.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/ftpsget.c 2015-06-14 21:31:01.000000000 +0000 @@ -55,7 +55,7 @@ CURL *curl; CURLcode res; struct FtpFile ftpfile={ - "yourfile.bin", /* name to store the file as if succesful */ + "yourfile.bin", /* name to store the file as if successful */ NULL }; diff -Nru curl-7.42.1/docs/examples/http2-download.c curl-7.43.0/docs/examples/http2-download.c --- curl-7.42.1/docs/examples/http2-download.c 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/examples/http2-download.c 2015-06-11 17:50:43.000000000 +0000 @@ -0,0 +1,288 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include +#include + +/* somewhat unix-specific */ +#include +#include + +/* curl stuff */ +#include + +#ifndef CURLPIPE_MULTIPLEX +/* This little trick will just make sure that we don't enable pipelining for + libcurls old enough to not have this symbol. It is _not_ defined to zero in + a recent libcurl header. */ +#define CURLPIPE_MULTIPLEX 0 +#endif + +#define NUM_HANDLES 1000 + +void *curl_hnd[NUM_HANDLES]; +int num_transfers; + +/* a handle to number lookup, highly ineffective when we do many + transfers... */ +static int hnd2num(CURL *hnd) +{ + int i; + for(i=0; i< num_transfers; i++) { + if(curl_hnd[i] == hnd) + return i; + } + return 0; /* weird, but just a fail-safe */ +} + +static +void dump(const char *text, int num, unsigned char *ptr, size_t size, + char nohex) +{ + size_t i; + size_t c; + + unsigned int width=0x10; + + if(nohex) + /* without the hex output, we can fit more on screen */ + width = 0x40; + + fprintf(stderr, "%d %s, %ld bytes (0x%lx)\n", + num, text, (long)size, (long)size); + + for(i=0; i=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.'); + /* check again for 0D0A, to avoid an extra \n if it's at width */ + if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) { + i+=(c+3-width); + break; + } + } + fputc('\n', stderr); /* newline */ + } +} + +static +int my_trace(CURL *handle, curl_infotype type, + char *data, size_t size, + void *userp) +{ + const char *text; + int num = hnd2num(handle); + (void)handle; /* prevent compiler warning */ + (void)userp; + switch (type) { + case CURLINFO_TEXT: + fprintf(stderr, "== %d Info: %s", num, data); + default: /* in case a new one is introduced to shock us */ + return 0; + + case CURLINFO_HEADER_OUT: + text = "=> Send header"; + break; + case CURLINFO_DATA_OUT: + text = "=> Send data"; + break; + case CURLINFO_SSL_DATA_OUT: + text = "=> Send SSL data"; + break; + case CURLINFO_HEADER_IN: + text = "<= Recv header"; + break; + case CURLINFO_DATA_IN: + text = "<= Recv data"; + break; + case CURLINFO_SSL_DATA_IN: + text = "<= Recv SSL data"; + break; + } + + dump(text, num, (unsigned char *)data, size, 1); + return 0; +} + +static void setup(CURL *hnd, int num) +{ + FILE *out; + char filename[128]; + + sprintf(filename, "dl-%d", num); + + out = fopen(filename, "wb"); + + /* write to this file */ + curl_easy_setopt(hnd, CURLOPT_WRITEDATA, out); + + /* set the same URL */ + curl_easy_setopt(hnd, CURLOPT_URL, "https://localhost:8443/index.html"); + + /* send it verbose for max debuggaility */ + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(hnd, CURLOPT_DEBUGFUNCTION, my_trace); + + /* HTTP/2 please */ + curl_easy_setopt(hnd, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0); + + /* we use a self-signed test server, skip verification during debugging */ + curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 0L); + +#if (CURLPIPE_MULTIPLEX > 0) + /* wait for pipe connection to confirm */ + curl_easy_setopt(hnd, CURLOPT_PIPEWAIT, 1L); +#endif + + curl_hnd[num] = hnd; +} + +/* + * Simply download two files over HTTP/2, using the same physical connection! + */ +int main(int argc, char **argv) +{ + CURL *easy[NUM_HANDLES]; + CURLM *multi_handle; + int i; + int still_running; /* keep number of running handles */ + + if(argc > 1) + /* if given a number, do that many transfers */ + num_transfers = atoi(argv[1]); + + if(!num_transfers || (num_transfers > NUM_HANDLES)) + num_transfers = 3; /* a suitable low default */ + + /* init a multi stack */ + multi_handle = curl_multi_init(); + + for(i=0; i= 0) { + timeout.tv_sec = curl_timeo / 1000; + if(timeout.tv_sec > 1) + timeout.tv_sec = 1; + else + timeout.tv_usec = (curl_timeo % 1000) * 1000; + } + + /* get file descriptors from the transfers */ + mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd); + + if(mc != CURLM_OK) + { + fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc); + break; + } + + /* On success the value of maxfd is guaranteed to be >= -1. We call + select(maxfd + 1, ...); specially in case of (maxfd == -1) there are + no fds ready yet so we call select(0, ...) --or Sleep() on Windows-- + to sleep 100ms, which is the minimum suggested value in the + curl_multi_fdset() doc. */ + + if(maxfd == -1) { +#ifdef _WIN32 + Sleep(100); + rc = 0; +#else + /* Portable sleep for platforms other than Windows. */ + struct timeval wait = { 0, 100 * 1000 }; /* 100ms */ + rc = select(0, NULL, NULL, NULL, &wait); +#endif + } + else { + /* Note that on some platforms 'timeout' may be modified by select(). + If you need access to the original value save a copy beforehand. */ + rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout); + } + + switch(rc) { + case -1: + /* select error */ + break; + case 0: + default: + /* timeout or readable/writable sockets */ + curl_multi_perform(multi_handle, &still_running); + break; + } + } while(still_running); + + curl_multi_cleanup(multi_handle); + + for(i=0; i, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include +#include +#include +#include + +/* somewhat unix-specific */ +#include +#include + +/* curl stuff */ +#include + +#ifndef CURLPIPE_MULTIPLEX +/* This little trick will just make sure that we don't enable pipelining for + libcurls old enough to not have this symbol. It is _not_ defined to zero in + a recent libcurl header. */ +#define CURLPIPE_MULTIPLEX 0 +#endif + +#define NUM_HANDLES 1000 + +void *curl_hnd[NUM_HANDLES]; +int num_transfers; + +/* a handle to number lookup, highly ineffective when we do many + transfers... */ +static int hnd2num(CURL *hnd) +{ + int i; + for(i=0; i< num_transfers; i++) { + if(curl_hnd[i] == hnd) + return i; + } + return 0; /* weird, but just a fail-safe */ +} + +static +void dump(const char *text, int num, unsigned char *ptr, size_t size, + char nohex) +{ + size_t i; + size_t c; + unsigned int width=0x10; + + if(nohex) + /* without the hex output, we can fit more on screen */ + width = 0x40; + + fprintf(stderr, "%d %s, %ld bytes (0x%lx)\n", + num, text, (long)size, (long)size); + + for(i=0; i=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.'); + /* check again for 0D0A, to avoid an extra \n if it's at width */ + if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) { + i+=(c+3-width); + break; + } + } + fputc('\n', stderr); /* newline */ + } +} + +static +int my_trace(CURL *handle, curl_infotype type, + char *data, size_t size, + void *userp) +{ + char timebuf[20]; + const char *text; + int num = hnd2num(handle); + static time_t epoch_offset; + static int known_offset; + struct timeval tv; + time_t secs; + struct tm *now; + + (void)handle; /* prevent compiler warning */ + (void)userp; + + gettimeofday(&tv, NULL); + if(!known_offset) { + epoch_offset = time(NULL) - tv.tv_sec; + known_offset = 1; + } + secs = epoch_offset + tv.tv_sec; + now = localtime(&secs); /* not thread safe but we don't care */ + snprintf(timebuf, sizeof(timebuf), "%02d:%02d:%02d.%06ld", + now->tm_hour, now->tm_min, now->tm_sec, (long)tv.tv_usec); + + switch (type) { + case CURLINFO_TEXT: + fprintf(stderr, "%s [%d] Info: %s", timebuf, num, data); + default: /* in case a new one is introduced to shock us */ + return 0; + + case CURLINFO_HEADER_OUT: + text = "=> Send header"; + break; + case CURLINFO_DATA_OUT: + text = "=> Send data"; + break; + case CURLINFO_SSL_DATA_OUT: + text = "=> Send SSL data"; + break; + case CURLINFO_HEADER_IN: + text = "<= Recv header"; + break; + case CURLINFO_DATA_IN: + text = "<= Recv data"; + break; + case CURLINFO_SSL_DATA_IN: + text = "<= Recv SSL data"; + break; + } + + dump(text, num, (unsigned char *)data, size, 1); + return 0; +} + +struct input { + FILE *in; + size_t bytes_read; /* count up */ + CURL *hnd; +}; + +static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp) +{ + struct input *i = userp; + size_t retcode = fread(ptr, size, nmemb, i->in); + i->bytes_read += retcode; + return retcode; +} + +struct input indata[NUM_HANDLES]; + +static void setup(CURL *hnd, int num, const char *upload) +{ + FILE *out; + char url[256]; + char filename[128]; + struct stat file_info; + curl_off_t uploadsize; + + sprintf(filename, "dl-%d", num); + out = fopen(filename, "wb"); + + sprintf(url, "https://localhost:8443/upload-%d", num); + + /* get the file size of the local file */ + stat(upload, &file_info); + uploadsize = file_info.st_size; + + indata[num].in = fopen(upload, "rb"); + indata[num].hnd = hnd; + + /* write to this file */ + curl_easy_setopt(hnd, CURLOPT_WRITEDATA, out); + + /* we want to use our own read function */ + curl_easy_setopt(hnd, CURLOPT_READFUNCTION, read_callback); + /* read from this file */ + curl_easy_setopt(hnd, CURLOPT_READDATA, &indata[num]); + /* provide the size of the upload */ + curl_easy_setopt(hnd, CURLOPT_INFILESIZE_LARGE, uploadsize); + + /* send in the URL to store the upload as */ + curl_easy_setopt(hnd, CURLOPT_URL, url); + + /* upload please */ + curl_easy_setopt(hnd, CURLOPT_UPLOAD, 1L); + + /* send it verbose for max debuggaility */ + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(hnd, CURLOPT_DEBUGFUNCTION, my_trace); + + /* HTTP/2 please */ + curl_easy_setopt(hnd, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0); + + /* we use a self-signed test server, skip verification during debugging */ + curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 0L); + +#if (CURLPIPE_MULTIPLEX > 0) + /* wait for pipe connection to confirm */ + curl_easy_setopt(hnd, CURLOPT_PIPEWAIT, 1L); +#endif + + curl_hnd[num] = hnd; +} + +/* + * Upload all files over HTTP/2, using the same physical connection! + */ +int main(int argc, char **argv) +{ + CURL *easy[NUM_HANDLES]; + CURLM *multi_handle; + int i; + int still_running; /* keep number of running handles */ + const char *filename = "index.html"; + + if(argc > 1) + /* if given a number, do that many transfers */ + num_transfers = atoi(argv[1]); + + if(argc > 2) + /* if given a file name, upload this! */ + filename = argv[2]; + + if(!num_transfers || (num_transfers > NUM_HANDLES)) + num_transfers = 3; /* a suitable low default */ + + /* init a multi stack */ + multi_handle = curl_multi_init(); + + for(i=0; i= 0) { + timeout.tv_sec = curl_timeo / 1000; + if(timeout.tv_sec > 1) + timeout.tv_sec = 1; + else + timeout.tv_usec = (curl_timeo % 1000) * 1000; + } + + /* get file descriptors from the transfers */ + mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd); + + if(mc != CURLM_OK) + { + fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc); + break; + } + + /* On success the value of maxfd is guaranteed to be >= -1. We call + select(maxfd + 1, ...); specially in case of (maxfd == -1) there are + no fds ready yet so we call select(0, ...) --or Sleep() on Windows-- + to sleep 100ms, which is the minimum suggested value in the + curl_multi_fdset() doc. */ + + if(maxfd == -1) { +#ifdef _WIN32 + Sleep(100); + rc = 0; +#else + /* Portable sleep for platforms other than Windows. */ + struct timeval wait = { 0, 100 * 1000 }; /* 100ms */ + rc = select(0, NULL, NULL, NULL, &wait); +#endif + } + else { + /* Note that on some platforms 'timeout' may be modified by select(). + If you need access to the original value save a copy beforehand. */ + rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout); + } + + switch(rc) { + case -1: + /* select error */ + break; + case 0: + default: + /* timeout or readable/writable sockets */ + curl_multi_perform(multi_handle, &still_running); + break; + } + } while(still_running); + + curl_multi_cleanup(multi_handle); + + for(i=0; i, et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -123,8 +123,7 @@ host_triplet = @host@ @USE_CPPFLAG_CURL_STATICLIB_TRUE@am__append_1 = -DCURL_STATICLIB DIST_COMMON = $(srcdir)/Makefile.inc $(srcdir)/Makefile.in \ - $(srcdir)/Makefile.am $(top_srcdir)/mkinstalldirs \ - $(top_srcdir)/depcomp README + $(srcdir)/Makefile.am $(top_srcdir)/depcomp README check_PROGRAMS = 10-at-a-time$(EXEEXT) anyauthput$(EXEEXT) \ cookie_interface$(EXEEXT) debug$(EXEEXT) fileupload$(EXEEXT) \ fopen$(EXEEXT) ftpget$(EXEEXT) ftpgetresp$(EXEEXT) \ @@ -149,7 +148,8 @@ imap-search$(EXEEXT) imap-create$(EXEEXT) imap-delete$(EXEEXT) \ imap-copy$(EXEEXT) imap-noop$(EXEEXT) imap-ssl$(EXEEXT) \ imap-tls$(EXEEXT) imap-multi$(EXEEXT) url2file$(EXEEXT) \ - sftpget$(EXEEXT) ftpsget$(EXEEXT) postinmemory$(EXEEXT) + sftpget$(EXEEXT) ftpsget$(EXEEXT) postinmemory$(EXEEXT) \ + http2-download$(EXEEXT) http2-upload$(EXEEXT) subdir = docs/examples ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ @@ -171,7 +171,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = @@ -304,6 +304,20 @@ @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@http_post_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +http2_download_SOURCES = http2-download.c +http2_download_OBJECTS = http2-download.$(OBJEXT) +http2_download_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@http2_download_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@http2_download_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +http2_upload_SOURCES = http2-upload.c +http2_upload_OBJECTS = http2-upload.$(OBJEXT) +http2_upload_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@http2_upload_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@http2_upload_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la httpcustomheader_SOURCES = httpcustomheader.c httpcustomheader_OBJECTS = httpcustomheader.$(OBJEXT) httpcustomheader_LDADD = $(LDADD) @@ -703,14 +717,14 @@ cookie_interface.c debug.c externalsocket.c fileupload.c \ fopen.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c \ ftpsget.c ftpupload.c getinfo.c getinmemory.c http-post.c \ - httpcustomheader.c httpput.c https.c imap-append.c imap-copy.c \ - imap-create.c imap-delete.c imap-examine.c imap-fetch.c \ - imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c \ - imap-ssl.c imap-store.c imap-tls.c multi-app.c \ - multi-debugcallback.c multi-double.c multi-post.c \ - multi-single.c persistant.c pop3-dele.c pop3-list.c \ - pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c \ - pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c \ + http2-download.c http2-upload.c httpcustomheader.c httpput.c \ + https.c imap-append.c imap-copy.c imap-create.c imap-delete.c \ + imap-examine.c imap-fetch.c imap-list.c imap-lsub.c \ + imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c \ + imap-tls.c multi-app.c multi-debugcallback.c multi-double.c \ + multi-post.c multi-single.c persistant.c pop3-dele.c \ + pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c \ + pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c \ postinmemory.c postit2.c progressfunc.c resolve.c rtsp.c \ sendrecv.c sepheaders.c sftpget.c simple.c simplepost.c \ simplessl.c smtp-expn.c smtp-mail.c smtp-multi.c smtp-ssl.c \ @@ -719,14 +733,14 @@ cookie_interface.c debug.c externalsocket.c fileupload.c \ fopen.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c \ ftpsget.c ftpupload.c getinfo.c getinmemory.c http-post.c \ - httpcustomheader.c httpput.c https.c imap-append.c imap-copy.c \ - imap-create.c imap-delete.c imap-examine.c imap-fetch.c \ - imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c \ - imap-ssl.c imap-store.c imap-tls.c multi-app.c \ - multi-debugcallback.c multi-double.c multi-post.c \ - multi-single.c persistant.c pop3-dele.c pop3-list.c \ - pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c \ - pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c \ + http2-download.c http2-upload.c httpcustomheader.c httpput.c \ + https.c imap-append.c imap-copy.c imap-create.c imap-delete.c \ + imap-examine.c imap-fetch.c imap-list.c imap-lsub.c \ + imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c \ + imap-tls.c multi-app.c multi-debugcallback.c multi-double.c \ + multi-post.c multi-single.c persistant.c pop3-dele.c \ + pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c \ + pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c \ postinmemory.c postit2.c progressfunc.c resolve.c rtsp.c \ sendrecv.c sepheaders.c sftpget.c simple.c simplepost.c \ simplessl.c smtp-expn.c smtp-mail.c smtp-multi.c smtp-ssl.c \ @@ -1092,6 +1106,14 @@ @rm -f http-post$(EXEEXT) $(AM_V_CCLD)$(LINK) $(http_post_OBJECTS) $(http_post_LDADD) $(LIBS) +http2-download$(EXEEXT): $(http2_download_OBJECTS) $(http2_download_DEPENDENCIES) $(EXTRA_http2_download_DEPENDENCIES) + @rm -f http2-download$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(http2_download_OBJECTS) $(http2_download_LDADD) $(LIBS) + +http2-upload$(EXEEXT): $(http2_upload_OBJECTS) $(http2_upload_DEPENDENCIES) $(EXTRA_http2_upload_DEPENDENCIES) + @rm -f http2-upload$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(http2_upload_OBJECTS) $(http2_upload_LDADD) $(LIBS) + httpcustomheader$(EXEEXT): $(httpcustomheader_OBJECTS) $(httpcustomheader_DEPENDENCIES) $(EXTRA_httpcustomheader_DEPENDENCIES) @rm -f httpcustomheader$(EXEEXT) $(AM_V_CCLD)$(LINK) $(httpcustomheader_OBJECTS) $(httpcustomheader_LDADD) $(LIBS) @@ -1324,6 +1346,8 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getinfo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getinmemory.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/http-post.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/http2-download.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/http2-upload.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/httpcustomheader.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/httpput.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/https.Po@am__quote@ diff -Nru curl-7.42.1/docs/examples/Makefile.inc curl-7.43.0/docs/examples/Makefile.inc --- curl-7.42.1/docs/examples/Makefile.inc 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/Makefile.inc 2015-06-12 12:57:28.000000000 +0000 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -31,7 +31,8 @@ pop3-dele pop3-top pop3-stat pop3-noop pop3-ssl pop3-tls pop3-multi \ imap-list imap-lsub imap-fetch imap-store imap-append imap-examine \ imap-search imap-create imap-delete imap-copy imap-noop imap-ssl \ - imap-tls imap-multi url2file sftpget ftpsget postinmemory + imap-tls imap-multi url2file sftpget ftpsget postinmemory http2-download \ + http2-upload # These examples require external dependencies that may not be commonly # available on POSIX systems, so don't bother attempting to compile them here. diff -Nru curl-7.42.1/docs/examples/Makefile.m32 curl-7.43.0/docs/examples/Makefile.m32 --- curl-7.42.1/docs/examples/Makefile.m32 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/Makefile.m32 2015-06-11 17:50:43.000000000 +0000 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -21,7 +21,7 @@ ########################################################################### # ## Makefile for building curl examples with MingW (GCC-3.2 or later) -## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3) +## and optionally OpenSSL (1.0.2a), libssh2 (1.5), zlib (1.2.8), librtmp (2.4) ## ## Usage: mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...] ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn @@ -38,23 +38,23 @@ endif # Edit the path below to point to the base of your OpenSSL package. ifndef OPENSSL_PATH -OPENSSL_PATH = ../../../openssl-0.9.8zc +OPENSSL_PATH = ../../../openssl-1.0.2a endif # Edit the path below to point to the base of your LibSSH2 package. ifndef LIBSSH2_PATH -LIBSSH2_PATH = ../../../libssh2-1.4.3 +LIBSSH2_PATH = ../../../libssh2-1.5.0 endif # Edit the path below to point to the base of your librtmp package. ifndef LIBRTMP_PATH -LIBRTMP_PATH = ../../../librtmp-2.3 +LIBRTMP_PATH = ../../../librtmp-2.4 endif # Edit the path below to point to the base of your libidn package. ifndef LIBIDN_PATH -LIBIDN_PATH = ../../../libidn-1.18 +LIBIDN_PATH = ../../../libidn-1.30 endif # Edit the path below to point to the base of your MS IDN package. # Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1 -# http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815 +# https://www.microsoft.com/en-us/download/details.aspx?id=734 ifndef WINIDN_PATH WINIDN_PATH = ../../../Microsoft IDN Mitigation APIs endif @@ -62,6 +62,10 @@ ifndef LDAP_SDK LDAP_SDK = c:/novell/ndk/cldapsdk/win32 endif +# Edit the path below to point to the base of your nghttp2 package. +ifndef NGHTTP2_PATH +NGHTTP2_PATH = ../../../nghttp2-1.0.0 +endif PROOT = ../.. @@ -72,14 +76,24 @@ # Edit the var below to set to your architecture or set environment var. ifndef ARCH -ARCH = w32 +ifeq ($(findstring x86_64,$(shell $(CC) -dumpmachine)),x86_64) +ARCH = w64 +else +ARCH = w32 +endif endif CC = $(CROSSPREFIX)gcc CFLAGS = -g -O2 -Wall CFLAGS += -fno-strict-aliasing ifeq ($(ARCH),w64) -CFLAGS += -D_AMD64_ +CFLAGS += -m64 -D_AMD64_ +LDFLAGS += -m64 +RCFLAGS += -F pe-x86-64 +else +CFLAGS += -m32 +LDFLAGS += -m32 +RCFLAGS += -F pe-i386 endif # comment LDFLAGS below to keep debug info LDFLAGS = -s @@ -158,9 +172,12 @@ METALINK = 1 endif ifeq ($(findstring -winssl,$(CFG)),-winssl) -SCHANNEL = 1 +WINSSL = 1 SSPI = 1 endif +ifeq ($(findstring -nghttp2,$(CFG)),-nghttp2) +NGHTTP2 = 1 +endif INCLUDES = -I. -I$(PROOT) -I$(PROOT)/include -I$(PROOT)/lib @@ -184,6 +201,10 @@ CFLAGS += -DUSE_LIBRTMP curl_LDADD += -L"$(LIBRTMP_PATH)/librtmp" -lrtmp -lwinmm endif +ifdef NGHTTP2 + CFLAGS += -DUSE_NGHTTP2 + curl_LDADD += -L"$(NGHTTP2_PATH)/lib" -lnghttp2 +endif ifdef SSH2 CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H curl_LDADD += -L"$(LIBSSH2_PATH)/win32" -lssh2 @@ -204,7 +225,7 @@ ifndef DYN OPENSSL_LIBS += -lgdi32 -lcrypt32 endif - CFLAGS += -DUSE_SSLEAY + CFLAGS += -DUSE_OPENSSL curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS) endif ifdef ZLIB @@ -223,7 +244,7 @@ endif ifdef SSPI CFLAGS += -DUSE_WINDOWS_SSPI - ifdef SCHANNEL + ifdef WINSSL CFLAGS += -DUSE_SCHANNEL endif endif diff -Nru curl-7.42.1/docs/examples/Makefile.netware curl-7.43.0/docs/examples/Makefile.netware --- curl-7.42.1/docs/examples/Makefile.netware 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/Makefile.netware 2015-06-11 17:50:43.000000000 +0000 @@ -19,12 +19,12 @@ # Edit the path below to point to the base of your OpenSSL package. ifndef OPENSSL_PATH -OPENSSL_PATH = ../../../openssl-0.9.8zc +OPENSSL_PATH = ../../../openssl-1.0.2a endif # Edit the path below to point to the base of your LibSSH2 package. ifndef LIBSSH2_PATH -LIBSSH2_PATH = ../../../libssh2-1.4.3 +LIBSSH2_PATH = ../../../libssh2-1.5.0 endif # Edit the path below to point to the base of your axTLS package. @@ -34,12 +34,12 @@ # Edit the path below to point to the base of your libidn package. ifndef LIBIDN_PATH -LIBIDN_PATH = ../../../libidn-1.18 +LIBIDN_PATH = ../../../libidn-1.30 endif # Edit the path below to point to the base of your librtmp package. ifndef LIBRTMP_PATH -LIBRTMP_PATH = ../../../librtmp-2.3 +LIBRTMP_PATH = ../../../librtmp-2.4 endif # Edit the path below to point to the base of your fbopenssl package. diff -Nru curl-7.42.1/docs/examples/multi-post.c curl-7.43.0/docs/examples/multi-post.c --- curl-7.42.1/docs/examples/multi-post.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/multi-post.c 2015-06-14 21:31:01.000000000 +0000 @@ -64,7 +64,7 @@ curl = curl_easy_init(); multi_handle = curl_multi_init(); - /* initalize custom header list (stating that Expect: 100-continue is not + /* initialize custom header list (stating that Expect: 100-continue is not wanted */ headerlist = curl_slist_append(headerlist, buf); if(curl && multi_handle) { diff -Nru curl-7.42.1/docs/examples/multi-single.c curl-7.43.0/docs/examples/multi-single.c --- curl-7.42.1/docs/examples/multi-single.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/multi-single.c 2015-06-14 21:31:01.000000000 +0000 @@ -81,7 +81,7 @@ } /* 'numfds' being zero means either a timeout or no file descriptors to - wait for. Try timeout on first occurance, then assume no file + wait for. Try timeout on first occurrence, then assume no file descriptors and no file descriptors to wait for means wait for 100 milliseconds. */ diff -Nru curl-7.42.1/docs/examples/pop3-multi.c curl-7.43.0/docs/examples/pop3-multi.c --- curl-7.42.1/docs/examples/pop3-multi.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/pop3-multi.c 2015-06-14 21:31:01.000000000 +0000 @@ -69,7 +69,7 @@ curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - /* This will retreive message 1 from the user's mailbox */ + /* This will retrieve message 1 from the user's mailbox */ curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1"); /* Tell the multi stack about our easy handle */ diff -Nru curl-7.42.1/docs/examples/pop3-retr.c curl-7.43.0/docs/examples/pop3-retr.c --- curl-7.42.1/docs/examples/pop3-retr.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/pop3-retr.c 2015-06-14 21:31:01.000000000 +0000 @@ -39,7 +39,7 @@ curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - /* This will retreive message 1 from the user's mailbox */ + /* This will retrieve message 1 from the user's mailbox */ curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1"); /* Perform the retr */ diff -Nru curl-7.42.1/docs/examples/pop3-ssl.c curl-7.43.0/docs/examples/pop3-ssl.c --- curl-7.42.1/docs/examples/pop3-ssl.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/pop3-ssl.c 2015-06-14 21:31:01.000000000 +0000 @@ -40,7 +40,7 @@ curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - /* This will retreive message 1 from the user's mailbox. Note the use of + /* This will retrieve message 1 from the user's mailbox. Note the use of * pop3s:// rather than pop3:// to request a SSL based connection. */ curl_easy_setopt(curl, CURLOPT_URL, "pop3s://pop.example.com/1"); @@ -60,7 +60,7 @@ * they have mentioned in their server certificate's commonName (or * subjectAltName) fields, libcurl will refuse to connect. You can skip * this check, but this will make the connection less secure. */ -#ifdef SKIP_HOSTNAME_VERFICATION +#ifdef SKIP_HOSTNAME_VERIFICATION curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); #endif diff -Nru curl-7.42.1/docs/examples/pop3-tls.c curl-7.43.0/docs/examples/pop3-tls.c --- curl-7.42.1/docs/examples/pop3-tls.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/pop3-tls.c 2015-06-14 21:31:01.000000000 +0000 @@ -40,7 +40,7 @@ curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - /* This will retreive message 1 from the user's mailbox */ + /* This will retrieve message 1 from the user's mailbox */ curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1"); /* In this example, we'll start with a plain text connection, and upgrade diff -Nru curl-7.42.1/docs/examples/postit2.c curl-7.43.0/docs/examples/postit2.c --- curl-7.42.1/docs/examples/postit2.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/postit2.c 2015-06-14 21:31:01.000000000 +0000 @@ -73,7 +73,7 @@ CURLFORM_END); curl = curl_easy_init(); - /* initalize custom header list (stating that Expect: 100-continue is not + /* initialize custom header list (stating that Expect: 100-continue is not wanted */ headerlist = curl_slist_append(headerlist, buf); if(curl) { diff -Nru curl-7.42.1/docs/examples/sftpget.c curl-7.43.0/docs/examples/sftpget.c --- curl-7.42.1/docs/examples/sftpget.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/sftpget.c 2015-06-14 21:31:01.000000000 +0000 @@ -58,7 +58,7 @@ CURL *curl; CURLcode res; struct FtpFile ftpfile={ - "yourfile.bin", /* name to store the file as if succesful */ + "yourfile.bin", /* name to store the file as if successful */ NULL }; diff -Nru curl-7.42.1/docs/examples/smtp-mail.c curl-7.43.0/docs/examples/smtp-mail.c --- curl-7.42.1/docs/examples/smtp-mail.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/smtp-mail.c 2015-06-14 21:31:01.000000000 +0000 @@ -24,7 +24,7 @@ #include /* This is a simple example showing how to send mail using libcurl's SMTP - * capabilities. For an exmaple of using the multi interface please see + * capabilities. For an example of using the multi interface please see * smtp-multi.c. * * Note that this example requires libcurl 7.20.0 or above. diff -Nru curl-7.42.1/docs/examples/smtp-ssl.c curl-7.43.0/docs/examples/smtp-ssl.c --- curl-7.42.1/docs/examples/smtp-ssl.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/smtp-ssl.c 2015-06-14 21:31:01.000000000 +0000 @@ -111,7 +111,7 @@ * they have mentioned in their server certificate's commonName (or * subjectAltName) fields, libcurl will refuse to connect. You can skip * this check, but this will make the connection less secure. */ -#ifdef SKIP_HOSTNAME_VERFICATION +#ifdef SKIP_HOSTNAME_VERIFICATION curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); #endif diff -Nru curl-7.42.1/docs/examples/xmlstream.c curl-7.43.0/docs/examples/xmlstream.c --- curl-7.42.1/docs/examples/xmlstream.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/examples/xmlstream.c 2015-06-14 21:31:01.000000000 +0000 @@ -120,7 +120,7 @@ XML_SetElementHandler(parser, startElement, endElement); XML_SetCharacterDataHandler(parser, characterDataHandler); - /* Initalize a libcurl handle. */ + /* Initialize a libcurl handle. */ curl_global_init(CURL_GLOBAL_ALL ^ CURL_GLOBAL_SSL); curl_handle = curl_easy_init(); curl_easy_setopt(curl_handle, CURLOPT_URL, "http://www.w3schools.com/xml/simple.xml"); diff -Nru curl-7.42.1/docs/FAQ curl-7.43.0/docs/FAQ --- curl-7.42.1/docs/FAQ 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/FAQ 2015-06-16 07:13:02.000000000 +0000 @@ -21,6 +21,7 @@ 1.12 I have a problem who can I chat with? 1.13 curl's ECCN number? 1.14 How do I submit my patch? + 1.15 How do I port libcurl to my OS? 2. Install Related Problems 2.1 configure doesn't find OpenSSL even when it is installed @@ -351,7 +352,7 @@ cryptography. When doing so, the Export Control Classification Number (ECCN) is used to identify the level of export control etc. - ASF gives a good explanation at http://www.apache.org/dev/crypto.html + ASF gives a good explanation at https://www.apache.org/dev/crypto.html We believe curl's number might be ECCN 5D002, another possibility is 5D992. It seems necessary to write them, asking to confirm. @@ -380,6 +381,19 @@ Lots of more details are found in the CONTRIBUTE and INTERNALS docs. + 1.15 How do I port libcurl to my OS? + + Here's a rough step-by-step: + + 1. copy a suitable lib/config-*.h file as a start to lib/config-[youros].h + + 2. edit lib/config-[youros].h to match your OS and setup + + 3. edit lib/curl_setup.h to include config-[youros].h when your OS is + detected by the preprocessor, in the style others already exist + + 4. compile lib/*.c and make them into a library + 2. Install Related Problems @@ -1028,7 +1042,7 @@ timeout is set. See option TcpMaxConnectRetransmissions on this page: - http://support.microsoft.com/?scid=kb%3Ben-us%3B175523&x=6&y=7 + https://support.microsoft.com/en-us/kb/175523/en-us Also, even on non-Windows systems there may run a firewall or anti-virus software or similar that accepts the connection but does not actually do @@ -1045,7 +1059,7 @@ You'll find that even if D:\blah.txt does exist, cURL returns a 'file not found' error. - According to RFC 1738 (http://www.faqs.org/rfcs/rfc1738.html), + According to RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt), file:// URLs must contain a host component, but it is ignored by most implementations. In the above example, 'D:' is treated as the host component, and is taken away. Thus, cURL tries to open '/blah.txt'. @@ -1149,13 +1163,13 @@ If you use a OpenSSL-powered libcurl in a multi-threaded environment, you need to provide one or two locking functions: - http://www.openssl.org/docs/crypto/threads.html + https://www.openssl.org/docs/crypto/threads.html If you use a GnuTLS-powered libcurl in a multi-threaded environment, you need to provide locking function(s) for libgcrypt (which is used by GnuTLS for the crypto functions). - http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html + https://web.archive.org/web/20111103083330/http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html No special locking is needed with a NSS-powered libcurl. NSS is thread-safe. @@ -1331,7 +1345,7 @@ Also note that on many networks NATs or other IP-munging techniques are used that makes you see and use a different IP address locally than what the remote server will see you coming from. You may also consider using - http://www.torproject.org . + https://www.torproject.org/ . 5.13 How do I stop an ongoing transfer? diff -Nru curl-7.42.1/docs/HTTP2.md curl-7.43.0/docs/HTTP2.md --- curl-7.42.1/docs/HTTP2.md 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/HTTP2.md 2015-06-15 21:14:25.000000000 +0000 @@ -0,0 +1,107 @@ +HTTP/2 with curl +================ + +[HTTP/2 Spec](https://www.rfc-editor.org/rfc/rfc7540.txt) +[http2 explained](http://daniel.haxx.se/http2/) + +Build prerequisites +------------------- + - nghttp2 + - OpenSSL, NSS, GnutTLS or PolarSSL with a new enough version + +[nghttp2](https://nghttp2.org/) +------------------------------- + +libcurl uses this 3rd party library for the low level protocol handling +parts. The reason for this is that HTTP/2 is much more complex at that layer +than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already +existing and well functional library. + +We require at least version 1.0.0. + +Over an http:// URL +------------------- + +If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will +include an upgrade header in the initial request to the host to allow +upgrading to HTTP/2. + +Possibly we can later introduce an option that will cause libcurl to fail if +not possible to upgrade. Possibly we introduce an option that makes libcurl +use HTTP/2 at once over http:// + +Over an https:// URL +-------------------- + +If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use +ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce +an option that will cause libcurl to fail if not possible to use HTTP/2. +Consider options to explicitly disable ALPN and/or NPN. + +ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is +for a similar purpose, was made prior to ALPN and is used for SPDY so early +HTTP/2 servers are implemented using NPN before ALPN support is widespread. + +SSL libs +-------- + +The challenge is the ALPN and NPN support and all our different SSL +backends. You may need a fairly updated SSL library version for it to +provide the necessary TLS features. Right now we support: + + - OpenSSL: ALPN and NPN + - NSS: ALPN and NPN + - GnuTLS: ALPN + - PolarSSL: ALPN + +Multiplexing +------------ + +Starting in 7.43.0, libcurl fully supports HTTP/2 multiplexing, which is the +term for doing multiple independent transfers over the same physical TCP +connection. + +To take advantage of multiplexing, you need to use the multi interface and set +`CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl will +attempt to re-use existing HTTP/2 connections and just add a new stream over +that when doing subsequent parallel requests. + +While libcurl sets up a connection to a HTTP server there is a period during +which it doesn't know if it can pipeline or do multiplexing and if you add new +transfers in that period, libcurl will default to start new connections for +those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you +can ask that a transfer should rather wait and see in case there's a +connection for the same host in progress that might end up being possible to +multiplex on. It favours keeping the number of connections low to the cost of +slightly longer time to first byte transferred. + +Applications +------------ + +We hide HTTP/2's binary nature and convert received HTTP/2 traffic to headers +in HTTP 1.1 style. This allows applications to work unmodified. + +curl tool +--------- + +curl offers the `--http2` command line option to enable use of HTTP/2 + +HTTP Alternative Services +------------------------- + +Alt-Svc is a suggested extension with a corresponding frame (ALTSVC) in HTTP/2 +that tells the client about an alternative "route" to the same content for the +same origin server that you get the response from. A browser or long-living +client can use that hint to create a new connection asynchronously. For +libcurl, we may introduce a way to bring such clues to the applicaton and/or +let a subsequent request use the alternate route +automatically. [Spec](https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-05) + +TODO +---- + + - Provide API to set priorities / dependencies of individual streams + + - Implement "prior-knowledge" HTTP/2 connecitons over clear text so that + curl can connect with HTTP/2 at once without 1.1+Upgrade. + diff -Nru curl-7.42.1/docs/HTTP-COOKIES curl-7.43.0/docs/HTTP-COOKIES --- curl-7.42.1/docs/HTTP-COOKIES 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/HTTP-COOKIES 2015-06-16 07:13:02.000000000 +0000 @@ -36,7 +36,7 @@ For a very long time, the only spec explaining how to use cookies was the original Netscape spec from 1994: http://curl.haxx.se/rfc/cookie_spec.html - In 2011, RFC6265 (http://www.ietf.org/rfc/rfc6265.txt) was finally published + In 2011, RFC6265 (https://www.ietf.org/rfc/rfc6265.txt) was finally published and details how cookies work within HTTP. 1.2 Cookies saved to disk diff -Nru curl-7.42.1/docs/INSTALL curl-7.43.0/docs/INSTALL --- curl-7.42.1/docs/INSTALL 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/INSTALL 2015-06-16 07:13:02.000000000 +0000 @@ -173,13 +173,13 @@ advice given above. KB94248 - How To Use the C Run-Time - http://support.microsoft.com/kb/94248/en-us + https://support.microsoft.com/kb/94248/en-us KB140584 - How to link with the correct C Run-Time (CRT) library - http://support.microsoft.com/kb/140584/en-us + https://support.microsoft.com/kb/140584/en-us KB190799 - Potential Errors Passing CRT Objects Across DLL Boundaries - http://msdn.microsoft.com/en-us/library/ms235460 + https://msdn.microsoft.com/en-us/library/ms235460 If your app is misbehaving in some strange way, or it is suffering from memory corruption, before asking for further help, please try @@ -209,8 +209,8 @@ environment variables, for example: set ZLIB_PATH=c:\zlib-1.2.8 - set OPENSSL_PATH=c:\openssl-0.9.8zc - set LIBSSH2_PATH=c:\libssh2-1.4.3 + set OPENSSL_PATH=c:\openssl-1.0.2c + set LIBSSH2_PATH=c:\libssh2-1.6.0 ATTENTION: if you want to build with libssh2 support you have to use latest version 0.17 - previous versions will NOT work with 7.17.0 and later! @@ -232,7 +232,7 @@ - optional MingW32-built OpenLDAP SDK available from: http://www.gknw.net/mirror/openldap/ - optional recent Novell CLDAP SDK available from: - http://developer.novell.com/ndk/cldap.htm + https://www.novell.com/developer/ndk/ldap_libraries_for_c.html Cygwin ------ @@ -254,7 +254,7 @@ If you use MSVC 6 it is required that you use the February 2003 edition of the 'Platform SDK' which can be downloaded from: - http://www.microsoft.com/en-us/download/details.aspx?id=12261 + https://www.microsoft.com/en-us/download/details.aspx?id=12261 Building any software with MSVC 6 without having PSDK installed is just asking for trouble down the road once you have released it, you might notice @@ -263,7 +263,7 @@ software built in such way will at some point regret having done so. If the compiler has been updated with the installation of a service pack as - those mentioned in http://support.microsoft.com/kb/194022 the compiler can be + those mentioned in https://support.microsoft.com/kb/194022 the compiler can be safely used to read source code, translate and make it object code. But, even with the service packs mentioned above installed, the resulting @@ -299,7 +299,7 @@ Then run 'nmake vc' in curl's root directory. If you want to compile with zlib support, you will need to build - zlib (http://www.gzip.org/zlib/) as well. Please read the zlib + zlib (http://www.zlib.net/) as well. Please read the zlib documentation on how to compile zlib. Define the ZLIB_PATH environment variable to the location of zlib.h and zlib.lib, for example: @@ -665,12 +665,10 @@ - gnu make and awk running on the platform you compile on; native Win32 versions can be downloaded from: http://www.gknw.net/development/prgtools/ - - recent Novell LibC SDK available from: - http://developer.novell.com/ndk/libc.htm - - or recent Novell CLib SDK available from: - http://developer.novell.com/ndk/clib.htm + - recent Novell LibC or Novell CLib SDK available from: + https://www.novell.com/developer/ndk/ - optional recent Novell CLDAP SDK available from: - http://developer.novell.com/ndk/cldap.htm + https://www.novell.com/developer/ndk/ldap_libraries_for_c.html - optional zlib sources (static or dynamic linking with zlib.imp); sources with NetWare Makefile can be obtained from: http://www.gknw.net/mirror/zlib/ @@ -825,7 +823,7 @@ To build libcurl for VxWorks you need: - - CYGWIN (free, http://cygwin.com/) + - CYGWIN (free, https://cygwin.com/) - Wind River Workbench (commercial) If you have CYGWIN and Workbench installed on you machine @@ -1086,18 +1084,18 @@ axTLS http://axtls.sourceforge.net/ c-ares http://c-ares.haxx.se/ -GNU GSS http://www.gnu.org/software/gss/ -GnuTLS http://www.gnu.org/software/gnutls/ -Heimdal http://www.pdc.kth.se/heimdal/ -libidn http://www.gnu.org/software/libidn/ +GNU GSS https://www.gnu.org/software/gss/ +GnuTLS https://www.gnu.org/software/gnutls/ +Heimdal http://www.h5l.org/ +libidn https://www.gnu.org/software/libidn/ libmetalink https://launchpad.net/libmetalink/ libssh2 http://www.libssh2.org/ MIT Kerberos http://web.mit.edu/kerberos/www/dist/ -NSS http://www.mozilla.org/projects/security/pki/nss/ +NSS https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS OpenLDAP http://www.openldap.org/ -OpenSSL http://www.openssl.org/ -PolarSSL http://polarssl.org/ -yassl http://www.yassl.com/ +OpenSSL https://www.openssl.org/ +PolarSSL https://tls.mbed.org/ +wolfSSL https://www.wolfssl.com/wolfSSL/ Zlib http://www.zlib.net/ MingW http://www.mingw.org/ diff -Nru curl-7.42.1/docs/INSTALL.devcpp curl-7.43.0/docs/INSTALL.devcpp --- curl-7.42.1/docs/INSTALL.devcpp 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/INSTALL.devcpp 2015-06-16 07:13:02.000000000 +0000 @@ -95,7 +95,7 @@ check the following sites http://aditsu.freeunixhost.com/dev-cpp-faq.html -http://sourceforge.net/forum/message.php?msg_id=3252213 +https://sourceforge.net/p/dev-cpp/discussion/48211/thread/2a85ea46 As I have mentioned before I will confine this to the SSL Library compilations but the process is very similar for compilation of the executable - curl.exe; diff -Nru curl-7.42.1/docs/INTERNALS curl-7.43.0/docs/INTERNALS --- curl-7.42.1/docs/INTERNALS 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/INTERNALS 2015-06-14 21:31:01.000000000 +0000 @@ -1,18 +1,57 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -INTERNALS - - The project is split in two. The library and the client. The client part uses - the library, but the library is designed to allow other applications to use - it. +Table of Contents +================= + + - [Intro](#intro) + - [git](#git) + - [Portability](#Portability) + - [Windows vs Unix](#winvsunix) + - [Library](#Library) + - [`Curl_connect`](#Curl_connect) + - [`Curl_do`](#Curl_do) + - [`Curl_readwrite`](#Curl_readwrite) + - [`Curl_done`](#Curl_done) + - [`Curl_disconnect`](#Curl_disconnect) + - [HTTP(S)](#http) + - [FTP](#ftp) + - [Kerberos](#kerberos) + - [TELNET](#telnet) + - [FILE](#file) + - [SMB](#smb) + - [LDAP](#ldap) + - [E-mail](#email) + - [General](#general) + - [Persistent Connections](#persistent) + - [multi interface/non-blocking](#multi) + - [SSL libraries](#ssl) + - [Library Symbols](#symbols) + - [Return Codes and Informationals](#returncodes) + - [AP/ABI](#abi) + - [Client](#client) + - [Memory Debugging](#memorydebug) + - [Test Suite](#test) + - [Asynchronous name resolves](#asyncdns) + - [c-ares](#cares) + - [`curl_off_t`](#curl_off_t) + - [curlx](#curlx) + - [Content Encoding](#contentencoding) + - [hostip.c explained](#hostip) + - [Track Down Memory Leaks](#memoryleak) + - [`multi_socket`](#multi_socket) + - [Structs in libcurl](#structs) + + +curl internals +============== + + This project is split in two. The library and the client. The client part + uses the library, but the library is designed to allow other applications to + use it. The largest amount of code and complexity is in the library part. -GIT + + +git === All changes to the sources are committed to the git repository as soon as @@ -23,6 +62,7 @@ Tagging shall be used extensively, and by the time we release new archives we should tag the sources with a name similar to the released version number. + Portability =========== @@ -34,45 +74,55 @@ want it to remain functional and buildable with these and later versions (older versions may still work but is not what we work hard to maintain): - OpenSSL 0.9.7 - GnuTLS 1.2 - zlib 1.1.4 - libssh2 0.16 - c-ares 1.6.0 - libidn 0.4.1 - cyassl 2.0.0 - openldap 2.0 - MIT Kerberos 1.2.4 - GSKit V5R3M0 - NSS 3.14.x - axTLS 1.2.7 - PolarSSL 1.3.0 - Heimdal ? - nghttp2 0.6.0 +Dependencies +------------ + + - OpenSSL 0.9.7 + - GnuTLS 1.2 + - zlib 1.1.4 + - libssh2 0.16 + - c-ares 1.6.0 + - libidn 0.4.1 + - cyassl 2.0.0 + - openldap 2.0 + - MIT Kerberos 1.2.4 + - GSKit V5R3M0 + - NSS 3.14.x + - axTLS 1.2.7 + - PolarSSL 1.3.0 + - Heimdal ? + - nghttp2 1.0.0 + +Operating Systems +----------------- On systems where configure runs, we aim at working on them all - if they have a suitable C compiler. On systems that don't run configure, we strive to keep curl running fine on: - Windows 98 - AS/400 V5R3M0 - Symbian 9.1 - Windows CE ? - TPF ? + - Windows 98 + - AS/400 V5R3M0 + - Symbian 9.1 + - Windows CE ? + - TPF ? + +Build tools +----------- When writing code (mostly for generating stuff included in release tarballs) we use a few "build tools" and we make sure that we remain functional with these versions: - GNU Libtool 1.4.2 - GNU Autoconf 2.57 - GNU Automake 1.7 (we currently avoid 1.10 due to Solaris-related bugs) - GNU M4 1.4 - perl 5.004 - roffit 0.5 - groff ? (any version that supports "groff -Tps -man [in] [out]") - ps2pdf (gs) ? + - GNU Libtool 1.4.2 + - GNU Autoconf 2.57 + - GNU Automake 1.7 + - GNU M4 1.4 + - perl 5.004 + - roffit 0.5 + - groff ? (any version that supports "groff -Tps -man [in] [out]") + - ps2pdf (gs) ? + Windows vs Unix =============== @@ -87,8 +137,9 @@ 2. Windows requires a couple of init calls for the socket stuff. - That's taken care of by the curl_global_init() call, but if other libs also - do it etc there might be reasons for applications to alter that behaviour. + That's taken care of by the `curl_global_init()` call, but if other libs + also do it etc there might be reasons for applications to alter that + behaviour. 3. The file descriptors for network communication and file operations are not easily interchangeable as in unix. @@ -101,28 +152,29 @@ We set stdout to binary under windows - Inside the source code, We make an effort to avoid '#ifdef [Your OS]'. All + Inside the source code, We make an effort to avoid `#ifdef [Your OS]`. All conditionals that deal with features *should* instead be in the format - '#ifdef HAVE_THAT_WEIRD_FUNCTION'. Since Windows can't run configure scripts, - we maintain a curl_config-win32.h file in lib directory that is supposed to - look exactly as a curl_config.h file would have looked like on a Windows + `#ifdef HAVE_THAT_WEIRD_FUNCTION`. Since Windows can't run configure scripts, + we maintain a `curl_config-win32.h` file in lib directory that is supposed to + look exactly as a `curl_config.h` file would have looked like on a Windows machine! Generally speaking: always remember that this will be compiled on dozens of operating systems. Don't walk on the edge. + Library ======= - (See LIBCURL-STRUCTS for a separate document describing all major internal + (See `LIBCURL-STRUCTS` for a separate document describing all major internal structs and their purposes.) There are plenty of entry points to the library, namely each publicly defined function that libcurl offers to applications. All of those functions are - rather small and easy-to-follow. All the ones prefixed with 'curl_easy' are + rather small and easy-to-follow. All the ones prefixed with `curl_easy` are put in the lib/easy.c file. - curl_global_init_() and curl_global_cleanup() should be called by the + `curl_global_init_()` and `curl_global_cleanup()` should be called by the application to initialize and clean up global stuff in the library. As of today, it can handle the global SSL initing if SSL is enabled and it can init the socket layer on windows machines. libcurl itself has no "global" scope. @@ -130,51 +182,56 @@ All printf()-style functions use the supplied clones in lib/mprintf.c. This makes sure we stay absolutely platform independent. - curl_easy_init() allocates an internal struct and makes some initializations. - The returned handle does not reveal internals. This is the 'SessionHandle' - struct which works as an "anchor" struct for all curl_easy functions. All - connections performed will get connect-specific data allocated that should be - used for things related to particular connections/requests. + [ `curl_easy_init()`][2] allocates an internal struct and makes some + initializations. The returned handle does not reveal internals. This is the + 'SessionHandle' struct which works as an "anchor" struct for all `curl_easy` + functions. All connections performed will get connect-specific data allocated + that should be used for things related to particular connections/requests. - curl_easy_setopt() takes three arguments, where the option stuff must be - passed in pairs: the parameter-ID and the parameter-value. The list of + [`curl_easy_setopt()`][1] takes three arguments, where the option stuff must + be passed in pairs: the parameter-ID and the parameter-value. The list of options is documented in the man page. This function mainly sets things in the 'SessionHandle' struct. - curl_easy_perform() is just a wrapper function that makes use of the multi - API. It basically curl_multi_init(), curl_multi_add_handle(), - curl_multi_wait(), and curl_multi_perform() until the transfer is done and - then returns. + `curl_easy_perform()` is just a wrapper function that makes use of the multi + API. It basically calls `curl_multi_init()`, `curl_multi_add_handle()`, + `curl_multi_wait()`, and `curl_multi_perform()` until the transfer is done + and then returns. Some of the most important key functions in url.c are called from multi.c when certain key steps are to be made in the transfer operation. - o Curl_connect() + +Curl_connect() +-------------- Analyzes the URL, it separates the different components and connects to the remote host. This may involve using a proxy and/or using SSL. The - Curl_resolv() function in lib/hostip.c is used for looking up host names + `Curl_resolv()` function in lib/hostip.c is used for looking up host names (it does then use the proper underlying method, which may vary between platforms and builds). - When Curl_connect is done, we are connected to the remote site. Then it is - time to tell the server to get a document/file. Curl_do() arranges this. + When `Curl_connect` is done, we are connected to the remote site. Then it + is time to tell the server to get a document/file. `Curl_do()` arranges + this. This function makes sure there's an allocated and initiated 'connectdata' struct that is used for this particular connection only (although there may be several requests performed on the same connect). A bunch of things are inited/inherited from the SessionHandle struct. - o Curl_do() + +Curl_do() +--------- - Curl_do() makes sure the proper protocol-specific function is called. The + `Curl_do()` makes sure the proper protocol-specific function is called. The functions are named after the protocols they handle. The protocol-specific functions of course deal with protocol-specific - negotiations and setup. They have access to the Curl_sendf() (from + negotiations and setup. They have access to the `Curl_sendf()` (from lib/sendf.c) function to send printf-style formatted data to the remote host and when they're ready to make the actual file transfer they call the - Curl_Transfer() function (in lib/transfer.c) to setup the transfer and + `Curl_Transfer()` function (in lib/transfer.c) to setup the transfer and returns. If this DO function fails and the connection is being re-used, libcurl will @@ -183,11 +240,13 @@ we have discovered a dead connection before the DO function and thus we might wrongly be re-using a connection that was closed by the remote peer. - Some time during the DO function, the Curl_setup_transfer() function must + Some time during the DO function, the `Curl_setup_transfer()` function must be called with some basic info about the upcoming transfer: what socket(s) to read/write and the expected file transfer sizes (if known). - o Curl_readwrite() + +Curl_readwrite() +---------------- Called during the transfer of the actual protocol payload. @@ -196,18 +255,22 @@ called). The speedcheck functions in lib/speedcheck.c are also used to verify that the transfer is as fast as required. - o Curl_done() + +Curl_done() +----------- Called after a transfer is done. This function takes care of everything that has to be done after a transfer. This function attempts to leave - matters in a state so that Curl_do() should be possible to call again on + matters in a state so that `Curl_do()` should be possible to call again on the same connection (in a persistent connection case). It might also soon - be closed with Curl_disconnect(). + be closed with `Curl_disconnect()`. - o Curl_disconnect() + +Curl_disconnect() +----------------- When doing normal connections and transfers, no one ever tries to close any - connections so this is not normally called when curl_easy_perform() is + connections so this is not normally called when `curl_easy_perform()` is used. This function is only used when we are certain that no more transfers is going to be made on the connection. It can be also closed by force, or it can be called to make sure that libcurl doesn't keep too many @@ -216,8 +279,9 @@ This function cleans up all resources that are associated with a single connection. - - HTTP(S) + +HTTP(S) +======= HTTP offers a lot and is the protocol in curl that uses the most lines of code. There is a special file (lib/formdata.c) that offers all the multipart @@ -229,100 +293,123 @@ HTTPS uses in almost every means the same procedure as HTTP, with only two exceptions: the connect procedure is different and the function used to read or write from the socket is different, although the latter fact is hidden in - the source by the use of Curl_read() for reading and Curl_write() for writing - data to the remote server. + the source by the use of `Curl_read()` for reading and `Curl_write()` for + writing data to the remote server. - http_chunks.c contains functions that understands HTTP 1.1 chunked transfer + `http_chunks.c` contains functions that understands HTTP 1.1 chunked transfer encoding. - An interesting detail with the HTTP(S) request, is the Curl_add_buffer() + An interesting detail with the HTTP(S) request, is the `Curl_add_buffer()` series of functions we use. They append data to one single buffer, and when the building is done the entire request is sent off in one single write. This is done this way to overcome problems with flawed firewalls and lame servers. - FTP + +FTP +=== - The Curl_if2ip() function can be used for getting the IP number of a + The `Curl_if2ip()` function can be used for getting the IP number of a specified network interface, and it resides in lib/if2ip.c. - Curl_ftpsendf() is used for sending FTP commands to the remote server. It was - made a separate function to prevent us programmers from forgetting that they - must be CRLF terminated. They must also be sent in one single write() to make - firewalls and similar happy. - - Kerberos + `Curl_ftpsendf()` is used for sending FTP commands to the remote server. It + was made a separate function to prevent us programmers from forgetting that + they must be CRLF terminated. They must also be sent in one single write() to + make firewalls and similar happy. + + +Kerberos +-------- Kerberos support is mainly in lib/krb5.c and lib/security.c but also - curl_sasl_sspi.c and curl_sasl_gssapi.c for the email protocols and - socks_gssapi.c & socks_sspi.c for SOCKS5 proxy specifics. + `curl_sasl_sspi.c` and `curl_sasl_gssapi.c` for the email protocols and + `socks_gssapi.c` and `socks_sspi.c` for SOCKS5 proxy specifics. - TELNET + +TELNET +====== Telnet is implemented in lib/telnet.c. - FILE + +FILE +==== The file:// protocol is dealt with in lib/file.c. - SMB + +SMB +=== The smb:// protocol is dealt with in lib/smb.c. - LDAP + +LDAP +==== Everything LDAP is in lib/ldap.c and lib/openldap.c - E-mail + +E-mail +====== The e-mail related source code is in lib/imap.c, lib/pop3.c and lib/smtp.c. - GENERAL + +General +======= URL encoding and decoding, called escaping and unescaping in the source code, is found in lib/escape.c. While transferring data in Transfer() a few functions might get used. - curl_getdate() in lib/parsedate.c is for HTTP date comparisons (and more). + `curl_getdate()` in lib/parsedate.c is for HTTP date comparisons (and more). - lib/getenv.c offers curl_getenv() which is for reading environment variables - in a neat platform independent way. That's used in the client, but also in - lib/url.c when checking the proxy environment variables. Note that contrary - to the normal unix getenv(), this returns an allocated buffer that must be - free()ed after use. + lib/getenv.c offers `curl_getenv()` which is for reading environment + variables in a neat platform independent way. That's used in the client, but + also in lib/url.c when checking the proxy environment variables. Note that + contrary to the normal unix getenv(), this returns an allocated buffer that + must be free()ed after use. lib/netrc.c holds the .netrc parser lib/timeval.c features replacement functions for systems that don't have gettimeofday() and a few support functions for timeval conversions. - A function named curl_version() that returns the full curl version string is - found in lib/version.c. + A function named `curl_version()` that returns the full curl version string + is found in lib/version.c. + Persistent Connections ====================== The persistent connection support in libcurl requires some considerations on how to do things inside of the library. - o The 'SessionHandle' struct returned in the curl_easy_init() call must never - hold connection-oriented data. It is meant to hold the root data as well as - all the options etc that the library-user may choose. - o The 'SessionHandle' struct holds the "connection cache" (an array of + - The 'SessionHandle' struct returned in the [`curl_easy_init()`][2] call + must never hold connection-oriented data. It is meant to hold the root data + as well as all the options etc that the library-user may choose. + + - The 'SessionHandle' struct holds the "connection cache" (an array of pointers to 'connectdata' structs). - o This enables the 'curl handle' to be reused on subsequent transfers. - o When libcurl is told to perform a transfer, it first checks for an already + + - This enables the 'curl handle' to be reused on subsequent transfers. + + - When libcurl is told to perform a transfer, it first checks for an already existing connection in the cache that we can use. Otherwise it creates a new one and adds that the cache. If the cache is full already when a new connection is added added, it will first close the oldest unused one. - o When the transfer operation is complete, the connection is left + + - When the transfer operation is complete, the connection is left open. Particular options may tell libcurl not to, and protocols may signal closure on connections and then they won't be kept open of course. - o When curl_easy_cleanup() is called, we close all still opened connections, + + - When `curl_easy_cleanup()` is called, we close all still opened connections, unless of course the multi interface "owns" the connections. The curl handle must be re-used in order for the persistent connections to work. + multi interface/non-blocking ============================ @@ -341,6 +428,7 @@ protocols are crappy examples and they are subject for rewrite in the future to better fit the libcurl protocol family. + SSL libraries ============= @@ -350,36 +438,39 @@ in future libcurl versions. To deal with this internally in the best way possible, we have a generic SSL - function API as provided by the vtls.[ch] system, and they are the only SSL - functions we must use from within libcurl. vtls is then crafted to use the - appropriate lower-level function calls to whatever SSL library that is in + function API as provided by the vtls/vtls.[ch] system, and they are the only + SSL functions we must use from within libcurl. vtls is then crafted to use + the appropriate lower-level function calls to whatever SSL library that is in use. For example vtls/openssl.[ch] for the OpenSSL library. + Library Symbols =============== - All symbols used internally in libcurl must use a 'Curl_' prefix if they're + All symbols used internally in libcurl must use a `Curl_` prefix if they're used in more than a single file. Single-file symbols must be made static. - Public ("exported") symbols must use a 'curl_' prefix. (There are exceptions, + Public ("exported") symbols must use a `curl_` prefix. (There are exceptions, but they are to be changed to follow this pattern in future versions.) Public - API functions are marked with CURL_EXTERN in the public header files so that - all others can be hidden on platforms where this is possible. + API functions are marked with `CURL_EXTERN` in the public header files so + that all others can be hidden on platforms where this is possible. + Return Codes and Informationals =============================== I've made things simple. Almost every function in libcurl returns a CURLcode, - that must be CURLE_OK if everything is OK or otherwise a suitable error code - as the curl/curl.h include file defines. The very spot that detects an error - must use the Curl_failf() function to set the human-readable error + that must be `CURLE_OK` if everything is OK or otherwise a suitable error + code as the curl/curl.h include file defines. The very spot that detects an + error must use the `Curl_failf()` function to set the human-readable error description. In aiding the user to understand what's happening and to debug curl usage, we - must supply a fair amount of informational messages by using the Curl_infof() - function. Those messages are only displayed when the user explicitly asks for - them. They are best used when revealing information that isn't otherwise - obvious. + must supply a fair amount of informational messages by using the + `Curl_infof()` function. Those messages are only displayed when the user + explicitly asks for them. They are best used when revealing information that + isn't otherwise obvious. + API/ABI ======= @@ -387,29 +478,31 @@ that makes it easier to keep a solid API/ABI over time. See docs/libcurl/ABI for our promise to users. + Client ====== - main() resides in src/tool_main.c. + main() resides in `src/tool_main.c`. - src/tool_hugehelp.c is automatically generated by the mkhelp.pl perl script + `src/tool_hugehelp.c` is automatically generated by the mkhelp.pl perl script to display the complete "manual" and the src/tool_urlglob.c file holds the functions used for the URL-"globbing" support. Globbing in the sense that the {} and [] expansion stuff is there. The client mostly messes around to setup its 'config' struct properly, then - it calls the curl_easy_*() functions of the library and when it gets back - control after the curl_easy_perform() it cleans up the library, checks status - and exits. + it calls the `curl_easy_*()` functions of the library and when it gets back + control after the `curl_easy_perform()` it cleans up the library, checks + status and exits. When the operation is done, the ourWriteOut() function in src/writeout.c may be called to report about the operation. That function is using the - curl_easy_getinfo() function to extract useful information from the curl + `curl_easy_getinfo()` function to extract useful information from the curl session. It may loop and do all this several times if many URLs were specified on the command line or config file. + Memory Debugging ================ @@ -439,6 +532,7 @@ the configure script. When --enable-debug is given both features will be enabled, unless some restriction prevents memory tracking from being used. + Test Suite ========== @@ -456,29 +550,546 @@ The test suite automatically detects if curl was built with the memory debugging enabled, and if it was it will detect memory leaks, too. -Building Releases -================= + +Asynchronous name resolves +========================== + + libcurl can be built to do name resolves asynchronously, using either the + normal resolver in a threaded manner or by using c-ares. + + +[c-ares][3] +------ + +### Build libcurl to use a c-ares + +1. ./configure --enable-ares=/path/to/ares/install +2. make + +### c-ares on win32 + + First I compiled c-ares. I changed the default C runtime library to be the + single-threaded rather than the multi-threaded (this seems to be required to + prevent linking errors later on). Then I simply build the areslib project + (the other projects adig/ahost seem to fail under MSVC). + + Next was libcurl. I opened lib/config-win32.h and I added a: + `#define USE_ARES 1` + + Next thing I did was I added the path for the ares includes to the include + path, and the libares.lib to the libraries. + + Lastly, I also changed libcurl to be single-threaded rather than + multi-threaded, again this was to prevent some duplicate symbol errors. I'm + not sure why I needed to change everything to single-threaded, but when I + didn't I got redefinition errors for several CRT functions (malloc, stricmp, + etc.) + + +`curl_off_t` +========== + + curl_off_t is a data type provided by the external libcurl include + headers. It is the type meant to be used for the [`curl_easy_setopt()`][1] + options that end with LARGE. The type is 64bit large on most modern + platforms. + +curlx +===== + + The libcurl source code offers a few functions by source only. They are not + part of the official libcurl API, but the source files might be useful for + others so apps can optionally compile/build with these sources to gain + additional functions. + + We provide them through a single header file for easy access for apps: + "curlx.h" + +`curlx_strtoofft()` +------------------- + A macro that converts a string containing a number to a curl_off_t number. + This might use the curlx_strtoll() function which is provided as source + code in strtoofft.c. Note that the function is only provided if no + strtoll() (or equivalent) function exist on your platform. If curl_off_t + is only a 32 bit number on your platform, this macro uses strtol(). + +`curlx_tvnow()` +--------------- + returns a struct timeval for the current time. + +`curlx_tvdiff()` +-------------- + returns the difference between two timeval structs, in number of + milliseconds. + +`curlx_tvdiff_secs()` +--------------------- + returns the same as curlx_tvdiff but with full usec resolution (as a + double) + +Future +------ + + Several functions will be removed from the public curl_ name space in a + future libcurl release. They will then only become available as curlx_ + functions instead. To make the transition easier, we already today provide + these functions with the curlx_ prefix to allow sources to get built properly + with the new function names. The functions this concerns are: + + - `curlx_getenv` + - `curlx_strequal` + - `curlx_strnequal` + - `curlx_mvsnprintf` + - `curlx_msnprintf` + - `curlx_maprintf` + - `curlx_mvaprintf` + - `curlx_msprintf` + - `curlx_mprintf` + - `curlx_mfprintf` + - `curlx_mvsprintf` + - `curlx_mvprintf` + - `curlx_mvfprintf` + + +Content Encoding +================ + +## About content encodings + + [HTTP/1.1][4] specifies that a client may request that a server encode its + response. This is usually used to compress a response using one of a set of + commonly available compression techniques. These schemes are 'deflate' (the + zlib algorithm), 'gzip' and 'compress'. A client requests that the sever + perform an encoding by including an Accept-Encoding header in the request + document. The value of the header should be one of the recognized tokens + 'deflate', ... (there's a way to register new schemes/tokens, see sec 3.5 of + the spec). A server MAY honor the client's encoding request. When a response + is encoded, the server includes a Content-Encoding header in the + response. The value of the Content-Encoding header indicates which scheme was + used to encode the data. + + A client may tell a server that it can understand several different encoding + schemes. In this case the server may choose any one of those and use it to + encode the response (indicating which one using the Content-Encoding header). + It's also possible for a client to attach priorities to different schemes so + that the server knows which it prefers. See sec 14.3 of RFC 2616 for more + information on the Accept-Encoding header. + +## Supported content encodings + + The 'deflate' and 'gzip' content encoding are supported by libcurl. Both + regular and chunked transfers work fine. The zlib library is required for + this feature. + +## The libcurl interface + + To cause libcurl to request a content encoding use: + + [`curl_easy_setopt`][1](curl, [`CURLOPT_ACCEPT_ENCODING`][5], string) + + where string is the intended value of the Accept-Encoding header. + + Currently, libcurl only understands how to process responses that use the + "deflate" or "gzip" Content-Encoding, so the only values for + [`CURLOPT_ACCEPT_ENCODING`][5] that will work (besides "identity," which does + nothing) are "deflate" and "gzip" If a response is encoded using the + "compress" or methods, libcurl will return an error indicating that the + response could not be decoded. If is NULL no Accept-Encoding header + is generated. If is a zero-length string, then an Accept-Encoding + header containing all supported encodings will be generated. + + The [`CURLOPT_ACCEPT_ENCODING`][5] must be set to any non-NULL value for + content to be automatically decoded. If it is not set and the server still + sends encoded content (despite not having been asked), the data is returned + in its raw form and the Content-Encoding type is not checked. + +## The curl interface + + Use the [--compressed][6] option with curl to cause it to ask servers to + compress responses using any format supported by curl. + + +hostip.c explained +================== + + The main compile-time defines to keep in mind when reading the host*.c source + file are these: + +## `CURLRES_IPV6` + + this host has getaddrinfo() and family, and thus we use that. The host may + not be able to resolve IPv6, but we don't really have to take that into + account. Hosts that aren't IPv6-enabled have CURLRES_IPV4 defined. + +## `CURLRES_ARES` + + is defined if libcurl is built to use c-ares for asynchronous name + resolves. This can be Windows or *nix. + +## `CURLRES_THREADED` + + is defined if libcurl is built to use threading for asynchronous name + resolves. The name resolve will be done in a new thread, and the supported + asynch API will be the same as for ares-builds. This is the default under + (native) Windows. + + If any of the two previous are defined, `CURLRES_ASYNCH` is defined too. If + libcurl is not built to use an asynchronous resolver, `CURLRES_SYNCH` is + defined. + +## host*.c sources + + The host*.c sources files are split up like this: + + - hostip.c - method-independent resolver functions and utility functions + - hostasyn.c - functions for asynchronous name resolves + - hostsyn.c - functions for synchronous name resolves + - asyn-ares.c - functions for asynchronous name resolves using c-ares + - asyn-thread.c - functions for asynchronous name resolves using threads + - hostip4.c - IPv4 specific functions + - hostip6.c - IPv6 specific functions + + The hostip.h is the single united header file for all this. It defines the + `CURLRES_*` defines based on the config*.h and curl_setup.h defines. + + +Track Down Memory Leaks +======================= + +## Single-threaded + + Please note that this memory leak system is not adjusted to work in more + than one thread. If you want/need to use it in a multi-threaded app. Please + adjust accordingly. + + +## Build + + Rebuild libcurl with -DCURLDEBUG (usually, rerunning configure with + --enable-debug fixes this). 'make clean' first, then 'make' so that all + files actually are rebuilt properly. It will also make sense to build + libcurl with the debug option (usually -g to the compiler) so that debugging + it will be easier if you actually do find a leak in the library. + + This will create a library that has memory debugging enabled. + +## Modify Your Application + + Add a line in your application code: + + `curl_memdebug("dump");` + + This will make the malloc debug system output a full trace of all resource + using functions to the given file name. Make sure you rebuild your program + and that you link with the same libcurl you built for this purpose as + described above. + +## Run Your Application + + Run your program as usual. Watch the specified memory trace file grow. + + Make your program exit and use the proper libcurl cleanup functions etc. So + that all non-leaks are returned/freed properly. + +## Analyze the Flow + + Use the tests/memanalyze.pl perl script to analyze the dump file: + + tests/memanalyze.pl dump + + This now outputs a report on what resources that were allocated but never + freed etc. This report is very fine for posting to the list! + + If this doesn't produce any output, no leak was detected in libcurl. Then + the leak is mostly likely to be in your code. + + +`multi_socket` +============== + + Implementation of the `curl_multi_socket` API + + The main ideas of this API are simply: + + 1 - The application can use whatever event system it likes as it gets info + from libcurl about what file descriptors libcurl waits for what action + on. (The previous API returns `fd_sets` which is very select()-centric). + + 2 - When the application discovers action on a single socket, it calls + libcurl and informs that there was action on this particular socket and + libcurl can then act on that socket/transfer only and not care about + any other transfers. (The previous API always had to scan through all + the existing transfers.) + + The idea is that [`curl_multi_socket_action()`][7] calls a given callback + with information about what socket to wait for what action on, and the + callback only gets called if the status of that socket has changed. + + We also added a timer callback that makes libcurl call the application when + the timeout value changes, and you set that with [`curl_multi_setopt()`][9] + and the [`CURLMOPT_TIMERFUNCTION`][10] option. To get this to work, + Internally, there's an added a struct to each easy handle in which we store + an "expire time" (if any). The structs are then "splay sorted" so that we + can add and remove times from the linked list and yet somewhat swiftly + figure out both how long time there is until the next nearest timer expires + and which timer (handle) we should take care of now. Of course, the upside + of all this is that we get a [`curl_multi_timeout()`][8] that should also + work with old-style applications that use [`curl_multi_perform()`][11]. + + We created an internal "socket to easy handles" hash table that given + a socket (file descriptor) return the easy handle that waits for action on + that socket. This hash is made using the already existing hash code + (previously only used for the DNS cache). + + To make libcurl able to report plain sockets in the socket callback, we had + to re-organize the internals of the [`curl_multi_fdset()`][12] etc so that + the conversion from sockets to `fd_sets` for that function is only done in + the last step before the data is returned. I also had to extend c-ares to + get a function that can return plain sockets, as that library too returned + only `fd_sets` and that is no longer good enough. The changes done to c-ares + are available in c-ares 1.3.1 and later. + + +Structs in libcurl +================== + +This section should cover 7.32.0 pretty accurately, but will make sense even +for older and later versions as things don't change drastically that often. + +## SessionHandle + + The SessionHandle handle struct is the one returned to the outside in the + external API as a "CURL *". This is usually known as an easy handle in API + documentations and examples. + + Information and state that is related to the actual connection is in the + 'connectdata' struct. When a transfer is about to be made, libcurl will + either create a new connection or re-use an existing one. The particular + connectdata that is used by this handle is pointed out by + SessionHandle->easy_conn. + + Data and information that regard this particular single transfer is put in + the SingleRequest sub-struct. + + When the SessionHandle struct is added to a multi handle, as it must be in + order to do any transfer, the ->multi member will point to the `Curl_multi` + struct it belongs to. The ->prev and ->next members will then be used by the + multi code to keep a linked list of SessionHandle structs that are added to + that same multi handle. libcurl always uses multi so ->multi *will* point to + a `Curl_multi` when a transfer is in progress. + + ->mstate is the multi state of this particular SessionHandle. When + `multi_runsingle()` is called, it will act on this handle according to which + state it is in. The mstate is also what tells which sockets to return for a + specific SessionHandle when [`curl_multi_fdset()`][12] is called etc. + + The libcurl source code generally use the name 'data' for the variable that + points to the SessionHandle. + + When doing multiplexed HTTP/2 transfers, each SessionHandle is associated + with an individual stream, sharing the same connectdata struct. Multiplexing + makes it even more important to keep things associated with the right thing! + +## connectdata + + A general idea in libcurl is to keep connections around in a connection + "cache" after they have been used in case they will be used again and then + re-use an existing one instead of creating a new as it creates a significant + performance boost. + + Each 'connectdata' identifies a single physical connection to a server. If + the connection can't be kept alive, the connection will be closed after use + and then this struct can be removed from the cache and freed. + + Thus, the same SessionHandle can be used multiple times and each time select + another connectdata struct to use for the connection. Keep this in mind, as + it is then important to consider if options or choices are based on the + connection or the SessionHandle. + + Functions in libcurl will assume that connectdata->data points to the + SessionHandle that uses this connection (for the moment). + + As a special complexity, some protocols supported by libcurl require a + special disconnect procedure that is more than just shutting down the + socket. It can involve sending one or more commands to the server before + doing so. Since connections are kept in the connection cache after use, the + original SessionHandle may no longer be around when the time comes to shut + down a particular connection. For this purpose, libcurl holds a special + dummy `closure_handle` SessionHandle in the `Curl_multi` struct to use when + needed. + + FTP uses two TCP connections for a typical transfer but it keeps both in + this single struct and thus can be considered a single connection for most + internal concerns. + + The libcurl source code generally use the name 'conn' for the variable that + points to the connectdata. + +## Curl_multi + + Internally, the easy interface is implemented as a wrapper around multi + interface functions. This makes everything multi interface. + + `Curl_multi` is the multi handle struct exposed as "CURLM *" in external APIs. + + This struct holds a list of SessionHandle structs that have been added to + this handle with [`curl_multi_add_handle()`][13]. The start of the list is + ->easyp and ->num_easy is a counter of added SessionHandles. + + ->msglist is a linked list of messages to send back when + [`curl_multi_info_read()`][14] is called. Basically a node is added to that + list when an individual SessionHandle's transfer has completed. + + ->hostcache points to the name cache. It is a hash table for looking up name + to IP. The nodes have a limited life time in there and this cache is meant + to reduce the time for when the same name is wanted within a short period of + time. + + ->timetree points to a tree of SessionHandles, sorted by the remaining time + until it should be checked - normally some sort of timeout. Each + SessionHandle has one node in the tree. + + ->sockhash is a hash table to allow fast lookups of socket descriptor to + which SessionHandle that uses that descriptor. This is necessary for the + `multi_socket` API. + + ->conn_cache points to the connection cache. It keeps track of all + connections that are kept after use. The cache has a maximum size. + + ->closure_handle is described in the 'connectdata' section. + + The libcurl source code generally use the name 'multi' for the variable that + points to the Curl_multi struct. + +## Curl_handler + + Each unique protocol that is supported by libcurl needs to provide at least + one `Curl_handler` struct. It defines what the protocol is called and what + functions the main code should call to deal with protocol specific issues. + In general, there's a source file named [protocol].c in which there's a + "struct `Curl_handler` `Curl_handler_[protocol]`" declared. In url.c there's + then the main array with all individual `Curl_handler` structs pointed to + from a single array which is scanned through when a URL is given to libcurl + to work with. + + ->scheme is the URL scheme name, usually spelled out in uppercase. That's + "HTTP" or "FTP" etc. SSL versions of the protcol need its own `Curl_handler` + setup so HTTPS separate from HTTP. + + ->setup_connection is called to allow the protocol code to allocate protocol + specific data that then gets associated with that SessionHandle for the rest + of this transfer. It gets freed again at the end of the transfer. It will be + called before the 'connectdata' for the transfer has been selected/created. + Most protocols will allocate its private 'struct [PROTOCOL]' here and assign + SessionHandle->req.protop to point to it. + + ->connect_it allows a protocol to do some specific actions after the TCP + connect is done, that can still be considered part of the connection phase. + + Some protocols will alter the connectdata->recv[] and connectdata->send[] + function pointers in this function. + + ->connecting is similarly a function that keeps getting called as long as the + protocol considers itself still in the connecting phase. + + ->do_it is the function called to issue the transfer request. What we call + the DO action internally. If the DO is not enough and things need to be kept + getting done for the entire DO sequence to complete, ->doing is then usually + also provided. Each protocol that needs to do multiple commands or similar + for do/doing need to implement their own state machines (see SCP, SFTP, + FTP). Some protocols (only FTP and only due to historical reasons) has a + separate piece of the DO state called `DO_MORE`. + + ->doing keeps getting called while issuing the transfer request command(s) + + ->done gets called when the transfer is complete and DONE. That's after the + main data has been transferred. + + ->do_more gets called during the `DO_MORE` state. The FTP protocol uses this + state when setting up the second connection. + + ->`proto_getsock` + ->`doing_getsock` + ->`domore_getsock` + ->`perform_getsock` + Functions that return socket information. Which socket(s) to wait for which + action(s) during the particular multi state. + + ->disconnect is called immediately before the TCP connection is shutdown. + + ->readwrite gets called during transfer to allow the protocol to do extra + reads/writes + + ->defport is the default report TCP or UDP port this protocol uses + + ->protocol is one or more bits in the `CURLPROTO_*` set. The SSL versions + have their "base" protocol set and then the SSL variation. Like + "HTTP|HTTPS". + + ->flags is a bitmask with additional information about the protocol that will + make it get treated differently by the generic engine: + + - `PROTOPT_SSL` - will make it connect and negotiate SSL + + - `PROTOPT_DUAL` - this protocol uses two connections + + - `PROTOPT_CLOSEACTION` - this protocol has actions to do before closing the + connection. This flag is no longer used by code, yet still set for a bunch + protocol handlers. + + - `PROTOPT_DIRLOCK` - "direction lock". The SSH protocols set this bit to + limit which "direction" of socket actions that the main engine will + concern itself about. + + - `PROTOPT_NONETWORK` - a protocol that doesn't use network (read file:) + + - `PROTOPT_NEEDSPWD` - this protocol needs a password and will use a default + one unless one is provided + + - `PROTOPT_NOURLQUERY` - this protocol can't handle a query part on the URL + (?foo=bar) + +## conncache + + Is a hash table with connections for later re-use. Each SessionHandle has + a pointer to its connection cache. Each multi handle sets up a connection + cache that all added SessionHandles share by default. - There's no magic to this. When you consider everything stable enough to be - released, do this: +## Curl_share + + The libcurl share API allocates a `Curl_share` struct, exposed to the + external API as "CURLSH *". - 1. Tag the source code accordingly. + The idea is that the struct can have a set of own versions of caches and + pools and then by providing this struct in the `CURLOPT_SHARE` option, those + specific SessionHandles will use the caches/pools that this share handle + holds. - 2. run the 'maketgz' script (using 'make distcheck' will give you a pretty - good view on the status of the current sources). maketgz requires a - version number and creates the release archive. maketgz uses 'make dist' - for the actual archive building, why you need to fill in the Makefile.am - files properly for which files that should be included in the release - archives. + Then individual SessionHandle structs can be made to share specific things + that they otherwise wouldn't, such as cookies. - 3. When that's complete, sign the output files. + The `Curl_share` struct can currently hold cookies, DNS cache and the SSL + session cache. - 4. Upload +## CookieInfo - 5. Update web site and changelog on site + This is the main cookie struct. It holds all known cookies and related + information. Each SessionHandle has its own private CookieInfo even when + they are added to a multi handle. They can be made to share cookies by using + the share API. - 6. Send announcement to the mailing lists - NOTE: you must have curl checked out from git to be able to do a proper - release build. The release tarballs do not have everything setup in order to - do releases properly. +[1]: http://curl.haxx.se/libcurl/c/curl_easy_setopt.html +[2]: http://curl.haxx.se/libcurl/c/curl_easy_init.html +[3]: http://c-ares.haxx.se/ +[4]: https://tools.ietf.org/html/rfc7230 "RFC 7230" +[5]: http://curl.haxx.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html +[6]: http://curl.haxx.se/docs/manpage.html#--compressed +[7]: http://curl.haxx.se/libcurl/c/curl_multi_socket_action.html +[8]: http://curl.haxx.se/libcurl/c/curl_multi_timeout.html +[9]: http://curl.haxx.se/libcurl/c/curl_multi_setopt.html +[10]: http://curl.haxx.se/libcurl/c/CURLMOPT_TIMERFUNCTION.html +[11]: http://curl.haxx.se/libcurl/c/curl_multi_perform.html +[12]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html +[13]: http://curl.haxx.se/libcurl/c/curl_multi_add_handle.html +[14]: http://curl.haxx.se/libcurl/c/curl_multi_info_read.html diff -Nru curl-7.42.1/docs/KNOWN_BUGS curl-7.43.0/docs/KNOWN_BUGS --- curl-7.42.1/docs/KNOWN_BUGS 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/KNOWN_BUGS 2015-06-16 07:13:02.000000000 +0000 @@ -97,7 +97,7 @@ something beyond ascii but currently libcurl will only pass in the verbatim string the app provides. There are several browsers that already do this encoding. The key seems to be the updated draft to RFC2231: - http://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 + https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 66. When using telnet, the time limitation options don't work. http://curl.haxx.se/bug/view.cgi?id=846 diff -Nru curl-7.42.1/docs/libcurl/curl_easy_cleanup.3 curl-7.43.0/docs/libcurl/curl_easy_cleanup.3 --- curl-7.42.1/docs/libcurl/curl_easy_cleanup.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/curl_easy_cleanup.3 2015-06-14 21:31:01.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -63,5 +63,6 @@ } .fi .SH "SEE ALSO" -.BR curl_easy_init "(3), " - +.BR curl_easy_init "(3), " curl_easy_duphandle "(3), " +.BR curl_easy_reset "(3), " +.BR curl_multi_cleanup "(3), " curl_multi_remove_handle "(3) " diff -Nru curl-7.42.1/docs/libcurl/curl_easy_cleanup.html curl-7.43.0/docs/libcurl/curl_easy_cleanup.html --- curl-7.42.1/docs/libcurl/curl_easy_cleanup.html 2015-04-29 06:08:09.000000000 +0000 +++ curl-7.43.0/docs/libcurl/curl_easy_cleanup.html 2015-06-17 05:56:24.000000000 +0000 @@ -71,7 +71,6 @@

SEE ALSO

-

curl_easy_init, -

+

curl_easy_init, curl_easy_duphandle, curl_easy_reset, curl_multi_cleanup, curl_multi_remove_handle,

This HTML page was made with roffit. Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_cleanup.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_cleanup.pdf differ diff -Nru curl-7.42.1/docs/libcurl/curl_easy_duphandle.3 curl-7.43.0/docs/libcurl/curl_easy_duphandle.3 --- curl-7.42.1/docs/libcurl/curl_easy_duphandle.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/curl_easy_duphandle.3 2015-06-15 21:14:25.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -47,4 +47,6 @@ If this function returns NULL, something went wrong and no valid handle was returned. .SH "SEE ALSO" -.BR curl_easy_init "(3)," curl_easy_cleanup "(3)," curl_global_init "(3)" +.BR curl_easy_init "(3)," curl_easy_cleanup "(3)," curl_easy_reset "(3)," +.BR curl_global_init "(3)" + diff -Nru curl-7.42.1/docs/libcurl/curl_easy_duphandle.html curl-7.43.0/docs/libcurl/curl_easy_duphandle.html --- curl-7.42.1/docs/libcurl/curl_easy_duphandle.html 2015-04-29 06:08:09.000000000 +0000 +++ curl-7.43.0/docs/libcurl/curl_easy_duphandle.html 2015-06-17 05:56:24.000000000 +0000 @@ -60,6 +60,7 @@

The new handle will not inherit any state information, no connections, no SSL sessions and no cookies.

Note that even in multi-threaded programs, this function must be called in a synchronous way, the input handle may not be in use when cloned.

RETURN VALUE

If this function returns NULL, something went wrong and no valid handle was returned.

SEE ALSO

-

curl_easy_init, curl_easy_cleanup, curl_global_init,

+

curl_easy_init, curl_easy_cleanup, curl_easy_reset, curl_global_init, +

This HTML page was made with roffit. Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_duphandle.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_duphandle.pdf differ diff -Nru curl-7.42.1/docs/libcurl/curl_easy_escape.3 curl-7.43.0/docs/libcurl/curl_easy_escape.3 --- curl-7.42.1/docs/libcurl/curl_easy_escape.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/curl_easy_escape.3 2015-06-11 17:50:43.000000000 +0000 @@ -29,13 +29,13 @@ .BI "char *curl_easy_escape( CURL *" curl ", char *" string ", int "length " );" .ad .SH DESCRIPTION -This function converts the given input \fBstring\fP to an URL encoded string +This function converts the given input \fIstring\fP to a URL encoded string and returns that as a new allocated string. All input characters that are not a-z, A-Z, 0-9, '-', '.', '_' or '~' are converted to their "URL escaped" version (%NN where NN is a two-digit hexadecimal number). -If the \fBlength\fP argument is set to 0 (zero), \fIcurl_easy_escape(3)\fP -uses strlen() on the input \fBurl\fP to find out the size. +If \fIlength\fP is set to 0 (zero), \fIcurl_easy_escape(3)\fP uses strlen() on +the input \fIstring\fP to find out the size. You must \fIcurl_free(3)\fP the returned string when you're done with it. .SH AVAILABILITY diff -Nru curl-7.42.1/docs/libcurl/curl_easy_escape.html curl-7.43.0/docs/libcurl/curl_easy_escape.html --- curl-7.42.1/docs/libcurl/curl_easy_escape.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/curl_easy_escape.html 2015-06-17 05:56:24.000000000 +0000 @@ -55,8 +55,8 @@

#include <curl/curl.h>

char *curl_easy_escape( CURL * curl , char * string , int length );

DESCRIPTION

-

This function converts the given input string to an URL encoded string and returns that as a new allocated string. All input characters that are not a-z, A-Z, 0-9, '-', '.', '_' or '~' are converted to their "URL escaped" version (%NN where NN is a two-digit hexadecimal number). -

If the length argument is set to 0 (zero), curl_easy_escape uses strlen() on the input url to find out the size. +

This function converts the given input string to a URL encoded string and returns that as a new allocated string. All input characters that are not a-z, A-Z, 0-9, '-', '.', '_' or '~' are converted to their "URL escaped" version (%NN where NN is a two-digit hexadecimal number). +

If length is set to 0 (zero), curl_easy_escape uses strlen() on the input string to find out the size.

You must curl_free the returned string when you're done with it.

AVAILABILITY

Added in 7.15.4 and replaces the old curl_escape function.

RETURN VALUE

A pointer to a zero terminated string or NULL if it failed.

EXAMPLE

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_escape.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_escape.pdf differ diff -Nru curl-7.42.1/docs/libcurl/curl_easy_getinfo.html curl-7.43.0/docs/libcurl/curl_easy_getinfo.html --- curl-7.42.1/docs/libcurl/curl_easy_getinfo.html 2015-04-29 06:08:09.000000000 +0000 +++ curl-7.43.0/docs/libcurl/curl_easy_getinfo.html 2015-06-17 05:56:24.000000000 +0000 @@ -173,7 +173,7 @@

Pass a pointer to a long to receive the most recently received CSeq from the server. If your application encounters a CURLE_RTSP_CSEQ_ERROR then you may wish to troubleshoot and/or fix the CSeq mismatch by peeking at this value.

TIMES

 An overview of the six time values available from curl_easy_getinfo()
-
+ 
 curl_easy_perform()
     |
     |--NAMELOOKUP
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_getinfo.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_getinfo.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_init.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_init.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_pause.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_pause.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_perform.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_perform.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_recv.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_recv.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_reset.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_reset.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_send.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_send.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_easy_setopt.3 curl-7.43.0/docs/libcurl/curl_easy_setopt.3
--- curl-7.42.1/docs/libcurl/curl_easy_setopt.3	2015-04-29 06:06:52.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_easy_setopt.3	2015-06-11 17:50:43.000000000 +0000
@@ -165,6 +165,10 @@
 Socks5 GSSAPI service name. \fICURLOPT_SOCKS5_GSSAPI_SERVICE(3)\fP
 .IP CURLOPT_SOCKS5_GSSAPI_NEC
 Socks5 GSSAPI NEC mode. See \fICURLOPT_SOCKS5_GSSAPI_NEC(3)\fP
+.IP CURLOPT_PROXY_SERVICE_NAME
+Proxy service name. \fICURLOPT_PROXY_SERVICE_NAME(3)\fP
+.IP CURLOPT_SERVICE_NAME
+SPNEGO service name. \fICURLOPT_SERVICE_NAME(3)\fP
 .IP CURLOPT_INTERFACE
 Bind connection locally to this. See \fICURLOPT_INTERFACE(3)\fP
 .IP CURLOPT_LOCALPORT
diff -Nru curl-7.42.1/docs/libcurl/curl_easy_setopt.html curl-7.43.0/docs/libcurl/curl_easy_setopt.html
--- curl-7.42.1/docs/libcurl/curl_easy_setopt.html	2015-04-29 06:08:09.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_easy_setopt.html	2015-06-17 05:56:24.000000000 +0000
@@ -169,6 +169,10 @@
 
Socks5 GSSAPI service name. CURLOPT_SOCKS5_GSSAPI_SERVICE(3) 
 
CURLOPT_SOCKS5_GSSAPI_NEC 
 
Socks5 GSSAPI NEC mode. See CURLOPT_SOCKS5_GSSAPI_NEC(3) 
+
CURLOPT_PROXY_SERVICE_NAME 
+
Proxy service name. CURLOPT_PROXY_SERVICE_NAME(3) 
+
CURLOPT_SERVICE_NAME 
+
SPNEGO service name. CURLOPT_SERVICE_NAME(3) 
 
CURLOPT_INTERFACE 
 
Bind connection locally to this. See CURLOPT_INTERFACE(3) 
 
CURLOPT_LOCALPORT 
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_setopt.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_setopt.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_strerror.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_strerror.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_easy_unescape.3 curl-7.43.0/docs/libcurl/curl_easy_unescape.3
--- curl-7.42.1/docs/libcurl/curl_easy_unescape.3	2015-04-23 10:09:24.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_easy_unescape.3	2015-06-11 17:50:43.000000000 +0000
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -48,4 +48,4 @@
 .SH RETURN VALUE
 A pointer to a zero terminated string or NULL if it failed.
 .SH "SEE ALSO"
-.BR curl_easy_escape "(3), " curl_free "(3)," RFC 2396
+.BR curl_easy_escape "(3), " curl_free "(3)," RFC 3986
diff -Nru curl-7.42.1/docs/libcurl/curl_easy_unescape.html curl-7.43.0/docs/libcurl/curl_easy_unescape.html
--- curl-7.42.1/docs/libcurl/curl_easy_unescape.html	2015-04-29 06:08:10.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_easy_unescape.html	2015-06-17 05:56:24.000000000 +0000
@@ -61,6 +61,6 @@
 
You must curl_free the returned string when you're done with it. 
AVAILABILITY

 
Added in 7.15.4 and replaces the old curl_unescape function. 
RETURN VALUE

 
A pointer to a zero terminated string or NULL if it failed. 
SEE ALSO

-
curl_easy_escape, curl_free,  RFC 2396 

+
curl_easy_escape, curl_free,  RFC 3986 

  This HTML page was made with roffit.
 
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_easy_unescape.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_easy_unescape.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_escape.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_escape.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_formadd.html curl-7.43.0/docs/libcurl/curl_formadd.html
--- curl-7.42.1/docs/libcurl/curl_formadd.html	2015-04-29 06:08:09.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_formadd.html	2015-06-17 05:56:24.000000000 +0000
@@ -97,7 +97,7 @@
 
See example below. 
RETURN VALUE

 
0 means everything was ok, non-zero means an error occurred corresponding to a CURL_FORMADD_* constant defined in <curl/curl.h> 
EXAMPLE

 
-
+ 
  struct curl_httppost* post = NULL;
  struct curl_httppost* last = NULL;
  char namebuffer[] = "name buffer";
@@ -112,52 +112,52 @@
     transfers of buffers containing null characters actually work
  */
  htmlbuffer[8] = '\0';
-
+ 
  /* Add simple name/content section */
  curl_formadd(&post, &last, CURLFORM_COPYNAME, "name",
               CURLFORM_COPYCONTENTS, "content", CURLFORM_END);
-
+ 
  /* Add simple name/content/contenttype section */
  curl_formadd(&post, &last, CURLFORM_COPYNAME, "htmlcode",
               CURLFORM_COPYCONTENTS, "<HTML></HTML>",
               CURLFORM_CONTENTTYPE, "text/html", CURLFORM_END);
-
+ 
  /* Add name/ptrcontent section */
  curl_formadd(&post, &last, CURLFORM_COPYNAME, "name_for_ptrcontent",
               CURLFORM_PTRCONTENTS, buffer, CURLFORM_END);
-
+ 
  /* Add ptrname/ptrcontent section */
  curl_formadd(&post, &last, CURLFORM_PTRNAME, namebuffer,
               CURLFORM_PTRCONTENTS, buffer, CURLFORM_NAMELENGTH,
               namelength, CURLFORM_END);
-
+ 
  /* Add name/ptrcontent/contenttype section */
  curl_formadd(&post, &last, CURLFORM_COPYNAME, "html_code_with_hole",
               CURLFORM_PTRCONTENTS, htmlbuffer,
               CURLFORM_CONTENTSLENGTH, htmlbufferlength,
               CURLFORM_CONTENTTYPE, "text/html", CURLFORM_END);
-
+ 
  /* Add simple file section */
  curl_formadd(&post, &last, CURLFORM_COPYNAME, "picture",
               CURLFORM_FILE, "my-face.jpg", CURLFORM_END);
-
+ 
  /* Add file/contenttype section */
  curl_formadd(&post, &last, CURLFORM_COPYNAME, "picture",
               CURLFORM_FILE, "my-face.jpg",
               CURLFORM_CONTENTTYPE, "image/jpeg", CURLFORM_END);
-
+ 
  /* Add two file section */
  curl_formadd(&post, &last, CURLFORM_COPYNAME, "pictures",
               CURLFORM_FILE, "my-face.jpg",
               CURLFORM_FILE, "your-face.jpg", CURLFORM_END);
-
+ 
  /* Add two file section using CURLFORM_ARRAY */
  forms[0].option = CURLFORM_FILE;
  forms[0].value  = file1;
  forms[1].option = CURLFORM_FILE;
  forms[1].value  = file2;
  forms[2].option  = CURLFORM_END;
-
+ 
  /* Add a buffer to upload */
  curl_formadd(&post, &last,
               CURLFORM_COPYNAME, "name",
@@ -165,7 +165,7 @@
               CURLFORM_BUFFERPTR, record,
               CURLFORM_BUFFERLENGTH, record_length,
               CURLFORM_END);
-
+ 
  /* no option needed for the end marker */
  curl_formadd(&post, &last, CURLFORM_COPYNAME, "pictures",
               CURLFORM_ARRAY, forms, CURLFORM_END);
@@ -174,7 +174,7 @@
               CURLFORM_FILECONTENT, ".bashrc", CURLFORM_END);
  /* Set the form info */
  curl_easy_setopt(curl, CURLOPT_HTTPPOST, post);
-
+ 
 

 
SEE ALSO

 
curl_easy_setopt,   curl_formfree, 

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_formadd.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_formadd.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_formfree.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_formfree.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_formget.html curl-7.43.0/docs/libcurl/curl_formget.html
--- curl-7.42.1/docs/libcurl/curl_formget.html	2015-04-29 06:08:10.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_formget.html	2015-06-17 05:56:24.000000000 +0000
@@ -54,7 +54,7 @@
 
curl_formget - serialize a previously built multipart/formdata HTTP POST chain 
SYNOPSIS

 
 #include <curl/curl.h> 
-
+ 
 void curl_formget(struct curl_httppost * form, void *userp,
                   curl_formget_callback append );
 

@@ -65,14 +65,14 @@
 
If the CURLFORM_STREAM option is used in the formpost, it will prevent curl_formget from working until you've performed the actual HTTP request as only then will libcurl get the actual read callback to use! 
RETURN VALUE

 
0 means everything was ok, non-zero means an error occurred 
EXAMPLE

 
-
+ 
  size_t print_httppost_callback(void *arg, const char *buf, size_t len)
  {
    fwrite(buf, len, 1, stdout);
    (*(size_t *) arg) += len;
    return len;
  }
-
+ 
  size_t print_httppost(struct curl_httppost *post)
  {
    size_t total_size = 0;
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_formget.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_formget.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_free.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_free.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_getdate.3 curl-7.43.0/docs/libcurl/curl_getdate.3
--- curl-7.42.1/docs/libcurl/curl_getdate.3	2015-04-23 10:09:24.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_getdate.3	2015-06-11 17:50:43.000000000 +0000
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -91,7 +91,7 @@
 This parser was written to handle date formats specified in RFC 822 (including
 the update in RFC 1123) using time zone name or time zone delta and RFC 850
 (obsoleted by RFC 1036) and ANSI C's asctime() format. These formats are the
-only ones RFC2616 says HTTP applications may use.
+only ones RFC 7231 says HTTP applications may use.
 .SH RETURN VALUE
 This function returns -1 when it fails to parse the date string. Otherwise it
 returns the number of seconds as described.
diff -Nru curl-7.42.1/docs/libcurl/curl_getdate.html curl-7.43.0/docs/libcurl/curl_getdate.html
--- curl-7.42.1/docs/libcurl/curl_getdate.html	2015-04-29 06:08:09.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_getdate.html	2015-06-17 05:56:24.000000000 +0000
@@ -89,7 +89,7 @@
 

 
 
STANDARDS

-
This parser was written to handle date formats specified in RFC 822 (including the update in RFC 1123) using time zone name or time zone delta and RFC 850 (obsoleted by RFC 1036) and ANSI C's asctime() format. These formats are the only ones RFC 2616 says HTTP applications may use. 
RETURN VALUE

+
This parser was written to handle date formats specified in RFC 822 (including the update in RFC 1123) using time zone name or time zone delta and RFC 850 (obsoleted by RFC 1036) and ANSI C's asctime() format. These formats are the only ones RFC 7231 says HTTP applications may use. 
RETURN VALUE

 
This function returns -1 when it fails to parse the date string. Otherwise it returns the number of seconds as described. 
 
If the year is larger than 2037 on systems with 32 bit time_t, this function will return 0x7fffffff (since that is the largest possible signed 32 bit number). 
 
Having a 64 bit time_t is not a guarantee that dates beyond 03:14:07 UTC, January 19, 2038 will work fine. On systems with a 64 bit time_t but with a crippled mktime(), curl_getdate will return -1 in this case. 
SEE ALSO

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_getdate.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_getdate.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_getenv.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_getenv.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_global_cleanup.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_global_cleanup.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_global_init_mem.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_global_init_mem.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_global_init.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_global_init.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_mprintf.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_mprintf.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_add_handle.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_add_handle.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_assign.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_assign.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_cleanup.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_cleanup.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_fdset.html curl-7.43.0/docs/libcurl/curl_multi_fdset.html
--- curl-7.42.1/docs/libcurl/curl_multi_fdset.html	2015-04-29 06:08:09.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_fdset.html	2015-06-17 05:56:24.000000000 +0000
@@ -54,7 +54,7 @@
 
curl_multi_fdset - extracts file descriptor information from a multi handle 
SYNOPSIS

 
 #include <curl/curl.h>
-
+ 
 CURLMcode curl_multi_fdset(CURLM *multi_handle,
                            fd_set *read_fd_set,
                            fd_set *write_fd_set,
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_fdset.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_fdset.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_info_read.3 curl-7.43.0/docs/libcurl/curl_multi_info_read.3
--- curl-7.42.1/docs/libcurl/curl_multi_info_read.3	2015-04-23 10:09:24.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_info_read.3	2015-06-15 21:14:25.000000000 +0000
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -49,8 +49,8 @@
 \fIcurl_easy_cleanup(3)\fP.
 
 The 'CURLMsg' struct is very simple and only contains very basic information.
-If more involved information is wanted, the particular "easy handle" in
-present in that struct and can thus be used in subsequent regular
+If more involved information is wanted, the particular "easy handle" is
+present in that struct and can be used in subsequent regular
 \fIcurl_easy_getinfo(3)\fP calls (or similar):
 
 .nf
@@ -68,6 +68,24 @@
 that just completed.
 
 At this point, there are no other \fBmsg\fP types defined.
+.SH EXAMPLE
+.nf
+struct CURLMsg *m;
+
+/* call curl_multi_perform or curl_multi_socket_action first, then loop
+   through and check if there are any transfers that have completed */
+
+do {
+  int msgq = 0;
+  m = curl_multi_info_read(multi_handle, &msgq);
+  if(m && (m->msg == CURLMSG_DONE)) {
+    CURL *e = m->easy_handle;
+    transfers--;
+    curl_multi_remove_handle(multi_handle, e);
+    curl_easy_cleanup(e);
+  }
+} while(m);
+.fi
 .SH "RETURN VALUE"
 A pointer to a filled-in struct, or NULL if it failed or ran out of
 structs. It also writes the number of messages left in the queue (after this
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_info_read.html curl-7.43.0/docs/libcurl/curl_multi_info_read.html
--- curl-7.42.1/docs/libcurl/curl_multi_info_read.html	2015-04-29 06:08:09.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_info_read.html	2015-06-17 05:56:24.000000000 +0000
@@ -59,7 +59,7 @@
 
Repeated calls to this function will return a new struct each time, until a NULL is returned as a signal that there is no more to get at this point. The integer pointed to with msgs_in_queue will contain the number of remaining messages after this function was called. 
 
When you fetch a message using this function, it is removed from the internal queue so calling this function again will not return the same message again. It will instead return new messages at each new invoke until the queue is emptied. 
 
WARNING: The data the returned pointer points to will not survive calling curl_multi_cleanup, curl_multi_remove_handle or curl_easy_cleanup. 
-
The 'CURLMsg' struct is very simple and only contains very basic information. If more involved information is wanted, the particular "easy handle" in present in that struct and can thus be used in subsequent regular curl_easy_getinfo calls (or similar): 
+
The 'CURLMsg' struct is very simple and only contains very basic information. If more involved information is wanted, the particular "easy handle" is present in that struct and can be used in subsequent regular curl_easy_getinfo calls (or similar): 
 
  struct CURLMsg {
    CURLMSG msg;       /* what this message means */
@@ -72,7 +72,26 @@
 

 
 
When msg is CURLMSG_DONE, the message identifies a transfer that is done, and then result contains the return code for the easy handle that just completed. 
-
At this point, there are no other msg types defined. 
RETURN VALUE

+
At this point, there are no other msg types defined. 
EXAMPLE

+
+struct CURLMsg *m;
+ 
+/* call curl_multi_perform or curl_multi_socket_action first, then loop
+   through and check if there are any transfers that have completed */
+ 
+do {
+  int msgq = 0;
+  m = curl_multi_info_read(multi_handle, &msgq);
+  if(m && (m->msg == CURLMSG_DONE)) {
+    CURL *e = m->easy_handle;
+    transfers--;
+    curl_multi_remove_handle(multi_handle, e);
+    curl_easy_cleanup(e);
+  }
+} while(m);
+

+
+
RETURN VALUE

 
A pointer to a filled-in struct, or NULL if it failed or ran out of structs. It also writes the number of messages left in the queue (after this read) in the integer the second argument points to. 
SEE ALSO

 
curl_multi_cleanup, curl_multi_init, curl_multi_perform, 

  This HTML page was made with roffit.
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_info_read.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_info_read.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_init.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_init.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_perform.3 curl-7.43.0/docs/libcurl/curl_multi_perform.3
--- curl-7.42.1/docs/libcurl/curl_multi_perform.3	2015-04-23 10:09:24.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_perform.3	2015-06-11 17:50:43.000000000 +0000
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -49,6 +49,55 @@
 
 When \fIrunning_handles\fP is set to zero (0) on the return of this function,
 there is no longer any transfers in progress.
+.SH EXAMPLE
+.nf
+#ifdef _WIN32
+#define SHORT_SLEEP Sleep(100)
+#else
+#define SHORT_SLEEP usleep(100000)
+#endif
+
+fd_set fdread;
+fd_set fdwrite;
+fd_set fdexcep;
+int maxfd = -1;
+
+long curl_timeo;
+
+curl_multi_timeout(multi_handle, &curl_timeo);
+if(curl_timeo < 0)
+  curl_timeo = 1000;
+
+timeout.tv_sec = curl_timeo / 1000;
+timeout.tv_usec = (curl_timeo % 1000) * 1000;
+
+FD_ZERO(&fdread);
+FD_ZERO(&fdwrite);
+FD_ZERO(&fdexcep);
+
+/* get file descriptors from the transfers */
+mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
+
+if(maxfd == -1) {
+  SHORT_SLEEP;
+  rc = 0;
+}
+else
+  rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+
+switch(rc) {
+case -1:
+  /* select error */
+  break;
+case 0:
+default:
+  /* timeout or readable/writable sockets */
+  curl_multi_perform(multi_handle, &still_running);
+  break;
+}
+
+/* if there are still transfers, loop! */
+.fi
 .SH "RETURN VALUE"
 CURLMcode type, general libcurl multi interface error code.
 
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_perform.html curl-7.43.0/docs/libcurl/curl_multi_perform.html
--- curl-7.42.1/docs/libcurl/curl_multi_perform.html	2015-04-29 06:08:09.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_perform.html	2015-06-17 05:56:24.000000000 +0000
@@ -58,7 +58,57 @@
 
This function handles transfers on all the added handles that need attention in an non-blocking fashion. 
 
When an application has found out there's data available for the multi_handle or a timeout has elapsed, the application should call this function to read/write whatever there is to read or write right now etc. curl_multi_perform returns as soon as the reads/writes are done. This function does not require that there actually is any data available for reading or that data can be written, it can be called just in case. It will write the number of handles that still transfer data in the second argument's integer-pointer. 
 
If the amount of running_handles is changed from the previous call (or is less than the amount of easy handles you've added to the multi handle), you know that there is one or more transfers less "running". You can then call curl_multi_info_read to get information about each individual completed transfer, and that returned info includes CURLcode and more. If an added handle fails very quickly, it may never be counted as a running_handle. 
-
When running_handles is set to zero (0) on the return of this function, there is no longer any transfers in progress. 
RETURN VALUE

+
When running_handles is set to zero (0) on the return of this function, there is no longer any transfers in progress. 
EXAMPLE

+
+#ifdef _WIN32
+#define SHORT_SLEEP Sleep(100)
+#else
+#define SHORT_SLEEP usleep(100000)
+#endif
+ 
+fd_set fdread;
+fd_set fdwrite;
+fd_set fdexcep;
+int maxfd = -1;
+ 
+long curl_timeo;
+ 
+curl_multi_timeout(multi_handle, &curl_timeo);
+if(curl_timeo < 0)
+  curl_timeo = 1000;
+ 
+timeout.tv_sec = curl_timeo / 1000;
+timeout.tv_usec = (curl_timeo % 1000) * 1000;
+ 
+FD_ZERO(&fdread);
+FD_ZERO(&fdwrite);
+FD_ZERO(&fdexcep);
+ 
+/* get file descriptors from the transfers */
+mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
+ 
+if(maxfd == -1) {
+  SHORT_SLEEP;
+  rc = 0;
+}
+else
+  rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+ 
+switch(rc) {
+case -1:
+  /* select error */
+  break;
+case 0:
+default:
+  /* timeout or readable/writable sockets */
+  curl_multi_perform(multi_handle, &still_running);
+  break;
+}
+ 
+/* if there are still transfers, loop! */
+

+
+
RETURN VALUE

 
CURLMcode type, general libcurl multi interface error code. 
 
Before version 7.20.0: If you receive CURLM_CALL_MULTI_PERFORM, this basically means that you should call curl_multi_perform again, before you select() on more actions. You don't have to do it immediately, but the return code means that libcurl may have more data available to return or that there may be more data to send off before it is "satisfied". Do note that curl_multi_perform will return CURLM_CALL_MULTI_PERFORM only when it wants to be called again immediately. When things are fine and there is nothing immediate it wants done, it'll return CURLM_OK and you need to wait for "action" and then call this function again. 
 
This function only returns errors etc regarding the whole multi stack. Problems still might have occurred on individual transfers even when this function returns CURLM_OK. Use curl_multi_info_read to figure out how individual transfers did. 
TYPICAL USAGE

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_perform.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_perform.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_remove_handle.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_remove_handle.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_setopt.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_setopt.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_socket_action.html curl-7.43.0/docs/libcurl/curl_multi_socket_action.html
--- curl-7.42.1/docs/libcurl/curl_multi_socket_action.html	2015-04-29 06:08:10.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_socket_action.html	2015-06-17 05:56:24.000000000 +0000
@@ -54,7 +54,7 @@
 
curl_multi_socket_action - reads/writes available data given an action 
SYNOPSIS

 
 #include <curl/curl.h>
-
+ 
 CURLMcode curl_multi_socket_action(CURLM * multi_handle,
                                    curl_socket_t sockfd, int ev_bitmask,
                                    int *running_handles);
@@ -67,7 +67,7 @@
 
Get the timeout time by setting the CURLMOPT_TIMERFUNCTION option with curl_multi_setopt. Your application will then get called with information on how long to wait for socket actions at most before doing the timeout action: call the curl_multi_socket_action function with the sockfd argument set to CURL_SOCKET_TIMEOUT. You can also use the curl_multi_timeout function to poll the value at any given time, but for an event-based system using the callback is far better than relying on polling the timeout value. 
CALLBACK DETAILS

 

 
The socket callback function uses a prototype like this 
-
+ 
   int curl_socket_callback(CURL *easy,      /* easy handle */
                            curl_socket_t s, /* socket */
                            int action,      /* see values below */
@@ -76,7 +76,7 @@
                                               NULL if not
                                               previously assigned with
                                               curl_multi_assign */
-
+ 
 

 
 
The callback MUST return 0. 
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_socket_action.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_socket_action.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_socket.html curl-7.43.0/docs/libcurl/curl_multi_socket.html
--- curl-7.42.1/docs/libcurl/curl_multi_socket.html	2015-04-29 06:08:10.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_socket.html	2015-06-17 05:56:24.000000000 +0000
@@ -56,7 +56,7 @@
 #include <curl/curl.h>
 CURLMcode curl_multi_socket(CURLM * multi_handle, curl_socket_t sockfd,
                             int *running_handles);
-
+ 
 CURLMcode curl_multi_socket_all(CURLM *multi_handle,
                                 int *running_handles);
 

@@ -70,13 +70,13 @@
 
Force libcurl to (re-)check all its internal sockets and transfers instead of just a single one by calling curl_multi_socket_all. Note that there should not be any reason to use this function! 
CALLBACK DETAILS

 

 
The socket callback function uses a prototype like this 
-
+ 
   int curl_socket_callback(CURL *easy,      /* easy handle */
                            curl_socket_t s, /* socket */
                            int action,      /* see values below */
                            void *userp,    /* private callback pointer */
                            void *socketp); /* private socket pointer */
-
+ 
 

 
 
The callback MUST return 0. 
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_socket.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_socket.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_strerror.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_strerror.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_timeout.3 curl-7.43.0/docs/libcurl/curl_multi_timeout.3
--- curl-7.42.1/docs/libcurl/curl_multi_timeout.3	2015-04-23 10:09:24.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_timeout.3	2015-06-11 17:50:43.000000000 +0000
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -49,6 +49,22 @@
 Note: if libcurl returns a -1 timeout here, it just means that libcurl
 currently has no stored timeout value. You must not wait too long (more than a
 few seconds perhaps) before you call curl_multi_perform() again.
+.SH EXAMPLE
+.nf
+struct timeval timeout;
+long timeo;
+
+curl_multi_timeout(multi_handle, &timeo);
+if(timeo < 0)
+  /* no set timeout, use a default */
+  timeo = 980;
+
+timeout.tv_sec = timeo / 1000;
+timeout.tv_usec = (timeo % 1000) * 1000;
+
+/* wait for activities no longer than the set timeout */
+select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+.fi
 .SH "RETURN VALUE"
 The standard CURLMcode for multi interface error codes.
 .SH "TYPICAL USAGE"
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_timeout.html curl-7.43.0/docs/libcurl/curl_multi_timeout.html
--- curl-7.42.1/docs/libcurl/curl_multi_timeout.html	2015-04-29 06:08:10.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_timeout.html	2015-06-17 05:56:24.000000000 +0000
@@ -59,7 +59,24 @@
 
Proceeding means either doing the socket-style timeout action: call the curl_multi_socket_action function with the sockfd argument set to CURL_SOCKET_TIMEOUT, or call curl_multi_perform if you're using the simpler and older multi interface approach. 
 
The timeout value returned in the long timeout points to, is in number of milliseconds at this very moment. If 0, it means you should proceed immediately without waiting for anything. If it returns -1, there's no timeout at all set. 
 
An application that uses the multi_socket API SHOULD NOT use this function, but SHOULD instead use curl_multi_setopt and its CURLMOPT_TIMERFUNCTION option for proper and desired behavior. 
-
Note: if libcurl returns a -1 timeout here, it just means that libcurl currently has no stored timeout value. You must not wait too long (more than a few seconds perhaps) before you call curl_multi_perform() again. 
RETURN VALUE

+
Note: if libcurl returns a -1 timeout here, it just means that libcurl currently has no stored timeout value. You must not wait too long (more than a few seconds perhaps) before you call curl_multi_perform() again. 
EXAMPLE

+
+struct timeval timeout;
+long timeo;
+ 
+curl_multi_timeout(multi_handle, &timeo);
+if(timeo < 0)
+  /* no set timeout, use a default */
+  timeo = 980;
+ 
+timeout.tv_sec = timeo / 1000;
+timeout.tv_usec = (timeo % 1000) * 1000;
+ 
+/* wait for activities no longer than the set timeout */
+select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+

+
+
RETURN VALUE

 
The standard CURLMcode for multi interface error codes. 
TYPICAL USAGE

 
Call curl_multi_timeout, then wait for action on the sockets. You figure out which sockets to wait for by calling curl_multi_fdset or by a previous call to curl_multi_socket. 
AVAILABILITY

 
This function was added in libcurl 7.15.4. 
SEE ALSO

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_timeout.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_timeout.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_wait.3 curl-7.43.0/docs/libcurl/curl_multi_wait.3
--- curl-7.42.1/docs/libcurl/curl_multi_wait.3	2015-04-23 10:09:24.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_wait.3	2015-06-14 21:31:01.000000000 +0000
@@ -44,7 +44,7 @@
 similar to \fIpoll(2)\fP's pollfd structure to be waited on in the same call.
 
 On completion, if \fInumfds\fP is non-NULL, it will be populated with the
-total number of file descriptors on which interesting events occured. This
+total number of file descriptors on which interesting events occurred. This
 number can include both libcurl internal descriptors as well as descriptors
 provided in \fIextra_fds\fP.
 
diff -Nru curl-7.42.1/docs/libcurl/curl_multi_wait.html curl-7.43.0/docs/libcurl/curl_multi_wait.html
--- curl-7.42.1/docs/libcurl/curl_multi_wait.html	2015-04-29 06:08:10.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_multi_wait.html	2015-06-17 05:56:24.000000000 +0000
@@ -54,7 +54,7 @@
 
curl_multi_wait - polls on all easy handles in a multi handle 
SYNOPSIS

 
 #include <curl/curl.h>
-
+ 
 CURLMcode curl_multi_wait(CURLM *multi_handle,
                           struct curl_waitfd extra_fds[],
                           unsigned int extra_nfds,
@@ -64,7 +64,7 @@
 
DESCRIPTION

 
curl_multi_wait polls all file descriptors used by the curl easy handles contained in the given multi handle set.  It will block until activity is detected on at least one of the handles or timeout_ms has passed. Alternatively, if the multi handle has a pending internal timeout that has a shorter expiry time than timeout_ms, that shorter time will be used instead to make sure timeout accuracy is reasonably kept. 
 
The calling application may pass additional curl_waitfd structures which are similar to poll(2)'s pollfd structure to be waited on in the same call. 
-
On completion, if numfds is non-NULL, it will be populated with the total number of file descriptors on which interesting events occured. This number can include both libcurl internal descriptors as well as descriptors provided in extra_fds. 
+
On completion, if numfds is non-NULL, it will be populated with the total number of file descriptors on which interesting events occurred. This number can include both libcurl internal descriptors as well as descriptors provided in extra_fds. 
 
If no extra file descriptors are provided and libcurl has no file descriptor to offer to wait for, this function will return immediately. 
 
This function is encouraged to be used instead of select(3) when using the multi interface to allow applications to easier circumvent the common problem with 1024 maximum file descriptors. 
curl_waitfd

 
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_multi_wait.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_multi_wait.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_share_cleanup.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_share_cleanup.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_share_init.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_share_init.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_share_setopt.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_share_setopt.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_share_strerror.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_share_strerror.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_slist_append.html curl-7.43.0/docs/libcurl/curl_slist_append.html
--- curl-7.42.1/docs/libcurl/curl_slist_append.html	2015-04-29 06:08:09.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_slist_append.html	2015-06-17 05:56:24.000000000 +0000
@@ -61,12 +61,12 @@
 
  CURL handle;
  struct curl_slist *slist=NULL;
-
+ 
  slist = curl_slist_append(slist, "pragma:");
  curl_easy_setopt(handle, CURLOPT_HTTPHEADER, slist);
-
+ 
  curl_easy_perform(handle);
-
+ 
  curl_slist_free_all(slist); /* free the list again */
 

 
diff -Nru curl-7.42.1/docs/libcurl/curl_slist_append.pdf curl-7.43.0/docs/libcurl/curl_slist_append.pdf
--- curl-7.42.1/docs/libcurl/curl_slist_append.pdf	2015-04-29 06:08:14.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_slist_append.pdf	2015-06-17 05:56:28.000000000 +0000
@@ -72,12 +72,12 @@
 
 
 
-
-2015-04-29T08:08:13+02:00
-2015-04-29T08:08:13+02:00
+
+2015-06-17T07:56:28+02:00
+2015-06-17T07:56:28+02:00
 groff version 1.22.3
-
-Untitled
+
+Untitled
 
 
                                                                         
@@ -87,8 +87,8 @@
 endobj
 2 0 obj
 <>endobj
 xref
 0 15
@@ -109,7 +109,7 @@
 0000001787 00000 n 
 trailer
 << /Size 15 /Root 1 0 R /Info 2 0 R
-/ID [<8600CE9ACAF8741CA71F8131AC370E2A><8600CE9ACAF8741CA71F8131AC370E2A>]
+/ID []
 >>
 startxref
 3364
diff -Nru curl-7.42.1/docs/libcurl/curl_slist_free_all.pdf curl-7.43.0/docs/libcurl/curl_slist_free_all.pdf
--- curl-7.42.1/docs/libcurl/curl_slist_free_all.pdf	2015-04-29 06:08:14.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_slist_free_all.pdf	2015-06-17 05:56:28.000000000 +0000
@@ -62,12 +62,12 @@
 
 
 
-
-2015-04-29T08:08:14+02:00
-2015-04-29T08:08:14+02:00
+
+2015-06-17T07:56:28+02:00
+2015-06-17T07:56:28+02:00
 groff version 1.22.3
-
-Untitled
+
+Untitled
 
 
                                                                         
@@ -77,8 +77,8 @@
 endobj
 2 0 obj
 <>endobj
 xref
 0 14
@@ -98,7 +98,7 @@
 0000001254 00000 n 
 trailer
 << /Size 14 /Root 1 0 R /Info 2 0 R
-/ID []
+/ID [<4061935AC21848AB4303A5A7052C52A6><4061935AC21848AB4303A5A7052C52A6>]
 >>
 startxref
 2831
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_strequal.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_strequal.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_unescape.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_unescape.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/curl_version_info.html curl-7.43.0/docs/libcurl/curl_version_info.html
--- curl-7.42.1/docs/libcurl/curl_version_info.html	2015-04-29 06:08:09.000000000 +0000
+++ curl-7.43.0/docs/libcurl/curl_version_info.html	2015-06-17 05:56:24.000000000 +0000
@@ -62,7 +62,7 @@
 
 typedef struct {
   CURLversion age;          /* see description below */
-
+ 
   /* when 'age' is 0 or higher, the members below also exist: */
   const char *version;      /* human readable string */
   unsigned int version_num; /* numeric representation */
@@ -72,20 +72,20 @@
   long ssl_version_num;     /* not used, always zero */
   const char *libz_version; /* human readable string */
   const char * const *protocols; /* protocols */
-
+ 
   /* when 'age' is 1 or higher, the members below also exist: */
   const char *ares;         /* human readable string */
   int ares_num;             /* number */
-
+ 
   /* when 'age' is 2 or higher, the member below also exists: */
   const char *libidn;       /* human readable string */
-
+ 
   /* when 'age' is 3 or higher (7.16.1 or later), the members below also
      exist  */
   int iconv_ver_num;       /* '_libiconv_version' if iconv support enabled */
-
+ 
   const char *libssh_version; /* human readable string */
-
+ 
 } curl_version_info_data;
 

 
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_version_info.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_version_info.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/curl_version.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/curl_version.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/libcurl-easy.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/libcurl-easy.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/libcurl-errors.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/libcurl-errors.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/libcurl-multi.3 curl-7.43.0/docs/libcurl/libcurl-multi.3
--- curl-7.42.1/docs/libcurl/libcurl-multi.3	2015-04-23 10:09:24.000000000 +0000
+++ curl-7.43.0/docs/libcurl/libcurl-multi.3	2015-06-16 10:17:35.000000000 +0000
@@ -136,7 +136,7 @@
 CURLMOPT_SOCKETFUNCTION and CURLMOPT_TIMERFUNCTION options to
 \fIcurl_multi_setopt(3)\fP. They are two callback functions that libcurl will
 call with information about what sockets to wait for, and for what activity,
-and what the curret timeout time is - if that expires libcurl should be
+and what the current timeout time is - if that expires libcurl should be
 notified.
 
 The multi_socket API is designed to inform your application about which
diff -Nru curl-7.42.1/docs/libcurl/libcurl-multi.html curl-7.43.0/docs/libcurl/libcurl-multi.html
--- curl-7.42.1/docs/libcurl/libcurl-multi.html	2015-04-29 06:08:09.000000000 +0000
+++ curl-7.43.0/docs/libcurl/libcurl-multi.html	2015-06-17 05:56:24.000000000 +0000
@@ -73,7 +73,7 @@
 
If you want to re-use an easy handle that was added to the multi handle for transfer, you must first remove it from the multi stack and then re-add it again (possibly after having altered some options at your own choice). 
MULTI_SOCKET

 
curl_multi_socket_action function offers a way for applications to not only avoid being forced to use select(), but it also offers a much more high-performance API that will make a significant difference for applications using large numbers of simultaneous connections. 
 
curl_multi_socket_action is then used instead of curl_multi_perform. 
-
When using this API, you add easy handles to the multi handle just as with the normal multi interface. Then you also set two callbacks with the CURLMOPT_SOCKETFUNCTION and CURLMOPT_TIMERFUNCTION options to curl_multi_setopt. They are two callback functions that libcurl will call with information about what sockets to wait for, and for what activity, and what the curret timeout time is - if that expires libcurl should be notified. 
+
When using this API, you add easy handles to the multi handle just as with the normal multi interface. Then you also set two callbacks with the CURLMOPT_SOCKETFUNCTION and CURLMOPT_TIMERFUNCTION options to curl_multi_setopt. They are two callback functions that libcurl will call with information about what sockets to wait for, and for what activity, and what the current timeout time is - if that expires libcurl should be notified. 
 
The multi_socket API is designed to inform your application about which sockets libcurl is currently using and for what activities (read and/or write) on those sockets your application is expected to wait for. 
 
Your application must make sure to receive all sockets informed about in the CURLMOPT_SOCKETFUNCTION callback and make sure it reacts on the given activity on them. When a socket has the given activity, you call curl_multi_socket_action specifying which socket and action there are. 
 
The CURLMOPT_TIMERFUNCTION callback is called to set a timeout. When that timeout expires, your application should call the curl_multi_socket_action function saying it was due to a timeout. 
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/libcurl-multi.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/libcurl-multi.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/libcurl.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/libcurl.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/libcurl-share.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/libcurl-share.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/libcurl-symbols.3 curl-7.43.0/docs/libcurl/libcurl-symbols.3
--- curl-7.42.1/docs/libcurl/libcurl-symbols.3	2015-04-29 06:08:10.000000000 +0000
+++ curl-7.43.0/docs/libcurl/libcurl-symbols.3	2015-06-17 05:56:24.000000000 +0000
@@ -19,7 +19,7 @@
 .\" * KIND, either express or implied.
 .\" *
 .\" **************************************************************************
-.TH libcurl-symbols 3 "Apr 29, 2015" "libcurl 7.41.0" "libcurl symbols"
+.TH libcurl-symbols 3 "Jun 17, 2015" "libcurl 7.41.0" "libcurl symbols"
 .SH NAME
 libcurl-symbols \- libcurl symbol version information
 .SH "libcurl symbols"
@@ -932,6 +932,8 @@
 Introduced in 7.42.0
 .IP CURLOPT_PINNEDPUBLICKEY
 Introduced in 7.39.0
+.IP CURLOPT_PIPEWAIT
+Introduced in 7.43.0
 .IP CURLOPT_PORT
 Introduced in 7.1
 .IP CURLOPT_POST
@@ -976,6 +978,8 @@
 Introduced in 7.19.1
 .IP CURLOPT_PROXYUSERPWD
 Introduced in 7.1
+.IP CURLOPT_PROXY_SERVICE_NAME
+Introduced in 7.43.0
 .IP CURLOPT_PROXY_TRANSFER_MODE
 Introduced in 7.18.0
 .IP CURLOPT_PUT
@@ -1022,6 +1026,8 @@
 Introduced in 7.18.0
 .IP CURLOPT_SERVER_RESPONSE_TIMEOUT
 Introduced in 7.20.0
+.IP CURLOPT_SERVICE_NAME
+Introduced in 7.43.0
 .IP CURLOPT_SHARE
 Introduced in 7.10
 .IP CURLOPT_SOCKOPTDATA
@@ -1182,6 +1188,12 @@
 Introduced in 7.18.0
 .IP CURLPAUSE_SEND_CONT
 Introduced in 7.18.0
+.IP CURLPIPE_HTTP1
+Introduced in 7.43.0
+.IP CURLPIPE_MULTIPLEX
+Introduced in 7.43.0
+.IP CURLPIPE_NOTHING
+Introduced in 7.43.0
 .IP CURLPROTO_ALL
 Introduced in 7.19.4
 .IP CURLPROTO_DICT
@@ -1400,6 +1412,8 @@
 Introduced in 7.9.1
 .IP CURL_HTTP_VERSION_2_0
 Introduced in 7.33.0
+.IP CURL_HTTP_VERSION_2
+Introduced in 7.43.0
 .IP CURL_HTTP_VERSION_NONE
 Introduced in 7.9.1
 .IP CURL_IPRESOLVE_V4
diff -Nru curl-7.42.1/docs/libcurl/libcurl-symbols.html curl-7.43.0/docs/libcurl/libcurl-symbols.html
--- curl-7.42.1/docs/libcurl/libcurl-symbols.html	2015-04-29 06:08:10.000000000 +0000
+++ curl-7.43.0/docs/libcurl/libcurl-symbols.html	2015-06-17 05:56:24.000000000 +0000
@@ -898,6 +898,8 @@
 
Introduced in 7.42.0 
 
CURLOPT_PINNEDPUBLICKEY 
 
Introduced in 7.39.0 
+
CURLOPT_PIPEWAIT 
+
Introduced in 7.43.0 
 
CURLOPT_PORT 
 
Introduced in 7.1 
 
CURLOPT_POST 
@@ -940,6 +942,8 @@
 
Introduced in 7.19.1 
 
CURLOPT_PROXYUSERPWD 
 
Introduced in 7.1 
+
CURLOPT_PROXY_SERVICE_NAME 
+
Introduced in 7.43.0 
 
CURLOPT_PROXY_TRANSFER_MODE 
 
Introduced in 7.18.0 
 
CURLOPT_PUT 
@@ -986,6 +990,8 @@
 
Introduced in 7.18.0 
 
CURLOPT_SERVER_RESPONSE_TIMEOUT 
 
Introduced in 7.20.0 
+
CURLOPT_SERVICE_NAME 
+
Introduced in 7.43.0 
 
CURLOPT_SHARE 
 
Introduced in 7.10 
 
CURLOPT_SOCKOPTDATA 
@@ -1144,6 +1150,12 @@
 
Introduced in 7.18.0 
 
CURLPAUSE_SEND_CONT 
 
Introduced in 7.18.0 
+
CURLPIPE_HTTP1 
+
Introduced in 7.43.0 
+
CURLPIPE_MULTIPLEX 
+
Introduced in 7.43.0 
+
CURLPIPE_NOTHING 
+
Introduced in 7.43.0 
 
CURLPROTO_ALL 
 
Introduced in 7.19.4 
 
CURLPROTO_DICT 
@@ -1362,6 +1374,8 @@
 
Introduced in 7.9.1 
 
CURL_HTTP_VERSION_2_0 
 
Introduced in 7.33.0 
+
CURL_HTTP_VERSION_2 
+
Introduced in 7.43.0 
 
CURL_HTTP_VERSION_NONE 
 
Introduced in 7.9.1 
 
CURL_IPRESOLVE_V4 
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/libcurl-symbols.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/libcurl-symbols.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/libcurl-tutorial.html curl-7.43.0/docs/libcurl/libcurl-tutorial.html
--- curl-7.42.1/docs/libcurl/libcurl-tutorial.html	2015-04-29 06:08:10.000000000 +0000
+++ curl-7.43.0/docs/libcurl/libcurl-tutorial.html	2015-06-17 05:56:24.000000000 +0000
@@ -206,7 +206,7 @@
     char *data="name=daniel&project=curl";
     curl_easy_setopt(easyhandle, CURLOPT_POSTFIELDS, data);
     curl_easy_setopt(easyhandle, CURLOPT_URL, "http://posthere.com/");
-
+ 
     curl_easy_perform(easyhandle); /* post away! */
 

 
@@ -216,18 +216,18 @@
 
  struct curl_slist *headers=NULL;
  headers = curl_slist_append(headers, "Content-Type: text/xml");
-
+ 
  /* post binary data */
  curl_easy_setopt(easyhandle, CURLOPT_POSTFIELDS, binaryptr);
-
+ 
  /* set the size of the postfields data */
  curl_easy_setopt(easyhandle, CURLOPT_POSTFIELDSIZE, 23L);
-
+ 
  /* pass our list of custom made headers */
  curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, headers);
-
+ 
  curl_easy_perform(easyhandle); /* post away! */
-
+ 
  curl_slist_free_all(headers); /* free the header list */
 

 
@@ -246,12 +246,12 @@
  curl_formadd(&post, &last,
               CURLFORM_COPYNAME, "logotype-image",
               CURLFORM_FILECONTENT, "curl.png", CURLFORM_END);
-
+ 
  /* Set the form info */
  curl_easy_setopt(easyhandle, CURLOPT_HTTPPOST, post);
-
+ 
  curl_easy_perform(easyhandle); /* post away! */
-
+ 
  /* free the post data again */
  curl_formfree(post);
 

@@ -261,15 +261,15 @@
 
  struct curl_slist *headers=NULL;
  headers = curl_slist_append(headers, "Content-Type: text/xml");
-
+ 
  curl_formadd(&post, &last,
               CURLFORM_COPYNAME, "logotype-image",
               CURLFORM_FILECONTENT, "curl.xml",
               CURLFORM_CONTENTHEADER, headers,
               CURLFORM_END);
-
+ 
  curl_easy_perform(easyhandle); /* post away! */
-
+ 
  curl_formfree(post); /* free post */
  curl_slist_free_all(headers); /* free custom header list */
 

@@ -392,15 +392,15 @@
 
HTTP-like protocols pass a series of headers to the server when doing the request, and you're free to pass any amount of extra headers that you think fit. Adding headers is this easy: 
 
  struct curl_slist *headers=NULL; /* init to NULL is important */
-
+ 
  headers = curl_slist_append(headers, "Hey-server-hey: how are you?");
  headers = curl_slist_append(headers, "X-silly-content: yes");
-
+ 
  /* pass our list of custom made headers */
  curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, headers);
-
+ 
  curl_easy_perform(easyhandle); /* transfer http */
-
+ 
  curl_slist_free_all(headers); /* free the header list */
 

 
@@ -434,12 +434,12 @@
 
A little example that deletes a given file before an operation: 
 
  headers = curl_slist_append(headers, "DELE file-to-remove");
-
+ 
  /* pass the list of custom commands to the handle */
  curl_easy_setopt(easyhandle, CURLOPT_QUOTE, headers);
-
+ 
  curl_easy_perform(easyhandle); /* transfer ftp data! */
-
+ 
  curl_slist_free_all(headers); /* free the header list */
 

 
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/libcurl-tutorial.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/libcurl-tutorial.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/Makefile.in curl-7.43.0/docs/libcurl/Makefile.in
--- curl-7.42.1/docs/libcurl/Makefile.in	2015-04-29 06:07:43.000000000 +0000
+++ curl-7.43.0/docs/libcurl/Makefile.in	2015-06-15 21:31:48.000000000 +0000
@@ -102,8 +102,7 @@
 host_triplet = @host@
 subdir = docs/libcurl
 DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/mkinstalldirs $(dist_m4macro_DATA) \
-	$(top_srcdir)/test-driver
+	$(dist_m4macro_DATA) $(top_srcdir)/test-driver
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \
 	$(top_srcdir)/m4/curl-confopts.m4 \
@@ -124,7 +123,7 @@
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \
 	$(top_builddir)/include/curl/curlbuild.h
 CONFIG_CLEAN_FILES =
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.pdf differ
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3
--- curl-7.42.1/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3	2015-04-23 10:09:24.000000000 +0000
+++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3	2015-06-11 17:50:43.000000000 +0000
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,8 +29,9 @@
 CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_HOST_CONNECTIONS, long max);
 .SH DESCRIPTION
 Pass a long to indicate \fBmax\fP. The set number will be used as the maximum
-amount of simultaneously open connections to a single host. For each new
-session to a host, libcurl will open a new connection up to the limit set by
+amount of simultaneously open connections to a single host (a host being the
+same as a host name + port number pair). For each new session to a host,
+libcurl will open a new connection up to the limit set by
 \fICURLMOPT_MAX_HOST_CONNECTIONS(3)\fP. When the limit is reached, the
 sessions will be pending until a connection becomes available. If
 \fICURLMOPT_PIPELINING(3)\fP is enabled, libcurl will try to pipeline if the
@@ -40,6 +41,9 @@
 compatibility, setting it to 0 when \fICURLMOPT_PIPELINING(3)\fP is 1 will not
 be treated as unlimited. Instead it will open only 1 connection and try to
 pipeline on it.
+
+This set limit is also used for proxy connections, and then the proxy is
+considered to be the host for which this limit counts.
 .SH DEFAULT
 0
 .SH PROTOCOLS
diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.html
--- curl-7.42.1/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.html	2015-04-29 06:08:11.000000000 +0000
+++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.html	2015-06-17 05:56:26.000000000 +0000
@@ -54,8 +54,9 @@
 
CURLMOPT_MAX_HOST_CONNECTIONS - set max number of connections to a single host 
SYNOPSIS

 
#include <curl/curl.h> 
 
CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_HOST_CONNECTIONS, long max); 
DESCRIPTION

-
Pass a long to indicate max. The set number will be used as the maximum amount of simultaneously open connections to a single host. For each new session to a host, libcurl will open a new connection up to the limit set by CURLMOPT_MAX_HOST_CONNECTIONS. When the limit is reached, the sessions will be pending until a connection becomes available. If CURLMOPT_PIPELINING is enabled, libcurl will try to pipeline if the host is capable of it. 
-
The default max value is 0, unlimited.  However, for backwards compatibility, setting it to 0 when CURLMOPT_PIPELINING is 1 will not be treated as unlimited. Instead it will open only 1 connection and try to pipeline on it. 
DEFAULT

+
Pass a long to indicate max. The set number will be used as the maximum amount of simultaneously open connections to a single host (a host being the same as a host name + port number pair). For each new session to a host, libcurl will open a new connection up to the limit set by CURLMOPT_MAX_HOST_CONNECTIONS. When the limit is reached, the sessions will be pending until a connection becomes available. If CURLMOPT_PIPELINING is enabled, libcurl will try to pipeline if the host is capable of it. 
+
The default max value is 0, unlimited.  However, for backwards compatibility, setting it to 0 when CURLMOPT_PIPELINING is 1 will not be treated as unlimited. Instead it will open only 1 connection and try to pipeline on it. 
+
This set limit is also used for proxy connections, and then the proxy is considered to be the host for which this limit counts. 
DEFAULT

 
0 
PROTOCOLS

 
HTTP(S) 
EXAMPLE

 
TODO 
AVAILABILITY

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.pdf curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.pdf
--- curl-7.42.1/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.pdf	2015-04-29 06:08:43.000000000 +0000
+++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.pdf	2015-06-17 05:56:57.000000000 +0000
@@ -67,12 +67,12 @@
 
 
 
-
-2015-04-29T08:08:43+02:00
-2015-04-29T08:08:43+02:00
+
+2015-06-17T07:56:57+02:00
+2015-06-17T07:56:57+02:00
 groff version 1.22.3
-
-Untitled
+
+Untitled
 
 
                                                                         
@@ -82,8 +82,8 @@
 endobj
 2 0 obj
 <>endobj
 xref
 0 15
@@ -104,7 +104,7 @@
 0000001892 00000 n 
 trailer
 << /Size 15 /Root 1 0 R /Info 2 0 R
-/ID [<5D6D6B29DDDBC83C7CCC323712D855BD><5D6D6B29DDDBC83C7CCC323712D855BD>]
+/ID []
 >>
 startxref
 3469
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING.3
--- curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING.3	2015-04-23 10:09:24.000000000 +0000
+++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING.3	2015-06-11 17:50:43.000000000 +0000
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -26,17 +26,28 @@
 .SH SYNOPSIS
 #include 
 
-CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING, bool onoff);
+CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING, long bits);
 .SH DESCRIPTION
-Set the \fBonoff\fP parameter to 1 to make libcurl use HTTP pipelining for
-HTTP transfers done using this multi handle, as far as possible. This means
-that if you add a second request that can use an already existing connection,
-the second request will be \&"piped" on the same connection rather than being
-executed in parallel.
+Set the \fBbits\fP parameter to 1 to make libcurl use HTTP pipelining for
+HTTP/1.1 transfers done using this multi handle, as far as possible. This
+means that if you add a second request that can use an already existing
+connection, the second request will be \&"piped" on the same connection rather
+than being executed in parallel.
 
 When using pipelining, there are also several other related options that are
 interesting to tweak and adjust to alter how libcurl spreads out requests on
 different connections or not etc.
+
+Starting in 7.43.0, the \fBbits\fP parameter's bit 1 also has a meaning and
+libcurl is now offering symbol names for the bits:
+.IP CURLPIPE_NOTHING (0)
+Default, which means doing no attempts at pipelining or multiplexing.
+.IP CURLPIPE_HTTP1 (1)
+If this bit is set, libcurl will try to pipeline HTTP/1.1 requests on
+connections that are already established and in use to hosts.
+.IP CURLPIPE_MULTIPLEX (2)
+If this bit is set, libcurl will try to multiplex the new transfer over an
+existing connection if possible. This requires HTTP/2.
 .SH DEFAULT
 0 (off)
 .SH PROTOCOLS
@@ -44,7 +55,7 @@
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-Added in 7.16.0
+Added in 7.16.0. Multiplex support bit added in 7.43.0.
 .SH RETURN VALUE
 Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING.html
--- curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING.html	2015-04-29 06:08:11.000000000 +0000
+++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING.html	2015-06-17 05:56:26.000000000 +0000
@@ -53,13 +53,20 @@
 
NAME

 
CURLMOPT_PIPELINING - enable/disable HTTP pipelining 
SYNOPSIS

 
#include <curl/curl.h> 
-
CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING, bool onoff); 
DESCRIPTION

-
Set the onoff parameter to 1 to make libcurl use HTTP pipelining for HTTP transfers done using this multi handle, as far as possible. This means that if you add a second request that can use an already existing connection, the second request will be "piped" on the same connection rather than being executed in parallel. 
-
When using pipelining, there are also several other related options that are interesting to tweak and adjust to alter how libcurl spreads out requests on different connections or not etc. 
DEFAULT

+
CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING, long bits); 
DESCRIPTION

+
Set the bits parameter to 1 to make libcurl use HTTP pipelining for HTTP/1.1 transfers done using this multi handle, as far as possible. This means that if you add a second request that can use an already existing connection, the second request will be "piped" on the same connection rather than being executed in parallel. 
+
When using pipelining, there are also several other related options that are interesting to tweak and adjust to alter how libcurl spreads out requests on different connections or not etc. 
+
Starting in 7.43.0, the bits parameter's bit 1 also has a meaning and libcurl is now offering symbol names for the bits: 
+
CURLPIPE_NOTHING (0) 
+
Default, which means doing no attempts at pipelining or multiplexing. 
+
CURLPIPE_HTTP1 (1) 
+
If this bit is set, libcurl will try to pipeline HTTP/1.1 requests on connections that are already established and in use to hosts. 
+
CURLPIPE_MULTIPLEX (2) 
+
If this bit is set, libcurl will try to multiplex the new transfer over an existing connection if possible. This requires HTTP/2. 
DEFAULT

 
0 (off) 
PROTOCOLS

 
HTTP(S) 
EXAMPLE

 
TODO 
AVAILABILITY

-
Added in 7.16.0 
RETURN VALUE

+
Added in 7.16.0. Multiplex support bit added in 7.43.0. 
RETURN VALUE

 
Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. 
SEE ALSO

 
CURLMOPT_MAX_PIPELINE_LENGTH,   CURLMOPT_PIPELINING_SITE_BL,   CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE,   CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE,   CURLMOPT_MAX_HOST_CONNECTIONS,   CURLMOPT_MAXCONNECTS,   CURLMOPT_MAX_HOST_CONNECTIONS,   

  This HTML page was made with roffit.
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.html
--- curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.html	2015-04-29 06:08:11.000000000 +0000
+++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.html	2015-06-17 05:56:26.000000000 +0000
@@ -66,7 +66,7 @@
     "nginx/0.8.54",
     NULL
   };
-
+ 
   curl_multi_setopt(m, CURLMOPT_PIPELINING_SERVER_BL, server_blacklist);
 

 
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.pdf differ
diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.html
--- curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.html	2015-04-29 06:08:11.000000000 +0000
+++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.html	2015-06-17 05:56:26.000000000 +0000
@@ -65,7 +65,7 @@
     "www.example.com:1234",
     NULL
   };
-
+ 
   curl_multi_setopt(m, CURLMOPT_PIPELINING_SITE_BL, site_blacklist);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html --- curl-7.42.1/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,7 +54,7 @@

CURLMOPT_SOCKETDATA - custom pointer passed to the socket callback

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_SOCKETDATA, void *pointer);

DESCRIPTION

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_SOCKETDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,13 +54,13 @@

CURLMOPT_SOCKETFUNCTION - callback informed about what to wait for

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 int socket_callback(CURL *easy,      /* easy handle */
                     curl_socket_t s, /* socket */
                     int what,        /* see above */
                     void *userp,     /* private callback pointer */
                     void *socketp);  /* private socket pointer */
-
+ 
 CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_SOCKETFUNCTION, socket_callback);

DESCRIPTION

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_TIMERDATA.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.html --- curl-7.42.1/docs/libcurl/opts/CURLMOPT_TIMERDATA.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,7 +54,7 @@

CURLMOPT_TIMERDATA - custom pointer to pass to timer callback

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERDATA, void *pointer);

DESCRIPTION

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_TIMERDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,11 +54,11 @@

CURLMOPT_TIMERFUNCTION - set callback to receive timeout values

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 int timer_callback(CURLM *multi,    /* multi handle */
                    long timeout_ms, /* see above */
                    void *userp);    /* private callback pointer */
-
+ 
 CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERFUNCTION, timer_callback);

DESCRIPTION

@@ -82,13 +82,13 @@   curl_multi_socket_action(multi, CURL_SOCKET_TIMEOUT, 0, &running);   return G_SOURCE_REMOVE; } - +  static int timerfunc(CURLM *multi, long timeout_ms, void *userp) {   guint *id = userp; - +    if (id)   g_source_remove(*id); - +    // -1 means we should just delete our timer.   if (timeout_ms == -1) {   g_free(id); @@ -101,7 +101,7 @@   curl_multi_setopt(multi, CURLMOPT_TIMERDATA, id);   return 0; } - +  curl_multi_setopt(multi, CURLMOPT_TIMERFUNCTION, timerfunc); Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_APPEND.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_APPEND.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_AUTOREFERER.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_AUTOREFERER.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_BUFFERSIZE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_BUFFERSIZE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CAINFO.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CAINFO.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CAPATH.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CAPATH.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CERTINFO.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CERTINFO.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,10 +54,10 @@

CURLOPT_CHUNK_BGN_FUNCTION - callback before a transfer with FTP wildcardmatch

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 long chunk_bgn_callback(const void *transfer_info, void *ptr,
                         int remains);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CHUNK_BGN_FUNCTION,
                           chunk_bgn_callback);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 2015-06-14 21:31:01.000000000 +0000 @@ -29,8 +29,8 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CHUNK_DATA, void *pointer); .SH DESCRIPTION Pass a \fIpointer\fP that will be untouched by libcurl and passed as the ptr -argument to the \fICURL_CHUNK_BGN_FUNTION(3)\fP and -\fICURL_CHUNK_END_FUNTION(3)\fP. +argument to the \fICURL_CHUNK_BGN_FUNCTION(3)\fP and +\fICURL_CHUNK_END_FUNCTION(3)\fP. .SH DEFAULT NULL .SH PROTOCOLS diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_DATA.html curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_DATA.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_DATA.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_DATA.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_CHUNK_DATA - custom pointer to the FTP chunk callbacks

SYNOPSIS

#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CHUNK_DATA, void *pointer);

DESCRIPTION

-

Pass a pointer that will be untouched by libcurl and passed as the ptr argument to the CURL_CHUNK_BGN_FUNTION(3) and CURL_CHUNK_END_FUNTION(3).

DEFAULT

+

Pass a pointer that will be untouched by libcurl and passed as the ptr argument to the CURL_CHUNK_BGN_FUNCTION(3) and CURL_CHUNK_END_FUNCTION(3).

DEFAULT

NULL

PROTOCOLS

FTP

EXAMPLE

TODO

AVAILABILITY

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_DATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_DATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,9 +54,9 @@

CURLOPT_CHUNK_END_FUNCTION - callback after a transfer with FTP wildcardmatch

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 long chunk_end_callback(void *ptr);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CHUNK_END_FUNCTION,
                           chunk_end_callback);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.html curl-7.43.0/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.html 2015-06-17 05:56:25.000000000 +0000 @@ -62,10 +62,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* complete connection within 10 seconds */   curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10L); - +    curl_easy_perform(curl); } diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.html 2015-06-17 05:56:25.000000000 +0000 @@ -62,10 +62,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* complete connection within 10000 milliseconds */   curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10000L); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,9 +54,9 @@

CURLOPT_CONV_FROM_NETWORK_FUNCTION - convert data from network to host encoding

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode conv_callback(char *ptr, size_t length);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CONV_FROM_NETWORK_FUNCTION,
                           conv_callback);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,9 +54,9 @@

CURLOPT_CONV_FROM_UTF8_FUNCTION - convert data from UTF8 to host encoding

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode conv_callback(char *ptr, size_t length);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CONV_FROM_UTF8_FUNCTION,
                           conv_callback);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,9 +54,9 @@

CURLOPT_CONV_TO_NETWORK_FUNCTION - convert data to network from host encoding

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode conv_callback(char *ptr, size_t length);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CONV_TO_NETWORK_FUNCTION,
                           conv_callback);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIE.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIE.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIE.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIE.3 2015-06-11 17:50:43.000000000 +0000 @@ -40,6 +40,15 @@ multiple requests are done due to authentication, followed redirections or similar, they will all get this cookie passed on. +The cookies set by this option are separate from the internal cookie storage +held by the cookie engine and will not be modified by it. If you enable the +cookie engine and either you've imported a cookie of the same name (e.g. 'foo') +or the server has set one, it will have no effect on the cookies you set here. +A request to the server will send both the 'foo' held by the cookie engine and +the 'foo' held by this option. To set a cookie that is instead held by the +cookie engine and can be modified by the server use +\fICURLOPT_COOKIELIST(3)\fP. + Using this option multiple times will only make the latest string override the previous ones. Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIEFILE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIEFILE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIE.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIE.html 2015-06-17 05:56:25.000000000 +0000 @@ -57,6 +57,7 @@

Pass a pointer to a zero terminated string as parameter. It will be used to set a cookie in the HTTP request. The format of the string should be NAME=CONTENTS, where NAME is the cookie name and CONTENTS is what the cookie should contain.

If you need to set multiple cookies, set them all using a single option concatenated like this: "name1=content1; name2=content2;" etc.

This option sets the cookie header explicitly in the outgoing request(s). If multiple requests are done due to authentication, followed redirections or similar, they will all get this cookie passed on. +

The cookies set by this option are separate from the internal cookie storage held by the cookie engine and will not be modified by it. If you enable the cookie engine and either you've imported a cookie of the same name (e.g. 'foo') or the server has set one, it will have no effect on the cookies you set here. A request to the server will send both the 'foo' held by the cookie engine and the 'foo' held by this option. To set a cookie that is instead held by the cookie engine and can be modified by the server use CURLOPT_COOKIELIST.

Using this option multiple times will only make the latest string override the previous ones.

This option will not enable the cookie engine. Use CURLOPT_COOKIEFILE or CURLOPT_COOKIEJAR to enable parsing and sending cookies automatically.

DEFAULT

NULL, no cookies

PROTOCOLS

@@ -65,9 +66,9 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    curl_easy_setopt(curl, CURLOPT_COOKIE, "tool=curl; fun=yes;"); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIEJAR.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIEJAR.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIELIST.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIELIST.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIELIST.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIELIST.3 2015-06-11 17:50:43.000000000 +0000 @@ -36,6 +36,16 @@ regular HTTP-style header (Set-Cookie: ...) format. This will also enable the cookie engine. This adds that single cookie to the internal cookie store. +If you use the Set-Cookie format and don't specify a domain then the cookie +is sent for any domain and will not be modified. If a server sets a cookie of +the same name (or maybe you've imported one) then both will be sent on a future +transfer to that server, likely not what you intended. Either set a domain in +Set-Cookie (doing that will include sub domains) or use the Netscape format as +shown in EXAMPLE. + +Starting in 7.43.0 the aforementioned any-domain cookies will not appear in the +lists exported by \fICURLINFO_COOKIELIST(3)\fP and \fICURLOPT_COOKIEJAR(3)\fP. + Additionally, there are commands available that perform actions if you pass in these exact strings: .IP ALL @@ -55,7 +65,46 @@ .SH PROTOCOLS HTTP .SH EXAMPLE -TODO +.nf +/* This example shows an inline import of a cookie in Netscape format. +You can set the cookie as HttpOnly to prevent XSS attacks by prepending +#HttpOnly_ to the hostname. That may be useful if the cookie will later +be imported by a browser. +*/ + +#define SEP "\\t" /* Tab separates the fields */ + +char *my_cookie = + "example.com" /* Hostname */ + SEP "FALSE" /* Include subdomains */ + SEP "/" /* Path */ + SEP "FALSE" /* Secure */ + SEP "0" /* Expiry in epoch time format. 0 == Session */ + SEP "foo" /* Name */ + SEP "bar"; /* Value */ + +/* my_cookie is imported immediately via CURLOPT_COOKIELIST. +*/ +curl_easy_setopt(curl, CURLOPT_COOKIELIST, my_cookie); + +/* The list of cookies in cookies.txt will not be imported until right +before a transfer is performed. Cookies in the list that have the same +hostname, path and name as in my_cookie are skipped. That is because +libcurl has already imported my_cookie and it's considered a "live" +cookie. A live cookie won't be replaced by one read from a file. +*/ +curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "cookies.txt"); /* import */ + +/* Cookies are exported after curl_easy_cleanup is called. The server +may have added, deleted or modified cookies by then. The cookies that +were skipped on import are not exported. +*/ +curl_easy_setopt(curl, CURLOPT_COOKIEJAR, "cookies.txt"); /* export */ + +res = curl_easy_perform(curl); /* cookies imported from cookies.txt */ + +curl_easy_cleanup(curl); /* cookies exported to cookies.txt */ +.fi .SH AVAILABILITY ALL was added in 7.14.1 diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIELIST.html curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIELIST.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIELIST.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIELIST.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,13 +54,15 @@

CURLOPT_COOKIELIST - add to or manipulate cookies held in memory

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_COOKIELIST,
                           char *cookie);

DESCRIPTION

Pass a char * to a cookie string.

Such a cookie can be either a single line in Netscape / Mozilla format or just regular HTTP-style header (Set-Cookie: ...) format. This will also enable the cookie engine. This adds that single cookie to the internal cookie store. +

If you use the Set-Cookie format and don't specify a domain then the cookie is sent for any domain and will not be modified. If a server sets a cookie of the same name (or maybe you've imported one) then both will be sent on a future transfer to that server, likely not what you intended. Either set a domain in Set-Cookie (doing that will include sub domains) or use the Netscape format as shown in EXAMPLE. +

Starting in 7.43.0 the aforementioned any-domain cookies will not appear in the lists exported by CURLINFO_COOKIELIST(3) and CURLOPT_COOKIEJAR.

Additionally, there are commands available that perform actions if you pass in these exact strings:

ALL

erases all cookies held in memory @@ -76,7 +78,48 @@

DEFAULT

NULL

PROTOCOLS

HTTP

EXAMPLE

-

TODO

AVAILABILITY

+

+/* This example shows an inline import of a cookie in Netscape format.
+You can set the cookie as HttpOnly to prevent XSS attacks by prepending
+#HttpOnly_ to the hostname. That may be useful if the cookie will later
+be imported by a browser.
+*/
+ 
+#define SEP  "\t"  /* Tab separates the fields */
+ 
+char *my_cookie =
+  "example.com"    /* Hostname */
+  SEP "FALSE"      /* Include subdomains */
+  SEP "/"          /* Path */
+  SEP "FALSE"      /* Secure */
+  SEP "0"          /* Expiry in epoch time format. 0 == Session */
+  SEP "foo"        /* Name */
+  SEP "bar";       /* Value */
+ 
+/* my_cookie is imported immediately via CURLOPT_COOKIELIST.
+*/
+curl_easy_setopt(curl, CURLOPT_COOKIELIST, my_cookie);
+ 
+/* The list of cookies in cookies.txt will not be imported until right
+before a transfer is performed. Cookies in the list that have the same
+hostname, path and name as in my_cookie are skipped. That is because
+libcurl has already imported my_cookie and it's considered a "live"
+cookie. A live cookie won't be replaced by one read from a file.
+*/
+curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "cookies.txt");  /* import */
+ 
+/* Cookies are exported after curl_easy_cleanup is called. The server
+may have added, deleted or modified cookies by then. The cookies that
+were skipped on import are not exported.
+*/
+curl_easy_setopt(curl, CURLOPT_COOKIEJAR, "cookies.txt");  /* export */
+ 
+res = curl_easy_perform(curl);  /* cookies imported from cookies.txt */
+ 
+curl_easy_cleanup(curl);  /* cookies exported to cookies.txt */
+
+ +

AVAILABILITY

ALL was added in 7.14.1

SESS was added in 7.15.4

FLUSH was added in 7.17.1 Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIELIST.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIELIST.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIESESSION.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIESESSION.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_COOKIESESSION.pdf 2015-04-29 06:08:22.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_COOKIESESSION.pdf 2015-06-17 05:56:36.000000000 +0000 @@ -63,12 +63,12 @@ - -2015-04-29T08:08:22+02:00 -2015-04-29T08:08:22+02:00 + +2015-06-17T07:56:36+02:00 +2015-06-17T07:56:36+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -78,8 +78,8 @@ endobj 2 0 obj <>endobj xref 0 14 @@ -99,7 +99,7 @@ 0000001853 00000 n trailer << /Size 14 /Root 1 0 R /Info 2 0 R -/ID [<05DF19882E403EEDA6EDFF25540F3615><05DF19882E403EEDA6EDFF25540F3615>] +/ID [] >> startxref 3430 diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.html 2015-06-17 05:56:25.000000000 +0000 @@ -63,13 +63,13 @@ if(curl) {   char local_buffer[1024]="data to send";   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* size of the data to copy from the buffer and send in the request */   curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, 12L); - +    /* send data from the local stack */   curl_easy_setopt(curl, CURLOPT_COPYPOSTFIELDS, local_buffer); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CRLFILE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CRLFILE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CRLF.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CRLF.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_DEBUGDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_DEBUGDATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_DEBUGFUNCTION - debug callback

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 typedef enum {
   CURLINFO_TEXT = 0,
   CURLINFO_HEADER_IN,    /* 1 */
@@ -65,13 +65,13 @@
   CURLINFO_SSL_DATA_OUT, /* 6 */
   CURLINFO_END
 } curl_infotype;
-
+ 
 int debug_callback(CURL *handle,
                    curl_infotype type,
                    char *data,
                    size_t size,
                    void *userptr);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DEBUGFUNCTION,
                           debug_callback);
@@ -104,13 +104,13 @@   size_t i;   size_t c;   unsigned int width=0x10; - +    fprintf(stream, "%s, %10.10ld bytes (0x%8.8lx)n",   text, (long)size, (long)size); - +    for(i=0; i<size; i+= width) {   fprintf(stream, "%4.4lx: ", (long)i); - +    /* show hex to the left */   for(c = 0; c < width; c++) {   if(i+c < size) @@ -118,15 +118,15 @@   else   fputs(" ", stream);   } - +    /* show data on the right */   for(c = 0; (c < width) && (i+c < size); c++)   fputc(ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.', stream); - +    fputc('n', stream); /* newline */   } } - +  static int my_trace(CURL *handle, curl_infotype type,   char *data, size_t size, @@ -134,13 +134,13 @@ {   const char *text;   (void)handle; /* prevent compiler warning */ - +    switch (type) {   case CURLINFO_TEXT:   fprintf(stderr, "== Info: %s", data);   default: /* in case a new one is introduced to shock us */   return 0; - +    case CURLINFO_HEADER_OUT:   text = "=> Send header";   break; @@ -160,33 +160,33 @@   text = "<= Recv SSL data";   break;   } - +    dump(text, stderr, (unsigned char *)data, size);   return 0; } - +  int main(void) {   CURL *curl;   CURLcode res; - +    curl = curl_easy_init();   if(curl) {   curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, my_trace); - +    /* the DEBUGFUNCTION has no effect until we enable VERBOSE */   curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); - +    /* example.com is redirected, so we tell libcurl to follow redirection */   curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); - +    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");   res = curl_easy_perform(curl);   /* Check for errors */   if(res != CURLE_OK)   fprintf(stderr, "curl_easy_perform() failed: %sn",   curl_easy_strerror(res)); - +    /* always cleanup */   curl_easy_cleanup(curl);   } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_DIRLISTONLY.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_DIRLISTONLY.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_DNS_SERVERS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_DNS_SERVERS.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_EGDSOCKET.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_EGDSOCKET.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_ERRORBUFFER.html curl-7.43.0/docs/libcurl/opts/CURLOPT_ERRORBUFFER.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_ERRORBUFFER.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_ERRORBUFFER.html 2015-06-17 05:56:25.000000000 +0000 @@ -64,12 +64,12 @@ curl = curl_easy_init(); if(curl) {   char error[CURL_ERROR_SIZE] - +    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* provide a buffer to store errors in */   curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, error); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_ERRORBUFFER.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_ERRORBUFFER.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_EXPECT_100_TIMEOUT_MS - timeout for Expect: 100-continue response

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_EXPECT_100_TIMEOUT_MS,
                           long milliseconds);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FAILONERROR.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FAILONERROR.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FILETIME.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FILETIME.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.html curl-7.43.0/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_FNMATCH_DATA - custom pointer to fnmatch callback

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FNMATCH_DATA,
                           void *pointer);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,11 +54,11 @@

CURLOPT_FNMATCH_FUNCTION - wildcard matching function callback

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 int fnmatch_callback(void *ptr,
                      const char *pattern,
                      const char *string);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FNMATCH_FUNCTION,
                           fnmatch_callback);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.html 2015-06-17 05:56:25.000000000 +0000 @@ -64,10 +64,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* example.com is redirected, so we tell libcurl to follow redirection */   curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FORBID_REUSE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FORBID_REUSE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.html curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_FTP_ALTERNATIVE_TO_USER - command to use instead of USER with FTP

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_ALTERNATIVE_TO_USER,
                           char *cmd);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,13 +54,13 @@

CURLOPT_FTP_CREATE_MISSING_DIRS - create missing dirs for FTP and SFTP

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 typedef enum {
   CURLFTP_CREATE_DIR_NONE,
   CURLFTP_CREATE_DIR,
   CURLFTP_CREATE_DIR_RETRY
 } curl_ftpcreatedir;
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_CREATE_MISSING_DIRS,
                           long create);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.html curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_FTP_FILEMETHOD - select directory traversing method for FTP

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_FILEMETHOD,
                           long method);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTPPORT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTPPORT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_RESPONSE_TIMEOUT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_RESPONSE_TIMEOUT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HEADERDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HEADERDATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -72,13 +72,13 @@   /* 'userdata' is set with CURLOPT_WRITEDATA */   return nitems * size; } - +  CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HEADER.html curl-7.43.0/docs/libcurl/opts/CURLOPT_HEADER.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HEADER.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HEADER.html 2015-06-17 05:56:25.000000000 +0000 @@ -64,9 +64,9 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    curl_easy_setopt(curl, CURLOPT_HEADER, 1L); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HEADEROPT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HEADEROPT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HEADER.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HEADER.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.html curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_HTTP200ALIASES - specify alternative matches for HTTP 200 OK

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP200ALIASES,
                           struct curl_slist *aliases);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPAUTH.html curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPAUTH.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPAUTH.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPAUTH.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_HTTPAUTH - set HTTP server authentication methods to try

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPAUTH, long bitmask);

DESCRIPTION

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPAUTH.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPAUTH.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.html curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_HTTP_CONTENT_DECODING - enable/disable HTTP content decoding

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP_CONTENT_DECODING,
                           long enabled);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPGET.html curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPGET.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPGET.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPGET.html 2015-06-17 05:56:25.000000000 +0000 @@ -62,10 +62,10 @@ curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* use a GET to fetch this */   curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPGET.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPGET.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPHEADER.html curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPHEADER.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPHEADER.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPHEADER.html 2015-06-17 05:56:25.000000000 +0000 @@ -68,19 +68,19 @@

HTTP

EXAMPLE

 CURL *curl = curl_easy_init();
-
+ 
 struct curl_slist *list = NULL;
-
+ 
 if(curl) {
   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
-
+ 
   list = curl_slist_append(list, "Shoesize: 10");
   list = curl_slist_append(list, "Accept:");
-
+ 
   curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list);
-
+ 
   curl_easy_perform(curl);
-
+ 
   curl_slist_free_all(list); /* free the list again */
 }
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPHEADER.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPHEADER.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPPOST.html curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPPOST.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPPOST.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPPOST.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_HTTPPOST - specify the multipart formpost content

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPPOST,
                           struct curl_httppost *formpost);
@@ -72,14 +72,14 @@   CURLFORM_COPYNAME, "sendfile",   CURLFORM_FILE, "postit2.c",   CURLFORM_END); - +  /* Fill in the filename field */ curl_formadd(&formpost,   &lastptr,   CURLFORM_COPYNAME, "filename",   CURLFORM_COPYCONTENTS, "postit2.c",   CURLFORM_END); - +  /* Fill in the submit field too, even if this is rarely needed */ curl_formadd(&formpost,   &lastptr, Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPPOST.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPPOST.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3 2015-06-11 17:50:43.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -37,6 +37,9 @@ connect to a remote host on a specific port number and then the traffic is just passed through the proxy. Proxies tend to whitelist specific port numbers it allows CONNECT requests to and often only port 80 and 443 are allowed. + +When using this, it only makes sense to use \fICURLOPT_PROXYTYPE(3)\fP set to +a HTTP proxy. .SH DEFAULT 0 .SH PROTOCOLS @@ -48,4 +51,4 @@ .SH RETURN VALUE Returns CURLE_OK .SH "SEE ALSO" -.BR CURLOPT_PROXY "(3), " +.BR CURLOPT_PROXY "(3), " CURLOPT_PROXYTYPE "(3), " CURLOPT_PROXYPORT "(3), " diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.html curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.html 2015-06-17 05:56:25.000000000 +0000 @@ -55,12 +55,13 @@

#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPPROXYTUNNEL, long tunnel);

DESCRIPTION

Set the parameter to 1 to make libcurl tunnel all operations through the HTTP proxy. There is a big difference between using a proxy and to tunnel through it. If you don't know what this means, you probably don't want this tunneling option. -

Tunneling essentially means that a CONNECT is sent to the proxy, asking it to connect to a remote host on a specific port number and then the traffic is just passed through the proxy. Proxies tend to whitelist specific port numbers it allows CONNECT requests to and often only port 80 and 443 are allowed.

DEFAULT

+

Tunneling essentially means that a CONNECT is sent to the proxy, asking it to connect to a remote host on a specific port number and then the traffic is just passed through the proxy. Proxies tend to whitelist specific port numbers it allows CONNECT requests to and often only port 80 and 443 are allowed. +

When using this, it only makes sense to use CURLOPT_PROXYTYPE set to a HTTP proxy.

DEFAULT

0

PROTOCOLS

All network protocols

EXAMPLE

TODO

AVAILABILITY

Always

RETURN VALUE

Returns CURLE_OK

SEE ALSO

-

CURLOPT_PROXY,

+

CURLOPT_PROXY, CURLOPT_PROXYTYPE, CURLOPT_PROXYPORT,

This HTML page was made with roffit. Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.html curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_HTTP_TRANSFER_DECODING - enable/disable HTTP transfer decoding

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP_TRANSFER_DECODING,
                          long enabled);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_HTTP_VERSION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_HTTP_VERSION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.html curl-7.43.0/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_IGNORE_CONTENT_LENGTH - ignore Content-Length in HTTP response

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_IGNORE_CONTENT_LENGTH,
                           long ignore);
@@ -67,10 +67,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* we know the server is silly, ignore content-length */   curl_easy_setopt(curl, CURLOPT_IGNORE_CONTENT_LENGTH, 1L); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_INFILESIZE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_INFILESIZE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_INFILESIZE.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_INFILESIZE.html 2015-06-17 05:56:25.000000000 +0000 @@ -65,13 +65,13 @@ CURL *curl = curl_easy_init(); if(curl) {   long uploadsize = FILE_SIZE; - +    curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/destination.tar.gz"); - +    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); - +    curl_easy_setopt(curl, CURLOPT_INFILESIZE, uploadsize); - +    curl_easy_perform(curl); } diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_INFILESIZE_LARGE - set size of the input file to send off

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_INFILESIZE_LARGE,
                           curl_off_t filesize);
@@ -70,13 +70,13 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_off_t uploadsize = FILE_SIZE; - +    curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/destination.tar.gz"); - +    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); - +    curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, uploadsize); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_INFILESIZE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_INFILESIZE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_INTERFACE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_INTERFACE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,10 +54,10 @@

CURLOPT_INTERLEAVEFUNCTION - callback function for RTSP interleaved data

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 size_t interleave_callback(void *ptr, size_t size, size_t nmemb,
                            void *userdata);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_INTERLEAVEFUNCTION,
                           interleave_callback);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_IOCTLDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_IOCTLDATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,22 +54,22 @@

CURLOPT_IOCTLFUNCTION - callback for I/O operations

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 typedef enum {
   CURLIOE_OK,            /* I/O operation successful */
   CURLIOE_UNKNOWNCMD,    /* command was unknown to callback */
   CURLIOE_FAILRESTART,   /* failed to restart the read */
   CURLIOE_LAST           /* never use */
 } curlioerr;
-
+ 
 typedef enum  {
   CURLIOCMD_NOP,         /* no operation */
   CURLIOCMD_RESTARTREAD, /* restart the read stream from start */
   CURLIOCMD_LAST         /* never use */
 } curliocmd;
-
+ 
 curlioerr ioctl_callback(CURL *handle, int cmd, void *clientp);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_IOCTLFUNCTION, ioctl_callback);

DESCRIPTION

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_IPRESOLVE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_IPRESOLVE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_ISSUERCERT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_ISSUERCERT.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_KEYPASSWD.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_KEYPASSWD.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_KEYPASSWD.pdf 2015-04-29 06:08:28.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_KEYPASSWD.pdf 2015-06-17 05:56:43.000000000 +0000 @@ -68,12 +68,12 @@ - -2015-04-29T08:08:28+02:00 -2015-04-29T08:08:28+02:00 + +2015-06-17T07:56:43+02:00 +2015-06-17T07:56:43+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -83,8 +83,8 @@ endobj 2 0 obj <>endobj xref 0 15 @@ -105,7 +105,7 @@ 0000002124 00000 n trailer << /Size 15 /Root 1 0 R /Info 2 0 R -/ID [] +/ID [] >> startxref 3701 Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_KRBLEVEL.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_KRBLEVEL.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_LOCALPORT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_LOCALPORT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_MAIL_AUTH.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_MAIL_AUTH.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_MAIL_FROM.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_MAIL_FROM.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_MAIL_RCPT.html curl-7.43.0/docs/libcurl/opts/CURLOPT_MAIL_RCPT.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_MAIL_RCPT.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_MAIL_RCPT.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_MAIL_RCPT - list of SMTP mail recipients

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAIL_RCPT,
                           struct curl_slist *rcpts);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_MAIL_RCPT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_MAIL_RCPT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_MAXCONNECTS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_MAXCONNECTS.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_MAXFILESIZE_LARGE - maximum file size allowed to download

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAXFILESIZE_LARGE,
                           curl_off_t size);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_MAXFILESIZE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_MAXFILESIZE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_MAX_RECV_SPEED_LARGE - rate limit data download speed

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAX_RECV_SPEED_LARGE,
                           curl_off_t speed);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_MAXREDIRS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_MAXREDIRS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_MAXREDIRS.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_MAXREDIRS.html 2015-06-17 05:56:25.000000000 +0000 @@ -63,13 +63,13 @@ curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/"); - +    /* enable redirect following */   curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); - +    /* allow three redirects */   curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 3L); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_MAXREDIRS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_MAXREDIRS.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_MAX_SEND_SPEED_LARGE - rate limit data upload speed

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAX_SEND_SPEED_LARGE,
                           curl_off_t maxspeed);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_NETRC_FILE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_NETRC_FILE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_NETRC.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_NETRC.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_NEW_DIRECTORY_PERMS - permissions for remotely created directories

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NEW_DIRECTORY_PERMS,
                           long mode);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_NEW_FILE_PERMS - permissions for remotely created files

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NEW_FILE_PERMS,
                           long mode);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_NOBODY.html curl-7.43.0/docs/libcurl/opts/CURLOPT_NOBODY.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_NOBODY.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_NOBODY.html 2015-06-17 05:56:25.000000000 +0000 @@ -62,10 +62,10 @@ curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* get us the resource without a body! */   curl_easy_setopt(curl, CURLOPT_NOBODY, 1L); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_NOBODY.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_NOBODY.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_NOPROGRESS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_NOPROGRESS.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_NOPROXY.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_NOPROXY.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_NOPROXY.pdf 2015-04-29 06:08:31.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_NOPROXY.pdf 2015-06-17 05:56:45.000000000 +0000 @@ -68,12 +68,12 @@ - -2015-04-29T08:08:31+02:00 -2015-04-29T08:08:31+02:00 + +2015-06-17T07:56:45+02:00 +2015-06-17T07:56:45+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -83,8 +83,8 @@ endobj 2 0 obj <>endobj xref 0 14 @@ -104,7 +104,7 @@ 0000002157 00000 n trailer << /Size 14 /Root 1 0 R /Info 2 0 R -/ID [<44D04CA509E672FBAC06216830DB0BA1><44D04CA509E672FBAC06216830DB0BA1>] +/ID [<810A4BDB08285C624F857E36B6E2D39E><810A4BDB08285C624F857E36B6E2D39E>] >> startxref 3734 Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_NOSIGNAL.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_NOSIGNAL.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,13 +54,13 @@

CURLOPT_OPENSOCKETFUNCTION - set callback for opening sockets

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 typedef enum  {
   CURLSOCKTYPE_IPCXN,  /* socket created for a specific IP connection */
   CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */
   CURLSOCKTYPE_LAST    /* never use */
 } curlsocktype;
-
+ 
 struct curl_sockaddr {
   int family;
   int socktype;
@@ -68,11 +68,11 @@
   unsigned int addrlen;
   struct sockaddr addr;
 };
-
+ 
 curl_socket_t opensocket_callback(void *clientp,
                                   curlsocktype purpose,
                                   struct curl_sockaddr *address);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_OPENSOCKETFUNCTION, opensocket_callback);

DESCRIPTION

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PASSWORD.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PASSWORD.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PATH_AS_IS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PATH_AS_IS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PATH_AS_IS.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PATH_AS_IS.html 2015-06-17 05:56:26.000000000 +0000 @@ -64,9 +64,9 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/../../etc/password"); - +    curl_easy_setopt(curl, CURLOPT_PATH_AS_IS, 1L); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 2015-06-11 17:50:43.000000000 +0000 @@ -50,11 +50,22 @@ curl_easy_perform(curl); } .fi +.SH PUBLIC KEY EXTRACTION +If you do not have the server's public key file you can extract it from the +server's certificate. +.nf +openssl x509 -in www.test.com.pem -pubkey -noout > www.test.com.pubkey.pem +.fi +The public key is output in PEM format and contains a header, base64 data and a +footer: +.nf +-----BEGIN PUBLIC KEY----- +[BASE 64 DATA] +-----END PUBLIC KEY----- +.fi .SH AVAILABILITY -If built TLS enabled. This is currently only implemented in the OpenSSL, -GnuTLS and GSKit backends. - -Added in libcurl 7.39.0 +Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for +NSS and wolfSSL/CyaSSL. Other SSL backends not supported. .SH RETURN VALUE Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html 2015-06-17 05:56:25.000000000 +0000 @@ -63,15 +63,25 @@ if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");   curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der"); - +    /* Perform the request */   curl_easy_perform(curl); } +

PUBLIC KEY EXTRACTION

+

If you do not have the server's public key file you can extract it from the server's certificate. 

+openssl x509 -in www.test.com.pem -pubkey -noout > www.test.com.pubkey.pem
+
+ +

The public key is output in PEM format and contains a header, base64 data and a footer: 

+-----BEGIN PUBLIC KEY-----
+[BASE 64 DATA]
+-----END PUBLIC KEY-----
+
+

AVAILABILITY

-

If built TLS enabled. This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends. -

Added in libcurl 7.39.0

RETURN VALUE

+

Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and wolfSSL/CyaSSL. Other SSL backends not supported.

RETURN VALUE

Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

CURLOPT_SSL_VERIFYPEER, CURLOPT_SSL_VERIFYHOST, CURLOPT_CAINFO, CURLOPT_CAPATH,

This HTML page was made with roffit. Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 2015-06-11 17:50:43.000000000 +0000 @@ -0,0 +1,63 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLOPT_PIPEWAIT 3 "12 May 2015" "libcurl 7.43.0" "curl_easy_setopt options" +.SH NAME +CURLOPT_PIPEWAIT \- wait for pipelining/multiplexing +.SH SYNOPSIS +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PIPEWAIT, long wait); +.SH DESCRIPTION +Set \fIwait\fP to 1L to tell libcurl to prefer to wait for a connection to +confirm or deny that it can do pipelining or multiplexing before continuing. + +When about to perform a new transfer that allows pipelining or multiplexing, +libcurl will check for existing connections to re-use and pipeline on. If no +such connection exists it will immediately continue and create a fresh new +connection to use. + +By setting this option to 1 - and having \fICURLMOPT_PIPELINE\fP enabled for +the multi handle this transfer is associated with - libcurl will instead wait +for the connection to reveal if it is possible to pipeline/multiplex on before +it continues. This enables libcurl to much better keep the number of +connections to a minimum when using pipelining or multiplexing protocols. + +The effect thus becomes that with this option set, libcurl prefers to wait and +re-use an existing connection for pipelining rather than the opposite: prefer +to open a new connection rather than waiting. + +The waiting time is as long as it takes for the connection to get up and for +libcurl to get the necessary response back that informs it about its protocol +and support level. +.SH DEFAULT +0 (off) +.SH PROTOCOLS +HTTP(S) +.SH EXAMPLE +.SH AVAILABILITY +Added in 7.43.0 +.SH RETURN VALUE +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLOPT_FORBID_REUSE "(3), " CURLOPT_FRESH_CONNECT "(3), " +.BR CURLMOPT_PIPELINING "(3), " CURLMOPT_MAX_HOST_CONNECTIONS "(3), " diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PIPEWAIT.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PIPEWAIT.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,69 @@ + + +CURLOPT_PIPEWAIT man page + + + + +

NAME

+

CURLOPT_PIPEWAIT - wait for pipelining/multiplexing

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PIPEWAIT, long wait);

DESCRIPTION

+

Set wait to 1L to tell libcurl to prefer to wait for a connection to confirm or deny that it can do pipelining or multiplexing before continuing. +

When about to perform a new transfer that allows pipelining or multiplexing, libcurl will check for existing connections to re-use and pipeline on. If no such connection exists it will immediately continue and create a fresh new connection to use. +

By setting this option to 1 - and having CURLMOPT_PIPELINE enabled for the multi handle this transfer is associated with - libcurl will instead wait for the connection to reveal if it is possible to pipeline/multiplex on before it continues. This enables libcurl to much better keep the number of connections to a minimum when using pipelining or multiplexing protocols. +

The effect thus becomes that with this option set, libcurl prefers to wait and re-use an existing connection for pipelining rather than the opposite: prefer to open a new connection rather than waiting. +

The waiting time is as long as it takes for the connection to get up and for libcurl to get the necessary response back that informs it about its protocol and support level.

DEFAULT

+

0 (off)

PROTOCOLS

+

HTTP(S)

EXAMPLE

+

AVAILABILITY

+

Added in 7.43.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLOPT_FORBID_REUSE, CURLOPT_FRESH_CONNECT, CURLMOPT_PIPELINING, CURLMOPT_MAX_HOST_CONNECTIONS,

+ This HTML page was made with roffit. + Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PORT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PORT.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDS.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDS.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDS.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDS.3 2015-06-11 17:50:43.000000000 +0000 @@ -44,6 +44,9 @@ Using \fICURLOPT_POSTFIELDS(3)\fP implies \fICURLOPT_POST(3)\fP. +You can use \fIcurl_easy_escape(3)\fP to url-encode your data, if necessary. It +returns a pointer to an encoded string that can be passed as \fIpostdata\fP. + If you want to do a zero-byte POST, you need to set \fICURLOPT_POSTFIELDSIZE(3)\fP explicitly to zero, as simply setting \fICURLOPT_POSTFIELDS(3)\fP to NULL or "" just effectively disables the diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDS.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDS.html 2015-06-17 05:56:25.000000000 +0000 @@ -58,6 +58,7 @@

The data pointed to is NOT copied by the library: as a consequence, it must be preserved by the calling application until the associated transfer finishes. This behaviour can be changed (so libcurl does copy the data) by setting the CURLOPT_COPYPOSTFIELDS option.

This POST is a normal application/x-www-form-urlencoded kind (and libcurl will set that Content-Type by default when this option is used), which is commonly used by HTML forms. Change Content-Type with CURLOPT_HTTPHEADER.

Using CURLOPT_POSTFIELDS implies CURLOPT_POST. +

You can use curl_easy_escape(3) to url-encode your data, if necessary. It returns a pointer to an encoded string that can be passed as postdata.

If you want to do a zero-byte POST, you need to set CURLOPT_POSTFIELDSIZE explicitly to zero, as simply setting CURLOPT_POSTFIELDS to NULL or "" just effectively disables the sending of the specified string. libcurl will instead assume that you'll send the POST data using the read callback!

Using POST with HTTP 1.1 implies the use of a "Expect: 100-continue" header. You can disable this header with CURLOPT_HTTPHEADER as usual.

To make multipart/formdata posts (aka RFC 2388-posts), check out the CURLOPT_HTTPPOST option combined with curl_formadd(3).

DEFAULT

@@ -67,15 +68,15 @@ CURL *curl = curl_easy_init(); if(curl) {   const char *data = "data to send"; - +    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* size of the POST data */   curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, 12L); - +    /* pass in a pointer to the data - libcurl will not copy */   curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data); - +    curl_easy_perform(curl); } diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.html 2015-04-29 06:08:10.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.html 2015-06-17 05:56:25.000000000 +0000 @@ -62,14 +62,14 @@ CURL *curl = curl_easy_init(); if(curl) {   const char *data = "data to send"; - +    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* size of the POST data */   curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long) strlen(data)); - +    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data); - +    curl_easy_perform(curl); } diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_POSTFIELDSIZE_LARGE - size of POST data pointed to

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POSTFIELDSIZE_LARGE,
                           curl_off_t size);
@@ -67,14 +67,14 @@ if(curl) {   const char *data = large_chunk;   curl_off_t length_of_data; /* set somehow */ - +    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* size of the POST data */   curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE_LARGE, length_of_data); - +    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.pdf 2015-04-29 06:08:32.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.pdf 2015-06-17 05:56:46.000000000 +0000 @@ -72,12 +72,12 @@ - -2015-04-29T08:08:32+02:00 -2015-04-29T08:08:32+02:00 + +2015-06-17T07:56:46+02:00 +2015-06-17T07:56:46+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -87,8 +87,8 @@ endobj 2 0 obj <>endobj xref 0 15 @@ -109,7 +109,7 @@ 0000001889 00000 n trailer << /Size 15 /Root 1 0 R /Info 2 0 R -/ID [<16A29B8847C829CD26038E8252560AF8><16A29B8847C829CD26038E8252560AF8>] +/ID [<7D09D91EE8223D3F8FC0625558D05CF3><7D09D91EE8223D3F8FC0625558D05CF3>] >> startxref 3466 Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTFIELDS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTFIELDS.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_POST.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_POST.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTQUOTE.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTQUOTE.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTQUOTE.pdf 2015-04-29 06:08:32.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTQUOTE.pdf 2015-06-17 05:56:46.000000000 +0000 @@ -70,12 +70,12 @@ - -2015-04-29T08:08:32+02:00 -2015-04-29T08:08:32+02:00 + +2015-06-17T07:56:46+02:00 +2015-06-17T07:56:46+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -85,8 +85,8 @@ endobj 2 0 obj <>endobj xref 0 15 @@ -107,7 +107,7 @@ 0000001843 00000 n trailer << /Size 15 /Root 1 0 R /Info 2 0 R -/ID [<364F3DE990FABF30AB155057FF6FD328><364F3DE990FABF30AB155057FF6FD328>] +/ID [] >> startxref 3420 diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTREDIR.html curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTREDIR.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTREDIR.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTREDIR.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_POSTREDIR - how to act on a HTTP POST redirect

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POSTREDIR,
                           long bitmask);
@@ -67,14 +67,14 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* a silly POST example */   curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "data=true"); - +    /* example.com is redirected, so we tell libcurl to send POST on 301, 302 and   303 HTTP response codes */   curl_easy_setopt(curl, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_POSTREDIR.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_POSTREDIR.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PREQUOTE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PREQUOTE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PRIVATE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PRIVATE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PRIVATE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PRIVATE.html 2015-06-17 05:56:25.000000000 +0000 @@ -63,12 +63,12 @@ if(curl) {   struct private *extracted;   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* store a pointer to our private struct */   curl_easy_setopt(curl, CURLOPT_PRIVATE, &secrets); - +    curl_easy_perform(curl); - +    /* we can extract the private pointer again too */   curl_easy_getinfo(curl, CURLINFO_PRIVATE, &extracted); } diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PRIVATE.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_PRIVATE.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PRIVATE.pdf 2015-04-29 06:08:32.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PRIVATE.pdf 2015-06-17 05:56:47.000000000 +0000 @@ -69,12 +69,12 @@ - -2015-04-29T08:08:32+02:00 -2015-04-29T08:08:32+02:00 + +2015-06-17T07:56:47+02:00 +2015-06-17T07:56:47+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -84,8 +84,8 @@ endobj 2 0 obj <>endobj xref 0 15 @@ -106,7 +106,7 @@ 0000002140 00000 n trailer << /Size 15 /Root 1 0 R /Info 2 0 R -/ID [<3504B5595C716E792788971B52DBA284><3504B5595C716E792788971B52DBA284>] +/ID [<3AF208F4931D4526347E747A96BA04DB><3AF208F4931D4526347E747A96BA04DB>] >> startxref 3717 Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROGRESSDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROGRESSDATA.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PROTOCOLS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PROTOCOLS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PROTOCOLS.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PROTOCOLS.html 2015-06-17 05:56:25.000000000 +0000 @@ -93,11 +93,11 @@ if(curl) {   /* pass in the URL from an external source */   curl_easy_setopt(curl, CURLOPT_URL, argv[1]); - +    /* only allow HTTP, TFTP and SFTP */   curl_easy_setopt(curl, CURLOPT_PROTOCOLS,   CURLPROTO_HTTP | CURLPROTO_TFTP | CURLPROTO_SFTP); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROTOCOLS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROTOCOLS.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYAUTH.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYAUTH.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYHEADER.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYHEADER.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYHEADER.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYHEADER.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_PROXYHEADER - custom HTTP headers to pass to proxy

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXYHEADER,
                           struct curl_slist *headers);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYHEADER.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYHEADER.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXY.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXY.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYPORT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYPORT.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 2015-06-11 17:50:43.000000000 +0000 @@ -0,0 +1,45 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLOPT_PROXY_SERVICE_NAME 3 "17 Jun 2015" "libcurl 7.43.0" "curl_easy_setopt options" +.SH NAME +CURLOPT_PROXY_SERVICE_NAME \- proxy service name +.SH SYNOPSIS +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SERVICE_NAME, char *name); +.SH DESCRIPTION +Pass a char * as parameter to a string holding the \fIname\fP of the +service. The default service name is "HTTP". This option allows you to change it. +..SH DEFAULT +See above +.SH PROTOCOLS +Most +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.43.0 +.SH RETURN VALUE +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. +.SH "SEE ALSO" +.BR CURLOPT_PROXY "(3), " CURLOPT_PROXYTYPE "(3), " diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,65 @@ + + +CURLOPT_PROXY_SERVICE_NAME man page + + + + +

NAME

+

CURLOPT_PROXY_SERVICE_NAME - proxy service name

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SERVICE_NAME, char *name);

DESCRIPTION

+

Pass a char * as parameter to a string holding the name of the service. The default service name is "HTTP". This option allows you to change it. +

See above

PROTOCOLS

+

Most

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.43.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

+

CURLOPT_PROXY, CURLOPT_PROXYTYPE,

+ This HTML page was made with roffit. + Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYTYPE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYTYPE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_PROXYUSERNAME - user name to use for proxy authentication

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXYUSERNAME,
                           char *username);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_PUT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_PUT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_QUOTE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_QUOTE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_RANDOM_FILE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_RANDOM_FILE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_RANGE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_RANGE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_RANGE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_RANGE.html 2015-06-17 05:56:25.000000000 +0000 @@ -63,10 +63,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* get the first 200 bytes */   curl_easy_setopt(curl, CURLOPT_RANGE, "0-199"); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_RANGE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_RANGE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_READDATA.html curl-7.43.0/docs/libcurl/opts/CURLOPT_READDATA.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_READDATA.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_READDATA.html 2015-06-17 05:56:25.000000000 +0000 @@ -64,11 +64,11 @@ struct MyData this; if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* pass pointer that gets passed in to the   CURLOPT_READFUNCTION callback */   curl_easy_setopt(curl, CURLOPT_READDATA, &this); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_READDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_READDATA.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_READFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_READFUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.html 2015-06-17 05:56:25.000000000 +0000 @@ -93,11 +93,11 @@ if(curl) {   /* pass in the URL from an external source */   curl_easy_setopt(curl, CURLOPT_URL, argv[1]); - +    /* only allow redirects to HTTP and HTTPS URLs */   curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS,   CURLPROTO_HTTP | CURLPROTO_HTTPS); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_REFERER.html curl-7.43.0/docs/libcurl/opts/CURLOPT_REFERER.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_REFERER.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_REFERER.html 2015-06-17 05:56:25.000000000 +0000 @@ -61,10 +61,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* tell it where we found the link to this place */   curl_easy_setopt(curl, CURLOPT_REFERER, "http://example.com/aboutme.html"); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_REFERER.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_REFERER.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_RESOLVE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_RESOLVE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_RESOLVE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_RESOLVE.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_RESOLVE - provide custom host name to IP address resolves

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RESOLVE,
                           struct curl_slist *hosts);
@@ -69,17 +69,17 @@ CURL *curl; struct curl_slist *host = NULL; host = curl_slist_append(NULL, "example.com:80:127.0.0.1"); - +  curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_RESOLVE, host);   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");   res = curl_easy_perform(curl); - +    /* always cleanup */   curl_easy_cleanup(curl); } - +  curl_slist_free_all(host); Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_RESOLVE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_RESOLVE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_RESUME_FROM.html curl-7.43.0/docs/libcurl/opts/CURLOPT_RESUME_FROM.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_RESUME_FROM.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_RESUME_FROM.html 2015-06-17 05:56:25.000000000 +0000 @@ -63,16 +63,16 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com"); - +    /* resume upload at byte index 200 */   curl_easy_setopt(curl, CURLOPT_RESUME_FROM, 200L); - +    /* ask for upload */   curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); - +    /* set total data amount to expect */   curl_easy_setopt(curl, CURLOPT_INFILESIZE, size_of_file); - +    /* Perform the request */   curl_easy_perform(curl); } diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_RESUME_FROM_LARGE - set a point to resume transfer from

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RESUME_FROM_LARGE,
                           curl_off_t from);
@@ -68,18 +68,18 @@ if(curl) {   curl_off_t resume_position = GET_IT_SOMEHOW;   curl_off_t file_size = GET_IT_SOMEHOW_AS_WELL; - +    curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com"); - +    /* resuming upload at this position, possibly beyond 2GB */   curl_easy_setopt(curl, CURLOPT_RESUME_FROM_LARGE, resume_position); - +    /* ask for upload */   curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); - +    /* set total data amount to expect */   curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, file_size); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_RESUME_FROM.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_RESUME_FROM.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.pdf 2015-04-29 06:08:35.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.pdf 2015-06-17 05:56:50.000000000 +0000 @@ -67,12 +67,12 @@ - -2015-04-29T08:08:35+02:00 -2015-04-29T08:08:35+02:00 + +2015-06-17T07:56:50+02:00 +2015-06-17T07:56:50+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -82,8 +82,8 @@ endobj 2 0 obj <>endobj xref 0 14 @@ -103,7 +103,7 @@ 0000001666 00000 n trailer << /Size 14 /Root 1 0 R /Info 2 0 R -/ID [<5CE874A28A5724930E4F13B89616B3DC><5CE874A28A5724930E4F13B89616B3DC>] +/ID [<50986BF265BCB1091FADD7BF066CFCD5><50986BF265BCB1091FADD7BF066CFCD5>] >> startxref 3243 Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.html curl-7.43.0/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_RTSP_TRANSPORT - set RTSP Transport: header

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RTSP_TRANSPORT,
                           char *transport);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SASL_IR.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SASL_IR.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SEEKDATA.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_SEEKDATA.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SEEKDATA.pdf 2015-04-29 06:08:36.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SEEKDATA.pdf 2015-06-17 05:56:50.000000000 +0000 @@ -68,12 +68,12 @@ - -2015-04-29T08:08:36+02:00 -2015-04-29T08:08:36+02:00 + +2015-06-17T07:56:50+02:00 +2015-06-17T07:56:50+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -83,8 +83,8 @@ endobj 2 0 obj <>endobj xref 0 15 @@ -105,7 +105,7 @@ 0000001688 00000 n trailer << /Size 15 /Root 1 0 R /Info 2 0 R -/ID [] +/ID [<57FB2D0960370722BF988C715CE72130><57FB2D0960370722BF988C715CE72130>] >> startxref 3265 diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.html 2015-06-17 05:56:25.000000000 +0000 @@ -54,15 +54,15 @@

CURLOPT_SEEKFUNCTION - user callback for seeking in input stream

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 /* These are the return codes for the seek callbacks */
 #define CURL_SEEKFUNC_OK       0
 #define CURL_SEEKFUNC_FAIL     1 /* fail the entire transfer */
 #define CURL_SEEKFUNC_CANTSEEK 2 /* tell libcurl seeking can't be done, so
                                     libcurl might try other means instead */
-
+ 
 int seek_callback(void *userp, curl_off_t offset, int origin);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SEEKFUNCTION, seek_callback);

DESCRIPTION

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 2015-06-11 17:50:43.000000000 +0000 @@ -0,0 +1,46 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLOPT_SERVICE_NAME 3 "17 Jun 2015" "libcurl 7.43.0" "curl_easy_setopt options" +.SH NAME +CURLOPT_SERVICE_NAME \- SPNEGO service name +.SH SYNOPSIS +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SERVICE_NAME, char *name); +.SH DESCRIPTION +Pass a char * as parameter to a string holding the \fIname\fP of the +service. The default service name is "HTTP". This option allows you to +change it. +..SH DEFAULT +See above +.SH PROTOCOLS +Most +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.43.0 +.SH RETURN VALUE +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. +.SH "SEE ALSO" +.BR CURLOPT_PROXY "(3), " CURLOPT_PROXYTYPE "(3), " diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SERVICE_NAME.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SERVICE_NAME.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SERVICE_NAME.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SERVICE_NAME.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,65 @@ + + +CURLOPT_SERVICE_NAME man page + + + + +

NAME

+

CURLOPT_SERVICE_NAME - SPNEGO service name

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SERVICE_NAME, char *name);

DESCRIPTION

+

Pass a char * as parameter to a string holding the name of the service. The default service name is "HTTP". This option allows you to change it. +

See above

PROTOCOLS

+

Most

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.43.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

+

CURLOPT_PROXY, CURLOPT_PROXYTYPE,

+ This HTML page was made with roffit. + Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SHARE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SHARE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.pdf 2015-04-29 06:08:36.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.pdf 2015-06-17 05:56:50.000000000 +0000 @@ -72,12 +72,12 @@ - -2015-04-29T08:08:36+02:00 -2015-04-29T08:08:36+02:00 + +2015-06-17T07:56:50+02:00 +2015-06-17T07:56:50+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -87,8 +87,8 @@ endobj 2 0 obj <>endobj xref 0 15 @@ -109,7 +109,7 @@ 0000001836 00000 n trailer << /Size 15 /Root 1 0 R /Info 2 0 R -/ID [] +/ID [] >> startxref 3413 diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,22 +54,22 @@

CURLOPT_SOCKOPTFUNCTION - set callback for setting socket options

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 typedef enum  {
   CURLSOCKTYPE_IPCXN,  /* socket created for a specific IP connection */
   CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */
   CURLSOCKTYPE_LAST    /* never use */
 } curlsocktype;
-
+ 
 #define CURL_SOCKOPT_OK 0
 #define CURL_SOCKOPT_ERROR 1 /* causes libcurl to abort and return
                                 CURLE_ABORTED_BY_CALLBACK */
 #define CURL_SOCKOPT_ALREADY_CONNECTED 2
-
+ 
 int sockopt_callback(void *clientp,
                      curl_socket_t curlfd,
                      curlsocktype purpose);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);

DESCRIPTION

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 - checksum of SSH server public key

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5,
                           char *md5);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_SSH_KEYFUNCTION - callback for known host matching logic

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 enum curl_khstat {
   CURLKHSTAT_FINE_ADD_TO_FILE,
   CURLKHSTAT_FINE,
@@ -64,13 +64,13 @@
                         otherwise the connection will be left intact
                         etc */
 };
-
+ 
 enum curl_khmatch {
   CURLKHMATCH_OK,       /* match */
   CURLKHMATCH_MISMATCH, /* host found, key mismatch! */
   CURLKHMATCH_MISSING,  /* no matching host/key found */
 };
-
+ 
 struct curl_khkey {
   const char *key; /* points to a zero-terminated string encoded with
                       base64 if len is zero, otherwise to the "raw"
@@ -78,13 +78,13 @@
   size_t len;
   enum curl_khtype keytype;
 };
-
+ 
 int ssh_keycallback(CURL *easy,
                     const struct curl_khkey *knownkey,
                     const struct curl_khkey *foundkey,
                     enum curl_khmatch,
                     void *clientp);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_KEYFUNCTION,
                           ssh_keycallback);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.pdf 2015-04-29 06:08:37.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.pdf 2015-06-17 05:56:51.000000000 +0000 @@ -72,12 +72,12 @@ - -2015-04-29T08:08:37+02:00 -2015-04-29T08:08:37+02:00 + +2015-06-17T07:56:51+02:00 +2015-06-17T07:56:51+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -87,8 +87,8 @@ endobj 2 0 obj <>endobj xref 0 15 @@ -109,7 +109,7 @@ 0000002028 00000 n trailer << /Size 15 /Root 1 0 R /Info 2 0 R -/ID [<851439D9E8670CAED69088B282A71C30><851439D9E8670CAED69088B282A71C30>] +/ID [<36B931CC4C0034C8BAD1F606741C4F4A><36B931CC4C0034C8BAD1F606741C4F4A>] >> startxref 3605 diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_SSH_PRIVATE_KEYFILE - set private key file for SSH auth

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_PRIVATE_KEYFILE,
                           char *filename);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_SSH_PUBLIC_KEYFILE - set public key file for SSH auth

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_PUBLIC_KEYFILE,
                           char *filename);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSLCERT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLCERT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,9 +54,9 @@

CURLOPT_SSL_CTX_FUNCTION - SSL context callback for OpenSSL or wolfSSL/CyaSSL

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION,
                           ssl_ctx_callback);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSLENGINE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLENGINE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSLKEY.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLKEY.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_SSL_SESSIONID_CACHE - enable/disable use of the SSL session-ID cache

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_SESSIONID_CACHE,
                          long enabled);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.html 2015-06-17 05:56:26.000000000 +0000 @@ -69,10 +69,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); - +    /* Set the default value: strict name check please */   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.html 2015-06-17 05:56:26.000000000 +0000 @@ -66,10 +66,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); - +    /* Set the default value: strict certificate check please */   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf 2015-04-29 06:08:39.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf 2015-06-17 05:56:53.000000000 +0000 @@ -68,12 +68,12 @@ - -2015-04-29T08:08:39+02:00 -2015-04-29T08:08:39+02:00 + +2015-06-17T07:56:53+02:00 +2015-06-17T07:56:53+02:00 groff version 1.22.3 - -Untitled + +Untitled @@ -83,8 +83,8 @@ endobj 2 0 obj <>endobj xref 0 14 @@ -104,7 +104,7 @@ 0000001942 00000 n trailer << /Size 14 /Root 1 0 R /Info 2 0 R -/ID [] +/ID [<19FDECD7795296B5264D49FC0FD23625><19FDECD7795296B5264D49FC0FD23625>] >> startxref 3519 diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_SSLVERSION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLVERSION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_SSLVERSION.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLVERSION.html 2015-06-17 05:56:26.000000000 +0000 @@ -78,10 +78,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); - +    /* ask libcurl to use TLS version 1.0 or later */   curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_SSLVERSION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLVERSION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_STDERR.html curl-7.43.0/docs/libcurl/opts/CURLOPT_STDERR.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_STDERR.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_STDERR.html 2015-06-17 05:56:26.000000000 +0000 @@ -63,7 +63,7 @@ if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");   curl_easy_setopt(curl, CURLOPT_STDERR, filep); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_STDERR.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_STDERR.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 2015-06-11 17:50:43.000000000 +0000 @@ -50,7 +50,7 @@ curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); /* interval time between keep-alive probes: 60 seconds */ - curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L); + curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); curl_easy_perform(curl); } diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.html 2015-06-17 05:56:26.000000000 +0000 @@ -61,16 +61,16 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* enable TCP keep-alive for this transfer */   curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L); - +    /* keep-alive idle time to 120 seconds */   curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); - +    /* interval time between keep-alive probes: 60 seconds */ -  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L); - +  curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 2015-06-11 17:50:43.000000000 +0000 @@ -48,7 +48,7 @@ curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); /* interval time between keep-alive probes: 60 seconds */ - curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L); + curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); curl_easy_perform(curl); } diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.html 2015-06-17 05:56:26.000000000 +0000 @@ -61,16 +61,16 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* enable TCP keep-alive for this transfer */   curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L); - +    /* set keep-alive idle time to 120 seconds */   curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); - +    /* interval time between keep-alive probes: 60 seconds */ -  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L); - +  curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 --- curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 2015-06-11 17:50:43.000000000 +0000 @@ -46,7 +46,7 @@ curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); /* interval time between keep-alive probes: 60 seconds */ - curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L); + curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); curl_easy_perform(curl); } diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.html curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.html 2015-06-17 05:56:26.000000000 +0000 @@ -61,16 +61,16 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* enable TCP keep-alive for this transfer */   curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L); - +    /* keep-alive idle time to 120 seconds */   curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); - +    /* interval time between keep-alive probes: 60 seconds */ -  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L); - +  curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TCP_NODELAY.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TCP_NODELAY.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TIMECONDITION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TIMECONDITION.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_TIMEOUT.html curl-7.43.0/docs/libcurl/opts/CURLOPT_TIMEOUT.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_TIMEOUT.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_TIMEOUT.html 2015-06-17 05:56:26.000000000 +0000 @@ -64,10 +64,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* complete within 20 seconds */   curl_easy_setopt(curl, CURLOPT_TIMEOUT, 20L); - +    curl_easy_perform(curl); } diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.html curl-7.43.0/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.html 2015-06-17 05:56:26.000000000 +0000 @@ -65,10 +65,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* complete within 20000 milliseconds */   curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 20000L); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TIMEOUT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TIMEOUT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TIMEVALUE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TIMEVALUE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.html curl-7.43.0/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_UNRESTRICTED_AUTH - send credentials to other hosts too

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,
                           long goahead);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_UPLOAD.html curl-7.43.0/docs/libcurl/opts/CURLOPT_UPLOAD.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_UPLOAD.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_UPLOAD.html 2015-06-17 05:56:26.000000000 +0000 @@ -64,19 +64,19 @@ if(curl) {   /* we want to use our own read function */   curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback); - +    /* enable uploading */   curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); - +    /* specify target */   curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/dir/to/newfile"); - +    /* now specify which pointer to pass to our callback */   curl_easy_setopt(curl, CURLOPT_READDATA, hd_src); - +    /* Set the size of the file to upload */   curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)fsize); - +    /* Now run off and do what you've been told! */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_UPLOAD.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_UPLOAD.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_URL.html curl-7.43.0/docs/libcurl/opts/CURLOPT_URL.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_URL.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_URL.html 2015-06-17 05:56:26.000000000 +0000 @@ -153,7 +153,7 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_URL.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_URL.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_USERAGENT.html curl-7.43.0/docs/libcurl/opts/CURLOPT_USERAGENT.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_USERAGENT.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_USERAGENT.html 2015-06-17 05:56:26.000000000 +0000 @@ -61,9 +61,9 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    curl_easy_setopt(curl, CURLOPT_USERAGENT, "Dark Secret Ninja/1.0"); - +    curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_USERAGENT.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_USERAGENT.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_USERNAME.html curl-7.43.0/docs/libcurl/opts/CURLOPT_USERNAME.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_USERNAME.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_USERNAME.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,7 +54,7 @@

CURLOPT_USERNAME - user name to use in authentication

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_USERNAME,
                           char *username);
Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_USERNAME.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_USERNAME.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_USERPWD.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_USERPWD.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_USE_SSL.html curl-7.43.0/docs/libcurl/opts/CURLOPT_USE_SSL.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_USE_SSL.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_USE_SSL.html 2015-06-17 05:56:26.000000000 +0000 @@ -71,10 +71,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/dir/file.ext"); - +    /* require use of SSL for this, or fail */   curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_ALL); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_USE_SSL.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_USE_SSL.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_VERBOSE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_VERBOSE.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_VERBOSE.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_VERBOSE.html 2015-06-17 05:56:26.000000000 +0000 @@ -63,10 +63,10 @@ CURL *curl = curl_easy_init(); if(curl) {   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - +    /* ask libcurl to show us the verbose output */   curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); - +    /* Perform the request */   curl_easy_perform(curl); } Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_VERBOSE.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_VERBOSE.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_WRITEDATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_WRITEDATA.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.html --- curl-7.42.1/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.html 2015-04-29 06:08:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.html 2015-06-17 05:56:26.000000000 +0000 @@ -54,9 +54,9 @@

CURLOPT_WRITEFUNCTION - set callback for writing received data

SYNOPSIS

 #include <curl/curl.h>
-
+ 
 size_t write_callback(char *ptr, size_t size, size_t nmemb, void *userdata);
-
+ 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_WRITEFUNCTION, write_callback);

DESCRIPTION

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_XFERINFODATA.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_XFERINFODATA.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.pdf differ Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.pdf differ diff -Nru curl-7.42.1/docs/libcurl/opts/Makefile.am curl-7.43.0/docs/libcurl/opts/Makefile.am --- curl-7.42.1/docs/libcurl/opts/Makefile.am 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/Makefile.am 2015-06-12 12:57:28.000000000 +0000 @@ -66,9 +66,9 @@ CURLOPT_NEW_DIRECTORY_PERMS.3 CURLOPT_NEW_FILE_PERMS.3 \ CURLOPT_NOBODY.3 CURLOPT_NOPROGRESS.3 CURLOPT_NOPROXY.3 \ CURLOPT_NOSIGNAL.3 CURLOPT_OPENSOCKETDATA.3 \ - CURLOPT_OPENSOCKETFUNCTION.3 CURLOPT_PASSWORD.3 \ - CURLOPT_PINNEDPUBLICKEY.3 CURLOPT_PORT.3 \ - CURLOPT_POST.3 CURLOPT_POSTFIELDS.3 CURLOPT_POSTFIELDSIZE.3 \ + CURLOPT_OPENSOCKETFUNCTION.3 CURLOPT_PASSWORD.3 \ + CURLOPT_PINNEDPUBLICKEY.3 CURLOPT_PORT.3 CURLOPT_POST.3 \ + CURLOPT_POSTFIELDS.3 CURLOPT_POSTFIELDSIZE.3 \ CURLOPT_POSTFIELDSIZE_LARGE.3 CURLOPT_POSTQUOTE.3 CURLOPT_POSTREDIR.3 \ CURLOPT_PREQUOTE.3 CURLOPT_PRIVATE.3 CURLOPT_PROGRESSDATA.3 \ CURLOPT_PROGRESSFUNCTION.3 CURLOPT_PROTOCOLS.3 CURLOPT_PROXY.3 \ @@ -113,7 +113,8 @@ CURLMOPT_PIPELINING_SERVER_BL.3 CURLMOPT_PIPELINING_SITE_BL.3 \ CURLMOPT_SOCKETDATA.3 CURLMOPT_SOCKETFUNCTION.3 CURLMOPT_TIMERDATA.3 \ CURLMOPT_TIMERFUNCTION.3 CURLOPT_UNIX_SOCKET_PATH.3 \ - CURLOPT_PATH_AS_IS.3 + CURLOPT_PATH_AS_IS.3 CURLOPT_PROXY_SERVICE_NAME.3 \ + CURLOPT_SERVICE_NAME.3 CURLOPT_PIPEWAIT.3 HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html \ CURLOPT_ADDRESS_SCOPE.html CURLOPT_APPEND.html \ @@ -169,8 +170,7 @@ CURLOPT_NOPROGRESS.html CURLOPT_NOPROXY.html CURLOPT_NOSIGNAL.html \ CURLOPT_OPENSOCKETDATA.html CURLOPT_OPENSOCKETFUNCTION.html \ CURLOPT_PASSWORD.html CURLOPT_PINNEDPUBLICKEY.html CURLOPT_PORT.html \ - CURLOPT_POST.html \ - CURLOPT_POSTFIELDS.html CURLOPT_POSTFIELDSIZE.html \ + CURLOPT_POST.html CURLOPT_POSTFIELDS.html CURLOPT_POSTFIELDSIZE.html \ CURLOPT_POSTFIELDSIZE_LARGE.html CURLOPT_POSTQUOTE.html \ CURLOPT_POSTREDIR.html CURLOPT_PREQUOTE.html CURLOPT_PRIVATE.html \ CURLOPT_PROGRESSDATA.html CURLOPT_PROGRESSFUNCTION.html \ @@ -220,7 +220,9 @@ CURLMOPT_PIPELINING_SERVER_BL.html CURLMOPT_PIPELINING_SITE_BL.html \ CURLMOPT_SOCKETDATA.html CURLMOPT_SOCKETFUNCTION.html \ CURLMOPT_TIMERDATA.html CURLMOPT_TIMERFUNCTION.html \ - CURLOPT_UNIX_SOCKET_PATH.html CURLOPT_PATH_AS_IS.html + CURLOPT_UNIX_SOCKET_PATH.html CURLOPT_PATH_AS_IS.html \ + CURLOPT_PROXY_SERVICE_NAME.html CURLOPT_SERVICE_NAME.html \ + CURLOPT_PIPEWAIT.html PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf \ CURLOPT_ADDRESS_SCOPE.pdf CURLOPT_APPEND.pdf CURLOPT_AUTOREFERER.pdf \ @@ -272,9 +274,9 @@ CURLOPT_NEW_DIRECTORY_PERMS.pdf CURLOPT_NEW_FILE_PERMS.pdf \ CURLOPT_NOBODY.pdf CURLOPT_NOPROGRESS.pdf CURLOPT_NOPROXY.pdf \ CURLOPT_NOSIGNAL.pdf CURLOPT_OPENSOCKETDATA.pdf \ - CURLOPT_OPENSOCKETFUNCTION.pdf CURLOPT_PASSWORD.pdf \ - CURLOPT_PINNEDPUBLICKEY.pdf CURLOPT_PORT.pdf \ - CURLOPT_POST.pdf CURLOPT_POSTFIELDS.pdf CURLOPT_POSTFIELDSIZE.pdf \ + CURLOPT_OPENSOCKETFUNCTION.pdf CURLOPT_PASSWORD.pdf \ + CURLOPT_PINNEDPUBLICKEY.pdf CURLOPT_PORT.pdf CURLOPT_POST.pdf \ + CURLOPT_POSTFIELDS.pdf CURLOPT_POSTFIELDSIZE.pdf \ CURLOPT_POSTFIELDSIZE_LARGE.pdf CURLOPT_POSTQUOTE.pdf \ CURLOPT_POSTREDIR.pdf CURLOPT_PREQUOTE.pdf CURLOPT_PRIVATE.pdf \ CURLOPT_PROGRESSDATA.pdf CURLOPT_PROGRESSFUNCTION.pdf \ @@ -324,7 +326,9 @@ CURLMOPT_PIPELINING_SERVER_BL.pdf CURLMOPT_PIPELINING_SITE_BL.pdf \ CURLMOPT_SOCKETDATA.pdf CURLMOPT_SOCKETFUNCTION.pdf \ CURLMOPT_TIMERDATA.pdf CURLMOPT_TIMERFUNCTION.pdf \ - CURLOPT_UNIX_SOCKET_PATH.pdf CURLOPT_PATH_AS_IS.pdf + CURLOPT_UNIX_SOCKET_PATH.pdf CURLOPT_PATH_AS_IS.pdf \ + CURLOPT_PROXY_SERVICE_NAME.pdf CURLOPT_SERVICE_NAME.pdf \ + CURLOPT_PIPEWAIT.pdf CLEANFILES = $(HTMLPAGES) $(PDFPAGES) diff -Nru curl-7.42.1/docs/libcurl/opts/Makefile.in curl-7.43.0/docs/libcurl/opts/Makefile.in --- curl-7.42.1/docs/libcurl/opts/Makefile.in 2015-04-29 06:07:43.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -100,8 +100,7 @@ build_triplet = @build@ host_triplet = @host@ subdir = docs/libcurl/opts -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -122,7 +121,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = @@ -411,9 +410,9 @@ CURLOPT_NEW_DIRECTORY_PERMS.3 CURLOPT_NEW_FILE_PERMS.3 \ CURLOPT_NOBODY.3 CURLOPT_NOPROGRESS.3 CURLOPT_NOPROXY.3 \ CURLOPT_NOSIGNAL.3 CURLOPT_OPENSOCKETDATA.3 \ - CURLOPT_OPENSOCKETFUNCTION.3 CURLOPT_PASSWORD.3 \ - CURLOPT_PINNEDPUBLICKEY.3 CURLOPT_PORT.3 \ - CURLOPT_POST.3 CURLOPT_POSTFIELDS.3 CURLOPT_POSTFIELDSIZE.3 \ + CURLOPT_OPENSOCKETFUNCTION.3 CURLOPT_PASSWORD.3 \ + CURLOPT_PINNEDPUBLICKEY.3 CURLOPT_PORT.3 CURLOPT_POST.3 \ + CURLOPT_POSTFIELDS.3 CURLOPT_POSTFIELDSIZE.3 \ CURLOPT_POSTFIELDSIZE_LARGE.3 CURLOPT_POSTQUOTE.3 CURLOPT_POSTREDIR.3 \ CURLOPT_PREQUOTE.3 CURLOPT_PRIVATE.3 CURLOPT_PROGRESSDATA.3 \ CURLOPT_PROGRESSFUNCTION.3 CURLOPT_PROTOCOLS.3 CURLOPT_PROXY.3 \ @@ -458,7 +457,8 @@ CURLMOPT_PIPELINING_SERVER_BL.3 CURLMOPT_PIPELINING_SITE_BL.3 \ CURLMOPT_SOCKETDATA.3 CURLMOPT_SOCKETFUNCTION.3 CURLMOPT_TIMERDATA.3 \ CURLMOPT_TIMERFUNCTION.3 CURLOPT_UNIX_SOCKET_PATH.3 \ - CURLOPT_PATH_AS_IS.3 + CURLOPT_PATH_AS_IS.3 CURLOPT_PROXY_SERVICE_NAME.3 \ + CURLOPT_SERVICE_NAME.3 CURLOPT_PIPEWAIT.3 HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html \ CURLOPT_ADDRESS_SCOPE.html CURLOPT_APPEND.html \ @@ -514,8 +514,7 @@ CURLOPT_NOPROGRESS.html CURLOPT_NOPROXY.html CURLOPT_NOSIGNAL.html \ CURLOPT_OPENSOCKETDATA.html CURLOPT_OPENSOCKETFUNCTION.html \ CURLOPT_PASSWORD.html CURLOPT_PINNEDPUBLICKEY.html CURLOPT_PORT.html \ - CURLOPT_POST.html \ - CURLOPT_POSTFIELDS.html CURLOPT_POSTFIELDSIZE.html \ + CURLOPT_POST.html CURLOPT_POSTFIELDS.html CURLOPT_POSTFIELDSIZE.html \ CURLOPT_POSTFIELDSIZE_LARGE.html CURLOPT_POSTQUOTE.html \ CURLOPT_POSTREDIR.html CURLOPT_PREQUOTE.html CURLOPT_PRIVATE.html \ CURLOPT_PROGRESSDATA.html CURLOPT_PROGRESSFUNCTION.html \ @@ -565,7 +564,9 @@ CURLMOPT_PIPELINING_SERVER_BL.html CURLMOPT_PIPELINING_SITE_BL.html \ CURLMOPT_SOCKETDATA.html CURLMOPT_SOCKETFUNCTION.html \ CURLMOPT_TIMERDATA.html CURLMOPT_TIMERFUNCTION.html \ - CURLOPT_UNIX_SOCKET_PATH.html CURLOPT_PATH_AS_IS.html + CURLOPT_UNIX_SOCKET_PATH.html CURLOPT_PATH_AS_IS.html \ + CURLOPT_PROXY_SERVICE_NAME.html CURLOPT_SERVICE_NAME.html \ + CURLOPT_PIPEWAIT.html PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf \ CURLOPT_ADDRESS_SCOPE.pdf CURLOPT_APPEND.pdf CURLOPT_AUTOREFERER.pdf \ @@ -617,9 +618,9 @@ CURLOPT_NEW_DIRECTORY_PERMS.pdf CURLOPT_NEW_FILE_PERMS.pdf \ CURLOPT_NOBODY.pdf CURLOPT_NOPROGRESS.pdf CURLOPT_NOPROXY.pdf \ CURLOPT_NOSIGNAL.pdf CURLOPT_OPENSOCKETDATA.pdf \ - CURLOPT_OPENSOCKETFUNCTION.pdf CURLOPT_PASSWORD.pdf \ - CURLOPT_PINNEDPUBLICKEY.pdf CURLOPT_PORT.pdf \ - CURLOPT_POST.pdf CURLOPT_POSTFIELDS.pdf CURLOPT_POSTFIELDSIZE.pdf \ + CURLOPT_OPENSOCKETFUNCTION.pdf CURLOPT_PASSWORD.pdf \ + CURLOPT_PINNEDPUBLICKEY.pdf CURLOPT_PORT.pdf CURLOPT_POST.pdf \ + CURLOPT_POSTFIELDS.pdf CURLOPT_POSTFIELDSIZE.pdf \ CURLOPT_POSTFIELDSIZE_LARGE.pdf CURLOPT_POSTQUOTE.pdf \ CURLOPT_POSTREDIR.pdf CURLOPT_PREQUOTE.pdf CURLOPT_PRIVATE.pdf \ CURLOPT_PROGRESSDATA.pdf CURLOPT_PROGRESSFUNCTION.pdf \ @@ -669,7 +670,9 @@ CURLMOPT_PIPELINING_SERVER_BL.pdf CURLMOPT_PIPELINING_SITE_BL.pdf \ CURLMOPT_SOCKETDATA.pdf CURLMOPT_SOCKETFUNCTION.pdf \ CURLMOPT_TIMERDATA.pdf CURLMOPT_TIMERFUNCTION.pdf \ - CURLOPT_UNIX_SOCKET_PATH.pdf CURLOPT_PATH_AS_IS.pdf + CURLOPT_UNIX_SOCKET_PATH.pdf CURLOPT_PATH_AS_IS.pdf \ + CURLOPT_PROXY_SERVICE_NAME.pdf CURLOPT_SERVICE_NAME.pdf \ + CURLOPT_PIPEWAIT.pdf CLEANFILES = $(HTMLPAGES) $(PDFPAGES) EXTRA_DIST = $(man_MANS) $(HTMLPAGES) $(PDFPAGES) diff -Nru curl-7.42.1/docs/libcurl/symbols-in-versions curl-7.43.0/docs/libcurl/symbols-in-versions --- curl-7.42.1/docs/libcurl/symbols-in-versions 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/docs/libcurl/symbols-in-versions 2015-06-12 22:20:46.000000000 +0000 @@ -433,6 +433,7 @@ CURLOPT_PASV_HOST 7.12.1 7.16.0 7.15.5 CURLOPT_PATH_AS_IS 7.42.0 CURLOPT_PINNEDPUBLICKEY 7.39.0 +CURLOPT_PIPEWAIT 7.43.0 CURLOPT_PORT 7.1 CURLOPT_POST 7.1 CURLOPT_POST301 7.17.1 7.19.1 @@ -454,6 +455,7 @@ CURLOPT_PROXYTYPE 7.10 CURLOPT_PROXYUSERNAME 7.19.1 CURLOPT_PROXYUSERPWD 7.1 +CURLOPT_PROXY_SERVICE_NAME 7.43.0 CURLOPT_PROXY_TRANSFER_MODE 7.18.0 CURLOPT_PUT 7.1 CURLOPT_QUOTE 7.1 @@ -477,6 +479,7 @@ CURLOPT_SEEKDATA 7.18.0 CURLOPT_SEEKFUNCTION 7.18.0 CURLOPT_SERVER_RESPONSE_TIMEOUT 7.20.0 +CURLOPT_SERVICE_NAME 7.43.0 CURLOPT_SHARE 7.10 CURLOPT_SOCKOPTDATA 7.16.0 CURLOPT_SOCKOPTFUNCTION 7.16.0 @@ -556,6 +559,9 @@ CURLPAUSE_RECV_CONT 7.18.0 CURLPAUSE_SEND 7.18.0 CURLPAUSE_SEND_CONT 7.18.0 +CURLPIPE_HTTP1 7.43.0 +CURLPIPE_MULTIPLEX 7.43.0 +CURLPIPE_NOTHING 7.43.0 CURLPROTO_ALL 7.19.4 CURLPROTO_DICT 7.19.4 CURLPROTO_FILE 7.19.4 @@ -665,6 +671,7 @@ CURL_HTTP_VERSION_1_0 7.9.1 CURL_HTTP_VERSION_1_1 7.9.1 CURL_HTTP_VERSION_2_0 7.33.0 +CURL_HTTP_VERSION_2 7.43.0 CURL_HTTP_VERSION_NONE 7.9.1 CURL_IPRESOLVE_V4 7.10.8 CURL_IPRESOLVE_V6 7.10.8 diff -Nru curl-7.42.1/docs/libcurl/symbols.pl curl-7.43.0/docs/libcurl/symbols.pl --- curl-7.42.1/docs/libcurl/symbols.pl 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/libcurl/symbols.pl 2015-06-14 21:31:01.000000000 +0000 @@ -24,7 +24,7 @@ # Experience has shown that the symbols-in-versions file is very useful to # applications that want to build with a wide range of libcurl versions. # It is however easy to get it wrong and the source gets a bit messy with all -# the fixed numerical comparisions. +# the fixed numerical comparisons. # # The point of this script is to provide an easy-to-use macro for libcurl- # using applications to do preprocessor checks for specific libcurl defines, diff -Nru curl-7.42.1/docs/LIBCURL-STRUCTS curl-7.43.0/docs/LIBCURL-STRUCTS --- curl-7.42.1/docs/LIBCURL-STRUCTS 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/LIBCURL-STRUCTS 1970-01-01 00:00:00.000000000 +0000 @@ -1,245 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -Structs in libcurl - -This document should cover 7.32.0 pretty accurately, but will make sense even -for older and later versions as things don't change drastically that often. - - 1. The main structs in libcurl - 1.1 SessionHandle - 1.2 connectdata - 1.3 Curl_multi - 1.4 Curl_handler - 1.5 conncache - 1.6 Curl_share - 1.7 CookieInfo - -============================================================================== - -1. The main structs in libcurl - - 1.1 SessionHandle - - The SessionHandle handle struct is the one returned to the outside in the - external API as a "CURL *". This is usually known as an easy handle in API - documentations and examples. - - Information and state that is related to the actual connection is in the - 'connectdata' struct. When a transfer is about to be made, libcurl will - either create a new connection or re-use an existing one. The particular - connectdata that is used by this handle is pointed out by - SessionHandle->easy_conn. - - Data and information that regard this particular single transfer is put in - the SingleRequest sub-struct. - - When the SessionHandle struct is added to a multi handle, as it must be in - order to do any transfer, the ->multi member will point to the Curl_multi - struct it belongs to. The ->prev and ->next members will then be used by the - multi code to keep a linked list of SessionHandle structs that are added to - that same multi handle. libcurl always uses multi so ->multi *will* point to - a Curl_multi when a transfer is in progress. - - ->mstate is the multi state of this particular SessionHandle. When - multi_runsingle() is called, it will act on this handle according to which - state it is in. The mstate is also what tells which sockets to return for a - specific SessionHandle when curl_multi_fdset() is called etc. - - The libcurl source code generally use the name 'data' for the variable that - points to the SessionHandle. - - - 1.2 connectdata - - A general idea in libcurl is to keep connections around in a connection - "cache" after they have been used in case they will be used again and then - re-use an existing one instead of creating a new as it creates a significant - performance boost. - - Each 'connectdata' identifies a single physical connection to a server. If - the connection can't be kept alive, the connection will be closed after use - and then this struct can be removed from the cache and freed. - - Thus, the same SessionHandle can be used multiple times and each time select - another connectdata struct to use for the connection. Keep this in mind, as - it is then important to consider if options or choices are based on the - connection or the SessionHandle. - - Functions in libcurl will assume that connectdata->data points to the - SessionHandle that uses this connection. - - As a special complexity, some protocols supported by libcurl require a - special disconnect procedure that is more than just shutting down the - socket. It can involve sending one or more commands to the server before - doing so. Since connections are kept in the connection cache after use, the - original SessionHandle may no longer be around when the time comes to shut - down a particular connection. For this purpose, libcurl holds a special - dummy 'closure_handle' SessionHandle in the Curl_multi struct to - - FTP uses two TCP connections for a typical transfer but it keeps both in - this single struct and thus can be considered a single connection for most - internal concerns. - - The libcurl source code generally use the name 'conn' for the variable that - points to the connectdata. - - - 1.3 Curl_multi - - Internally, the easy interface is implemented as a wrapper around multi - interface functions. This makes everything multi interface. - - Curl_multi is the multi handle struct exposed as "CURLM *" in external APIs. - - This struct holds a list of SessionHandle structs that have been added to - this handle with curl_multi_add_handle(). The start of the list is ->easyp - and ->num_easy is a counter of added SessionHandles. - - ->msglist is a linked list of messages to send back when - curl_multi_info_read() is called. Basically a node is added to that list - when an individual SessionHandle's transfer has completed. - - ->hostcache points to the name cache. It is a hash table for looking up name - to IP. The nodes have a limited life time in there and this cache is meant - to reduce the time for when the same name is wanted within a short period of - time. - - ->timetree points to a tree of SessionHandles, sorted by the remaining time - until it should be checked - normally some sort of timeout. Each - SessionHandle has one node in the tree. - - ->sockhash is a hash table to allow fast lookups of socket descriptor to - which SessionHandle that uses that descriptor. This is necessary for the - multi_socket API. - - ->conn_cache points to the connection cache. It keeps track of all - connections that are kept after use. The cache has a maximum size. - - ->closure_handle is described in the 'connectdata' section. - - The libcurl source code generally use the name 'multi' for the variable that - points to the Curl_multi struct. - - - 1.4 Curl_handler - - Each unique protocol that is supported by libcurl needs to provide at least - one Curl_handler struct. It defines what the protocol is called and what - functions the main code should call to deal with protocol specific issues. - In general, there's a source file named [protocol].c in which there's a - "struct Curl_handler Curl_handler_[protocol]" declared. In url.c there's - then the main array with all individual Curl_handler structs pointed to from - a single array which is scanned through when a URL is given to libcurl to - work with. - - ->scheme is the URL scheme name, usually spelled out in uppercase. That's - "HTTP" or "FTP" etc. SSL versions of the protcol need its own Curl_handler - setup so HTTPS separate from HTTP. - - ->setup_connection is called to allow the protocol code to allocate protocol - specific data that then gets associated with that SessionHandle for the rest - of this transfer. It gets freed again at the end of the transfer. It will be - called before the 'connectdata' for the transfer has been selected/created. - Most protocols will allocate its private 'struct [PROTOCOL]' here and assign - SessionHandle->req.protop to point to it. - - ->connect_it allows a protocol to do some specific actions after the TCP - connect is done, that can still be considered part of the connection phase. - - Some protocols will alter the connectdata->recv[] and connectdata->send[] - function pointers in this function. - - ->connecting is similarly a function that keeps getting called as long as the - protocol considers itself still in the connecting phase. - - ->do_it is the function called to issue the transfer request. What we call - the DO action internally. If the DO is not enough and things need to be kept - getting done for the entire DO sequence to complete, ->doing is then usually - also provided. Each protocol that needs to do multiple commands or similar - for do/doing need to implement their own state machines (see SCP, SFTP, - FTP). Some protocols (only FTP and only due to historical reasons) has a - separate piece of the DO state called DO_MORE. - - ->doing keeps getting called while issuing the transfer request command(s) - - ->done gets called when the transfer is complete and DONE. That's after the - main data has been transferred. - - ->do_more gets called during the DO_MORE state. The FTP protocol uses this - state when setting up the second connection. - - ->proto_getsock - ->doing_getsock - ->domore_getsock - ->perform_getsock - Functions that return socket information. Which socket(s) to wait for which - action(s) during the particular multi state. - - ->disconnect is called immediately before the TCP connection is shutdown. - - ->readwrite gets called during transfer to allow the protocol to do extra - reads/writes - - ->defport is the default report TCP or UDP port this protocol uses - - ->protocol is one or more bits in the CURLPROTO_* set. The SSL versions have - their "base" protocol set and then the SSL variation. Like "HTTP|HTTPS". - - ->flags is a bitmask with additional information about the protocol that will - make it get treated differently by the generic engine: - - PROTOPT_SSL - will make it connect and negotiate SSL - - PROTOPT_DUAL - this protocol uses two connections - - PROTOPT_CLOSEACTION - this protocol has actions to do before closing the - connection. This flag is no longer used by code, yet still set for a bunch - protocol handlers. - - PROTOPT_DIRLOCK - "direction lock". The SSH protocols set this bit to - limit which "direction" of socket actions that the main engine will - concern itself about. - - PROTOPT_NONETWORK - a protocol that doesn't use network (read file:) - - PROTOPT_NEEDSPWD - this protocol needs a password and will use a default - one unless one is provided - - PROTOPT_NOURLQUERY - this protocol can't handle a query part on the URL - (?foo=bar) - - - 1.5 conncache - - Is a hash table with connections for later re-use. Each SessionHandle has - a pointer to its connection cache. Each multi handle sets up a connection - cache that all added SessionHandles share by default. - - - 1.6 Curl_share - - The libcurl share API allocates a Curl_share struct, exposed to the external - API as "CURLSH *". - - The idea is that the struct can have a set of own versions of caches and - pools and then by providing this struct in the CURLOPT_SHARE option, those - specific SessionHandles will use the caches/pools that this share handle - holds. - - Then individual SessionHandle structs can be made to share specific things - that they otherwise wouldn't, such as cookies. - - The Curl_share struct can currently hold cookies, DNS cache and the SSL - session cache. - - - 1.7 CookieInfo - - This is the main cookie struct. It holds all known cookies and related - information. Each SessionHandle has its own private CookieInfo even when - they are added to a multi handle. They can be made to share cookies by using - the share API. diff -Nru curl-7.42.1/docs/LICENSE-MIXING curl-7.43.0/docs/LICENSE-MIXING --- curl-7.42.1/docs/LICENSE-MIXING 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/LICENSE-MIXING 2015-06-15 21:14:25.000000000 +0000 @@ -23,29 +23,29 @@ Uses an MIT (or Modified BSD)-style license that is as liberal as possible. -OpenSSL http://www.openssl.org/source/license.html +OpenSSL https://www.openssl.org/source/license.html (May be used for SSL/TLS support) Uses an Original BSD-style license with an announcement clause that makes it "incompatible" with GPL. You are not allowed to ship binaries that link with OpenSSL that includes GPL code (unless that specific GPL code includes an exception for OpenSSL - a habit that is growing more and more common). If OpenSSL's - licensing is a problem for you, consider using GnuTLS or yassl - instead. + licensing is a problem for you, consider using another TLS library. GnuTLS http://www.gnutls.org/ (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is - a problem for you, consider using OpenSSL instead. Also note that + a problem for you, consider using another TLS library. Also note that GnuTLS itself depends on and uses other libs (libgcrypt and libgpg-error) and they too are LGPL- or GPL-licensed. -yassl http://www.yassl.com/ +WolfSSL https://www.wolfssl.com/ - (May be used for SSL/TLS support) Uses the GPL[1] license. If this is - a problem for you, consider using OpenSSL or GnuTLS instead. + (May be used for SSL/TLS support) Uses the GPL[1] license or a + propietary license. If this is a problem for you, consider using + another TLS library. -NSS http://www.mozilla.org/projects/security/pki/nss/ +NSS https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS (May be used for SSL/TLS support) Is covered by the MPL[4] license, the GPL[1] license and the LGPL[3] license. You may choose to license @@ -57,13 +57,29 @@ (May be used for SSL/TLS support) Uses a Modified BSD-style license. +mbedTLS https://tls.mbed.org/ + + (May be used for SSL/TLS support) Uses the GPL[1] license or a + propietary license. If this is a problem for you, consider using + another TLS library. + +BoringSSL https://boringssl.googlesource.com/ + + (May be used for SSL/TLS support) As an OpenSSL fork, it has the same + license as that. + +libressl http://www.libressl.org/ + + (May be used for SSL/TLS support) As an OpenSSL fork, it has the same + license as that. + c-ares http://daniel.haxx.se/projects/c-ares/license.html (Used for asynchronous name resolves) Uses an MIT license that is very liberal and imposes no restrictions on any other library or part you may link with. -zlib http://www.gzip.org/zlib/zlib_license.html +zlib http://www.zlib.net/zlib_license.html (Used for compressed Transfer-Encoding support) Uses an MIT-style license that shouldn't collide with any other library. @@ -73,12 +89,12 @@ (May be used for GSS support) MIT licensed, that shouldn't collide with any other parts. -Heimdal http://www.pdc.kth.se/heimdal/ +Heimdal http://www.h5l.org (May be used for GSS support) Heimdal is Original BSD licensed with the announcement clause. -GNU GSS http://www.gnu.org/software/gss/ +GNU GSS https://www.gnu.org/software/gss/ (May be used for GSS support) GNU GSS is GPL licensed. Note that you may not distribute binary curl packages that uses this if you build @@ -105,10 +121,10 @@ (Used for scp and sftp support) libssh2 uses a Modified BSD-style license. -[1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html -[2] = http://www.fsf.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on +[1] = GPL - GNU General Public License: https://www.gnu.org/licenses/gpl.html +[2] = https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on how to write such an exception to the GPL [3] = LGPL - GNU Lesser General Public License: - http://www.gnu.org/licenses/lgpl.html + https://www.gnu.org/licenses/lgpl.html [4] = MPL - Mozilla Public License: - http://www.mozilla.org/MPL/ + https://www.mozilla.org/MPL/ diff -Nru curl-7.42.1/docs/MAIL-ETIQUETTE curl-7.43.0/docs/MAIL-ETIQUETTE --- curl-7.42.1/docs/MAIL-ETIQUETTE 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/MAIL-ETIQUETTE 2015-06-16 07:13:02.000000000 +0000 @@ -230,7 +230,7 @@ Quote as little as possible. Just enough to provide the context you cannot leave out. A lengthy description can be found here: - http://www.netmeister.org/news/learn2quote.html + https://www.netmeister.org/news/learn2quote.html 2.7 Digest diff -Nru curl-7.42.1/docs/Makefile.am curl-7.43.0/docs/Makefile.am --- curl-7.42.1/docs/Makefile.am 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/Makefile.am 2015-06-14 21:31:01.000000000 +0000 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -37,8 +37,8 @@ README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \ $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \ - MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE \ - SSL-PROBLEMS + MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE \ + SSL-PROBLEMS HTTP2.md ROADMAP.md MAN2HTML= roffit < $< >$@ diff -Nru curl-7.42.1/docs/Makefile.in curl-7.43.0/docs/Makefile.in --- curl-7.42.1/docs/Makefile.in 2015-04-29 06:07:43.000000000 +0000 +++ curl-7.43.0/docs/Makefile.in 2015-06-15 21:31:47.000000000 +0000 @@ -21,7 +21,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -100,8 +100,8 @@ build_triplet = @build@ host_triplet = @host@ subdir = docs -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs INSTALL THANKS TODO +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am INSTALL \ + THANKS TODO ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -122,7 +122,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = @@ -438,8 +438,8 @@ README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \ $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \ - MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE \ - SSL-PROBLEMS + MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE \ + SSL-PROBLEMS HTTP2.md ROADMAP.md MAN2HTML = roffit < $< >$@ SUFFIXES = .1 .html .pdf diff -Nru curl-7.42.1/docs/MANUAL curl-7.43.0/docs/MANUAL --- curl-7.42.1/docs/MANUAL 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/MANUAL 2015-06-11 17:50:43.000000000 +0000 @@ -470,8 +470,8 @@ stored cookies which match the request as it follows the location. The file "empty.txt" may be a nonexistent file. - Alas, to both read and write cookies from a netscape cookie file, you can - set both -b and -c to use the same file: + To read and write cookies from a netscape cookie file, you can set both -b + and -c to use the same file: curl -b cookies.txt -c cookies.txt www.example.com diff -Nru curl-7.42.1/docs/mk-ca-bundle.html curl-7.43.0/docs/mk-ca-bundle.html --- curl-7.42.1/docs/mk-ca-bundle.html 2015-04-29 06:08:09.000000000 +0000 +++ curl-7.43.0/docs/mk-ca-bundle.html 2015-06-17 05:56:24.000000000 +0000 @@ -75,6 +75,7 @@

Valid purposes are:

ALL, DIGITAL_SIGNATURE, NON_REPUDIATION, KEY_ENCIPHERMENT, DATA_ENCIPHERMENT, KEY_AGREEMENT, KEY_CERT_SIGN, CRL_SIGN, SERVER_AUTH (default), CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, IPSEC_END_SYSTEM, IPSEC_TUNNEL, IPSEC_USER, TIME_STAMPING, STEP_UP_APPROVED

+

Valid trust levels are:

ALL, TRUSTED_DELEGATOR (default), NOT_TRUSTED, MUST_VERIFY_TRUST, TRUSTED

Binary files /tmp/vnPWkbu5_4/curl-7.42.1/docs/mk-ca-bundle.pdf and /tmp/ikowmr1H0V/curl-7.43.0/docs/mk-ca-bundle.pdf differ diff -Nru curl-7.42.1/docs/RELEASE-PROCEDURE curl-7.43.0/docs/RELEASE-PROCEDURE --- curl-7.42.1/docs/RELEASE-PROCEDURE 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/RELEASE-PROCEDURE 2015-06-14 21:31:01.000000000 +0000 @@ -1,9 +1,3 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - curl release procedure - how to do a release ============================================ @@ -84,12 +78,12 @@ Based on the description above, here are some planned release dates (at the time of this writing): -- February 25, 2015 (version 7.41.0) -- April 22, 2015 -- June 17, 2015 +- June 17, 2015 (version 7.43.0) - August 12, 2015 - October 7, 2015 - December 2, 2015 - January 27, 2016 - March 23, 2016 - May 18, 2016 +- July 13, 2016 +- September 7, 2016 diff -Nru curl-7.42.1/docs/ROADMAP.md curl-7.43.0/docs/ROADMAP.md --- curl-7.42.1/docs/ROADMAP.md 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/ROADMAP.md 2015-06-11 17:50:43.000000000 +0000 @@ -0,0 +1,139 @@ +curl the next few years - perhaps +================================= + +Roadmap of things Daniel Stenberg and Steve Holme want to work on next. It is +intended to serve as a guideline for others for information, feedback and +possible participation. + +HTTP/2 +------ + +- test suite + + Base this on existing nghttp2 server to start with to make functional + tests. Later on we can adopt that code or work with nghttp2 to provide ways + to have the http2 server respond with broken responses to make sure we deal + with that nicely as well. + + To decide: if we need to bundle parts of the nghttp2 stuff that probably + won't be shipped by many distros. + +- stream properties API + + Provide options for setting priorities and dependencies among the streams + (easy handles). They are mostly information set for the stream and sent to + the server so we don't have to add much logic for this. + +- server push + + Not exactly clear exactly how to support this API-wise, but by adding + handles without asking for a resource it could be a way to be prepared to + receive pushes in case such are sent. We probably need it to still specify + a URL with host name, port etc but we probably need a special option to + tell libcurl it is for server push purposes. + +- provide option for HTTP/2 "prior knowledge" over clear text + + As it would avoid the roundtrip-heavy Upgrade: procedures when you _know_ + it speaks HTTP/2. + +- provide option to allow curl to default to HTTP/2 only when using HTTPS + + We could switch on HTTP/2 by-default for HTTPS quite easily and it + shouldn't hurt anyone, while HTTP/2 for HTTP by default could introduce + lots of Upgrade: roundtrips that users won't like. So a separated option + alternative makes sense. + +SRV records +----------- + +How to find services for specific domains/hosts. + +HTTPS to proxy +-------------- + +To avoid network traffic to/from the proxy getting snooped on. + +curl_formadd() +-------------- + +make sure there's an easy handle passed in to `curl_formadd()`, +`curl_formget()` and `curl_formfree()` by adding replacement functions and +deprecating the old ones to allow custom mallocs and more + +third-party SASL +---------------- + +add support for third-party SASL libraries such as Cyrus SASL - may need to +move existing native and SSPI based authentication into vsasl folder after +reworking HTTP and SASL code + +SASL authentication in LDAP +--------------------------- + +... + +Simplify the SMTP email +----------------------- + +Simplify the SMTP email interface so that programmers don't have to +construct the body of an email that contains all the headers, alternative +content, images and attachments - maintain raw interface so that +programmers that want to do this can + +email capabilities +------------------ + +Allow the email protocols to return the capabilities before +authenticating. This will allow an application to decide on the best +authentication mechanism + +Win32 pthreads +-------------- + +Allow Windows threading model to be replaced by Win32 pthreads port + +dynamic buffer size +------------------- + +Implement a dynamic buffer size to allow SFTP to use much larger buffers and +possibly allow the size to be customizable by applications. Use less memory +when handles are not in use? + +New stuff - curl +---------------- + +1. Embed a language interpreter (lua?). For that middle ground where curl + isn’t enough and a libcurl binding feels “too much”. Build-time conditional + of course. + +2. Simplify the SMTP command line so that the headers and multi-part content + don't have to be constructed before calling curl + +Improve +------- + +1. build for windows (considered hard by many users) + +2. curl -h output (considered overwhelming to users) + +3. we have > 160 command line options, is there a way to redo things to + simplify or improve the situation as we are likely to keep adding + features/options in the future too + +4. docs (considered "bad" by users but how do we make it better?) + + - split up curl.1 + +5. authentication framework (consider merging HTTP and SASL authentication to + give one API for protocols to call) + +6. Perform some of the clean up from the TODO document, removing old + definitions and such like that are currently earmarked to be removed years + ago + +Remove +------ + +1. makefile.vc files as there is no point in maintaining two sets of Windows + makefiles. Note: These are currently being used by the Windows autobuilds diff -Nru curl-7.42.1/docs/SSL-PROBLEMS curl-7.43.0/docs/SSL-PROBLEMS --- curl-7.42.1/docs/SSL-PROBLEMS 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/SSL-PROBLEMS 2015-06-16 07:13:02.000000000 +0000 @@ -53,7 +53,7 @@ References: - http://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 + https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 Allow BEAST diff -Nru curl-7.42.1/docs/THANKS curl-7.43.0/docs/THANKS --- curl-7.42.1/docs/THANKS 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/docs/THANKS 2015-06-17 05:47:21.000000000 +0000 @@ -36,6 +36,7 @@ Alex Vinnik Alex aka WindEagle Alexander Beedie +Alexander Dyagilev Alexander Elgert Alexander Klauer Alexander Kourakos @@ -55,6 +56,7 @@ Amol Pattekar Amr Shahin Anatoli Tubman +Anders Bakken Anders Gustafsson Anders Havn Andi Jahja @@ -90,6 +92,7 @@ Andy Tsouladze Angus Mackay Anthon Pang +Anthony Avina Anthony Bryan Anthony G. Basile Antoine Calando @@ -104,6 +107,7 @@ Arthur Murray Arve Knudsen Arvid Norberg +Ashish Shukla Ask Bjørn Hansen Askar Safin Ates Goral @@ -131,6 +135,7 @@ Benoit Sigoure Bernard Leak Bernhard Reutner-Fischer +Bert Huijben Bertrand Demiddelaer Bill Doyle Bill Egert @@ -157,8 +162,10 @@ Brendan Jurd Brent Beardsley Brian Akins +Brian Chrisman Brian Dessent Brian J. Murrell +Brian Prodoehl Brian R Duffy Brian Ulm Brock Noland @@ -182,6 +189,7 @@ Chen Prog Chih-Chung Chang Chris "Bob Bob" +Chris Araman Chris Combes Chris Conlon Chris Deidun @@ -245,6 +253,7 @@ Daniel Cater Daniel Egger Daniel Johnson +Daniel Melani Daniel Mentz Daniel Steinberg Daniel Stenberg @@ -306,6 +315,7 @@ Dmitri Shubin Dmitriy Sergeyev Dmitry Bartsevich +Dmitry Eremin-Solenikov Dmitry Falko Dmitry Kurochkin Dmitry Popov @@ -321,6 +331,7 @@ Douglas R. Horner Douglas Steinwand Dov Murik +Drake Arconis Duane Cathey Duncan Mac-Vicar Prett Dustin Boswell @@ -335,6 +346,7 @@ Edward Sheldrake Eelco Dolstra Eetu Ojanen +Egon Eckert Eldar Zaitov Ellis Pritchard Elmira A Semenova @@ -390,6 +402,7 @@ Fred Machado Fred New Fred Noz +Fred Stluka Frederic Lepied Fredrik Thulin Gabriel Kuri @@ -427,6 +440,7 @@ Gordon Marler Gorilla Maguila Grant Erickson +Grant Pannell Greg Hewgill Greg Morse Greg Onufer @@ -540,6 +554,7 @@ Jeff Phillips Jeff Pohlmeyer Jeff Weber +Jens Rantil Jeremy Friesner Jeremy Huddleston Jeremy Lin @@ -567,6 +582,7 @@ Joe Malicki Joe Mason Joel Chen +Joel Depooter Jofell Gallardo Johan Anderson Johan Lantz @@ -705,6 +721,7 @@ Ling Thio Linus Nielsen Feltzing Lisa Xu +Liviu Chircu Liza Alenchery Lluís Batlle i Rossell Loic Dachary @@ -888,6 +905,7 @@ Olivier Berger Oren Souroujon Oren Tirosh +Orgad Shaneh Ori Avtalion Oscar Koeroo Oscar Norlander @@ -916,6 +934,7 @@ Paul Marquis Paul Moore Paul Nolan +Paul Oliver Paul Querna Paul Saab Pavel Cenek @@ -973,6 +992,7 @@ Radu Simionescu Rafa Muyo Rafael Sagula +Rafayel Mkrtchyan Rafaël Carré Rainer Canavan Rainer Jung @@ -1076,6 +1096,7 @@ Scott Cantor Scott Davis Scott McCreary +Sean Boudreau Sebastian Rasmussen Senthil Raja Velu Sergei Nikulov @@ -1191,6 +1212,7 @@ Tomas Mlcoch Tomas Pospisek Tomas Szepe +Tomas Tomecek Tomasz Kojm Tomasz Lacki Tommie Gannert @@ -1218,6 +1240,7 @@ Vijay Panghal Vikram Saxena Viktor Szakáts +Ville Skyttä Vilmos Nebehaj Vincent Bronner Vincent Le Normand diff -Nru curl-7.42.1/docs/TODO curl-7.43.0/docs/TODO --- curl-7.42.1/docs/TODO 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/TODO 2015-06-16 07:13:02.000000000 +0000 @@ -49,6 +49,7 @@ 5.3 Rearrange request header order 5.4 SPDY 5.5 auth= in URLs + 5.6 Refuse "downgrade" redirects 6. TELNET 6.1 ditch stdin @@ -207,7 +208,7 @@ To prevent local users from snooping on your traffic to the proxy. Supported by Chrome already: - http://www.chromium.org/developers/design-documents/secure-web-proxy + https://www.chromium.org/developers/design-documents/secure-web-proxy ...and by Firefox soon: https://bugzilla.mozilla.org/show_bug.cgi?id=378637 @@ -264,7 +265,7 @@ HOST is a command for a client to tell which host name to use, to offer FTP servers named-based virtual hosting: - http://tools.ietf.org/html/rfc7151 + https://tools.ietf.org/html/rfc7151 4.2 Alter passive/active on failure and retry @@ -348,6 +349,14 @@ Additionally this should be implemented for proxy base URLs as well. +5.6 Refuse "downgrade" redirects + + See https://github.com/bagder/curl/issues/226 + + Consider a way to tell curl to refuse to "downgrade" protocol with a redirect + and/or possibly a bit that refuses redirect to change protocol completely. + + 6. TELNET 6.1 ditch stdin @@ -420,7 +429,7 @@ 11.2 Honor file timestamps -The timestamp of the transfered file should reflect that of the original file. +The timestamp of the transferred file should reflect that of the original file. 11.3 Use NTLMv2 @@ -484,7 +493,7 @@ DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL keys and certs over DNS using DNSSEC as an alternative to the CA model. - http://www.rfc-editor.org/rfc/rfc6698.txt + https://www.rfc-editor.org/rfc/rfc6698.txt An initial patch was posted by Suresh Krishnaswamy on March 7th 2013 (http://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple @@ -514,7 +523,7 @@ Therefore support for the existing -E/--cert and --key options should be implemented by supplying a custom certificate to the SChannel APIs, see: - Getting a Certificate for Schannel - http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx + https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx 15.2 Add support for custom server certificate validation @@ -525,7 +534,7 @@ Therefore support for the existing --cacert or --capath options should be implemented by supplying a custom certificate to the SChannel APIs, see: - Getting a Certificate for Schannel - http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx + https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx 15.3 Add support for the --ciphers option @@ -536,7 +545,7 @@ Therefore support for the existing --ciphers option should be implemented by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see - Specifying Schannel Ciphers and Cipher Strengths - http://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx + https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx 16. SASL diff -Nru curl-7.42.1/docs/VERSIONS curl-7.43.0/docs/VERSIONS --- curl-7.42.1/docs/VERSIONS 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/docs/VERSIONS 2015-06-14 21:31:01.000000000 +0000 @@ -1,22 +1,18 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - Version Numbers and Releases +============================ Curl is not only curl. Curl is also libcurl. They're actually individually versioned, but they mostly follow each other rather closely. The version numbering is always built up using the same system: - X.Y[.Z] + X.Y.Z + + - X is main version number + - Y is release number + - Z is patch number - Where - X is main version number - Y is release number - Z is patch number +## Bumping numbers One of these numbers will get bumped in each new release. The numbers to the right of a bumped number will be reset to zero. If Z is zero, it may not be @@ -57,4 +53,4 @@ release. It makes comparisons with greater than and less than work. This number is also available as three separate defines: - LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH. + `LIBCURL_VERSION_MAJOR`, `LIBCURL_VERSION_MINOR` and `LIBCURL_VERSION_PATCH`. diff -Nru curl-7.42.1/include/curl/curl.h curl-7.43.0/include/curl/curl.h --- curl-7.42.1/include/curl/curl.h 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/include/curl/curl.h 2015-06-12 22:20:46.000000000 +0000 @@ -1632,6 +1632,15 @@ /* Do not squash dot-dot sequences */ CINIT(PATH_AS_IS, LONG, 234), + /* Proxy Service Name */ + CINIT(PROXY_SERVICE_NAME, OBJECTPOINT, 235), + + /* Service Name */ + CINIT(SERVICE_NAME, OBJECTPOINT, 236), + + /* Wait/don't wait for pipe/mutex to clarify */ + CINIT(PIPEWAIT, LONG, 237), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; @@ -1686,6 +1695,11 @@ CURL_HTTP_VERSION_LAST /* *ILLEGAL* http version */ }; +/* Convenience definition simple because the name of the version is HTTP/2 and + not 2.0. The 2_0 version of the enum name was set while the version was + still planned to be 2.0 and we stick to it for compatibility. */ +#define CURL_HTTP_VERSION_2 CURL_HTTP_VERSION_2_0 + /* * Public API enums for RTSP requests */ diff -Nru curl-7.42.1/include/curl/curlver.h curl-7.43.0/include/curl/curlver.h --- curl-7.42.1/include/curl/curlver.h 2015-04-29 06:08:50.000000000 +0000 +++ curl-7.43.0/include/curl/curlver.h 2015-06-17 05:57:03.000000000 +0000 @@ -30,13 +30,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.42.1" +#define LIBCURL_VERSION "7.43.0" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 42 -#define LIBCURL_VERSION_PATCH 1 +#define LIBCURL_VERSION_MINOR 43 +#define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparions by programs. The LIBCURL_VERSION_NUM define will @@ -52,8 +52,12 @@ This 6-digit (24 bits) hexadecimal number does not show pre-release number, and it is always a greater number in a more recent release. It makes comparisons with greater than and less than work. + + Note: This define is the full hex number and _does not_ use the + CURL_VERSION_BITS() macro since curl's own configure script greps for it + and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x072a01 +#define LIBCURL_VERSION_NUM 0x072b00 /* * This is the date and time when the full source package was created. The @@ -64,6 +68,10 @@ * * "Mon Feb 12 11:35:33 UTC 2007" */ -#define LIBCURL_TIMESTAMP "Wed Apr 29 06:07:13 UTC 2015" +#define LIBCURL_TIMESTAMP "Wed Jun 17 05:56:00 UTC 2015" + +#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z) +#define CURL_AT_LEAST_VERSION(x,y,z) \ + (LIBCURL_VERSION_NUM >= CURL_VERSION_BITS(x, y, z)) #endif /* __CURL_CURLVER_H */ diff -Nru curl-7.42.1/include/curl/Makefile.in curl-7.43.0/include/curl/Makefile.in --- curl-7.42.1/include/curl/Makefile.in 2015-04-29 06:07:43.000000000 +0000 +++ curl-7.43.0/include/curl/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -79,8 +79,7 @@ host_triplet = @host@ subdir = include/curl DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/curlbuild.h.in $(top_srcdir)/mkinstalldirs \ - $(pkginclude_HEADERS) + $(srcdir)/curlbuild.h.in $(pkginclude_HEADERS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -101,7 +100,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h curlbuild.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = diff -Nru curl-7.42.1/include/curl/multi.h curl-7.43.0/include/curl/multi.h --- curl-7.42.1/include/curl/multi.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/include/curl/multi.h 2015-06-12 12:57:28.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -74,6 +74,11 @@ curl_multi_perform() and CURLM_CALL_MULTI_PERFORM */ #define CURLM_CALL_MULTI_SOCKET CURLM_CALL_MULTI_PERFORM +/* bitmask bits for CURLMOPT_PIPELINING */ +#define CURLPIPE_NOTHING 0L +#define CURLPIPE_HTTP1 1L +#define CURLPIPE_MULTIPLEX 2L + typedef enum { CURLMSG_NONE, /* first, not used */ CURLMSG_DONE, /* This easy handle has completed. 'result' contains diff -Nru curl-7.42.1/include/curl/typecheck-gcc.h curl-7.43.0/include/curl/typecheck-gcc.h --- curl-7.42.1/include/curl/typecheck-gcc.h 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/include/curl/typecheck-gcc.h 2015-06-11 17:50:43.000000000 +0000 @@ -270,6 +270,8 @@ (option) == CURLOPT_DNS_LOCAL_IP4 || \ (option) == CURLOPT_DNS_LOCAL_IP6 || \ (option) == CURLOPT_LOGIN_OPTIONS || \ + (option) == CURLOPT_PROXY_SERVICE_NAME || \ + (option) == CURLOPT_SERVICE_NAME || \ 0) /* evaluates to true if option takes a curl_write_callback argument */ diff -Nru curl-7.42.1/include/Makefile.in curl-7.43.0/include/Makefile.in --- curl-7.42.1/include/Makefile.in 2015-04-29 06:07:43.000000000 +0000 +++ curl-7.43.0/include/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -78,8 +78,7 @@ build_triplet = @build@ host_triplet = @host@ subdir = include -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs README +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -100,7 +99,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = diff -Nru curl-7.42.1/lib/bundles.c curl-7.43.0/lib/bundles.c --- curl-7.42.1/lib/bundles.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/bundles.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,110 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 2012, Linus Nielsen Feltzing, - * Copyright (C) 2012-2015, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at http://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#include "curl_setup.h" - -#include - -#include "urldata.h" -#include "url.h" -#include "progress.h" -#include "multiif.h" -#include "bundles.h" -#include "sendf.h" -#include "rawstr.h" - -#include "curl_memory.h" -/* The last #include file should be: */ -#include "memdebug.h" - -static void conn_llist_dtor(void *user, void *element) -{ - struct connectdata *data = element; - (void)user; - - data->bundle = NULL; -} - -CURLcode Curl_bundle_create(struct SessionHandle *data, - struct connectbundle **cb_ptr) -{ - (void)data; - DEBUGASSERT(*cb_ptr == NULL); - *cb_ptr = malloc(sizeof(struct connectbundle)); - if(!*cb_ptr) - return CURLE_OUT_OF_MEMORY; - - (*cb_ptr)->num_connections = 0; - (*cb_ptr)->server_supports_pipelining = FALSE; - - (*cb_ptr)->conn_list = Curl_llist_alloc((curl_llist_dtor) conn_llist_dtor); - if(!(*cb_ptr)->conn_list) { - Curl_safefree(*cb_ptr); - return CURLE_OUT_OF_MEMORY; - } - return CURLE_OK; -} - -void Curl_bundle_destroy(struct connectbundle *cb_ptr) -{ - if(!cb_ptr) - return; - - if(cb_ptr->conn_list) { - Curl_llist_destroy(cb_ptr->conn_list, NULL); - cb_ptr->conn_list = NULL; - } - free(cb_ptr); -} - -/* Add a connection to a bundle */ -CURLcode Curl_bundle_add_conn(struct connectbundle *cb_ptr, - struct connectdata *conn) -{ - if(!Curl_llist_insert_next(cb_ptr->conn_list, cb_ptr->conn_list->tail, conn)) - return CURLE_OUT_OF_MEMORY; - - conn->bundle = cb_ptr; - - cb_ptr->num_connections++; - return CURLE_OK; -} - -/* Remove a connection from a bundle */ -int Curl_bundle_remove_conn(struct connectbundle *cb_ptr, - struct connectdata *conn) -{ - struct curl_llist_element *curr; - - curr = cb_ptr->conn_list->head; - while(curr) { - if(curr->ptr == conn) { - Curl_llist_remove(cb_ptr->conn_list, curr, NULL); - cb_ptr->num_connections--; - conn->bundle = NULL; - return 1; /* we removed a handle */ - } - curr = curr->next; - } - return 0; -} diff -Nru curl-7.42.1/lib/bundles.h curl-7.43.0/lib/bundles.h --- curl-7.42.1/lib/bundles.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/bundles.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ -#ifndef HEADER_CURL_BUNDLES_H -#define HEADER_CURL_BUNDLES_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 2012, Linus Nielsen Feltzing, - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at http://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -struct connectbundle { - bool server_supports_pipelining; /* TRUE if server supports pipelining, - set after first response */ - size_t num_connections; /* Number of connections in the bundle */ - struct curl_llist *conn_list; /* The connectdata members of the bundle */ -}; - -CURLcode Curl_bundle_create(struct SessionHandle *data, - struct connectbundle **cb_ptr); - -void Curl_bundle_destroy(struct connectbundle *cb_ptr); - -CURLcode Curl_bundle_add_conn(struct connectbundle *cb_ptr, - struct connectdata *conn); - -int Curl_bundle_remove_conn(struct connectbundle *cb_ptr, - struct connectdata *conn); - - -#endif /* HEADER_CURL_BUNDLES_H */ - diff -Nru curl-7.42.1/lib/checksrc.pl curl-7.43.0/lib/checksrc.pl --- curl-7.42.1/lib/checksrc.pl 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/checksrc.pl 2015-06-11 17:50:43.000000000 +0000 @@ -228,6 +228,15 @@ "use of $2 is banned"); } + # scan for use of non-binary fopen without the macro + if($l =~ /^(.*\W)fopen\s*\([^"]*\"([^"]*)/) { + my $mode = $2; + if($mode !~ /b/) { + checkwarn($line, length($1), $file, $l, + "use of non-binary fopen without FOPEN_* macro"); + } + } + # check for open brace first on line but not first column # only alert if previous line ended with a close paren and wasn't a cpp # line diff -Nru curl-7.42.1/lib/checksrc.whitelist curl-7.43.0/lib/checksrc.whitelist --- curl-7.42.1/lib/checksrc.whitelist 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/checksrc.whitelist 2015-06-11 17:50:43.000000000 +0000 @@ -4,3 +4,7 @@ 150 Opening ASCII mode data connection for [file] (0.0.0.0,0) (545 bytes) * no_proxy=domain1.dom,host.domain2.dom Default values are (0,0) initialized by calloc. + file = fopen(name, "r"); /* VMS */ + return fopen(file, "r"); /* VMS */ + return fopen(file, "r", "rfm=stmlf", "ctx=stm"); + curl_memlog("FILE %s:%d fopen(\"%s\",\"%s\") = %p\n", diff -Nru curl-7.42.1/lib/conncache.c curl-7.43.0/lib/conncache.c --- curl-7.42.1/lib/conncache.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/conncache.c 2015-06-12 22:20:46.000000000 +0000 @@ -31,68 +31,134 @@ #include "multiif.h" #include "sendf.h" #include "rawstr.h" -#include "bundles.h" #include "conncache.h" +#include "curl_printf.h" #include "curl_memory.h" /* The last #include file should be: */ #include "memdebug.h" -static void free_bundle_hash_entry(void *freethis) +static void conn_llist_dtor(void *user, void *element) { - struct connectbundle *b = (struct connectbundle *) freethis; + struct connectdata *data = element; + (void)user; - Curl_bundle_destroy(b); + data->bundle = NULL; } -struct conncache *Curl_conncache_init(int size) +static CURLcode bundle_create(struct SessionHandle *data, + struct connectbundle **cb_ptr) { - struct conncache *connc; + (void)data; + DEBUGASSERT(*cb_ptr == NULL); + *cb_ptr = malloc(sizeof(struct connectbundle)); + if(!*cb_ptr) + return CURLE_OUT_OF_MEMORY; + + (*cb_ptr)->num_connections = 0; + (*cb_ptr)->multiuse = BUNDLE_UNKNOWN; + + (*cb_ptr)->conn_list = Curl_llist_alloc((curl_llist_dtor) conn_llist_dtor); + if(!(*cb_ptr)->conn_list) { + Curl_safefree(*cb_ptr); + return CURLE_OUT_OF_MEMORY; + } + return CURLE_OK; +} - connc = calloc(1, sizeof(struct conncache)); - if(!connc) - return NULL; +static void bundle_destroy(struct connectbundle *cb_ptr) +{ + if(!cb_ptr) + return; + + if(cb_ptr->conn_list) { + Curl_llist_destroy(cb_ptr->conn_list, NULL); + cb_ptr->conn_list = NULL; + } + free(cb_ptr); +} - connc->hash = Curl_hash_alloc(size, Curl_hash_str, - Curl_str_key_compare, free_bundle_hash_entry); +/* Add a connection to a bundle */ +static CURLcode bundle_add_conn(struct connectbundle *cb_ptr, + struct connectdata *conn) +{ + if(!Curl_llist_insert_next(cb_ptr->conn_list, cb_ptr->conn_list->tail, conn)) + return CURLE_OUT_OF_MEMORY; + + conn->bundle = cb_ptr; + + cb_ptr->num_connections++; + return CURLE_OK; +} - if(!connc->hash) { - free(connc); - return NULL; +/* Remove a connection from a bundle */ +static int bundle_remove_conn(struct connectbundle *cb_ptr, + struct connectdata *conn) +{ + struct curl_llist_element *curr; + + curr = cb_ptr->conn_list->head; + while(curr) { + if(curr->ptr == conn) { + Curl_llist_remove(cb_ptr->conn_list, curr, NULL); + cb_ptr->num_connections--; + conn->bundle = NULL; + return 1; /* we removed a handle */ + } + curr = curr->next; } + return 0; +} + +static void free_bundle_hash_entry(void *freethis) +{ + struct connectbundle *b = (struct connectbundle *) freethis; - return connc; + bundle_destroy(b); +} + +int Curl_conncache_init(struct conncache *connc, int size) +{ + return Curl_hash_init(&connc->hash, size, Curl_hash_str, + Curl_str_key_compare, free_bundle_hash_entry); } void Curl_conncache_destroy(struct conncache *connc) { - if(connc) { - Curl_hash_destroy(connc->hash); - connc->hash = NULL; - free(connc); - } + if(connc) + Curl_hash_destroy(&connc->hash); +} + +/* returns an allocated key to find a bundle for this connection */ +static char *hashkey(struct connectdata *conn) +{ + return aprintf("%s:%d", + conn->bits.proxy?conn->proxy.name:conn->host.name, + conn->localport); } +/* Look up the bundle with all the connections to the same host this + connectdata struct is setup to use. */ struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn, struct conncache *connc) { struct connectbundle *bundle = NULL; - - char *hostname = conn->bits.proxy?conn->proxy.name:conn->host.name; - - if(connc) - bundle = Curl_hash_pick(connc->hash, hostname, strlen(hostname)+1); + if(connc) { + char *key = hashkey(conn); + if(key) { + bundle = Curl_hash_pick(&connc->hash, key, strlen(key)); + free(key); + } + } return bundle; } static bool conncache_add_bundle(struct conncache *connc, - char *hostname, + char *key, struct connectbundle *bundle) { - void *p; - - p = Curl_hash_add(connc->hash, hostname, strlen(hostname)+1, bundle); + void *p = Curl_hash_add(&connc->hash, key, strlen(key), bundle); return p?TRUE:FALSE; } @@ -106,14 +172,14 @@ if(!connc) return; - Curl_hash_start_iterate(connc->hash, &iter); + Curl_hash_start_iterate(&connc->hash, &iter); he = Curl_hash_next_element(&iter); while(he) { if(he->ptr == bundle) { /* The bundle is destroyed by the hash destructor function, free_bundle_hash_entry() */ - Curl_hash_delete(connc->hash, he->key, he->key_len); + Curl_hash_delete(&connc->hash, he->key, he->key_len); return; } @@ -131,20 +197,29 @@ bundle = Curl_conncache_find_bundle(conn, data->state.conn_cache); if(!bundle) { - char *hostname = conn->bits.proxy?conn->proxy.name:conn->host.name; + char *key; + int rc; - result = Curl_bundle_create(data, &new_bundle); + result = bundle_create(data, &new_bundle); if(result) return result; - if(!conncache_add_bundle(data->state.conn_cache, hostname, new_bundle)) { - Curl_bundle_destroy(new_bundle); + key = hashkey(conn); + if(!key) { + bundle_destroy(new_bundle); + return CURLE_OUT_OF_MEMORY; + } + + rc = conncache_add_bundle(data->state.conn_cache, key, new_bundle); + free(key); + if(!rc) { + bundle_destroy(new_bundle); return CURLE_OUT_OF_MEMORY; } bundle = new_bundle; } - result = Curl_bundle_add_conn(bundle, conn); + result = bundle_add_conn(bundle, conn); if(result) { if(new_bundle) conncache_remove_bundle(data->state.conn_cache, new_bundle); @@ -169,7 +244,7 @@ /* The bundle pointer can be NULL, since this function can be called due to a failed connection attempt, before being added to a bundle */ if(bundle) { - Curl_bundle_remove_conn(bundle, conn); + bundle_remove_conn(bundle, conn); if(bundle->num_connections == 0) { conncache_remove_bundle(connc, bundle); } @@ -201,7 +276,7 @@ if(!connc) return; - Curl_hash_start_iterate(connc->hash, &iter); + Curl_hash_start_iterate(&connc->hash, &iter); he = Curl_hash_next_element(&iter); while(he) { @@ -232,7 +307,7 @@ struct curl_hash_element *he; struct connectbundle *bundle; - Curl_hash_start_iterate(connc->hash, &iter); + Curl_hash_start_iterate(&connc->hash, &iter); he = Curl_hash_next_element(&iter); while(he) { diff -Nru curl-7.42.1/lib/conncache.h curl-7.43.0/lib/conncache.h --- curl-7.42.1/lib/conncache.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/conncache.h 2015-06-11 17:50:43.000000000 +0000 @@ -24,13 +24,24 @@ ***************************************************************************/ struct conncache { - struct curl_hash *hash; + struct curl_hash hash; size_t num_connections; long next_connection_id; struct timeval last_cleanup; }; -struct conncache *Curl_conncache_init(int size); +#define BUNDLE_NO_MULTIUSE -1 +#define BUNDLE_UNKNOWN 0 /* initial value */ +#define BUNDLE_PIPELINING 1 +#define BUNDLE_MULTIPLEX 2 + +struct connectbundle { + int multiuse; /* supports multi-use */ + size_t num_connections; /* Number of connections in the bundle */ + struct curl_llist *conn_list; /* The connectdata members of the bundle */ +}; + +int Curl_conncache_init(struct conncache *, int size); void Curl_conncache_destroy(struct conncache *connc); diff -Nru curl-7.42.1/lib/connect.c curl-7.43.0/lib/connect.c --- curl-7.42.1/lib/connect.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/connect.c 2015-06-14 21:31:01.000000000 +0000 @@ -1166,8 +1166,11 @@ conn->tempaddr[0] = conn->tempaddr[0]->ai_next; } - if(conn->tempsock[0] == CURL_SOCKET_BAD) + if(conn->tempsock[0] == CURL_SOCKET_BAD) { + if(!result) + result = CURLE_COULDNT_CONNECT; return result; + } data->info.numconnects++; /* to track the number of connections made */ @@ -1214,8 +1217,8 @@ find.found = FALSE; Curl_conncache_foreach(data->multi_easy? - data->multi_easy->conn_cache: - data->multi->conn_cache, &find, conn_is_conn); + &data->multi_easy->conn_cache: + &data->multi->conn_cache, &find, conn_is_conn); if(!find.found) { data->state.lastconnect = NULL; diff -Nru curl-7.42.1/lib/cookie.c curl-7.43.0/lib/cookie.c --- curl-7.42.1/lib/cookie.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/cookie.c 2015-06-11 17:50:43.000000000 +0000 @@ -914,7 +914,7 @@ fp = NULL; } else - fp = file?fopen(file, "r"):NULL; + fp = file?fopen(file, FOPEN_READTEXT):NULL; c->newsession = newsession; /* new session? */ @@ -1262,7 +1262,7 @@ use_stdout=TRUE; } else { - out = fopen(dumphere, "w"); + out = fopen(dumphere, FOPEN_WRITETEXT); if(!out) return 1; /* failure */ } @@ -1277,6 +1277,8 @@ co = c->cookies; while(co) { + if(!co->domain) + continue; format_ptr = get_netscape_format(co); if(format_ptr == NULL) { fprintf(out, "#\n# Fatal libcurl error\n"); @@ -1310,7 +1312,8 @@ c = data->cookies->cookies; while(c) { - /* fill the list with _all_ the cookies we know */ + if(!c->domain) + continue; line = get_netscape_format(c); if(!line) { curl_slist_free_all(list); diff -Nru curl-7.42.1/lib/curl_sasl.c curl-7.43.0/lib/curl_sasl.c --- curl-7.42.1/lib/curl_sasl.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/curl_sasl.c 2015-06-11 17:50:43.000000000 +0000 @@ -76,9 +76,6 @@ #define DIGEST_QOP_VALUE_STRING_AUTH_INT "auth-int" #define DIGEST_QOP_VALUE_STRING_AUTH_CONF "auth-conf" -#define DIGEST_MAX_VALUE_LENGTH 256 -#define DIGEST_MAX_CONTENT_LENGTH 1024 - /* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines. It converts digest text to ASCII so the MD5 will be correct for what ultimately goes over the network. @@ -90,13 +87,16 @@ return result; \ } +#endif + +#if !defined(CURL_DISABLE_CRYPTO_AUTH) /* * Returns 0 on success and then the buffers are filled in fine. * * Non-zero means failure to parse. */ -static int sasl_digest_get_pair(const char *str, char *value, char *content, - const char **endptr) +int Curl_sasl_digest_get_pair(const char *str, char *value, char *content, + const char **endptr) { int c; bool starts_with_quote = FALSE; @@ -157,7 +157,9 @@ return 0; /* all is fine! */ } +#endif +#if !defined(CURL_DISABLE_CRYPTO_AUTH) && !defined(USE_WINDOWS_SSPI) /* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ascii string*/ static void sasl_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */ unsigned char *dest) /* 33 bytes */ @@ -776,7 +778,7 @@ chlg++; /* Extract a value=content pair */ - if(!sasl_digest_get_pair(chlg, value, content, &chlg)) { + if(!Curl_sasl_digest_get_pair(chlg, value, content, &chlg)) { if(Curl_raw_equal(value, "nonce")) { digest->nonce = strdup(content); if(!digest->nonce) diff -Nru curl-7.42.1/lib/curl_sasl.h curl-7.43.0/lib/curl_sasl.h --- curl-7.42.1/lib/curl_sasl.h 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/curl_sasl.h 2015-06-11 17:50:43.000000000 +0000 @@ -65,6 +65,11 @@ #define SASL_MECH_STRING_NTLM "NTLM" #define SASL_MECH_STRING_XOAUTH2 "XOAUTH2" +#if !defined(CURL_DISABLE_CRYPTO_AUTH) +#define DIGEST_MAX_VALUE_LENGTH 256 +#define DIGEST_MAX_CONTENT_LENGTH 1024 +#endif + enum { CURLDIGESTALGO_MD5, CURLDIGESTALGO_MD5SESS @@ -136,6 +141,10 @@ TCHAR *Curl_sasl_build_spn(const char *service, const char *instance); #endif +/* This is used to extract the realm from a challenge message */ +int Curl_sasl_digest_get_pair(const char *str, char *value, char *content, + const char **endptr); + #if defined(HAVE_GSSAPI) char *Curl_sasl_build_gssapi_spn(const char *service, const char *host); #endif diff -Nru curl-7.42.1/lib/curl_sasl_sspi.c curl-7.43.0/lib/curl_sasl_sspi.c --- curl-7.42.1/lib/curl_sasl_sspi.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/curl_sasl_sspi.c 2015-06-11 17:50:43.000000000 +0000 @@ -40,6 +40,7 @@ #include "sendf.h" #include "strdup.h" #include "curl_printf.h" +#include "rawstr.h" /* The last #include files should be: */ #include "curl_memory.h" @@ -274,6 +275,74 @@ } /* +* Curl_override_sspi_http_realm() +* +* This is used to populate the domain in a SSPI identity structure +* The realm is extracted from the challenge message and used as the +* domain if it is not already explicitly set. +* +* Parameters: +* +* chlg [in] - The challenge message. +* identity [in/out] - The identity structure. +* +* Returns CURLE_OK on success. +*/ +CURLcode Curl_override_sspi_http_realm(const char *chlg, + SEC_WINNT_AUTH_IDENTITY *identity) +{ + xcharp_u domain, dup_domain; + + /* If domain is blank or unset, check challenge message for realm */ + if(!identity->Domain || !identity->DomainLength) { + for(;;) { + char value[DIGEST_MAX_VALUE_LENGTH]; + char content[DIGEST_MAX_CONTENT_LENGTH]; + + /* Pass all additional spaces here */ + while(*chlg && ISSPACE(*chlg)) + chlg++; + + /* Extract a value=content pair */ + if(!Curl_sasl_digest_get_pair(chlg, value, content, &chlg)) { + if(Curl_raw_equal(value, "realm")) { + + /* Setup identity's domain and length */ + domain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)content); + if(!domain.tchar_ptr) + return CURLE_OUT_OF_MEMORY; + dup_domain.tchar_ptr = _tcsdup(domain.tchar_ptr); + if(!dup_domain.tchar_ptr) { + Curl_unicodefree(domain.tchar_ptr); + return CURLE_OUT_OF_MEMORY; + } + identity->Domain = dup_domain.tbyte_ptr; + identity->DomainLength = curlx_uztoul(_tcslen(dup_domain.tchar_ptr)); + dup_domain.tchar_ptr = NULL; + + Curl_unicodefree(domain.tchar_ptr); + } + else { + /* unknown specifier, ignore it! */ + } + } + else + break; /* we're done here */ + + /* Pass all additional spaces here */ + while(*chlg && ISSPACE(*chlg)) + chlg++; + + /* Allow the list to be comma-separated */ + if(',' == *chlg) + chlg++; + } + } + + return CURLE_OK; +} + +/* * Curl_sasl_decode_digest_http_message() * * This is used to decode a HTTP DIGEST challenge message into the seperate @@ -374,6 +443,11 @@ if(Curl_create_sspi_identity(userp, passwdp, &identity)) return CURLE_OUT_OF_MEMORY; + /* Populate our identity domain */ + if(Curl_override_sspi_http_realm((const char*)digest->input_token, + &identity)) + return CURLE_OUT_OF_MEMORY; + /* Allow proper cleanup of the identity structure */ p_identity = &identity; } diff -Nru curl-7.42.1/lib/curl_setup.h curl-7.43.0/lib/curl_setup.h --- curl-7.42.1/lib/curl_setup.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/curl_setup.h 2015-06-11 17:50:43.000000000 +0000 @@ -707,4 +707,24 @@ #define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR) #endif +/* In Windows the default file mode is text but an application can override it. +Therefore we specify it explicitly. https://github.com/bagder/curl/pull/258 +*/ +#if defined(WIN32) || defined(MSDOS) +#define FOPEN_READTEXT "rt" +#define FOPEN_WRITETEXT "wt" +#elif defined(__CYGWIN__) +/* Cygwin has specific behavior we need to address when WIN32 is not defined. +https://cygwin.com/cygwin-ug-net/using-textbinary.html +For write we want our output to have line endings of LF and be compatible with +other Cygwin utilities. For read we want to handle input that may have line +endings either CRLF or LF so 't' is appropriate. +*/ +#define FOPEN_READTEXT "rt" +#define FOPEN_WRITETEXT "w" +#else +#define FOPEN_READTEXT "r" +#define FOPEN_WRITETEXT "w" +#endif + #endif /* HEADER_CURL_SETUP_H */ diff -Nru curl-7.42.1/lib/curl_sspi.h curl-7.43.0/lib/curl_sspi.h --- curl-7.42.1/lib/curl_sspi.h 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/curl_sspi.h 2015-06-11 17:50:43.000000000 +0000 @@ -43,6 +43,10 @@ CURLcode Curl_sspi_global_init(void); void Curl_sspi_global_cleanup(void); +/* This is used to populate the domain in a SSPI identity structure */ +CURLcode Curl_override_sspi_http_realm(const char *chlg, + SEC_WINNT_AUTH_IDENTITY *identity); + /* This is used to generate an SSPI identity structure */ CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp, SEC_WINNT_AUTH_IDENTITY *identity); diff -Nru curl-7.42.1/lib/file.c curl-7.43.0/lib/file.c --- curl-7.42.1/lib/file.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/file.c 2015-06-11 17:50:43.000000000 +0000 @@ -315,8 +315,6 @@ * Since FILE: doesn't do the full init, we need to provide some extra * assignments here. */ - conn->fread_func = data->set.fread_func; - conn->fread_in = data->set.in; conn->data->req.upload_fromhere = buf; if(!dir) diff -Nru curl-7.42.1/lib/formdata.c curl-7.43.0/lib/formdata.c --- curl-7.42.1/lib/formdata.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/formdata.c 2015-06-11 17:50:43.000000000 +0000 @@ -756,7 +756,7 @@ int ret_stat; FILE * file; - file = fopen(name, "r"); + file = fopen(name, "r"); /* VMS */ if(file == NULL) return 0; @@ -1385,7 +1385,7 @@ case FAB$C_VAR: case FAB$C_VFC: case FAB$C_STMCR: - return fopen(file, "r"); + return fopen(file, "r"); /* VMS */ break; default: return fopen(file, "r", "rfm=stmlf", "ctx=stm"); diff -Nru curl-7.42.1/lib/ftp.c curl-7.43.0/lib/ftp.c --- curl-7.42.1/lib/ftp.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/ftp.c 2015-06-17 05:41:51.000000000 +0000 @@ -1670,8 +1670,8 @@ BUFSIZE : curlx_sotouz(data->state.resume_from - passed); size_t actuallyread = - conn->fread_func(data->state.buffer, 1, readthisamountnow, - conn->fread_in); + data->set.fread_func(data->state.buffer, 1, readthisamountnow, + data->set.in); passed += actuallyread; if((actuallyread == 0) || (actuallyread > readthisamountnow)) { @@ -1906,6 +1906,22 @@ return result; } +static char *control_address(struct connectdata *conn) +{ + /* Returns the control connection IP address. + If a proxy tunnel is used, returns the original host name instead, because + the effective control connection address is the proxy address, + not the ftp host. */ + if(conn->bits.tunnel_proxy || + conn->proxytype == CURLPROXY_SOCKS5 || + conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME || + conn->proxytype == CURLPROXY_SOCKS4 || + conn->proxytype == CURLPROXY_SOCKS4A) + return conn->host.name; + + return conn->ip_addr_str; +} + static CURLcode ftp_state_pasv_resp(struct connectdata *conn, int ftpcode) { @@ -1928,12 +1944,12 @@ unsigned int num; char separator[4]; ptr++; - if(5 == sscanf(ptr, "%c%c%c%u%c", - &separator[0], - &separator[1], - &separator[2], - &num, - &separator[3])) { + if(5 == sscanf(ptr, "%c%c%c%u%c", + &separator[0], + &separator[1], + &separator[2], + &num, + &separator[3])) { const char sep1 = separator[0]; int i; @@ -1951,9 +1967,7 @@ } if(ptr) { ftpc->newport = (unsigned short)(num & 0xffff); - - /* use the original host name again */ - ftpc->newhost = strdup(conn->host.name); + ftpc->newhost = strdup(control_address(conn)); if(!ftpc->newhost) return CURLE_OUT_OF_MEMORY; } @@ -1983,8 +1997,8 @@ */ while(*str) { if(6 == sscanf(str, "%d,%d,%d,%d,%d,%d", - &ip[0], &ip[1], &ip[2], &ip[3], - &port[0], &port[1])) + &ip[0], &ip[1], &ip[2], &ip[3], + &port[0], &port[1])) break; str++; } @@ -2001,9 +2015,7 @@ infof(data, "Skip %d.%d.%d.%d for data connection, re-use %s instead\n", ip[0], ip[1], ip[2], ip[3], conn->host.name); - - /* use the original host name again */ - ftpc->newhost = strdup(conn->host.name); + ftpc->newhost = strdup(control_address(conn)); } else ftpc->newhost = aprintf("%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); @@ -2061,9 +2073,8 @@ conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE; result = Curl_connecthost(conn, addr); - Curl_resolv_unlock(data, addr); /* we're done using this address */ - if(result) { + Curl_resolv_unlock(data, addr); /* we're done using this address */ if(ftpc->count1 == 0 && ftpcode == 229) return ftp_epsv_disable(conn); @@ -2079,8 +2090,9 @@ if(data->set.verbose) /* this just dumps information about this second connection */ - ftp_pasv_verbose(conn, conn->ip_addr, ftpc->newhost, connectport); + ftp_pasv_verbose(conn, addr->addr, ftpc->newhost, connectport); + Curl_resolv_unlock(data, addr); /* we're done using this address */ conn->bits.do_more = TRUE; state(conn, FTP_STOP); /* this phase is completed */ diff -Nru curl-7.42.1/lib/hash.c curl-7.43.0/lib/hash.c --- curl-7.42.1/lib/hash.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/hash.c 2015-06-11 17:50:43.000000000 +0000 @@ -89,32 +89,6 @@ } } -struct curl_hash * -Curl_hash_alloc(int slots, - hash_function hfunc, - comp_function comparator, - curl_hash_dtor dtor) -{ - struct curl_hash *h; - - if(!slots || !hfunc || !comparator ||!dtor) { - return NULL; /* failure */ - } - - h = malloc(sizeof(struct curl_hash)); - if(h) { - if(Curl_hash_init(h, slots, hfunc, comparator, dtor)) { - /* failure */ - free(h); - h = NULL; - } - } - - return h; -} - - - static struct curl_hash_element * mk_hash_element(const void *key, size_t key_len, const void *p) { @@ -238,8 +212,11 @@ } #endif +/* Destroys all the entries in the given hash and resets its attributes, + * prepping the given hash for [static|dynamic] deallocation. + */ void -Curl_hash_clean(struct curl_hash *h) +Curl_hash_destroy(struct curl_hash *h) { int i; @@ -253,6 +230,17 @@ h->slots = 0; } +/* Removes all the entries in the given hash. + * + * @unittest: 1602 + */ +void +Curl_hash_clean(struct curl_hash *h) +{ + Curl_hash_clean_with_criterium(h, NULL, NULL); +} + +/* Cleans all entries that pass the comp function criteria. */ void Curl_hash_clean_with_criterium(struct curl_hash *h, void *user, int (*comp)(void *, void *)) @@ -272,7 +260,7 @@ struct curl_hash_element *he = le->ptr; lnext = le->next; /* ask the callback function if we shall remove this entry or not */ - if(comp(user, he->ptr)) { + if(comp == NULL || comp(user, he->ptr)) { Curl_llist_remove(list, le, (void *) h); --h->size; /* one less entry in the hash now */ } @@ -281,17 +269,6 @@ } } -void -Curl_hash_destroy(struct curl_hash *h) -{ - if(!h) - return; - - Curl_hash_clean(h); - - free(h); -} - size_t Curl_hash_str(void* key, size_t key_length, size_t slots_num) { const char* key_str = (const char *) key; @@ -306,16 +283,11 @@ return (h % slots_num); } -size_t Curl_str_key_compare(void*k1, size_t key1_len, void*k2, size_t key2_len) +size_t Curl_str_key_compare(void *k1, size_t key1_len, + void *k2, size_t key2_len) { - char *key1 = (char *)k1; - char *key2 = (char *)k2; - - if(key1_len == key2_len && - *key1 == *key2 && - memcmp(key1, key2, key1_len) == 0) { + if((key1_len == key2_len) && !memcmp(k1, k2, key1_len)) return 1; - } return 0; } diff -Nru curl-7.42.1/lib/hash.h curl-7.43.0/lib/hash.h --- curl-7.42.1/lib/hash.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/hash.h 2015-06-11 17:50:43.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2007, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -74,22 +74,16 @@ comp_function comparator, curl_hash_dtor dtor); -struct curl_hash *Curl_hash_alloc(int slots, - hash_function hfunc, - comp_function comparator, - curl_hash_dtor dtor); - void *Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p); int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len); void *Curl_hash_pick(struct curl_hash *, void * key, size_t key_len); void Curl_hash_apply(struct curl_hash *h, void *user, void (*cb)(void *user, void *ptr)); int Curl_hash_count(struct curl_hash *h); +void Curl_hash_destroy(struct curl_hash *h); void Curl_hash_clean(struct curl_hash *h); void Curl_hash_clean_with_criterium(struct curl_hash *h, void *user, int (*comp)(void *, void *)); -void Curl_hash_destroy(struct curl_hash *h); - size_t Curl_hash_str(void* key, size_t key_length, size_t slots_num); size_t Curl_str_key_compare(void*k1, size_t key1_len, void*k2, size_t key2_len); diff -Nru curl-7.42.1/lib/hostip.c curl-7.43.0/lib/hostip.c --- curl-7.42.1/lib/hostip.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/hostip.c 2015-06-11 17:50:43.000000000 +0000 @@ -137,7 +137,7 @@ void Curl_global_host_cache_dtor(void) { if(host_cache_initialized) { - Curl_hash_clean(&hostname_cache); + Curl_hash_destroy(&hostname_cache); host_cache_initialized = 0; } } @@ -742,11 +742,12 @@ } /* - * Curl_mk_dnscache() creates a new DNS cache and returns the handle for it. + * Curl_mk_dnscache() inits a new DNS cache and returns success/failure. */ -struct curl_hash *Curl_mk_dnscache(void) +int Curl_mk_dnscache(struct curl_hash *hash) { - return Curl_hash_alloc(7, Curl_hash_str, Curl_str_key_compare, freednsentry); + return Curl_hash_init(hash, 7, Curl_hash_str, Curl_str_key_compare, + freednsentry); } /* diff -Nru curl-7.42.1/lib/hostip.h curl-7.43.0/lib/hostip.h --- curl-7.42.1/lib/hostip.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/hostip.h 2015-06-11 17:50:43.000000000 +0000 @@ -124,8 +124,8 @@ /* for debugging purposes only: */ void Curl_scan_cache_used(void *user, void *ptr); -/* make a new dns cache and return the handle */ -struct curl_hash *Curl_mk_dnscache(void); +/* init a new dns cache and return success */ +int Curl_mk_dnscache(struct curl_hash *hash); /* prune old entries from the DNS cache */ void Curl_hostcache_prune(struct SessionHandle *data); diff -Nru curl-7.42.1/lib/http2.c curl-7.43.0/lib/http2.c --- curl-7.42.1/lib/http2.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/http2.c 2015-06-12 12:57:28.000000000 +0000 @@ -32,11 +32,14 @@ #include "curl_base64.h" #include "rawstr.h" #include "multiif.h" +#include "conncache.h" /* The last #include files should be: */ #include "curl_memory.h" #include "memdebug.h" +#define MIN(x,y) ((x)<(y)?(x):(y)) + #if (NGHTTP2_VERSION_NUM < 0x000600) #error too old nghttp2 version, upgrade! #endif @@ -48,7 +51,7 @@ sockets */ int numsocks) { - const struct http_conn *httpc = &conn->proto.httpc; + const struct http_conn *c = &conn->proto.httpc; int bitmap = GETSOCK_BLANK; (void)numsocks; @@ -56,10 +59,10 @@ because of renegotiation. */ sock[0] = conn->sock[FIRSTSOCKET]; - if(nghttp2_session_want_read(httpc->h2)) + if(nghttp2_session_want_read(c->h2)) bitmap |= GETSOCK_READSOCK(FIRSTSOCKET); - if(nghttp2_session_want_write(httpc->h2)) + if(nghttp2_session_want_write(c->h2)) bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET); return bitmap; @@ -76,23 +79,42 @@ static CURLcode http2_disconnect(struct connectdata *conn, bool dead_connection) { - struct http_conn *httpc = &conn->proto.httpc; + struct http_conn *c = &conn->proto.httpc; (void)dead_connection; DEBUGF(infof(conn->data, "HTTP/2 DISCONNECT starts now\n")); - nghttp2_session_del(httpc->h2); - - Curl_safefree(httpc->header_recvbuf->buffer); - Curl_safefree(httpc->header_recvbuf); - - Curl_safefree(httpc->inbuf); + nghttp2_session_del(c->h2); + Curl_safefree(c->inbuf); + Curl_hash_destroy(&c->streamsh); DEBUGF(infof(conn->data, "HTTP/2 DISCONNECT done\n")); return CURLE_OK; } +/* called from Curl_http_setup_conn */ +void Curl_http2_setup_conn(struct connectdata *conn) +{ + struct HTTP *http = conn->data->req.protop; + + conn->proto.httpc.settings.max_concurrent_streams = + DEFAULT_MAX_CONCURRENT_STREAMS; + + http->nread_header_recvbuf = 0; + http->bodystarted = FALSE; + http->status_code = -1; + http->pausedata = NULL; + http->pauselen = 0; + http->error_code = NGHTTP2_NO_ERROR; + http->closed = FALSE; + + /* where to store incoming data for this stream and how big the buffer is */ + http->mem = conn->data->state.buffer; + http->len = BUFSIZE; + http->memlen = 0; +} + /* * HTTP2 handler interface. This isn't added to the general list of protocols * but will be used at run-time when the protocol is dynamically switched from @@ -158,15 +180,15 @@ void *userp) { struct connectdata *conn = (struct connectdata *)userp; - struct http_conn *httpc = &conn->proto.httpc; + struct http_conn *c = &conn->proto.httpc; ssize_t written; CURLcode result = CURLE_OK; (void)h2; (void)flags; - written = ((Curl_send*)httpc->send_underlying)(conn, FIRSTSOCKET, - data, length, &result); + written = ((Curl_send*)c->send_underlying)(conn, FIRSTSOCKET, + data, length, &result); if(result == CURLE_AGAIN) { return NGHTTP2_ERR_WOULDBLOCK; @@ -187,21 +209,42 @@ void *userp) { struct connectdata *conn = (struct connectdata *)userp; - struct http_conn *c = &conn->proto.httpc; + struct http_conn *httpc = &conn->proto.httpc; + struct SessionHandle *data_s = NULL; + struct HTTP *stream = NULL; int rv; size_t left, ncopy; + int32_t stream_id = frame->hd.stream_id; (void)session; (void)frame; - DEBUGF(infof(conn->data, "on_frame_recv() was called with header %x\n", - frame->hd.type)); + DEBUGF(infof(conn->data, "on_frame_recv() header %x stream %x\n", + frame->hd.type, stream_id)); + + if(stream_id) { + /* get the stream from the hash based on Stream ID, stream ID zero is for + connection-oriented stuff */ + data_s = Curl_hash_pick(&httpc->streamsh, &stream_id, + sizeof(stream_id)); + if(!data_s) { + /* Receiving a Stream ID not in the hash should not happen, this is an + internal error more than anything else! */ + failf(conn->data, "Received frame on Stream ID: %x not in stream hash!", + stream_id); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + stream = data_s->req.protop; + } + else + /* we do nothing on stream zero */ + return 0; + switch(frame->hd.type) { case NGHTTP2_DATA: - /* If body started, then receiving DATA is illegal. */ - if(!c->bodystarted) { + /* If body started on this stream, then receiving DATA is illegal. */ + if(!stream->bodystarted) { rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, - frame->hd.stream_id, - NGHTTP2_PROTOCOL_ERROR); + stream_id, NGHTTP2_PROTOCOL_ERROR); if(nghttp2_is_fatal(rv)) { return NGHTTP2_ERR_CALLBACK_FAILURE; @@ -212,54 +255,44 @@ if(frame->headers.cat == NGHTTP2_HCAT_REQUEST) break; - if(c->bodystarted) { - /* Only valid HEADERS after body started is trailer header, - which is not fully supported in this code. If HEADERS is not - trailer, then it is a PROTOCOL_ERROR. */ - if((frame->hd.flags & NGHTTP2_FLAG_END_STREAM) == 0) { - rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, - frame->hd.stream_id, - NGHTTP2_PROTOCOL_ERROR); - - if(nghttp2_is_fatal(rv)) { - return NGHTTP2_ERR_CALLBACK_FAILURE; - } - } + if(stream->bodystarted) { + /* Only valid HEADERS after body started is trailer HEADERS. We + ignores trailer HEADERS for now. nghttp2 guarantees that it + has END_STREAM flag set. */ break; } - if(c->status_code == -1) { - /* No :status header field means PROTOCOL_ERROR. */ - rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, - frame->hd.stream_id, - NGHTTP2_PROTOCOL_ERROR); - - if(nghttp2_is_fatal(rv)) { - return NGHTTP2_ERR_CALLBACK_FAILURE; - } - - break; - } + /* nghttp2 guarantees that :status is received, and we store it to + stream->status_code */ + DEBUGASSERT(stream->status_code != -1); /* Only final status code signals the end of header */ - if(c->status_code / 100 != 1) { - c->bodystarted = TRUE; + if(stream->status_code / 100 != 1) { + stream->bodystarted = TRUE; + stream->status_code = -1; } - c->status_code = -1; + Curl_add_buffer(stream->header_recvbuf, "\r\n", 2); - Curl_add_buffer(c->header_recvbuf, "\r\n", 2); + left = stream->header_recvbuf->size_used - stream->nread_header_recvbuf; + ncopy = MIN(stream->len, left); - left = c->header_recvbuf->size_used - c->nread_header_recvbuf; - ncopy = c->len < left ? c->len : left; + memcpy(&stream->mem[stream->memlen], + stream->header_recvbuf->buffer + stream->nread_header_recvbuf, + ncopy); + stream->nread_header_recvbuf += ncopy; - memcpy(c->mem, c->header_recvbuf->buffer + c->nread_header_recvbuf, ncopy); - c->nread_header_recvbuf += ncopy; + DEBUGF(infof(data_s, "Store %zu bytes headers from stream %u at %p\n", + ncopy, stream_id, stream->mem)); - c->mem += ncopy; - c->len -= ncopy; + stream->len -= ncopy; + stream->memlen += ncopy; + + data_s->state.drain++; + Curl_expire(data_s, 1); break; case NGHTTP2_PUSH_PROMISE: + DEBUGF(infof(data_s, "Got PUSH_PROMISE, RST_STREAM it!\n")); rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, frame->push_promise.promised_stream_id, NGHTTP2_CANCEL); @@ -267,20 +300,46 @@ return rv; } break; + case NGHTTP2_SETTINGS: + { + uint32_t max_conn = httpc->settings.max_concurrent_streams; + DEBUGF(infof(conn->data, "Got SETTINGS for stream %u!\n", stream_id)); + httpc->settings.max_concurrent_streams = + nghttp2_session_get_remote_settings( + session, NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS); + httpc->settings.enable_push = + nghttp2_session_get_remote_settings( + session, NGHTTP2_SETTINGS_ENABLE_PUSH); + DEBUGF(infof(conn->data, "MAX_CONCURRENT_STREAMS == %d\n", + httpc->settings.max_concurrent_streams)); + DEBUGF(infof(conn->data, "ENABLE_PUSH == %s\n", + httpc->settings.enable_push?"TRUE":"false")); + if(max_conn != httpc->settings.max_concurrent_streams) { + /* only signal change if the value actually changed */ + infof(conn->data, + "Connection state changed (MAX_CONCURRENT_STREAMS updated)!\n"); + Curl_multi_connchanged(conn->data->multi); + } + } + break; + default: + DEBUGF(infof(conn->data, "Got frame type %x for stream %u!\n", + frame->hd.type, stream_id)); + break; } return 0; } static int on_invalid_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, - uint32_t error_code, void *userp) + int lib_error_code, void *userp) { struct connectdata *conn = (struct connectdata *)userp; (void)session; (void)frame; DEBUGF(infof(conn->data, - "on_invalid_frame_recv() was called, error_code = %d\n", - error_code)); + "on_invalid_frame_recv() was called, error=%d:%s\n", + lib_error_code, nghttp2_strerror(lib_error_code))); return 0; } @@ -289,29 +348,52 @@ const uint8_t *data, size_t len, void *userp) { struct connectdata *conn = (struct connectdata *)userp; - struct http_conn *c = &conn->proto.httpc; + struct HTTP *stream; + struct SessionHandle *data_s; size_t nread; (void)session; (void)flags; (void)data; DEBUGF(infof(conn->data, "on_data_chunk_recv() " - "len = %u, stream = %x\n", len, stream_id)); + "len = %u, stream %u\n", len, stream_id)); - if(stream_id != c->stream_id) { - return 0; + DEBUGASSERT(stream_id); /* should never be a zero stream ID here */ + + /* get the stream from the hash based on Stream ID */ + data_s = Curl_hash_pick(&conn->proto.httpc.streamsh, &stream_id, + sizeof(stream_id)); + if(!data_s) { + /* Receiving a Stream ID not in the hash should not happen, this is an + internal error more than anything else! */ + failf(conn->data, "Received frame on Stream ID: %x not in stream hash!", + stream_id); + return NGHTTP2_ERR_CALLBACK_FAILURE; } + stream = data_s->req.protop; - nread = c->len < len ? c->len : len; - memcpy(c->mem, data, nread); + nread = MIN(stream->len, len); + memcpy(&stream->mem[stream->memlen], data, nread); - c->mem += nread; - c->len -= nread; + stream->len -= nread; + stream->memlen += nread; - DEBUGF(infof(conn->data, "%zu data written\n", nread)); + data_s->state.drain++; + Curl_expire(data_s, 1); /* TODO: fix so that this can be set to 0 for + immediately? */ + + DEBUGF(infof(data_s, "%zu data received for stream %u " + "(%zu left in buffer %p, total %zu)\n", + nread, stream_id, + stream->len, stream->mem, + stream->memlen)); if(nread < len) { - c->data = data + nread; - c->datalen = len - nread; + stream->pausedata = data + nread; + stream->pauselen = len - nread; + DEBUGF(infof(data_s, "NGHTTP2_ERR_PAUSE - %zu bytes out of buffer" + ", stream %u\n", + len - nread, stream_id)); + conn->proto.httpc.pause_stream_id = stream_id; return NGHTTP2_ERR_PAUSE; } return 0; @@ -334,7 +416,8 @@ struct connectdata *conn = (struct connectdata *)userp; (void)session; (void)frame; - DEBUGF(infof(conn->data, "on_frame_send() was called\n")); + DEBUGF(infof(conn->data, "on_frame_send() was called, length = %zd\n", + frame->hd.length)); return 0; } static int on_frame_not_send(nghttp2_session *session, @@ -353,19 +436,37 @@ uint32_t error_code, void *userp) { struct connectdata *conn = (struct connectdata *)userp; - struct http_conn *c = &conn->proto.httpc; + struct SessionHandle *data_s; + struct HTTP *stream; (void)session; (void)stream_id; - DEBUGF(infof(conn->data, "on_stream_close() was called, error_code = %d\n", - error_code)); + DEBUGF(infof(conn->data, "on_stream_close(), error_code = %d, stream %u\n", + error_code, stream_id)); - if(stream_id != c->stream_id) { - return 0; + if(stream_id) { + /* get the stream from the hash based on Stream ID, stream ID zero is for + connection-oriented stuff */ + data_s = Curl_hash_pick(&conn->proto.httpc.streamsh, &stream_id, + sizeof(stream_id)); + if(!data_s) { + /* We could get stream ID not in the hash. For example, if we + decided to reject stream (e.g., PUSH_PROMISE). We call infof + as a debugging purpose for now. */ + infof(conn->data, + "Received frame on Stream ID: %x not in stream hash!\n", + stream_id); + return 0; + } + stream = data_s->req.protop; + + stream->error_code = error_code; + stream->closed = TRUE; + + /* remove the entry from the hash as the stream is now gone */ + Curl_hash_delete(&conn->proto.httpc.streamsh, + &stream_id, sizeof(stream_id)); + DEBUGF(infof(conn->data, "Removed stream %u hash!\n", stream_id)); } - - c->error_code = error_code; - c->closed = TRUE; - return 0; } @@ -406,8 +507,6 @@ return res; } -static const char STATUS[] = ":status"; - /* frame->hd.type is either NGHTTP2_HEADERS or NGHTTP2_PUSH_PROMISE */ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, const uint8_t *name, size_t namelen, @@ -416,10 +515,9 @@ void *userp) { struct connectdata *conn = (struct connectdata *)userp; - struct http_conn *c = &conn->proto.httpc; - int rv; - int goodname; - int goodheader; + struct HTTP *stream; + struct SessionHandle *data_s; + int32_t stream_id = frame->hd.stream_id; (void)session; (void)frame; @@ -430,83 +528,56 @@ return 0; } - if(frame->hd.stream_id != c->stream_id) { - return 0; + DEBUGASSERT(stream_id); /* should never be a zero stream ID here */ + + /* get the stream from the hash based on Stream ID */ + data_s = Curl_hash_pick(&conn->proto.httpc.streamsh, &stream_id, + sizeof(stream_id)); + if(!data_s) { + /* Receiving a Stream ID not in the hash should not happen, this is an + internal error more than anything else! */ + failf(conn->data, "Received frame on Stream ID: %x not in stream hash!", + stream_id); + return NGHTTP2_ERR_CALLBACK_FAILURE; } + stream = data_s->req.protop; - if(c->bodystarted) { + if(stream->bodystarted) /* Ignore trailer or HEADERS not mapped to HTTP semantics. The consequence is handled in on_frame_recv(). */ return 0; - } - - goodname = nghttp2_check_header_name(name, namelen); - goodheader = nghttp2_check_header_value(value, valuelen); - - if(!goodname || !goodheader) { - - infof(conn->data, "Detected bad incoming header %s%s, reset stream!\n", - goodname?"":"name", - goodheader?"":"value"); - - rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, - frame->hd.stream_id, - NGHTTP2_PROTOCOL_ERROR); - - if(nghttp2_is_fatal(rv)) { - return NGHTTP2_ERR_CALLBACK_FAILURE; - } - - return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; - } if(namelen == sizeof(":status") - 1 && - memcmp(STATUS, name, namelen) == 0) { - - /* :status must appear exactly once. */ - if(c->status_code != -1 || - (c->status_code = decode_status_code(value, valuelen)) == -1) { - - rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, - frame->hd.stream_id, - NGHTTP2_PROTOCOL_ERROR); - if(nghttp2_is_fatal(rv)) { - return NGHTTP2_ERR_CALLBACK_FAILURE; - } - - return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; - } - - Curl_add_buffer(c->header_recvbuf, "HTTP/2.0 ", 9); - Curl_add_buffer(c->header_recvbuf, value, valuelen); - Curl_add_buffer(c->header_recvbuf, "\r\n", 2); + memcmp(":status", name, namelen) == 0) { + /* nghttp2 guarantees :status is received first and only once, and + value is 3 digits status code, and decode_status_code always + succeeds. */ + stream->status_code = decode_status_code(value, valuelen); + DEBUGASSERT(stream->status_code != -1); + + Curl_add_buffer(stream->header_recvbuf, "HTTP/2.0 ", 9); + Curl_add_buffer(stream->header_recvbuf, value, valuelen); + Curl_add_buffer(stream->header_recvbuf, "\r\n", 2); + data_s->state.drain++; + Curl_expire(data_s, 1); + DEBUGF(infof(data_s, "h2 status: HTTP/2 %03d\n", + stream->status_code)); return 0; } - else { - /* Here we are sure that namelen > 0 because of - nghttp2_check_header_name(). Pseudo header other than :status - is illegal. */ - if(c->status_code == -1 || name[0] == ':') { - rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, - frame->hd.stream_id, - NGHTTP2_PROTOCOL_ERROR); - if(nghttp2_is_fatal(rv)) { - return NGHTTP2_ERR_CALLBACK_FAILURE; - } - return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; - } - - /* convert to a HTTP1-style header */ - Curl_add_buffer(c->header_recvbuf, name, namelen); - Curl_add_buffer(c->header_recvbuf, ":", 1); - Curl_add_buffer(c->header_recvbuf, value, valuelen); - Curl_add_buffer(c->header_recvbuf, "\r\n", 2); + /* nghttp2 guarantees that namelen > 0, and :status was already + received, and this is not pseudo-header field . */ + /* convert to a HTTP1-style header */ + Curl_add_buffer(stream->header_recvbuf, name, namelen); + Curl_add_buffer(stream->header_recvbuf, ":", 1); + Curl_add_buffer(stream->header_recvbuf, value, valuelen); + Curl_add_buffer(stream->header_recvbuf, "\r\n", 2); + data_s->state.drain++; + Curl_expire(data_s, 1); - DEBUGF(infof(conn->data, "h2 header: %.*s: %.*s\n", - namelen, name, valuelen, value)); - } + DEBUGF(infof(data_s, "h2 header: %.*s: %.*s\n", namelen, name, valuelen, + value)); return 0; /* 0 is successful */ } @@ -520,24 +591,47 @@ { struct connectdata *conn = (struct connectdata *)userp; struct http_conn *c = &conn->proto.httpc; + struct SessionHandle *data_s; + struct HTTP *stream = NULL; size_t nread; (void)session; (void)stream_id; (void)source; - nread = c->upload_len < length ? c->upload_len : length; + if(stream_id) { + /* get the stream from the hash based on Stream ID, stream ID zero is for + connection-oriented stuff */ + data_s = Curl_hash_pick(&c->streamsh, &stream_id, sizeof(stream_id)); + if(!data_s) { + /* Receiving a Stream ID not in the hash should not happen, this is an + internal error more than anything else! */ + failf(conn->data, "Asked for data to stream %u not in hash!", stream_id); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + stream = data_s->req.protop; + } + else { + failf(conn->data, "nghttp2 confusion"); + return NGHTTP2_ERR_INVALID_ARGUMENT; + } + + nread = MIN(stream->upload_len, length); if(nread > 0) { - memcpy(buf, c->upload_mem, nread); - c->upload_mem += nread; - c->upload_len -= nread; - c->upload_left -= nread; + memcpy(buf, stream->upload_mem, nread); + stream->upload_mem += nread; + stream->upload_len -= nread; + stream->upload_left -= nread; } - if(c->upload_left == 0) + if(stream->upload_left == 0) *data_flags = 1; else if(nread == 0) return NGHTTP2_ERR_DEFERRED; + DEBUGF(infof(data_s, "data_source_read_callback: " + "returns %zu bytes stream %u\n", + nread, stream_id)); + return nread; } @@ -549,7 +643,12 @@ { NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE, NGHTTP2_INITIAL_WINDOW_SIZE }, }; -#define H2_BUFSIZE 4096 +#define H2_BUFSIZE 32768 + +static void freestreamentry(void *freethis) +{ + (void)freethis; +} /* * Initialize nghttp2 for a Curl connection @@ -601,8 +700,7 @@ nghttp2_session_callbacks_set_on_header_callback(callbacks, on_header); /* The nghttp2 session is not yet setup, do it */ - rc = nghttp2_session_client_new(&conn->proto.httpc.h2, - callbacks, conn); + rc = nghttp2_session_client_new(&conn->proto.httpc.h2, callbacks, conn); nghttp2_session_callbacks_del(callbacks); @@ -610,6 +708,13 @@ failf(conn->data, "Couldn't initialize nghttp2!"); return CURLE_OUT_OF_MEMORY; /* most likely at least */ } + + rc = Curl_hash_init(&conn->proto.httpc.streamsh, 7, Curl_hash_str, + Curl_str_key_compare, freestreamentry); + if(rc) { + failf(conn->data, "Couldn't init stream hash!"); + return CURLE_OUT_OF_MEMORY; /* most likely at least */ + } } return CURLE_OK; } @@ -668,6 +773,25 @@ return result; } +static ssize_t http2_handle_stream_close(struct http_conn *httpc, + struct SessionHandle *data, + struct HTTP *stream, CURLcode *err) { + if(httpc->pause_stream_id == stream->stream_id) { + httpc->pause_stream_id = 0; + } + /* Reset to FALSE to prevent infinite loop in readwrite_data + function. */ + stream->closed = FALSE; + if(stream->error_code != NGHTTP2_NO_ERROR) { + failf(data, "HTTP/2 stream %u was not closed cleanly: error_code = %d", + stream->stream_id, stream->error_code); + *err = CURLE_HTTP2; + return -1; + } + DEBUGF(infof(data, "http2_recv returns 0, http2_handle_stream_close\n")); + return 0; +} + /* * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return * a regular CURLcode value. @@ -679,111 +803,184 @@ ssize_t rv; ssize_t nread; struct http_conn *httpc = &conn->proto.httpc; + struct SessionHandle *data = conn->data; + struct HTTP *stream = data->req.protop; (void)sockindex; /* we always do HTTP2 on sockindex 0 */ - if(httpc->closed) { - /* Reset to FALSE to prevent infinite loop in readwrite_data - function. */ - httpc->closed = FALSE; - return 0; + /* If stream is closed, return 0 to signal the http routine to close + the connection. We need to handle stream closure here, + otherwise, we may be going to read from underlying connection, + and gets EAGAIN, and we will get stuck there. */ + if(stream->memlen == 0 && stream->closed) { + return http2_handle_stream_close(httpc, data, stream, err); } /* Nullify here because we call nghttp2_session_send() and they might refer to the old buffer. */ - httpc->upload_mem = NULL; - httpc->upload_len = 0; + stream->upload_mem = NULL; + stream->upload_len = 0; - if(httpc->bodystarted && - httpc->nread_header_recvbuf < httpc->header_recvbuf->size_used) { + /* + * At this point 'stream' is just in the SessionHandle the connection + * identifies as its owner at this time. + */ + + if(stream->bodystarted && + stream->nread_header_recvbuf < stream->header_recvbuf->size_used) { + /* If there is body data pending for this stream to return, do that */ size_t left = - httpc->header_recvbuf->size_used - httpc->nread_header_recvbuf; - size_t ncopy = len < left ? len : left; - memcpy(mem, httpc->header_recvbuf->buffer + httpc->nread_header_recvbuf, + stream->header_recvbuf->size_used - stream->nread_header_recvbuf; + size_t ncopy = MIN(len, left); + memcpy(mem, stream->header_recvbuf->buffer + stream->nread_header_recvbuf, ncopy); - httpc->nread_header_recvbuf += ncopy; + stream->nread_header_recvbuf += ncopy; + + infof(data, "http2_recv: Got %d bytes from header_recvbuf\n", + (int)ncopy); return ncopy; } - if(httpc->data) { - nread = len < httpc->datalen ? len : httpc->datalen; - memcpy(mem, httpc->data, nread); - - httpc->data += nread; - httpc->datalen -= nread; - - infof(conn->data, "%zu data bytes written\n", nread); - if(httpc->datalen == 0) { - httpc->data = NULL; - httpc->datalen = 0; + infof(data, "http2_recv: %d bytes buffer at %p (stream %u)\n", + len, mem, stream->stream_id); + + if((data->state.drain) && stream->memlen) { + DEBUGF(infof(data, "http2_recv: DRAIN %zu bytes stream %u!! (%p => %p)\n", + stream->memlen, stream->stream_id, + stream->mem, mem)); + if(mem != stream->mem) { + /* if we didn't get the same buffer this time, we must move the data to + the beginning */ + memmove(mem, stream->mem, stream->memlen); + stream->len = len - stream->memlen; + stream->mem = mem; + } + } + else if(stream->pausedata) { + nread = MIN(len, stream->pauselen); + memcpy(mem, stream->pausedata, nread); + + stream->pausedata += nread; + stream->pauselen -= nread; + + infof(data, "%zu data bytes written\n", nread); + if(stream->pauselen == 0) { + DEBUGF(infof(data, "Unpaused by stream %u\n", stream->stream_id)); + assert(httpc->pause_stream_id == stream->stream_id); + httpc->pause_stream_id = 0; + + stream->pausedata = NULL; + stream->pauselen = 0; } + infof(data, "http2_recv: returns unpaused %zd bytes on stream %u\n", + nread, stream->stream_id); return nread; } - - conn->proto.httpc.mem = mem; - conn->proto.httpc.len = len; - - infof(conn->data, "http2_recv: %d bytes buffer\n", - conn->proto.httpc.len); - - nread = ((Curl_recv*)httpc->recv_underlying)(conn, FIRSTSOCKET, - httpc->inbuf, H2_BUFSIZE, - &result); - if(result == CURLE_AGAIN) { - *err = result; + else if(httpc->pause_stream_id) { + /* If a stream paused nghttp2_session_mem_recv previously, and has + not processed all data, it still refers to the buffer in + nghttp2_session. If we call nghttp2_session_mem_recv(), we may + overwrite that buffer. To avoid that situation, just return + here with CURLE_AGAIN. This could be busy loop since data in + socket is not read. But it seems that usually streams are + notified with its drain property, and socket is read again + quickly. */ + *err = CURLE_AGAIN; return -1; } + else { + char *inbuf; + /* remember where to store incoming data for this stream and how big the + buffer is */ + stream->mem = mem; + stream->len = len; + stream->memlen = 0; + + if(httpc->inbuflen == 0) { + nread = ((Curl_recv *)httpc->recv_underlying)( + conn, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result); + + if(result == CURLE_AGAIN) { + *err = result; + return -1; + } - if(nread == -1) { - failf(conn->data, "Failed receiving HTTP2 data"); - *err = result; - return 0; - } + if(nread == -1) { + failf(data, "Failed receiving HTTP2 data"); + *err = result; + return 0; + } - if(nread == 0) { - failf(conn->data, "Unexpected EOF"); - *err = CURLE_RECV_ERROR; - return -1; - } + if(nread == 0) { + failf(data, "Unexpected EOF"); + *err = CURLE_RECV_ERROR; + return -1; + } - DEBUGF(infof(conn->data, "nread=%zd\n", nread)); + DEBUGF(infof(data, "nread=%zd\n", nread)); - rv = nghttp2_session_mem_recv(httpc->h2, - (const uint8_t *)httpc->inbuf, nread); + httpc->inbuflen = nread; + inbuf = httpc->inbuf; + } + else { + nread = httpc->inbuflen - httpc->nread_inbuf; + inbuf = httpc->inbuf + httpc->nread_inbuf; - if(nghttp2_is_fatal((int)rv)) { - failf(conn->data, "nghttp2_session_mem_recv() returned %d:%s\n", - rv, nghttp2_strerror((int)rv)); - *err = CURLE_RECV_ERROR; - return 0; - } - DEBUGF(infof(conn->data, "nghttp2_session_mem_recv() returns %zd\n", rv)); - /* Always send pending frames in nghttp2 session, because - nghttp2_session_mem_recv() may queue new frame */ - rv = nghttp2_session_send(httpc->h2); - if(rv != 0) { - *err = CURLE_SEND_ERROR; - return 0; + DEBUGF(infof(data, "Use data left in connection buffer, nread=%zd\n", + nread)); + } + rv = nghttp2_session_mem_recv(httpc->h2, (const uint8_t *)inbuf, nread); + + if(nghttp2_is_fatal((int)rv)) { + failf(data, "nghttp2_session_mem_recv() returned %d:%s\n", + rv, nghttp2_strerror((int)rv)); + *err = CURLE_RECV_ERROR; + return 0; + } + DEBUGF(infof(data, "nghttp2_session_mem_recv() returns %zd\n", rv)); + if(nread == rv) { + DEBUGF(infof(data, "All data in connection buffer processed\n")); + httpc->inbuflen = 0; + httpc->nread_inbuf = 0; + } + else { + httpc->nread_inbuf += rv; + DEBUGF(infof(data, "%zu bytes left in connection buffer\n", + httpc->inbuflen - httpc->nread_inbuf)); + } + /* Always send pending frames in nghttp2 session, because + nghttp2_session_mem_recv() may queue new frame */ + rv = nghttp2_session_send(httpc->h2); + if(rv != 0) { + *err = CURLE_SEND_ERROR; + return 0; + } } - if(len != httpc->len) { - return len - conn->proto.httpc.len; + if(stream->memlen) { + ssize_t retlen = stream->memlen; + infof(data, "http2_recv: returns %zd for stream %u\n", + retlen, stream->stream_id); + stream->memlen = 0; + + if(httpc->pause_stream_id == stream->stream_id) { + /* data for this stream is returned now, but this stream caused a pause + already so we need it called again asap */ + DEBUGF(infof(data, "Data returned for PAUSED stream %u\n", + stream->stream_id)); + } + else + data->state.drain = 0; /* this stream is hereby drained */ + + return retlen; } /* If stream is closed, return 0 to signal the http routine to close the connection */ - if(httpc->closed) { - /* Reset to FALSE to prevent infinite loop in readwrite_data - function. */ - httpc->closed = FALSE; - if(httpc->error_code != NGHTTP2_NO_ERROR) { - failf(conn->data, - "HTTP/2 stream = %x was not closed cleanly: error_code = %d", - httpc->stream_id, httpc->error_code); - *err = CURLE_HTTP2; - return -1; - } - return 0; + if(stream->closed) { + return http2_handle_stream_close(httpc, data, stream, err); } *err = CURLE_AGAIN; + DEBUGF(infof(data, "http2_recv returns AGAIN for stream %u\n", + stream->stream_id)); return -1; } @@ -802,6 +999,7 @@ */ int rv; struct http_conn *httpc = &conn->proto.httpc; + struct HTTP *stream = conn->data->req.protop; nghttp2_nv *nva; size_t nheader; size_t i; @@ -810,23 +1008,41 @@ char *end; nghttp2_data_provider data_prd; int32_t stream_id; + nghttp2_session *h2 = httpc->h2; (void)sockindex; DEBUGF(infof(conn->data, "http2_send len=%zu\n", len)); - if(httpc->stream_id != -1) { + if(stream->stream_id != -1) { /* If stream_id != -1, we have dispatched request HEADERS, and now are going to send or sending request body in DATA frame */ - httpc->upload_mem = mem; - httpc->upload_len = len; - nghttp2_session_resume_data(httpc->h2, httpc->stream_id); - rv = nghttp2_session_send(httpc->h2); + stream->upload_mem = mem; + stream->upload_len = len; + nghttp2_session_resume_data(h2, stream->stream_id); + rv = nghttp2_session_send(h2); if(nghttp2_is_fatal(rv)) { *err = CURLE_SEND_ERROR; return -1; } - return len - httpc->upload_len; + len -= stream->upload_len; + + /* Nullify here because we call nghttp2_session_send() and they + might refer to the old buffer. */ + stream->upload_mem = NULL; + stream->upload_len = 0; + + if(stream->upload_left) { + /* we are sure that we have more data to send here. Calling the + following API will make nghttp2_session_want_write() return + nonzero if remote window allows it, which then libcurl checks + socket is writable or not. See http2_perform_getsock(). */ + nghttp2_session_resume_data(h2, stream->stream_id); + } + + DEBUGF(infof(conn->data, "http2_send returns %zu for stream %u\n", len, + stream->stream_id)); + return len; } /* Calculate number of headers contained in [mem, mem + len) */ @@ -905,12 +1121,15 @@ if(nva[i].namelen == 14 && Curl_raw_nequal("content-length", (char*)nva[i].name, 14)) { size_t j; + stream->upload_left = 0; for(j = 0; j < nva[i].valuelen; ++j) { - httpc->upload_left *= 10; - httpc->upload_left += nva[i].value[j] - '0'; + stream->upload_left *= 10; + stream->upload_left += nva[i].value[j] - '0'; } DEBUGF(infof(conn->data, - "request content-length=%zu\n", httpc->upload_left)); + "request content-length=%" + CURL_FORMAT_CURL_OFF_T + "\n", stream->upload_left)); } } @@ -929,31 +1148,42 @@ case HTTPREQ_PUT: data_prd.read_callback = data_source_read_callback; data_prd.source.ptr = NULL; - stream_id = nghttp2_submit_request(httpc->h2, NULL, nva, nheader, + stream_id = nghttp2_submit_request(h2, NULL, nva, nheader, &data_prd, NULL); break; default: - stream_id = nghttp2_submit_request(httpc->h2, NULL, nva, nheader, + stream_id = nghttp2_submit_request(h2, NULL, nva, nheader, NULL, NULL); } free(nva); if(stream_id < 0) { + DEBUGF(infof(conn->data, "http2_send() send error\n")); *err = CURLE_SEND_ERROR; return -1; } - httpc->stream_id = stream_id; + infof(conn->data, "Using Stream ID: %x (easy handle %p)\n", + stream_id, conn->data); + stream->stream_id = stream_id; + + /* put the SessionHandle in the hash with the stream_id as key */ + if(!Curl_hash_add(&httpc->streamsh, &stream->stream_id, sizeof(stream_id), + conn->data)) { + failf(conn->data, "Couldn't add stream to hash!"); + *err = CURLE_OUT_OF_MEMORY; + return -1; + } - rv = nghttp2_session_send(httpc->h2); + rv = nghttp2_session_send(h2); if(rv != 0) { *err = CURLE_SEND_ERROR; return -1; } - if(httpc->stream_id != -1) { + if(stream->stream_id != -1) { /* If whole HEADERS frame was sent off to the underlying socket, the nghttp2 library calls data_source_read_callback. But only it found that no data available, so it deferred the DATA @@ -962,7 +1192,7 @@ writable socket check is performed. To workaround this, we issue nghttp2_session_resume_data() here to bring back DATA transmission from deferred state. */ - nghttp2_session_resume_data(httpc->h2, httpc->stream_id); + nghttp2_session_resume_data(h2, stream->stream_id); } return len; @@ -972,6 +1202,17 @@ { CURLcode result; struct http_conn *httpc = &conn->proto.httpc; + struct HTTP *stream = conn->data->req.protop; + + stream->stream_id = -1; + + if(!stream->header_recvbuf) + stream->header_recvbuf = Curl_add_buffer_init(); + + if((conn->handler == &Curl_handler_http2_ssl) || + (conn->handler == &Curl_handler_http2)) + return CURLE_OK; /* already done */ + if(conn->handler->flags & PROTOPT_SSL) conn->handler = &Curl_handler_http2_ssl; else @@ -981,21 +1222,22 @@ if(result) return result; - infof(conn->data, "Using HTTP2\n"); - httpc->bodystarted = FALSE; - httpc->error_code = NGHTTP2_NO_ERROR; - httpc->closed = FALSE; - httpc->header_recvbuf = Curl_add_buffer_init(); - httpc->nread_header_recvbuf = 0; - httpc->data = NULL; - httpc->datalen = 0; - httpc->upload_left = 0; - httpc->upload_mem = NULL; - httpc->upload_len = 0; - httpc->stream_id = -1; - httpc->status_code = -1; + infof(conn->data, "Using HTTP2, server supports multi-use\n"); + stream->upload_left = 0; + stream->upload_mem = NULL; + stream->upload_len = 0; + httpc->inbuflen = 0; + httpc->nread_inbuf = 0; + + httpc->pause_stream_id = 0; + + conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ conn->httpversion = 20; + conn->bundle->multiuse = BUNDLE_MULTIPLEX; + + infof(conn->data, "Connection state changed (HTTP/2 confirmed)\n"); + Curl_multi_connchanged(conn->data->multi); return CURLE_OK; } @@ -1006,7 +1248,9 @@ CURLcode result; struct http_conn *httpc = &conn->proto.httpc; int rv; + ssize_t nproc; struct SessionHandle *data = conn->data; + struct HTTP *stream = conn->data->req.protop; result = Curl_http2_setup(conn); if(result) @@ -1017,23 +1261,9 @@ conn->recv[FIRSTSOCKET] = http2_recv; conn->send[FIRSTSOCKET] = http2_send; - rv = (int) ((Curl_send*)httpc->send_underlying) - (conn, FIRSTSOCKET, - NGHTTP2_CLIENT_CONNECTION_PREFACE, - NGHTTP2_CLIENT_CONNECTION_PREFACE_LEN, - &result); - if(result) - /* TODO: This may get CURLE_AGAIN */ - return result; - - if(rv != 24) { - failf(data, "Only sent partial HTTP2 packet"); - return CURLE_SEND_ERROR; - } - if(conn->data->req.upgr101 == UPGR101_RECEIVED) { /* stream 1 is opened implicitly on upgrade */ - httpc->stream_id = 1; + stream->stream_id = 1; /* queue SETTINGS frame (again) */ rv = nghttp2_session_upgrade(httpc->h2, httpc->binsettings, httpc->binlen, NULL); @@ -1042,10 +1272,17 @@ nghttp2_strerror(rv), rv); return CURLE_HTTP2; } + + /* put the SessionHandle in the hash with the stream->stream_id as key */ + if(!Curl_hash_add(&httpc->streamsh, &stream->stream_id, + sizeof(stream->stream_id), conn->data)) { + failf(conn->data, "Couldn't add stream to hash!"); + return CURLE_OUT_OF_MEMORY; + } } else { /* stream ID is unknown at this point */ - httpc->stream_id = -1; + stream->stream_id = -1; rv = nghttp2_submit_settings(httpc->h2, NGHTTP2_FLAG_NONE, NULL, 0); if(rv != 0) { failf(data, "nghttp2_submit_settings() failed: %s(%d)", @@ -1054,14 +1291,43 @@ } } - rv = (int)nghttp2_session_mem_recv(httpc->h2, (const uint8_t*)mem, nread); + /* we are going to copy mem to httpc->inbuf. This is required since + mem is part of buffer pointed by stream->mem, and callbacks + called by nghttp2_session_mem_recv() will write stream specific + data into stream->mem, overwriting data already there. */ + if(H2_BUFSIZE < nread) { + failf(data, "connection buffer size is too small to store data following " + "HTTP Upgrade response header: buflen=%zu, datalen=%zu", + H2_BUFSIZE, nread); + return CURLE_HTTP2; + } + + infof(conn->data, "Copying HTTP/2 data in stream buffer to connection buffer" + " after upgrade: len=%zu\n", + nread); + + memcpy(httpc->inbuf, mem, nread); + httpc->inbuflen = nread; + + nproc = nghttp2_session_mem_recv(httpc->h2, (const uint8_t *)httpc->inbuf, + httpc->inbuflen); - if(rv != (int)nread) { + if(nghttp2_is_fatal((int)nproc)) { failf(data, "nghttp2_session_mem_recv() failed: %s(%d)", - nghttp2_strerror(rv), rv); + nghttp2_strerror((int)nproc), (int)nproc); return CURLE_HTTP2; } + DEBUGF(infof(data, "nghttp2_session_mem_recv() returns %zd\n", nproc)); + + if((ssize_t)nread == nproc) { + httpc->inbuflen = 0; + httpc->nread_inbuf = 0; + } + else { + httpc->nread_inbuf += nproc; + } + /* Try to send some frames since we may read SETTINGS already. */ rv = nghttp2_session_send(httpc->h2); diff -Nru curl-7.42.1/lib/http2.h curl-7.43.0/lib/http2.h --- curl-7.42.1/lib/http2.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/http2.h 2015-06-12 12:57:28.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,6 +26,11 @@ #ifdef USE_NGHTTP2 #include "http.h" + +/* value for MAX_CONCURRENT_STREAMS we use until we get an updated setting + from the peer */ +#define DEFAULT_MAX_CONCURRENT_STREAMS 13 + /* * Store nghttp2 version info in this buffer, Prefix with a space. Return * total length written. @@ -39,12 +44,15 @@ CURLcode Curl_http2_setup(struct connectdata *conn); CURLcode Curl_http2_switched(struct connectdata *conn, const char *data, size_t nread); +/* called from Curl_http_setup_conn */ +void Curl_http2_setup_conn(struct connectdata *conn); #else /* USE_NGHTTP2 */ #define Curl_http2_init(x) CURLE_UNSUPPORTED_PROTOCOL #define Curl_http2_send_request(x) CURLE_UNSUPPORTED_PROTOCOL #define Curl_http2_request_upgrade(x,y) CURLE_UNSUPPORTED_PROTOCOL #define Curl_http2_setup(x) CURLE_UNSUPPORTED_PROTOCOL #define Curl_http2_switched(x,y,z) CURLE_UNSUPPORTED_PROTOCOL +#define Curl_http2_setup_conn(x) #endif #endif /* HEADER_CURL_HTTP2_H */ diff -Nru curl-7.42.1/lib/http.c curl-7.43.0/lib/http.c --- curl-7.42.1/lib/http.c 2015-04-28 18:40:09.000000000 +0000 +++ curl-7.43.0/lib/http.c 2015-06-17 05:47:21.000000000 +0000 @@ -72,7 +72,7 @@ #include "http_proxy.h" #include "warnless.h" #include "non-ascii.h" -#include "bundles.h" +#include "conncache.h" #include "pipeline.h" #include "http2.h" #include "connect.h" @@ -86,6 +86,7 @@ * Forward declarations. */ +static CURLcode http_disconnect(struct connectdata *conn, bool dead); static int http_getsock_do(struct connectdata *conn, curl_socket_t *socks, int numsocks); @@ -116,7 +117,7 @@ http_getsock_do, /* doing_getsock */ ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ - ZERO_NULL, /* disconnect */ + http_disconnect, /* disconnect */ ZERO_NULL, /* readwrite */ PORT_HTTP, /* defport */ CURLPROTO_HTTP, /* protocol */ @@ -140,7 +141,7 @@ http_getsock_do, /* doing_getsock */ ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ - ZERO_NULL, /* disconnect */ + http_disconnect, /* disconnect */ ZERO_NULL, /* readwrite */ PORT_HTTPS, /* defport */ CURLPROTO_HTTPS, /* protocol */ @@ -153,12 +154,32 @@ { /* allocate the HTTP-specific struct for the SessionHandle, only to survive during this request */ + struct HTTP *http; DEBUGASSERT(conn->data->req.protop == NULL); - conn->data->req.protop = calloc(1, sizeof(struct HTTP)); - if(!conn->data->req.protop) + http = calloc(1, sizeof(struct HTTP)); + if(!http) return CURLE_OUT_OF_MEMORY; + conn->data->req.protop = http; + + Curl_http2_setup_conn(conn); + + return CURLE_OK; +} + +static CURLcode http_disconnect(struct connectdata *conn, bool dead_connection) +{ +#ifdef USE_NGHTTP2 + struct HTTP *http = conn->data->req.protop; + if(http) { + Curl_add_buffer_free(http->header_recvbuf); + http->header_recvbuf = NULL; /* clear the pointer */ + } +#else + (void)conn; +#endif + (void)dead_connection; return CURLE_OK; } @@ -403,8 +424,8 @@ /* figure out how much data we are expected to send */ switch(data->set.httpreq) { case HTTPREQ_POST: - if(data->set.postfieldsize != -1) - expectsend = data->set.postfieldsize; + if(data->state.infilesize != -1) + expectsend = data->state.infilesize; else if(data->set.postfields) expectsend = (curl_off_t)strlen(data->set.postfields); break; @@ -995,8 +1016,8 @@ /* move backup data into focus and continue on that */ http->postdata = http->backup.postdata; http->postsize = http->backup.postsize; - conn->fread_func = http->backup.fread_func; - conn->fread_in = http->backup.fread_in; + conn->data->set.fread_func = http->backup.fread_func; + conn->data->set.in = http->backup.fread_in; http->sending++; /* move one step up */ @@ -1027,6 +1048,16 @@ } /* + * Curl_add_buffer_free() frees all associated resources. + */ +void Curl_add_buffer_free(Curl_send_buffer *buff) +{ + if(buff) /* deal with NULL input */ + free(buff->buffer); + free(buff); +} + +/* * Curl_add_buffer_send() sends a header buffer and frees all associated * memory. Body data may be appended to the header data if desired. * @@ -1072,8 +1103,7 @@ /* Curl_convert_to_network calls failf if unsuccessful */ if(result) { /* conversion failed, free memory and return to the caller */ - free(in->buffer); - free(in); + Curl_add_buffer_free(in); return result; } @@ -1142,14 +1172,14 @@ ptr = in->buffer + amount; /* backup the currently set pointers */ - http->backup.fread_func = conn->fread_func; - http->backup.fread_in = conn->fread_in; + http->backup.fread_func = conn->data->set.fread_func; + http->backup.fread_in = conn->data->set.in; http->backup.postdata = http->postdata; http->backup.postsize = http->postsize; /* set the new pointers for the request-sending */ - conn->fread_func = (curl_read_callback)readmoredata; - conn->fread_in = (void *)conn; + conn->data->set.fread_func = (curl_read_callback)readmoredata; + conn->data->set.in = (void *)conn; http->postdata = ptr; http->postsize = (curl_off_t)size; @@ -1172,11 +1202,10 @@ */ return CURLE_SEND_ERROR; else - conn->writechannel_inuse = FALSE; + Curl_pipeline_leave_write(conn); } } - free(in->buffer); - free(in); + Curl_add_buffer_free(in); return result; } @@ -1446,8 +1475,6 @@ #endif /* set the proper values (possibly modified on POST) */ - conn->fread_func = data->set.fread_func; /* restore */ - conn->fread_in = data->set.in; /* restore */ conn->seek_func = data->set.seek_func; /* restore */ conn->seek_client = data->set.seek_client; /* restore */ @@ -1455,13 +1482,18 @@ return CURLE_OK; if(http->send_buffer) { - Curl_send_buffer *buff = http->send_buffer; - - free(buff->buffer); - free(buff); + Curl_add_buffer_free(http->send_buffer); http->send_buffer = NULL; /* clear the pointer */ } +#ifdef USE_NGHTTP2 + if(http->header_recvbuf) { + DEBUGF(infof(data, "free header_recvbuf!!\n")); + Curl_add_buffer_free(http->header_recvbuf); + http->header_recvbuf = NULL; /* clear the pointer */ + } +#endif + if(HTTPREQ_POST_FORM == data->set.httpreq) { data->req.bytecount = http->readbytecount + http->writebytecount; @@ -2280,20 +2312,12 @@ te ); - /* - * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with - * the connection and shouldn't be repeated over it either. - */ - switch (data->state.authhost.picked) { - case CURLAUTH_NEGOTIATE: - case CURLAUTH_NTLM: - case CURLAUTH_NTLM_WB: - Curl_safefree(conn->allocptr.userpwd); - break; - } + /* clear userpwd to avoid re-using credentials from re-used connections */ + Curl_safefree(conn->allocptr.userpwd); /* - * Same for proxyuserpwd + * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated + * with the connection and shouldn't be repeated over it either. */ switch (data->state.authproxy.picked) { case CURLAUTH_NEGOTIATE: @@ -2413,14 +2437,14 @@ /* Get the currently set callback function pointer and store that in the form struct since we might want the actual user-provided callback later - on. The conn->fread_func pointer itself will be changed for the + on. The data->set.fread_func pointer itself will be changed for the multipart case to the function that returns a multipart formatted stream. */ - http->form.fread_func = conn->fread_func; + http->form.fread_func = data->set.fread_func; /* Set the read function to read from the generated form data */ - conn->fread_func = (curl_read_callback)Curl_FormReader; - conn->fread_in = &http->form; + data->set.fread_func = (curl_read_callback)Curl_FormReader; + data->set.in = &http->form; http->sending = HTTPSEND_BODY; @@ -2540,8 +2564,8 @@ postsize = 0; else { /* figure out the size of the postfields */ - postsize = (data->set.postfieldsize != -1)? - data->set.postfieldsize: + postsize = (data->state.infilesize != -1)? + data->state.infilesize: (data->set.postfields? (curl_off_t)strlen(data->set.postfields):-1); } @@ -2638,8 +2662,8 @@ http->sending = HTTPSEND_BODY; - conn->fread_func = (curl_read_callback)readmoredata; - conn->fread_in = (void *)conn; + data->set.fread_func = (curl_read_callback)readmoredata; + data->set.in = (void *)conn; /* set the upload size to the progress meter */ Curl_pgrsSetUploadSize(data, http->postsize); @@ -2664,7 +2688,7 @@ return result; } - else if(data->set.postfieldsize) { + else if(data->state.infilesize) { /* set the upload size to the progress meter */ Curl_pgrsSetUploadSize(data, postsize?postsize:-1); @@ -3055,6 +3079,19 @@ } } + /* At this point we have some idea about the fate of the connection. + If we are closing the connection it may result auth failure. */ +#if defined(USE_NTLM) + if(conn->bits.close && + (((data->req.httpcode == 401) && + (conn->ntlm.state == NTLMSTATE_TYPE2)) || + ((data->req.httpcode == 407) && + (conn->proxyntlm.state == NTLMSTATE_TYPE2)))) { + infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n"); + data->state.authproblem = TRUE; + } +#endif + /* * When all the headers have been parsed, see if we should give * up and return an error. @@ -3332,28 +3369,23 @@ } else if(conn->httpversion == 20 || (k->upgr101 == UPGR101_REQUESTED && k->httpcode == 101)) { - /* Don't enable pipelining for HTTP/2 or upgraded connection. For - HTTP/2, we do not support multiplexing. In general, requests - cannot be pipelined in upgraded connection, since it is now - different protocol. */ - DEBUGF(infof(data, - "HTTP 2 or upgraded connection do not support " - "pipelining for now\n")); + DEBUGF(infof(data, "HTTP/2 found, allow multiplexing\n")); + + /* HTTP/2 cannot blacklist multiplexing since it is a core + functionality of the protocol */ + conn->bundle->multiuse = BUNDLE_MULTIPLEX; } else if(conn->httpversion >= 11 && !conn->bits.close) { - struct connectbundle *cb_ptr; - /* If HTTP version is >= 1.1 and connection is persistent server supports pipelining. */ DEBUGF(infof(data, "HTTP 1.1 or later with persistent connection, " "pipelining supported\n")); /* Activate pipelining if needed */ - cb_ptr = conn->bundle; - if(cb_ptr) { + if(conn->bundle) { if(!Curl_pipeline_site_blacklisted(data, conn)) - cb_ptr->server_supports_pipelining = TRUE; + conn->bundle->multiuse = BUNDLE_PIPELINING; } } @@ -3432,14 +3464,17 @@ } } else if(checkprefix("Server:", k->p)) { - char *server_name = Curl_copy_header_value(k->p); - - /* Turn off pipelining if the server version is blacklisted */ - if(conn->bundle && conn->bundle->server_supports_pipelining) { - if(Curl_pipeline_server_blacklisted(data, server_name)) - conn->bundle->server_supports_pipelining = FALSE; + if(conn->httpversion < 20) { + /* only do this for non-h2 servers */ + char *server_name = Curl_copy_header_value(k->p); + + /* Turn off pipelining if the server version is blacklisted */ + if(conn->bundle && (conn->bundle->multiuse == BUNDLE_PIPELINING)) { + if(Curl_pipeline_server_blacklisted(data, server_name)) + conn->bundle->multiuse = BUNDLE_NO_MULTIUSE; + } + free(server_name); } - free(server_name); } else if((conn->httpversion == 10) && conn->bits.httpproxy && diff -Nru curl-7.42.1/lib/http.h curl-7.43.0/lib/http.h --- curl-7.42.1/lib/http.h 2015-04-28 18:40:09.000000000 +0000 +++ curl-7.43.0/lib/http.h 2015-06-12 12:57:28.000000000 +0000 @@ -60,6 +60,7 @@ typedef struct Curl_send_buffer Curl_send_buffer; Curl_send_buffer *Curl_add_buffer_init(void); +void Curl_add_buffer_free(Curl_send_buffer *buff); CURLcode Curl_add_bufferf(Curl_send_buffer *in, const char *fmt, ...); CURLcode Curl_add_buffer(Curl_send_buffer *in, const void *inptr, size_t size); CURLcode Curl_add_buffer_send(Curl_send_buffer *in, @@ -152,43 +153,66 @@ void *send_buffer; /* used if the request couldn't be sent in one chunk, points to an allocated send_buffer struct */ + +#ifdef USE_NGHTTP2 + /*********** for HTTP/2 we store stream-local data here *************/ + int32_t stream_id; /* stream we are interested in */ + + bool bodystarted; + /* We store non-final and final response headers here, per-stream */ + Curl_send_buffer *header_recvbuf; + size_t nread_header_recvbuf; /* number of bytes in header_recvbuf fed into + upper layer */ + int status_code; /* HTTP status code */ + const uint8_t *pausedata; /* pointer to data received in on_data_chunk */ + size_t pauselen; /* the number of bytes left in data */ + bool closed; /* TRUE on HTTP2 stream close */ + uint32_t error_code; /* HTTP/2 error code */ + + char *mem; /* points to a buffer in memory to store received data */ + size_t len; /* size of the buffer 'mem' points to */ + size_t memlen; /* size of data copied to mem */ + + const uint8_t *upload_mem; /* points to a buffer to read from */ + size_t upload_len; /* size of the buffer 'upload_mem' points to */ + curl_off_t upload_left; /* number of bytes left to upload */ +#endif }; typedef int (*sending)(void); /* Curl_send */ typedef int (*recving)(void); /* Curl_recv */ +#ifdef USE_NGHTTP2 +/* h2 settings for this connection */ +struct h2settings { + uint32_t max_concurrent_streams; + bool enable_push; +}; +#endif + + struct http_conn { #ifdef USE_NGHTTP2 #define H2_BINSETTINGS_LEN 80 nghttp2_session *h2; uint8_t binsettings[H2_BINSETTINGS_LEN]; size_t binlen; /* length of the binsettings data */ - char *mem; /* points to a buffer in memory to store */ - size_t len; /* size of the buffer 'mem' points to */ - bool bodystarted; sending send_underlying; /* underlying send Curl_send callback */ recving recv_underlying; /* underlying recv Curl_recv callback */ - bool closed; /* TRUE on HTTP2 stream close */ - uint32_t error_code; /* HTTP/2 error code */ - Curl_send_buffer *header_recvbuf; /* store response headers. We - store non-final and final - response headers into it. */ - size_t nread_header_recvbuf; /* number of bytes in header_recvbuf - fed into upper layer */ - int32_t stream_id; /* stream we are interested in */ - const uint8_t *data; /* pointer to data chunk, received in - on_data_chunk */ - size_t datalen; /* the number of bytes left in data */ char *inbuf; /* buffer to receive data from underlying socket */ + size_t inbuflen; /* number of bytes filled in inbuf */ + size_t nread_inbuf; /* number of bytes read from in inbuf */ /* We need separate buffer for transmission and reception because we may call nghttp2_session_send() after the nghttp2_session_mem_recv() but mem buffer is still not full. In this case, we wrongly sends the content of mem buffer if we share them for both cases. */ - const uint8_t *upload_mem; /* points to a buffer to read from */ - size_t upload_len; /* size of the buffer 'upload_mem' points to */ - size_t upload_left; /* number of bytes left to upload */ - int status_code; /* HTTP status code */ + int32_t pause_stream_id; /* stream ID which paused + nghttp2_session_mem_recv */ + + /* this is a hash of all individual streams (SessionHandle structs) */ + struct curl_hash streamsh; + struct h2settings settings; #else int unused; /* prevent a compiler warning */ #endif diff -Nru curl-7.42.1/lib/http_negotiate.c curl-7.43.0/lib/http_negotiate.c --- curl-7.42.1/lib/http_negotiate.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/http_negotiate.c 2015-06-12 22:20:46.000000000 +0000 @@ -62,8 +62,10 @@ if(!neg_ctx->server_name) { /* Generate our SPN */ - char *spn = Curl_sasl_build_gssapi_spn("HTTP", proxy ? conn->proxy.name : - conn->host.name); + char *spn = Curl_sasl_build_gssapi_spn( + proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] : + data->set.str[STRING_SERVICE_NAME], + proxy ? conn->proxy.name : conn->host.name); if(!spn) return CURLE_OUT_OF_MEMORY; diff -Nru curl-7.42.1/lib/http_negotiate_sspi.c curl-7.43.0/lib/http_negotiate_sspi.c --- curl-7.42.1/lib/http_negotiate_sspi.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/http_negotiate_sspi.c 2015-06-12 22:20:46.000000000 +0000 @@ -43,6 +43,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header) { + struct SessionHandle *data = conn->data; BYTE *input_token = NULL; SecBufferDesc out_buff_desc; SecBuffer out_sec_buff; @@ -64,12 +65,12 @@ if(proxy) { userp = conn->proxyuser; passwdp = conn->proxypasswd; - neg_ctx = &conn->data->state.proxyneg; + neg_ctx = &data->state.proxyneg; } else { userp = conn->user; passwdp = conn->passwd; - neg_ctx = &conn->data->state.negotiate; + neg_ctx = &data->state.negotiate; } /* Not set means empty */ @@ -83,7 +84,7 @@ /* We finished successfully our part of authentication, but server * rejected it (since we're again here). Exit with an error since we * can't invent anything better */ - Curl_cleanup_negotiate(conn->data); + Curl_cleanup_negotiate(data); return CURLE_LOGIN_DENIED; } @@ -93,9 +94,10 @@ return CURLE_BAD_FUNCTION_ARGUMENT; /* Generate our SPN */ - neg_ctx->server_name = Curl_sasl_build_spn("HTTP", - proxy ? conn->proxy.name : - conn->host.name); + neg_ctx->server_name = Curl_sasl_build_spn( + proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] : + data->set.str[STRING_SERVICE_NAME], + proxy ? conn->proxy.name : conn->host.name); if(!neg_ctx->server_name) return CURLE_OUT_OF_MEMORY; } @@ -167,7 +169,7 @@ return result; if(!input_token_len) { - infof(conn->data, + infof(data, "Negotiate handshake failure (empty challenge message)\n"); return CURLE_BAD_CONTENT_ENCODING; diff -Nru curl-7.42.1/lib/http_proxy.c curl-7.43.0/lib/http_proxy.c --- curl-7.42.1/lib/http_proxy.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/http_proxy.c 2015-06-17 05:41:51.000000000 +0000 @@ -135,7 +135,7 @@ host_port = aprintf("%s:%hu", hostname, remote_port); if(!host_port) { - free(req_buffer); + Curl_add_buffer_free(req_buffer); return CURLE_OUT_OF_MEMORY; } @@ -155,7 +155,7 @@ hostname, conn->bits.ipv6_ip?"]":"", remote_port); if(!hostheader) { - free(req_buffer); + Curl_add_buffer_free(req_buffer); return CURLE_OUT_OF_MEMORY; } @@ -163,7 +163,7 @@ host = aprintf("Host: %s\r\n", hostheader); if(!host) { free(hostheader); - free(req_buffer); + Curl_add_buffer_free(req_buffer); return CURLE_OUT_OF_MEMORY; } } @@ -212,7 +212,7 @@ failf(data, "Failed sending CONNECT to proxy"); } - free(req_buffer); + Curl_add_buffer_free(req_buffer); if(result) return result; @@ -281,7 +281,7 @@ /* proxy auth was requested and there was proxy auth available, then deem this as "mere" proxy disconnect */ conn->bits.proxy_connect_closed = TRUE; - infof(data, "Proxy CONNECT connection closed"); + infof(data, "Proxy CONNECT connection closed\n"); } else { error = SELECT_ERROR; diff -Nru curl-7.42.1/lib/libcurl.plist curl-7.43.0/lib/libcurl.plist --- curl-7.42.1/lib/libcurl.plist 2015-04-29 06:08:50.000000000 +0000 +++ curl-7.43.0/lib/libcurl.plist 2015-06-17 05:57:03.000000000 +0000 @@ -15,7 +15,7 @@ se.haxx.curl.libcurl CFBundleVersion - 7.42.1 + 7.43.0 CFBundleName libcurl @@ -27,9 +27,9 @@ ???? CFBundleShortVersionString - libcurl 7.42.1 + libcurl 7.43.0 CFBundleGetInfoString - libcurl.plist 7.42.1 + libcurl.plist 7.43.0 diff -Nru curl-7.42.1/lib/Makefile.am curl-7.43.0/lib/Makefile.am --- curl-7.42.1/lib/Makefile.am 2015-04-23 11:38:18.000000000 +0000 +++ curl-7.43.0/lib/Makefile.am 2015-06-14 21:31:01.000000000 +0000 @@ -21,10 +21,6 @@ ########################################################################### AUTOMAKE_OPTIONS = foreign nostdinc -DOCS = README.encoding README.memoryleak README.ares README.curlx \ - README.hostip README.multi_socket README.httpauth README.pipelining \ - README.curl_off_t README.pingpong - CMAKE_DIST = CMakeLists.txt curl_config.h.cmake EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 config-win32.h \ @@ -32,7 +28,7 @@ makefile.dj config-dos.h libcurl.plist libcurl.rc config-amigaos.h \ makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \ config-os400.h setup-os400.h config-symbian.h Makefile.Watcom \ - config-tpf.h $(DOCS) mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \ + config-tpf.h mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \ objnames-test08.sh objnames-test10.sh objnames.inc checksrc.whitelist diff -Nru curl-7.42.1/lib/Makefile.b32 curl-7.43.0/lib/Makefile.b32 --- curl-7.42.1/lib/Makefile.b32 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/Makefile.b32 2015-06-11 17:50:43.000000000 +0000 @@ -27,7 +27,7 @@ # Edit the path below to point to the base of your OpenSSL package. !ifndef OPENSSL_PATH -OPENSSL_PATH = ..\..\openssl-0.9.8zc +OPENSSL_PATH = ..\..\openssl-1.0.2a !endif # Set libcurl static lib, dll and import lib diff -Nru curl-7.42.1/lib/Makefile.in curl-7.43.0/lib/Makefile.in --- curl-7.42.1/lib/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/lib/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -112,8 +112,7 @@ @DOING_CURL_SYMBOL_HIDING_TRUE@am__append_8 = $(CFLAG_CURL_SYMBOL_HIDING) DIST_COMMON = $(srcdir)/Makefile.inc $(srcdir)/Makefile.in \ $(srcdir)/Makefile.am $(srcdir)/curl_config.h.in \ - $(top_srcdir)/mkinstalldirs $(srcdir)/libcurl.vers.in \ - $(top_srcdir)/depcomp + $(srcdir)/libcurl.vers.in $(top_srcdir)/depcomp subdir = lib ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ @@ -135,7 +134,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = curl_config.h $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = libcurl.vers CONFIG_CLEAN_VPATH_FILES = @@ -212,12 +211,11 @@ libcurl_la-curl_ntlm_wb.lo libcurl_la-curl_ntlm_core.lo \ libcurl_la-curl_ntlm_msgs.lo libcurl_la-curl_sasl.lo \ libcurl_la-curl_multibyte.lo libcurl_la-hostcheck.lo \ - libcurl_la-bundles.lo libcurl_la-conncache.lo \ - libcurl_la-pipeline.lo libcurl_la-dotdot.lo \ - libcurl_la-x509asn1.lo libcurl_la-http2.lo \ - libcurl_la-curl_sasl_sspi.lo libcurl_la-smb.lo \ - libcurl_la-curl_sasl_gssapi.lo libcurl_la-curl_endian.lo \ - libcurl_la-curl_des.lo + libcurl_la-conncache.lo libcurl_la-pipeline.lo \ + libcurl_la-dotdot.lo libcurl_la-x509asn1.lo \ + libcurl_la-http2.lo libcurl_la-curl_sasl_sspi.lo \ + libcurl_la-smb.lo libcurl_la-curl_sasl_gssapi.lo \ + libcurl_la-curl_endian.lo libcurl_la-curl_des.lo am__dirstamp = $(am__leading_dot)dirstamp am__objects_2 = vtls/libcurl_la-openssl.lo vtls/libcurl_la-gtls.lo \ vtls/libcurl_la-vtls.lo vtls/libcurl_la-nss.lo \ @@ -283,12 +281,12 @@ libcurlu_la-curl_ntlm.lo libcurlu_la-curl_ntlm_wb.lo \ libcurlu_la-curl_ntlm_core.lo libcurlu_la-curl_ntlm_msgs.lo \ libcurlu_la-curl_sasl.lo libcurlu_la-curl_multibyte.lo \ - libcurlu_la-hostcheck.lo libcurlu_la-bundles.lo \ - libcurlu_la-conncache.lo libcurlu_la-pipeline.lo \ - libcurlu_la-dotdot.lo libcurlu_la-x509asn1.lo \ - libcurlu_la-http2.lo libcurlu_la-curl_sasl_sspi.lo \ - libcurlu_la-smb.lo libcurlu_la-curl_sasl_gssapi.lo \ - libcurlu_la-curl_endian.lo libcurlu_la-curl_des.lo + libcurlu_la-hostcheck.lo libcurlu_la-conncache.lo \ + libcurlu_la-pipeline.lo libcurlu_la-dotdot.lo \ + libcurlu_la-x509asn1.lo libcurlu_la-http2.lo \ + libcurlu_la-curl_sasl_sspi.lo libcurlu_la-smb.lo \ + libcurlu_la-curl_sasl_gssapi.lo libcurlu_la-curl_endian.lo \ + libcurlu_la-curl_des.lo am__objects_7 = vtls/libcurlu_la-openssl.lo vtls/libcurlu_la-gtls.lo \ vtls/libcurlu_la-vtls.lo vtls/libcurlu_la-nss.lo \ vtls/libcurlu_la-polarssl.lo \ @@ -578,17 +576,13 @@ # ########################################################################### AUTOMAKE_OPTIONS = foreign nostdinc -DOCS = README.encoding README.memoryleak README.ares README.curlx \ - README.hostip README.multi_socket README.httpauth README.pipelining \ - README.curl_off_t README.pingpong - CMAKE_DIST = CMakeLists.txt curl_config.h.cmake EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 config-win32.h \ config-win32ce.h config-riscos.h config-mac.h curl_config.h.in \ makefile.dj config-dos.h libcurl.plist libcurl.rc config-amigaos.h \ makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \ config-os400.h setup-os400.h config-symbian.h Makefile.Watcom \ - config-tpf.h $(DOCS) mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \ + config-tpf.h mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \ objnames-test08.sh objnames-test10.sh objnames.inc checksrc.whitelist @@ -672,7 +666,7 @@ http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c \ asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \ curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c \ - hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c \ + hostcheck.c conncache.c pipeline.c dotdot.c x509asn1.c \ http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c \ curl_des.c @@ -690,7 +684,7 @@ rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h \ curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h \ curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \ - curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h \ + curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h \ conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h \ dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ curl_printf.h @@ -870,7 +864,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-asyn-ares.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-asyn-thread.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-base64.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-bundles.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-conncache.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-connect.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-content_encoding.Plo@am__quote@ @@ -975,7 +968,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-asyn-ares.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-asyn-thread.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-base64.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-bundles.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-conncache.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-connect.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-content_encoding.Plo@am__quote@ @@ -1781,13 +1773,6 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hostcheck.lo `test -f 'hostcheck.c' || echo '$(srcdir)/'`hostcheck.c -libcurl_la-bundles.lo: bundles.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-bundles.lo -MD -MP -MF $(DEPDIR)/libcurl_la-bundles.Tpo -c -o libcurl_la-bundles.lo `test -f 'bundles.c' || echo '$(srcdir)/'`bundles.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-bundles.Tpo $(DEPDIR)/libcurl_la-bundles.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bundles.c' object='libcurl_la-bundles.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-bundles.lo `test -f 'bundles.c' || echo '$(srcdir)/'`bundles.c - libcurl_la-conncache.lo: conncache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-conncache.lo -MD -MP -MF $(DEPDIR)/libcurl_la-conncache.Tpo -c -o libcurl_la-conncache.lo `test -f 'conncache.c' || echo '$(srcdir)/'`conncache.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-conncache.Tpo $(DEPDIR)/libcurl_la-conncache.Plo @@ -2593,13 +2578,6 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hostcheck.lo `test -f 'hostcheck.c' || echo '$(srcdir)/'`hostcheck.c -libcurlu_la-bundles.lo: bundles.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-bundles.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-bundles.Tpo -c -o libcurlu_la-bundles.lo `test -f 'bundles.c' || echo '$(srcdir)/'`bundles.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-bundles.Tpo $(DEPDIR)/libcurlu_la-bundles.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bundles.c' object='libcurlu_la-bundles.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-bundles.lo `test -f 'bundles.c' || echo '$(srcdir)/'`bundles.c - libcurlu_la-conncache.lo: conncache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-conncache.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-conncache.Tpo -c -o libcurlu_la-conncache.lo `test -f 'conncache.c' || echo '$(srcdir)/'`conncache.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-conncache.Tpo $(DEPDIR)/libcurlu_la-conncache.Plo diff -Nru curl-7.42.1/lib/Makefile.inc curl-7.43.0/lib/Makefile.inc --- curl-7.42.1/lib/Makefile.inc 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/Makefile.inc 2015-06-11 17:50:43.000000000 +0000 @@ -44,7 +44,7 @@ http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c \ asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \ curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c \ - hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c \ + hostcheck.c conncache.c pipeline.c dotdot.c x509asn1.c \ http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c \ curl_des.c @@ -62,7 +62,7 @@ rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h \ curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h \ curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \ - curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h \ + curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h \ conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h \ dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ curl_printf.h diff -Nru curl-7.42.1/lib/Makefile.m32 curl-7.43.0/lib/Makefile.m32 --- curl-7.42.1/lib/Makefile.m32 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/Makefile.m32 2015-06-11 17:50:43.000000000 +0000 @@ -1,7 +1,7 @@ ########################################################################### # ## Makefile for building libcurl.a with MingW (GCC-3.2 or later) -## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3) +## and optionally OpenSSL (1.0.2a), libssh2 (1.5), zlib (1.2.8), librtmp (2.4) ## ## Usage: mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...] ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn @@ -18,23 +18,23 @@ endif # Edit the path below to point to the base of your OpenSSL package. ifndef OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a endif # Edit the path below to point to the base of your LibSSH2 package. ifndef LIBSSH2_PATH -LIBSSH2_PATH = ../../libssh2-1.4.3 +LIBSSH2_PATH = ../../libssh2-1.5.0 endif # Edit the path below to point to the base of your librtmp package. ifndef LIBRTMP_PATH -LIBRTMP_PATH = ../../librtmp-2.3 +LIBRTMP_PATH = ../../librtmp-2.4 endif # Edit the path below to point to the base of your libidn package. ifndef LIBIDN_PATH -LIBIDN_PATH = ../../libidn-1.18 +LIBIDN_PATH = ../../libidn-1.30 endif # Edit the path below to point to the base of your MS IDN package. # Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1 -# http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815 +# https://www.microsoft.com/en-us/download/details.aspx?id=734 ifndef WINIDN_PATH WINIDN_PATH = ../../Microsoft IDN Mitigation APIs endif @@ -44,7 +44,7 @@ endif # Edit the path below to point to the base of your nghttp2 package. ifndef NGHTTP2_PATH -NGHTTP2_PATH = ../../nghttp2-0.6.7 +NGHTTP2_PATH = ../../nghttp2-1.0.0 endif PROOT = .. @@ -76,9 +76,11 @@ ifeq ($(ARCH),w64) CFLAGS += -m64 -D_AMD64_ +LDFLAGS += -m64 RCFLAGS += -F pe-x86-64 else CFLAGS += -m32 +LDFLAGS += -m32 RCFLAGS += -F pe-i386 endif diff -Nru curl-7.42.1/lib/Makefile.netware curl-7.43.0/lib/Makefile.netware --- curl-7.42.1/lib/Makefile.netware 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/Makefile.netware 2015-06-11 17:50:43.000000000 +0000 @@ -19,12 +19,12 @@ # Edit the path below to point to the base of your OpenSSL package. ifndef OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a endif # Edit the path below to point to the base of your LibSSH2 package. ifndef LIBSSH2_PATH -LIBSSH2_PATH = ../../libssh2-1.4.3 +LIBSSH2_PATH = ../../libssh2-1.5.0 endif # Edit the path below to point to the base of your axTLS package. diff -Nru curl-7.42.1/lib/Makefile.vc10 curl-7.43.0/lib/Makefile.vc10 --- curl-7.42.1/lib/Makefile.vc10 2015-04-29 06:08:50.000000000 +0000 +++ curl-7.43.0/lib/Makefile.vc10 2015-06-17 05:57:03.000000000 +0000 @@ -65,11 +65,11 @@ !INCLUDE ..\winbuild\Makefile.msvc.names !IFNDEF OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a !ENDIF !IFNDEF LIBSSH2_PATH -LIBSSH2_PATH = ../../libssh2-1.4.3 +LIBSSH2_PATH = ../../libssh2-1.5.0 !ENDIF !IFNDEF ZLIB_PATH @@ -90,7 +90,7 @@ # If, for some reason the Windows SDK is installed but not installed # in the default location, you can specify WINDOWS_SDK_PATH. # It can be downloaded from: -# http://www.microsoft.com/msdownload/platformsdk/sdkupdate/ +# https://msdn.microsoft.com/windows/bb980924.aspx # WINDOWS_SSPI = 1 @@ -427,7 +427,7 @@ TARGET = $(LIBCURL_DYN_LIB_DBG) DIROBJ = $(CFG) LNK = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_DBG) /PDB:$(DIROBJ)\$(LIBCURL_DYN_LIB_PDB) -CC = $(CCDEBUG) $(RTLIBD) +CC = $(CCDEBUG) $(RTLIBD) CFGSET = TRUE RESOURCE = $(DIROBJ)\libcurl.res !ENDIF @@ -528,7 +528,6 @@ $(DIROBJ)\asyn-thread.obj \ $(DIROBJ)\axtls.obj \ $(DIROBJ)\base64.obj \ - $(DIROBJ)\bundles.obj \ $(DIROBJ)\conncache.obj \ $(DIROBJ)\connect.obj \ $(DIROBJ)\content_encoding.obj \ diff -Nru curl-7.42.1/lib/Makefile.vc6 curl-7.43.0/lib/Makefile.vc6 --- curl-7.42.1/lib/Makefile.vc6 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/Makefile.vc6 2015-06-11 17:50:43.000000000 +0000 @@ -65,11 +65,11 @@ !INCLUDE ..\winbuild\Makefile.msvc.names !IFNDEF OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a !ENDIF !IFNDEF LIBSSH2_PATH -LIBSSH2_PATH = ../../libssh2-1.4.3 +LIBSSH2_PATH = ../../libssh2-1.5.0 !ENDIF !IFNDEF ZLIB_PATH @@ -90,7 +90,7 @@ # If, for some reason the Windows SDK is installed but not installed # in the default location, you can specify WINDOWS_SDK_PATH. # It can be downloaded from: -# http://www.microsoft.com/msdownload/platformsdk/sdkupdate/ +# https://msdn.microsoft.com/windows/bb980924.aspx # WINDOWS_SSPI = 1 @@ -427,7 +427,7 @@ TARGET = $(LIBCURL_DYN_LIB_DBG) DIROBJ = $(CFG) LNK = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_DBG) /PDB:$(DIROBJ)\$(LIBCURL_DYN_LIB_PDB) -CC = $(CCDEBUG) $(RTLIBD) +CC = $(CCDEBUG) $(RTLIBD) CFGSET = TRUE RESOURCE = $(DIROBJ)\libcurl.res !ENDIF @@ -528,7 +528,6 @@ $(DIROBJ)\asyn-thread.obj \ $(DIROBJ)\axtls.obj \ $(DIROBJ)\base64.obj \ - $(DIROBJ)\bundles.obj \ $(DIROBJ)\conncache.obj \ $(DIROBJ)\connect.obj \ $(DIROBJ)\content_encoding.obj \ diff -Nru curl-7.42.1/lib/Makefile.vc8 curl-7.43.0/lib/Makefile.vc8 --- curl-7.42.1/lib/Makefile.vc8 2015-04-29 06:08:50.000000000 +0000 +++ curl-7.43.0/lib/Makefile.vc8 2015-06-17 05:57:03.000000000 +0000 @@ -65,11 +65,11 @@ !INCLUDE ..\winbuild\Makefile.msvc.names !IFNDEF OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a !ENDIF !IFNDEF LIBSSH2_PATH -LIBSSH2_PATH = ../../libssh2-1.4.3 +LIBSSH2_PATH = ../../libssh2-1.5.0 !ENDIF !IFNDEF ZLIB_PATH @@ -90,7 +90,7 @@ # If, for some reason the Windows SDK is installed but not installed # in the default location, you can specify WINDOWS_SDK_PATH. # It can be downloaded from: -# http://www.microsoft.com/msdownload/platformsdk/sdkupdate/ +# https://msdn.microsoft.com/windows/bb980924.aspx # WINDOWS_SSPI = 1 @@ -427,7 +427,7 @@ TARGET = $(LIBCURL_DYN_LIB_DBG) DIROBJ = $(CFG) LNK = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_DBG) /PDB:$(DIROBJ)\$(LIBCURL_DYN_LIB_PDB) -CC = $(CCDEBUG) $(RTLIBD) +CC = $(CCDEBUG) $(RTLIBD) CFGSET = TRUE RESOURCE = $(DIROBJ)\libcurl.res !ENDIF @@ -528,7 +528,6 @@ $(DIROBJ)\asyn-thread.obj \ $(DIROBJ)\axtls.obj \ $(DIROBJ)\base64.obj \ - $(DIROBJ)\bundles.obj \ $(DIROBJ)\conncache.obj \ $(DIROBJ)\connect.obj \ $(DIROBJ)\content_encoding.obj \ diff -Nru curl-7.42.1/lib/Makefile.vc9 curl-7.43.0/lib/Makefile.vc9 --- curl-7.42.1/lib/Makefile.vc9 2015-04-29 06:08:50.000000000 +0000 +++ curl-7.43.0/lib/Makefile.vc9 2015-06-17 05:57:03.000000000 +0000 @@ -65,11 +65,11 @@ !INCLUDE ..\winbuild\Makefile.msvc.names !IFNDEF OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a !ENDIF !IFNDEF LIBSSH2_PATH -LIBSSH2_PATH = ../../libssh2-1.4.3 +LIBSSH2_PATH = ../../libssh2-1.5.0 !ENDIF !IFNDEF ZLIB_PATH @@ -90,7 +90,7 @@ # If, for some reason the Windows SDK is installed but not installed # in the default location, you can specify WINDOWS_SDK_PATH. # It can be downloaded from: -# http://www.microsoft.com/msdownload/platformsdk/sdkupdate/ +# https://msdn.microsoft.com/windows/bb980924.aspx # WINDOWS_SSPI = 1 @@ -427,7 +427,7 @@ TARGET = $(LIBCURL_DYN_LIB_DBG) DIROBJ = $(CFG) LNK = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_DBG) /PDB:$(DIROBJ)\$(LIBCURL_DYN_LIB_PDB) -CC = $(CCDEBUG) $(RTLIBD) +CC = $(CCDEBUG) $(RTLIBD) CFGSET = TRUE RESOURCE = $(DIROBJ)\libcurl.res !ENDIF @@ -528,7 +528,6 @@ $(DIROBJ)\asyn-thread.obj \ $(DIROBJ)\axtls.obj \ $(DIROBJ)\base64.obj \ - $(DIROBJ)\bundles.obj \ $(DIROBJ)\conncache.obj \ $(DIROBJ)\connect.obj \ $(DIROBJ)\content_encoding.obj \ diff -Nru curl-7.42.1/lib/Makefile.Watcom curl-7.43.0/lib/Makefile.Watcom --- curl-7.42.1/lib/Makefile.Watcom 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/Makefile.Watcom 2015-06-11 17:50:43.000000000 +0000 @@ -101,7 +101,7 @@ !ifdef %libssh2_root LIBSSH2_ROOT = $(%libssh2_root) !else -LIBSSH2_ROOT = ../../libssh2-1.4.3 +LIBSSH2_ROOT = ../../libssh2-1.5.0 !endif !ifdef %librtmp_root @@ -113,7 +113,7 @@ !ifdef %openssl_root OPENSSL_ROOT = $(%openssl_root) !else -OPENSSL_ROOT = ../../openssl-0.9.8zc +OPENSSL_ROOT = ../../openssl-1.0.2a !endif !ifdef %ares_root diff -Nru curl-7.42.1/lib/memdebug.c curl-7.43.0/lib/memdebug.c --- curl-7.42.1/lib/memdebug.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/memdebug.c 2015-06-11 17:50:43.000000000 +0000 @@ -112,7 +112,7 @@ { if(!logfile) { if(logname && *logname) - logfile = fopen(logname, "w"); + logfile = fopen(logname, FOPEN_WRITETEXT); else logfile = stderr; #ifdef MEMDEBUG_LOG_SYNC diff -Nru curl-7.42.1/lib/multi.c curl-7.43.0/lib/multi.c --- curl-7.42.1/lib/multi.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/multi.c 2015-06-15 21:14:25.000000000 +0000 @@ -39,7 +39,6 @@ #include "warnless.h" #include "speedcheck.h" #include "conncache.h" -#include "bundles.h" #include "multihandle.h" #include "pipeline.h" #include "sigpipe.h" @@ -70,8 +69,6 @@ struct SessionHandle *data); static int update_timer(struct Curl_multi *multi); -static bool isHandleAtHead(struct SessionHandle *handle, - struct curl_llist *pipeline); static CURLMcode add_next_timeout(struct timeval now, struct Curl_multi *multi, struct SessionHandle *d); @@ -252,10 +249,10 @@ * per call." * */ -static struct curl_hash *sh_init(int hashsize) +static int sh_init(struct curl_hash *hash, int hashsize) { - return Curl_hash_alloc(hashsize, hash_fd, fd_key_compare, - sh_freeentry); + return Curl_hash_init(hash, hashsize, hash_fd, fd_key_compare, + sh_freeentry); } /* @@ -294,16 +291,13 @@ multi->type = CURL_MULTI_HANDLE; - multi->hostcache = Curl_mk_dnscache(); - if(!multi->hostcache) + if(Curl_mk_dnscache(&multi->hostcache)) goto error; - multi->sockhash = sh_init(hashsize); - if(!multi->sockhash) + if(sh_init(&multi->sockhash, hashsize)) goto error; - multi->conn_cache = Curl_conncache_init(chashsize); - if(!multi->conn_cache) + if(Curl_conncache_init(&multi->conn_cache, chashsize)) goto error; multi->msglist = Curl_llist_alloc(multi_freeamsg); @@ -320,7 +314,7 @@ goto error; multi->closure_handle->multi = multi; - multi->closure_handle->state.conn_cache = multi->conn_cache; + multi->closure_handle->state.conn_cache = &multi->conn_cache; multi->max_pipeline_length = 5; @@ -330,12 +324,9 @@ error: - Curl_hash_destroy(multi->sockhash); - multi->sockhash = NULL; - Curl_hash_destroy(multi->hostcache); - multi->hostcache = NULL; - Curl_conncache_destroy(multi->conn_cache); - multi->conn_cache = NULL; + Curl_hash_destroy(&multi->sockhash); + Curl_hash_destroy(&multi->hostcache); + Curl_conncache_destroy(&multi->conn_cache); Curl_close(multi->closure_handle); multi->closure_handle = NULL; Curl_llist_destroy(multi->msglist, NULL); @@ -404,14 +395,17 @@ easy handle's one is currently not set. */ else if(!data->dns.hostcache || (data->dns.hostcachetype == HCACHE_NONE)) { - data->dns.hostcache = multi->hostcache; + data->dns.hostcache = &multi->hostcache; data->dns.hostcachetype = HCACHE_MULTI; } /* Point to the multi's connection cache */ - data->state.conn_cache = multi->conn_cache; + data->state.conn_cache = &multi->conn_cache; - data->state.infilesize = data->set.filesize; + if(data->set.httpreq == HTTPREQ_PUT) + data->state.infilesize = data->set.filesize; + else + data->state.infilesize = data->set.postfieldsize; /* This adds the new entry at the 'end' of the doubly-linked circular list of SessionHandle structs to try and maintain a FIFO queue so @@ -427,8 +421,7 @@ multi->easylp = data; /* the new last node */ } else { - /* first node, make both prev and next be NULL! */ - data->next = NULL; + /* first node, make prev NULL! */ data->prev = NULL; multi->easylp = multi->easyp = data; /* both first and last */ } @@ -621,9 +614,10 @@ return CURLM_OK; } -bool Curl_multi_pipeline_enabled(const struct Curl_multi *multi) +/* Return TRUE if the application asked for a certain set of pipelining */ +bool Curl_pipeline_wanted(const struct Curl_multi *multi, int bits) { - return (multi && multi->pipelining_enabled) ? TRUE : FALSE; + return (multi && (multi->pipelining & bits)) ? TRUE : FALSE; } void Curl_multi_handlePipeBreak(struct SessionHandle *data) @@ -935,6 +929,34 @@ return CURLM_OK; } +/* + * Curl_multi_connchanged() is called to tell that there is a connection in + * this multi handle that has changed state (pipelining become possible, the + * number of allowed streams changed or similar), and a subsequent use of this + * multi handle should move CONNECT_PEND handles back to CONNECT to have them + * retry. + */ +void Curl_multi_connchanged(struct Curl_multi *multi) +{ + multi->recheckstate = TRUE; +} + +/* + * multi_ischanged() is called + * + * Returns TRUE/FALSE whether the state is changed to trigger a CONNECT_PEND + * => CONNECT action. + * + * Set 'clear' to TRUE to have it also clear the state variable. + */ +static bool multi_ischanged(struct Curl_multi *multi, bool clear) +{ + bool retval = multi->recheckstate; + if(clear) + multi->recheckstate = FALSE; + return retval; +} + static CURLMcode multi_runsingle(struct Curl_multi *multi, struct timeval now, struct SessionHandle *data) @@ -986,6 +1008,11 @@ return CURLM_INTERNAL_ERROR; } + if(multi_ischanged(multi, TRUE)) { + DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue!\n")); + Curl_multi_process_pending_handles(multi); + } + if(data->easy_conn && data->mstate > CURLM_STATE_CONNECT && data->mstate < CURLM_STATE_COMPLETED) /* Make sure we set the connection's current owner */ @@ -1090,7 +1117,7 @@ rc = CURLM_CALL_MULTI_PERFORM; if(protocol_connect) - multistate(data, multi->pipelining_enabled? + multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)? CURLM_STATE_WAITDO:CURLM_STATE_DO); else { #ifndef CURL_DISABLE_HTTP @@ -1147,7 +1174,7 @@ /* call again please so that we get the next socket setup */ rc = CURLM_CALL_MULTI_PERFORM; if(protocol_connect) - multistate(data, multi->pipelining_enabled? + multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)? CURLM_STATE_WAITDO:CURLM_STATE_DO); else { #ifndef CURL_DISABLE_HTTP @@ -1177,6 +1204,7 @@ if(data->easy_conn->bits.proxy_connect_closed) { /* connect back to proxy again */ result = CURLE_OK; + Curl_done(&data->easy_conn, CURLE_OK, FALSE); multistate(data, CURLM_STATE_CONNECT); } else if(!result) { @@ -1211,7 +1239,7 @@ multistate(data, CURLM_STATE_PROTOCONNECT); else if(!result) { /* protocol connect has completed, go WAITDO or DO */ - multistate(data, multi->pipelining_enabled? + multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)? CURLM_STATE_WAITDO:CURLM_STATE_DO); rc = CURLM_CALL_MULTI_PERFORM; } @@ -1228,7 +1256,7 @@ result = Curl_protocol_connecting(data->easy_conn, &protocol_connect); if(!result && protocol_connect) { /* after the connect has completed, go WAITDO or DO */ - multistate(data, multi->pipelining_enabled? + multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)? CURLM_STATE_WAITDO:CURLM_STATE_DO); rc = CURLM_CALL_MULTI_PERFORM; } @@ -1242,19 +1270,8 @@ case CURLM_STATE_WAITDO: /* Wait for our turn to DO when we're pipelining requests */ -#ifdef DEBUGBUILD - infof(data, "WAITDO: Conn %ld send pipe %zu inuse %s athead %s\n", - data->easy_conn->connection_id, - data->easy_conn->send_pipe->size, - data->easy_conn->writechannel_inuse?"TRUE":"FALSE", - isHandleAtHead(data, - data->easy_conn->send_pipe)?"TRUE":"FALSE"); -#endif - if(!data->easy_conn->writechannel_inuse && - isHandleAtHead(data, - data->easy_conn->send_pipe)) { - /* Grab the channel */ - data->easy_conn->writechannel_inuse = TRUE; + if(Curl_pipeline_checkget_write(data, data->easy_conn)) { + /* Grabbed the channel */ multistate(data, CURLM_STATE_DO); rc = CURLM_CALL_MULTI_PERFORM; } @@ -1437,24 +1454,11 @@ case CURLM_STATE_WAITPERFORM: /* Wait for our turn to PERFORM */ - if(!data->easy_conn->readchannel_inuse && - isHandleAtHead(data, - data->easy_conn->recv_pipe)) { - /* Grab the channel */ - data->easy_conn->readchannel_inuse = TRUE; + if(Curl_pipeline_checkget_read(data, data->easy_conn)) { + /* Grabbed the channel */ multistate(data, CURLM_STATE_PERFORM); rc = CURLM_CALL_MULTI_PERFORM; } -#ifdef DEBUGBUILD - else { - infof(data, "WAITPERFORM: Conn %ld recv pipe %zu inuse %s athead %s\n", - data->easy_conn->connection_id, - data->easy_conn->recv_pipe->size, - data->easy_conn->readchannel_inuse?"TRUE":"FALSE", - isHandleAtHead(data, - data->easy_conn->recv_pipe)?"TRUE":"FALSE"); - } -#endif break; case CURLM_STATE_TOOFAST: /* limit-rate exceeded in either direction */ @@ -1509,19 +1513,17 @@ } /* read/write data if it is ready to do so */ - result = Curl_readwrite(data->easy_conn, &done); + result = Curl_readwrite(data->easy_conn, data, &done); k = &data->req; - if(!(k->keepon & KEEP_RECV)) { + if(!(k->keepon & KEEP_RECV)) /* We're done receiving */ - data->easy_conn->readchannel_inuse = FALSE; - } + Curl_pipeline_leave_read(data->easy_conn); - if(!(k->keepon & KEEP_SEND)) { + if(!(k->keepon & KEEP_SEND)) /* We're done sending */ - data->easy_conn->writechannel_inuse = FALSE; - } + Curl_pipeline_leave_write(data->easy_conn); if(done || (result == CURLE_RECV_ERROR)) { /* If CURLE_RECV_ERROR happens early enough, we assume it was a race @@ -1703,8 +1705,8 @@ if(data->easy_conn) { /* if this has a connection, unsubscribe from the pipelines */ - data->easy_conn->writechannel_inuse = FALSE; - data->easy_conn->readchannel_inuse = FALSE; + Curl_pipeline_leave_write(data->easy_conn); + Curl_pipeline_leave_read(data->easy_conn); Curl_removeHandleFromPipeline(data, data->easy_conn->send_pipe); Curl_removeHandleFromPipeline(data, data->easy_conn->recv_pipe); @@ -1753,7 +1755,7 @@ multistate(data, CURLM_STATE_MSGSENT); } - } while(rc == CURLM_CALL_MULTI_PERFORM); + } while((rc == CURLM_CALL_MULTI_PERFORM) || multi_ischanged(multi, FALSE)); data->result = result; @@ -1833,7 +1835,7 @@ { struct connectdata *conn; - conn = Curl_conncache_find_first_connection(multi->conn_cache); + conn = Curl_conncache_find_first_connection(&multi->conn_cache); while(conn) { SIGPIPE_VARIABLE(pipe_st); conn->data = multi->closure_handle; @@ -1843,7 +1845,7 @@ (void)Curl_disconnect(conn, FALSE); sigpipe_restore(&pipe_st); - conn = Curl_conncache_find_first_connection(multi->conn_cache); + conn = Curl_conncache_find_first_connection(&multi->conn_cache); } } @@ -1866,15 +1868,15 @@ sigpipe_ignore(multi->closure_handle, &pipe_st); restore_pipe = TRUE; - multi->closure_handle->dns.hostcache = multi->hostcache; + multi->closure_handle->dns.hostcache = &multi->hostcache; Curl_hostcache_clean(multi->closure_handle, multi->closure_handle->dns.hostcache); Curl_close(multi->closure_handle); } - Curl_hash_destroy(multi->sockhash); - Curl_conncache_destroy(multi->conn_cache); + Curl_hash_destroy(&multi->sockhash); + Curl_conncache_destroy(&multi->conn_cache); Curl_llist_destroy(multi->msglist, NULL); Curl_llist_destroy(multi->pending, NULL); @@ -1896,7 +1898,7 @@ data = nextdata; } - Curl_hash_destroy(multi->hostcache); + Curl_hash_destroy(&multi->hostcache); /* Free the blacklists by setting them to NULL */ Curl_pipeline_set_site_blacklist(NULL, &multi->pipelining_site_bl); @@ -1985,7 +1987,7 @@ s = socks[i]; /* get it from the hash */ - entry = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s)); + entry = Curl_hash_pick(&multi->sockhash, (char *)&s, sizeof(s)); if(curraction & GETSOCK_READSOCK(i)) action |= CURL_POLL_IN; @@ -2000,7 +2002,7 @@ } else { /* this is a socket we didn't have before, add it! */ - entry = sh_addentry(multi->sockhash, s, data); + entry = sh_addentry(&multi->sockhash, s, data); if(!entry) /* fatal */ return; @@ -2036,7 +2038,7 @@ /* this socket has been removed. Tell the app to remove it */ remove_sock_from_hash = TRUE; - entry = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s)); + entry = Curl_hash_pick(&multi->sockhash, (char *)&s, sizeof(s)); if(entry) { /* check if the socket to be removed serves a connection which has other easy-s in a pipeline. In this case the socket should not be @@ -2051,7 +2053,7 @@ for the recv_pipe, or the first (in case this particular easy isn't already) */ if(entry->easy == data) { - if(isHandleAtHead(data, easy_conn->recv_pipe)) + if(Curl_recvpipe_head(data, easy_conn)) entry->easy = easy_conn->recv_pipe->head->next->ptr; else entry->easy = easy_conn->recv_pipe->head->ptr; @@ -2065,7 +2067,7 @@ for the send_pipe, or the first (in case this particular easy isn't already) */ if(entry->easy == data) { - if(isHandleAtHead(data, easy_conn->send_pipe)) + if(Curl_sendpipe_head(data, easy_conn)) entry->easy = easy_conn->send_pipe->head->next->ptr; else entry->easy = easy_conn->send_pipe->head->ptr; @@ -2091,7 +2093,7 @@ CURL_POLL_REMOVE, multi->socket_userp, entry->socketp); - sh_delentry(multi->sockhash, s); + sh_delentry(&multi->sockhash, s); } } @@ -2118,7 +2120,7 @@ /* this is set if this connection is part of a handle that is added to a multi handle, and only then this is necessary */ struct Curl_sh_entry *entry = - Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s)); + Curl_hash_pick(&multi->sockhash, (char *)&s, sizeof(s)); if(entry) { if(multi->socket_cb) @@ -2127,7 +2129,7 @@ entry->socketp); /* now remove it from the socket hash */ - sh_delentry(multi->sockhash, s); + sh_delentry(&multi->sockhash, s); } } } @@ -2220,7 +2222,7 @@ else if(s != CURL_SOCKET_TIMEOUT) { struct Curl_sh_entry *entry = - Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s)); + Curl_hash_pick(&multi->sockhash, (char *)&s, sizeof(s)); if(!entry) /* Unmatched socket, we can't act on it but we ignore this fact. In @@ -2345,7 +2347,7 @@ multi->socket_userp = va_arg(param, void *); break; case CURLMOPT_PIPELINING: - multi->pipelining_enabled = (0 != va_arg(param, long)) ? TRUE : FALSE; + multi->pipelining = va_arg(param, long); break; case CURLMOPT_TIMERFUNCTION: multi->timer_cb = va_arg(param, curl_multi_timer_callback); @@ -2503,16 +2505,6 @@ return multi->timer_cb((CURLM*)multi, timeout_ms, multi->timer_userp); } -static bool isHandleAtHead(struct SessionHandle *handle, - struct curl_llist *pipeline) -{ - struct curl_llist_element *curr = pipeline->head; - if(curr) - return (curr->ptr == handle) ? TRUE : FALSE; - - return FALSE; -} - /* * multi_freetimeout() * @@ -2712,7 +2704,8 @@ struct Curl_multi *multi = (struct Curl_multi *)multi_handle; if(s != CURL_SOCKET_BAD) - there = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(curl_socket_t)); + there = Curl_hash_pick(&multi->sockhash, (char *)&s, + sizeof(curl_socket_t)); if(!there) return CURLM_BAD_SOCKET; @@ -2732,11 +2725,6 @@ return multi ? multi->max_total_connections : 0; } -size_t Curl_multi_max_pipeline_length(struct Curl_multi *multi) -{ - return multi ? multi->max_pipeline_length : 0; -} - curl_off_t Curl_multi_content_length_penalty_size(struct Curl_multi *multi) { return multi ? multi->content_length_penalty_size : 0; @@ -2796,7 +2784,7 @@ for(i=0; i < data->numsocks; i++) { curl_socket_t s = data->sockets[i]; struct Curl_sh_entry *entry = - Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s)); + Curl_hash_pick(&multi->sockhash, (char *)&s, sizeof(s)); fprintf(stderr, "%d ", (int)s); if(!entry) { diff -Nru curl-7.42.1/lib/multihandle.h curl-7.43.0/lib/multihandle.h --- curl-7.42.1/lib/multihandle.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/multihandle.h 2015-06-12 22:20:46.000000000 +0000 @@ -22,6 +22,8 @@ * ***************************************************************************/ +#include "conncache.h" + struct Curl_message { /* the 'CURLMsg' is the part that is visible to the external user */ struct CURLMsg extmsg; @@ -60,6 +62,8 @@ #define GETSOCK_READABLE (0x00ff) #define GETSOCK_WRITABLE (0xff00) +#define CURLPIPE_ANY (CURLPIPE_HTTP1 | CURLPIPE_MULTIPLEX) + /* This is the struct known as CURLM on the outside */ struct Curl_multi { /* First a simple identifier to easier detect if a user mix up @@ -84,7 +88,7 @@ void *socket_userp; /* Hostname cache */ - struct curl_hash *hostcache; + struct curl_hash hostcache; /* timetree points to the splay-tree of time nodes to figure out expire times of all currently set timers */ @@ -93,13 +97,15 @@ /* 'sockhash' is the lookup hash for socket descriptor => easy handles (note the pluralis form, there can be more than one easy handle waiting on the same actual socket) */ - struct curl_hash *sockhash; + struct curl_hash sockhash; - /* Whether pipelining is enabled for this multi handle */ - bool pipelining_enabled; + /* pipelining wanted bits (CURLPIPE*) */ + long pipelining; + + bool recheckstate; /* see Curl_multi_connchanged */ /* Shared connection cache (bundles)*/ - struct conncache *conn_cache; + struct conncache conn_cache; /* This handle will be used for closing the cached connections in curl_multi_cleanup() */ @@ -140,4 +146,3 @@ }; #endif /* HEADER_CURL_MULTIHANDLE_H */ - diff -Nru curl-7.42.1/lib/multiif.h curl-7.43.0/lib/multiif.h --- curl-7.42.1/lib/multiif.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/multiif.h 2015-06-12 12:57:28.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -27,8 +27,7 @@ */ void Curl_expire(struct SessionHandle *data, long milli); void Curl_expire_latest(struct SessionHandle *data, long milli); - -bool Curl_multi_pipeline_enabled(const struct Curl_multi* multi); +bool Curl_pipeline_wanted(const struct Curl_multi* multi, int bits); void Curl_multi_handlePipeBreak(struct SessionHandle *data); /* Internal version of curl_multi_init() accepts size parameters for the @@ -60,9 +59,6 @@ /* Return the value of the CURLMOPT_MAX_HOST_CONNECTIONS option */ size_t Curl_multi_max_host_connections(struct Curl_multi *multi); -/* Return the value of the CURLMOPT_MAX_PIPELINE_LENGTH option */ -size_t Curl_multi_max_pipeline_length(struct Curl_multi *multi); - /* Return the value of the CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE option */ curl_off_t Curl_multi_content_length_penalty_size(struct Curl_multi *multi); @@ -78,6 +74,8 @@ /* Return the value of the CURLMOPT_MAX_TOTAL_CONNECTIONS option */ size_t Curl_multi_max_total_connections(struct Curl_multi *multi); +void Curl_multi_connchanged(struct Curl_multi *multi); + /* * Curl_multi_closed() * diff -Nru curl-7.42.1/lib/netrc.c curl-7.43.0/lib/netrc.c --- curl-7.42.1/lib/netrc.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/netrc.c 2015-06-11 17:50:43.000000000 +0000 @@ -109,7 +109,7 @@ netrc_alloc = TRUE; } - file = fopen(netrcfile, "r"); + file = fopen(netrcfile, FOPEN_READTEXT); if(netrc_alloc) free(netrcfile); if(file) { @@ -137,6 +137,10 @@ 'password'. */ state=HOSTFOUND; } + else if(Curl_raw_equal("default", tok)) { + state=HOSTVALID; + retcode=0; /* we did find our host */ + } break; case HOSTFOUND: if(Curl_raw_equal(host, tok)) { diff -Nru curl-7.42.1/lib/pipeline.c curl-7.43.0/lib/pipeline.c --- curl-7.42.1/lib/pipeline.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/pipeline.c 2015-06-11 17:50:43.000000000 +0000 @@ -32,7 +32,6 @@ #include "pipeline.h" #include "sendf.h" #include "rawstr.h" -#include "bundles.h" #include "curl_memory.h" /* The last #include file should be: */ @@ -92,6 +91,15 @@ return FALSE; } +static CURLcode addHandleToPipeline(struct SessionHandle *data, + struct curl_llist *pipeline) +{ + if(!Curl_llist_insert_next(pipeline, pipeline->tail, data)) + return CURLE_OUT_OF_MEMORY; + return CURLE_OK; +} + + CURLcode Curl_add_handle_to_pipeline(struct SessionHandle *handle, struct connectdata *conn) { @@ -101,11 +109,11 @@ pipeline = conn->send_pipe; - result = Curl_addHandleToPipeline(handle, pipeline); + result = addHandleToPipeline(handle, pipeline); if(pipeline == conn->send_pipe && sendhead != conn->send_pipe->head) { /* this is a new one as head, expire it */ - conn->writechannel_inuse = FALSE; /* not in use yet */ + Curl_pipeline_leave_write(conn); /* not in use yet */ Curl_expire(conn->send_pipe->head->ptr, 1); } @@ -136,7 +144,7 @@ if(conn->send_pipe->head) { /* Since there's a new easy handle at the start of the send pipeline, set its timeout value to 1ms to make it trigger instantly */ - conn->writechannel_inuse = FALSE; /* not used now */ + Curl_pipeline_leave_write(conn); /* not used now */ #ifdef DEBUGBUILD infof(conn->data, "%p is at send pipe head B!\n", (void *)conn->send_pipe->head->ptr); @@ -312,6 +320,93 @@ return CURLM_OK; } +static bool pipe_head(struct SessionHandle *data, + struct curl_llist *pipeline) +{ + struct curl_llist_element *curr = pipeline->head; + if(curr) + return (curr->ptr == data) ? TRUE : FALSE; + + return FALSE; +} + +/* returns TRUE if the given handle is head of the recv pipe */ +bool Curl_recvpipe_head(struct SessionHandle *data, + struct connectdata *conn) +{ + return pipe_head(data, conn->recv_pipe); +} + +/* returns TRUE if the given handle is head of the send pipe */ +bool Curl_sendpipe_head(struct SessionHandle *data, + struct connectdata *conn) +{ + return pipe_head(data, conn->send_pipe); +} + + +/* + * Check if the write channel is available and this handle as at the head, + * then grab the channel and return TRUE. + * + * If not available, return FALSE. + */ + +bool Curl_pipeline_checkget_write(struct SessionHandle *data, + struct connectdata *conn) +{ + if(conn->bits.multiplex) + /* when multiplexing, we can use it at once */ + return TRUE; + + if(!conn->writechannel_inuse && Curl_sendpipe_head(data, conn)) { + /* Grab the channel */ + conn->writechannel_inuse = TRUE; + return TRUE; + } + return FALSE; +} + + +/* + * Check if the read channel is available and this handle as at the head, then + * grab the channel and return TRUE. + * + * If not available, return FALSE. + */ + +bool Curl_pipeline_checkget_read(struct SessionHandle *data, + struct connectdata *conn) +{ + if(conn->bits.multiplex) + /* when multiplexing, we can use it at once */ + return TRUE; + + if(!conn->readchannel_inuse && Curl_recvpipe_head(data, conn)) { + /* Grab the channel */ + conn->readchannel_inuse = TRUE; + return TRUE; + } + return FALSE; +} + +/* + * The current user of the pipeline write channel gives it up. + */ +void Curl_pipeline_leave_write(struct connectdata *conn) +{ + conn->writechannel_inuse = FALSE; +} + +/* + * The current user of the pipeline read channel gives it up. + */ +void Curl_pipeline_leave_read(struct connectdata *conn) +{ + conn->readchannel_inuse = FALSE; +} + + #if 0 void print_pipeline(struct connectdata *conn) { diff -Nru curl-7.42.1/lib/pipeline.h curl-7.43.0/lib/pipeline.h --- curl-7.42.1/lib/pipeline.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/pipeline.h 2015-06-11 17:50:43.000000000 +0000 @@ -7,6 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * + * Copyright (C) 2015, Daniel Stenberg, , et al. * Copyright (C) 2013 - 2014, Linus Nielsen Feltzing, * * This software is licensed as described in the file COPYING, which @@ -41,4 +42,15 @@ CURLMcode Curl_pipeline_set_server_blacklist(char **servers, struct curl_llist **list_ptr); +bool Curl_pipeline_checkget_write(struct SessionHandle *data, + struct connectdata *conn); +bool Curl_pipeline_checkget_read(struct SessionHandle *data, + struct connectdata *conn); +void Curl_pipeline_leave_write(struct connectdata *conn); +void Curl_pipeline_leave_read(struct connectdata *conn); +bool Curl_recvpipe_head(struct SessionHandle *data, + struct connectdata *conn); +bool Curl_sendpipe_head(struct SessionHandle *data, + struct connectdata *conn); + #endif /* HEADER_CURL_PIPELINE_H */ diff -Nru curl-7.42.1/lib/README.ares curl-7.43.0/lib/README.ares --- curl-7.42.1/lib/README.ares 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/README.ares 1970-01-01 00:00:00.000000000 +0000 @@ -1,69 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - How To Build libcurl to Use c-ares For Asynch Name Resolves - =========================================================== - -c-ares: - http://c-ares.haxx.se/ - -NOTE - The latest libcurl version requires c-ares 1.6.0 or later. - - Once upon the time libcurl built fine with the "original" ares. That is no - longer true. You need to use c-ares. - -Build c-ares -============ - -1. unpack the c-ares archive -2. cd c-ares-dir -3. ./configure -4. make -5. make install - -Build libcurl to use c-ares in the curl source tree -=================================================== - -1. name or symlink the c-ares source directory 'ares' in the curl source - directory -2. ./configure --enable-ares - - Optionally, you can point out the c-ares install tree root with the the - --enable-ares option. - -3. make - -Build libcurl to use an installed c-ares -======================================== - -1. ./configure --enable-ares=/path/to/ares/install -2. make - -c-ares on win32 -=============== -(description brought by Dominick Meglio) - -First I compiled c-ares. I changed the default C runtime library to be the -single-threaded rather than the multi-threaded (this seems to be required to -prevent linking errors later on). Then I simply build the areslib project (the -other projects adig/ahost seem to fail under MSVC). - -Next was libcurl. I opened lib/config-win32.h and I added a: - #define USE_ARES 1 - -Next thing I did was I added the path for the ares includes to the include -path, and the libares.lib to the libraries. - -Lastly, I also changed libcurl to be single-threaded rather than -multi-threaded, again this was to prevent some duplicate symbol errors. I'm -not sure why I needed to change everything to single-threaded, but when I -didn't I got redefinition errors for several CRT functions (malloc, stricmp, -etc.) - -I would have modified the MSVC++ project files, but I only have VC.NET and it -uses a different format than VC6.0 so I didn't want to go and change -everything and remove VC6.0 support from libcurl. diff -Nru curl-7.42.1/lib/README.curl_off_t curl-7.43.0/lib/README.curl_off_t --- curl-7.42.1/lib/README.curl_off_t 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/README.curl_off_t 1970-01-01 00:00:00.000000000 +0000 @@ -1,68 +0,0 @@ - - curl_off_t explained - ==================== - -curl_off_t is a data type provided by the external libcurl include headers. It -is the type meant to be used for the curl_easy_setopt() options that end with -LARGE. The type is 64bit large on most modern platforms. - -Transition from < 7.19.0 to >= 7.19.0 -------------------------------------- - -Applications that used libcurl before 7.19.0 that are rebuilt with a libcurl -that is 7.19.0 or later may or may not have to worry about anything of -this. We have made a significant effort to make the transition really seamless -and transparent. - -You have have to take notice if you are in one of the following situations: - -o Your app is using or will after the transition use a libcurl that is built - with LFS (large file support) disabled even though your system otherwise - supports it. - -o Your app is using or will after the transition use a libcurl that doesn't - support LFS at all, but your system and compiler support 64bit data types. - -In both these cases, the curl_off_t type will now (after the transition) be -64bit where it previously was 32bit. This will cause a binary incompatibility -that you MAY need to deal with. - -Benefits --------- - -This new way has several benefits: - -o Platforms without LFS support can still use libcurl to do >32 bit file - transfers and range operations etc as long as they have >32 bit data-types - supported. - -o Applications will no longer easily build with the curl_off_t size - mismatched, which has been a very frequent (and annoying) problem with - libcurl <= 7.18.2 - -Historically ------------- - -Previously, before 7.19.0, the curl_off_t type would be rather strongly -connected to the size of the system off_t type, where currently curl_off_t is -independent of that. - -The strong connection to off_t made it troublesome for application authors -since when they did mistakes, they could get curl_off_t type of different -sizes in the app vs libcurl, and that caused strange effects that were hard to -track and detect by users of libcurl. - -SONAME ------- - -We opted to not bump the soname for the library unconditionally, simply -because soname bumping is causing a lot of grief and moaning all over the -community so we try to keep that at minimum. Also, our selected design path -should be 100% backwards compatible for the vast majority of all libcurl -users. - -Enforce SONAME bump -------------------- - -If configure doesn't detect your case where a bump is necessary, re-run it -with the --enable-soname-bump command line option! diff -Nru curl-7.42.1/lib/README.curlx curl-7.43.0/lib/README.curlx --- curl-7.42.1/lib/README.curlx 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/README.curlx 1970-01-01 00:00:00.000000000 +0000 @@ -1,61 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - Source Code Functions Apps Might Use - ==================================== - -The libcurl source code offers a few functions by source only. They are not -part of the official libcurl API, but the source files might be useful for -others so apps can optionally compile/build with these sources to gain -additional functions. - -We provide them through a single header file for easy access for apps: -"curlx.h" - - curlx_strtoofft() - - A macro that converts a string containing a number to a curl_off_t number. - This might use the curlx_strtoll() function which is provided as source - code in strtoofft.c. Note that the function is only provided if no - strtoll() (or equivalent) function exist on your platform. If curl_off_t - is only a 32 bit number on your platform, this macro uses strtol(). - - curlx_tvnow() - - returns a struct timeval for the current time. - - curlx_tvdiff() - - returns the difference between two timeval structs, in number of - milliseconds. - - curlx_tvdiff_secs() - - returns the same as curlx_tvdiff but with full usec resolution (as a - double) - -FUTURE -====== - - Several functions will be removed from the public curl_ name space in a - future libcurl release. They will then only become available as curlx_ - functions instead. To make the transition easier, we already today provide - these functions with the curlx_ prefix to allow sources to get built properly - with the new function names. The functions this concerns are: - - curlx_getenv - curlx_strequal - curlx_strnequal - curlx_mvsnprintf - curlx_msnprintf - curlx_maprintf - curlx_mvaprintf - curlx_msprintf - curlx_mprintf - curlx_mfprintf - curlx_mvsprintf - curlx_mvprintf - curlx_mvfprintf diff -Nru curl-7.42.1/lib/README.encoding curl-7.43.0/lib/README.encoding --- curl-7.42.1/lib/README.encoding 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/README.encoding 1970-01-01 00:00:00.000000000 +0000 @@ -1,60 +0,0 @@ - - Content Encoding Support for libcurl - -* About content encodings: - -HTTP/1.1 [RFC 2616] specifies that a client may request that a server encode -its response. This is usually used to compress a response using one of a set -of commonly available compression techniques. These schemes are `deflate' (the -zlib algorithm), `gzip' and `compress' [sec 3.5, RFC 2616]. A client requests -that the sever perform an encoding by including an Accept-Encoding header in -the request document. The value of the header should be one of the recognized -tokens `deflate', ... (there's a way to register new schemes/tokens, see sec -3.5 of the spec). A server MAY honor the client's encoding request. When a -response is encoded, the server includes a Content-Encoding header in the -response. The value of the Content-Encoding header indicates which scheme was -used to encode the data. - -A client may tell a server that it can understand several different encoding -schemes. In this case the server may choose any one of those and use it to -encode the response (indicating which one using the Content-Encoding header). -It's also possible for a client to attach priorities to different schemes so -that the server knows which it prefers. See sec 14.3 of RFC 2616 for more -information on the Accept-Encoding header. - -* Current support for content encoding: - -Support for the 'deflate' and 'gzip' content encoding are supported by -libcurl. Both regular and chunked transfers should work fine. The library -zlib is required for this feature. 'deflate' support was added by James -Gallagher, and support for the 'gzip' encoding was added by Dan Fandrich. - -* The libcurl interface: - -To cause libcurl to request a content encoding use: - - curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ) - -where is the intended value of the Accept-Encoding header. - -Currently, libcurl only understands how to process responses that use the -"deflate" or "gzip" Content-Encoding, so the only values for -CURLOPT_ACCEPT_ENCODING that will work (besides "identity," which does -nothing) are "deflate" and "gzip" If a response is encoded using the -"compress" or methods, libcurl will return an error indicating that the -response could not be decoded. If is NULL no Accept-Encoding header -is generated. If is a zero-length string, then an Accept-Encoding -header containing all supported encodings will be generated. - -The CURLOPT_ACCEPT_ENCODING must be set to any non-NULL value for content to -be automatically decoded. If it is not set and the server still sends encoded -content (despite not having been asked), the data is returned in its raw form -and the Content-Encoding type is not checked. - -* The curl interface: - -Use the --compressed option with curl to cause it to ask servers to compress -responses using any format supported by curl. - -James Gallagher -Dan Fandrich diff -Nru curl-7.42.1/lib/README.hostip curl-7.43.0/lib/README.hostip --- curl-7.42.1/lib/README.hostip 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/README.hostip 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ - hostip.c explained - ================== - - The main COMPILE-TIME DEFINES to keep in mind when reading the host*.c - source file are these: - - CURLRES_IPV6 - this host has getaddrinfo() and family, and thus we use - that. The host may not be able to resolve IPv6, but we don't really have to - take that into account. Hosts that aren't IPv6-enabled have CURLRES_IPV4 - defined. - - CURLRES_ARES - is defined if libcurl is built to use c-ares for asynchronous - name resolves. This can be Windows or *nix. - - CURLRES_THREADED - is defined if libcurl is built to use threading for - asynchronous name resolves. The name resolve will be done in a new thread, - and the supported asynch API will be the same as for ares-builds. This is - the default under (native) Windows. - - If any of the two previous are defined, CURLRES_ASYNCH is defined too. If - libcurl is not built to use an asynchronous resolver, CURLRES_SYNCH is - defined. - - The host*.c sources files are split up like this: - - hostip.c - method-independent resolver functions and utility functions - hostasyn.c - functions for asynchronous name resolves - hostsyn.c - functions for synchronous name resolves - asyn-ares.c - functions for asynchronous name resolves using c-ares - asyn-thread.c - functions for asynchronous name resolves using threads - hostip4.c - IPv4 specific functions - hostip6.c - IPv6 specific functions - - The hostip.h is the single united header file for all this. It defines the - CURLRES_* defines based on the config*.h and curl_setup.h defines. diff -Nru curl-7.42.1/lib/README.httpauth curl-7.43.0/lib/README.httpauth --- curl-7.42.1/lib/README.httpauth 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/README.httpauth 1970-01-01 00:00:00.000000000 +0000 @@ -1,74 +0,0 @@ - -1. PUT/POST without a known auth to use (possibly no auth required): - - (When explicitly set to use a multi-pass auth when doing a POST/PUT, - libcurl should immediately go the Content-Length: 0 bytes route to avoid - the first send all data phase, step 2. If told to use a single-pass auth, - goto step 3.) - - Issue the proper PUT/POST request immediately, with the correct - Content-Length and Expect: headers. - - If a 100 response is received or the wait for one times out, start sending - the request-body. - - If a 401 (or 407 when talking through a proxy) is received, then: - - If we have "more than just a little" data left to send, close the - connection. Exactly what "more than just a little" means will have to be - determined. Possibly the current transfer speed should be taken into - account as well. - - NOTE: if the size of the POST data is less than MAX_INITIAL_POST_SIZE (when - CURLOPT_POSTFIELDS is used), libcurl will send everything in one single - write() (all request-headers and request-body) and thus it will - unconditionally send the full post data here. - -2. PUT/POST with multi-pass auth but not yet completely negotiated: - - Send a PUT/POST request, we know that it will be rejected and thus we claim - Content-Length zero to avoid having to send the request-body. (This seems - to be what IE does.) - -3. PUT/POST as the last step in the auth negotiation, that is when we have - what we believe is a completed negotiation: - - Send a full and proper PUT/POST request (again) with the proper - Content-Length and a following request-body. - - NOTE: this may very well be the second (or even third) time the whole or at - least parts of the request body is sent to the server. Since the data may - be provided to libcurl with a callback, we need a way to tell the app that - the upload is to be restarted so that the callback will provide data from - the start again. This requires an API method/mechanism that libcurl - doesn't have today. See below. - -Data Rewind - - It will be troublesome for some apps to deal with a rewind like this in all - circumstances. I'm thinking for example when using 'curl' to upload data - from stdin. If libcurl ends up having to rewind the reading for a request - to succeed, of course a lack of this callback or if it returns failure, will - cause the request to fail completely. - - The new callback is set with CURLOPT_IOCTLFUNCTION (in an attempt to add a - more generic function that might be used for other IO-related controls in - the future): - - curlioerr curl_ioctl(CURL *handle, curliocmd cmd, void *clientp); - - And in the case where the read is to be rewinded, it would be called with a - cmd named CURLIOCMD_RESTARTREAD. The callback would then return CURLIOE_OK, - if things are fine, or CURLIOE_FAILRESTART if not. - -Backwards Compatibility - - The approach used until now, that issues a HEAD on the given URL to trigger - the auth negotiation could still be supported and encouraged, but it would - be up to the app to first fetch a URL with GET/HEAD to negotiate on, since - then a following PUT/POST wouldn't need to negotiate authentication and - thus avoid double-sending data. - - Optionally, we keep the current approach if some option is set - (CURLOPT_HEADBEFOREAUTH or similar), since it seems to work fairly well for - POST on most servers. diff -Nru curl-7.42.1/lib/README.memoryleak curl-7.43.0/lib/README.memoryleak --- curl-7.42.1/lib/README.memoryleak 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/README.memoryleak 1970-01-01 00:00:00.000000000 +0000 @@ -1,55 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - How To Track Down Suspected Memory Leaks in libcurl - =================================================== - -Single-threaded - - Please note that this memory leak system is not adjusted to work in more - than one thread. If you want/need to use it in a multi-threaded app. Please - adjust accordingly. - - -Build - - Rebuild libcurl with -DCURLDEBUG (usually, rerunning configure with - --enable-debug fixes this). 'make clean' first, then 'make' so that all - files actually are rebuilt properly. It will also make sense to build - libcurl with the debug option (usually -g to the compiler) so that debugging - it will be easier if you actually do find a leak in the library. - - This will create a library that has memory debugging enabled. - -Modify Your Application - - Add a line in your application code: - - curl_memdebug("dump"); - - This will make the malloc debug system output a full trace of all resource - using functions to the given file name. Make sure you rebuild your program - and that you link with the same libcurl you built for this purpose as - described above. - -Run Your Application - - Run your program as usual. Watch the specified memory trace file grow. - - Make your program exit and use the proper libcurl cleanup functions etc. So - that all non-leaks are returned/freed properly. - -Analyze the Flow - - Use the tests/memanalyze.pl perl script to analyze the dump file: - - tests/memanalyze.pl dump - - This now outputs a report on what resources that were allocated but never - freed etc. This report is very fine for posting to the list! - - If this doesn't produce any output, no leak was detected in libcurl. Then - the leak is mostly likely to be in your code. diff -Nru curl-7.42.1/lib/README.multi_socket curl-7.43.0/lib/README.multi_socket --- curl-7.42.1/lib/README.multi_socket 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/README.multi_socket 1970-01-01 00:00:00.000000000 +0000 @@ -1,53 +0,0 @@ -Implementation of the curl_multi_socket API - - The main ideas of the new API are simply: - - 1 - The application can use whatever event system it likes as it gets info - from libcurl about what file descriptors libcurl waits for what action - on. (The previous API returns fd_sets which is very select()-centric). - - 2 - When the application discovers action on a single socket, it calls - libcurl and informs that there was action on this particular socket and - libcurl can then act on that socket/transfer only and not care about - any other transfers. (The previous API always had to scan through all - the existing transfers.) - - The idea is that curl_multi_socket_action() calls a given callback with - information about what socket to wait for what action on, and the callback - only gets called if the status of that socket has changed. - - We also added a timer callback that makes libcurl call the application when - the timeout value changes, and you set that with curl_multi_setopt() and the - CURLMOPT_TIMERFUNCTION option. To get this to work, Internally, there's an - added a struct to each easy handle in which we store an "expire time" (if - any). The structs are then "splay sorted" so that we can add and remove - times from the linked list and yet somewhat swiftly figure out both how long - time there is until the next nearest timer expires and which timer (handle) - we should take care of now. Of course, the upside of all this is that we get - a curl_multi_timeout() that should also work with old-style applications - that use curl_multi_perform(). - - We created an internal "socket to easy handles" hash table that given - a socket (file descriptor) return the easy handle that waits for action on - that socket. This hash is made using the already existing hash code - (previously only used for the DNS cache). - - To make libcurl able to report plain sockets in the socket callback, we had - to re-organize the internals of the curl_multi_fdset() etc so that the - conversion from sockets to fd_sets for that function is only done in the - last step before the data is returned. I also had to extend c-ares to get a - function that can return plain sockets, as that library too returned only - fd_sets and that is no longer good enough. The changes done to c-ares are - available in c-ares 1.3.1 and later. - - We have done a test runs with up to 9000 connections (with a single active - one). The curl_multi_socket_action() invoke then takes less than 10 - microseconds in average (using the read-only-1-byte-at-a-time hack). We are - now below the 60 microseconds "per socket action" goal (the extra 50 is the - time libevent needs). - -Documentation - - http://curl.haxx.se/libcurl/c/curl_multi_socket_action.html - http://curl.haxx.se/libcurl/c/curl_multi_timeout.html - http://curl.haxx.se/libcurl/c/curl_multi_setopt.html diff -Nru curl-7.42.1/lib/README.pingpong curl-7.43.0/lib/README.pingpong --- curl-7.42.1/lib/README.pingpong 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/README.pingpong 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -Date: December 5, 2009 - -Pingpong -======== - - Pingpong is just my (Daniel's) jestful collective name on the protocols that - share a very similar kind of back-and-forth procedure with command and - responses to and from the server. FTP was previously the only protocol in - that family that libcurl supported, but when POP3, IMAP and SMTP joined the - team I moved some of the internals into a separate pingpong module to be - easier to get used by all these protocols to reduce code duplication and ease - code re-use between these protocols. - -FTP - - In 7.20.0 we converted code to use the new pingpong code from previously - having been all "native" FTP code. - -POP3 - - There's no support in the documented URL format to specify the exact mail to - get, but we support that as the path specified in the URL. - -IMAP - -SMTP - - There's no official URL syntax defined for SMTP, but we use only the generic - one and we provide two additional libcurl options to specify receivers and - sender of the actual mail. diff -Nru curl-7.42.1/lib/README.pipelining curl-7.43.0/lib/README.pipelining --- curl-7.42.1/lib/README.pipelining 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/README.pipelining 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ -HTTP Pipelining with libcurl -============================ - -Background - -Since pipelining implies that one or more requests are sent to a server before -the previous response(s) have been received, we only support it for multi -interface use. - -Considerations - -When using the multi interface, you create one easy handle for each transfer. -Bascially any number of handles can be created, added and used with the multi -interface - simultaneously. It is an interface designed to allow many -simultaneous transfers while still using a single thread. Pipelining does not -change any of these details. - -API - -We've added a new option to curl_multi_setopt() called CURLMOPT_PIPELINING -that enables "attempted pipelining" and then all easy handles used on that -handle will attempt to use an existing pipeline. - -Details - -- A pipeline is only created if a previous connection exists to the same IP - address that the new request is being made to use. - -- Pipelines are only supported for HTTP(S) as no other currently supported - protocol has features resemembling this, but we still name this feature - plain 'pipelining' to possibly one day support it for other protocols as - well. - -- HTTP Pipelining is for GET and HEAD requests only. - -- When a pipeline is in use, we must take precautions so that when used easy - handles (i.e those who still wait for a response) are removed from the multi - handle, we must deal with the outstanding response nicely. - -- Explicitly asking for pipelining handle X and handle Y won't be supported. - It isn't easy for an app to do this association. The lib should probably - still resolve the second one properly to make sure that they actually _can_ - be considered for pipelining. Also, asking for explicit pipelining on handle - X may be tricky when handle X get a closed connection. diff -Nru curl-7.42.1/lib/rtsp.c curl-7.43.0/lib/rtsp.c --- curl-7.42.1/lib/rtsp.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/rtsp.c 2015-06-15 21:14:25.000000000 +0000 @@ -263,11 +263,10 @@ * Since all RTSP requests are included here, there is no need to * support custom requests like HTTP. **/ - DEBUGASSERT((rtspreq > RTSPREQ_NONE && rtspreq < RTSPREQ_LAST)); data->set.opt_no_body = TRUE; /* most requests don't contain a body */ switch(rtspreq) { - case RTSPREQ_NONE: - failf(data, "Got invalid RTSP request: RTSPREQ_NONE"); + default: + failf(data, "Got invalid RTSP request"); return CURLE_BAD_FUNCTION_ARGUMENT; case RTSPREQ_OPTIONS: p_request = "OPTIONS"; @@ -323,7 +322,7 @@ if(!p_session_id && (rtspreq & ~(RTSPREQ_OPTIONS | RTSPREQ_DESCRIBE | RTSPREQ_SETUP))) { failf(data, "Refusing to issue an RTSP request [%s] without a session ID.", - p_request ? p_request : ""); + p_request); return CURLE_BAD_FUNCTION_ARGUMENT; } @@ -496,8 +495,8 @@ } else { - postsize = (data->set.postfieldsize != -1)? - data->set.postfieldsize: + postsize = (data->state.infilesize != -1)? + data->state.infilesize: (data->set.postfields? (curl_off_t)strlen(data->set.postfields):0); data->set.httpreq = HTTPREQ_POST; } diff -Nru curl-7.42.1/lib/security.c curl-7.43.0/lib/security.c --- curl-7.42.1/lib/security.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/security.c 2015-06-15 21:14:25.000000000 +0000 @@ -109,13 +109,6 @@ return 'P'; } -static const struct Curl_sec_client_mech * const mechs[] = { -#ifdef HAVE_GSSAPI - &Curl_krb5_client_mech, -#endif - NULL -}; - /* Send an FTP command defined by |message| and the optional arguments. The function returns the ftp_code. If an error occurs, -1 is returned. */ static int ftp_send_command(struct connectdata *conn, const char *message, ...) @@ -366,7 +359,7 @@ int */ int decoded_len; char *buf; - int ret_code; + int ret_code = 0; size_t decoded_sz = 0; CURLcode error; @@ -395,13 +388,13 @@ } buf[decoded_len] = '\0'; - DEBUGASSERT(decoded_len > 3); - if(buf[3] == '-') - ret_code = 0; - else { - /* Check for error? */ + if(decoded_len <= 3) + /* suspiciously short */ + return 0; + + if(buf[3] != '-') + /* safe to ignore return code */ (void)sscanf(buf, "%d", &ret_code); - } if(buf[decoded_len - 1] == '\n') buf[decoded_len - 1] = '\0'; @@ -444,8 +437,8 @@ pbsz = strstr(conn->data->state.buffer, "PBSZ="); if(pbsz) { - /* FIXME: Checks for errors in sscanf? */ - sscanf(pbsz, "PBSZ=%u", &buffer_size); + /* ignore return code, use default value if it fails */ + (void)sscanf(pbsz, "PBSZ=%u", &buffer_size); if(buffer_size < conn->buffer_size) conn->buffer_size = buffer_size; } @@ -484,72 +477,63 @@ { int ret; struct SessionHandle *data = conn->data; - const struct Curl_sec_client_mech * const *mech; void *tmp_allocation; - const char *mech_name; + const struct Curl_sec_client_mech *mech = &Curl_krb5_client_mech; - for(mech = mechs; (*mech); ++mech) { - mech_name = (*mech)->name; - /* We have no mechanism with a NULL name but keep this check */ - DEBUGASSERT(mech_name != NULL); - if(mech_name == NULL) { - infof(data, "Skipping mechanism with empty name (%p)\n", (void *)mech); - continue; - } - tmp_allocation = realloc(conn->app_data, (*mech)->size); - if(tmp_allocation == NULL) { - failf(data, "Failed realloc of size %u", (*mech)->size); - mech = NULL; - return CURLE_OUT_OF_MEMORY; - } - conn->app_data = tmp_allocation; - - if((*mech)->init) { - ret = (*mech)->init(conn->app_data); - if(ret != 0) { - infof(data, "Failed initialization for %s. Skipping it.\n", mech_name); - continue; - } + tmp_allocation = realloc(conn->app_data, mech->size); + if(tmp_allocation == NULL) { + failf(data, "Failed realloc of size %u", mech->size); + mech = NULL; + return CURLE_OUT_OF_MEMORY; + } + conn->app_data = tmp_allocation; + + if(mech->init) { + ret = mech->init(conn->app_data); + if(ret) { + infof(data, "Failed initialization for %s. Skipping it.\n", + mech->name); + return CURLE_FAILED_INIT; } + } - infof(data, "Trying mechanism %s...\n", mech_name); - ret = ftp_send_command(conn, "AUTH %s", mech_name); - if(ret < 0) - /* FIXME: This error is too generic but it is OK for now. */ - return CURLE_COULDNT_CONNECT; - - if(ret/100 != 3) { - switch(ret) { - case 504: - infof(data, "Mechanism %s is not supported by the server (server " - "returned ftp code: 504).\n", mech_name); - break; - case 534: - infof(data, "Mechanism %s was rejected by the server (server returned " - "ftp code: 534).\n", mech_name); - break; - default: - if(ret/100 == 5) { - infof(data, "server does not support the security extensions\n"); - return CURLE_USE_SSL_FAILED; - } - break; + infof(data, "Trying mechanism %s...\n", mech->name); + ret = ftp_send_command(conn, "AUTH %s", mech->name); + if(ret < 0) + /* FIXME: This error is too generic but it is OK for now. */ + return CURLE_COULDNT_CONNECT; + + if(ret/100 != 3) { + switch(ret) { + case 504: + infof(data, "Mechanism %s is not supported by the server (server " + "returned ftp code: 504).\n", mech->name); + break; + case 534: + infof(data, "Mechanism %s was rejected by the server (server returned " + "ftp code: 534).\n", mech->name); + break; + default: + if(ret/100 == 5) { + infof(data, "server does not support the security extensions\n"); + return CURLE_USE_SSL_FAILED; } - continue; + break; } + return CURLE_LOGIN_DENIED; + } - /* Authenticate */ - ret = (*mech)->auth(conn->app_data, conn); + /* Authenticate */ + ret = mech->auth(conn->app_data, conn); - if(ret == AUTH_CONTINUE) - continue; - else if(ret != AUTH_OK) { + if(ret != AUTH_CONTINUE) { + if(ret != AUTH_OK) { /* Mechanism has dumped the error to stderr, don't error here. */ return -1; } DEBUGASSERT(ret == AUTH_OK); - conn->mech = *mech; + conn->mech = mech; conn->sec_complete = 1; conn->recv[FIRSTSOCKET] = sec_recv; conn->send[FIRSTSOCKET] = sec_send; @@ -559,10 +543,9 @@ /* Set the requested protection level */ /* BLOCKING */ (void)sec_set_protection_level(conn); - break; } - return *mech != NULL ? CURLE_OK : CURLE_FAILED_INIT; + return CURLE_OK; } CURLcode diff -Nru curl-7.42.1/lib/sendf.c curl-7.43.0/lib/sendf.c --- curl-7.42.1/lib/sendf.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/sendf.c 2015-06-11 17:50:43.000000000 +0000 @@ -551,7 +551,7 @@ ssize_t nread = 0; size_t bytesfromsocket = 0; char *buffertofill = NULL; - bool pipelining = Curl_multi_pipeline_enabled(conn->data->multi); + bool pipelining = Curl_pipeline_wanted(conn->data->multi, CURLPIPE_HTTP1); /* Set 'num' to 0 or 1, depending on which socket that has been sent here. If it is the second socket, we set num to 1. Otherwise to 0. This lets diff -Nru curl-7.42.1/lib/share.c curl-7.43.0/lib/share.c --- curl-7.42.1/lib/share.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/share.c 2015-06-11 17:50:43.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -35,9 +35,15 @@ curl_share_init(void) { struct Curl_share *share = calloc(1, sizeof(struct Curl_share)); - if(share) + if(share) { share->specifier |= (1<hostcache)) { + free(share); + return NULL; + } + } + return share; } @@ -67,11 +73,6 @@ share->specifier |= (1<hostcache) { - share->hostcache = Curl_mk_dnscache(); - if(!share->hostcache) - res = CURLSHE_NOMEM; - } break; case CURL_LOCK_DATA_COOKIE: @@ -115,10 +116,6 @@ share->specifier &= ~(1<hostcache) { - Curl_hash_destroy(share->hostcache); - share->hostcache = NULL; - } break; case CURL_LOCK_DATA_COOKIE: @@ -192,10 +189,7 @@ return CURLSHE_IN_USE; } - if(share->hostcache) { - Curl_hash_destroy(share->hostcache); - share->hostcache = NULL; - } + Curl_hash_destroy(&share->hostcache); #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) Curl_cookie_cleanup(share->cookies); diff -Nru curl-7.42.1/lib/share.h curl-7.43.0/lib/share.h --- curl-7.42.1/lib/share.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/share.h 2015-06-11 17:50:43.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -44,7 +44,7 @@ curl_unlock_function unlockfunc; void *clientdata; - struct curl_hash *hostcache; + struct curl_hash hostcache; #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) struct CookieInfo *cookies; #endif diff -Nru curl-7.42.1/lib/smb.c curl-7.43.0/lib/smb.c --- curl-7.42.1/lib/smb.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/smb.c 2015-06-17 05:47:21.000000000 +0000 @@ -783,9 +783,15 @@ off = Curl_read16_le(((unsigned char *) msg) + sizeof(struct smb_header) + 13); if(len > 0) { - result = Curl_client_write(conn, CLIENTWRITE_BODY, - (char *)msg + off + sizeof(unsigned int), - len); + struct smb_conn *smbc = &conn->proto.smbc; + if(off + sizeof(unsigned int) + len > smbc->got) { + failf(conn->data, "Invalid input packet"); + result = CURLE_RECV_ERROR; + } + else + result = Curl_client_write(conn, CLIENTWRITE_BODY, + (char *)msg + off + sizeof(unsigned int), + len); if(result) { req->result = result; next_state = SMB_CLOSE; diff -Nru curl-7.42.1/lib/ssh.c curl-7.43.0/lib/ssh.c --- curl-7.42.1/lib/ssh.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/ssh.c 2015-06-12 22:20:46.000000000 +0000 @@ -1737,8 +1737,8 @@ BUFSIZE : curlx_sotouz(data->state.resume_from - passed); size_t actuallyread = - conn->fread_func(data->state.buffer, 1, readthisamountnow, - conn->fread_in); + data->set.fread_func(data->state.buffer, 1, readthisamountnow, + data->set.in); passed += actuallyread; if((actuallyread == 0) || (actuallyread > readthisamountnow)) { diff -Nru curl-7.42.1/lib/strerror.c curl-7.43.0/lib/strerror.c --- curl-7.42.1/lib/strerror.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/strerror.c 2015-06-11 17:50:43.000000000 +0000 @@ -1067,6 +1067,12 @@ if(err == SEC_E_OK) strncpy(outbuf, txt, outmax); + else if(err == SEC_E_ILLEGAL_MESSAGE) + snprintf(outbuf, outmax, + "SEC_E_ILLEGAL_MESSAGE (0x%04X%04X) - This error usually occurs " + "when a fatal SSL/TLS alert is received (e.g. handshake failed). " + "More detail may be available in the Windows System event log.", + (err >> 16) & 0xffff, err & 0xffff); else { str = txtbuf; snprintf(txtbuf, sizeof(txtbuf), "%s (0x%04X%04X)", diff -Nru curl-7.42.1/lib/telnet.c curl-7.43.0/lib/telnet.c --- curl-7.42.1/lib/telnet.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/telnet.c 2015-06-11 17:50:43.000000000 +0000 @@ -1423,7 +1423,8 @@ for(;;) { if(data->set.is_fread_set) { /* read from user-supplied method */ - result = (int) conn->fread_func(buf, 1, BUFSIZE - 1, conn->fread_in); + result = (int)data->set.fread_func(buf, 1, BUFSIZE - 1, + data->set.in); if(result == CURL_READFUNC_ABORT) { keepon = FALSE; result = CURLE_READ_ERROR; @@ -1562,13 +1563,13 @@ pfd[0].fd = sockfd; pfd[0].events = POLLIN; - if(conn->fread_func != (curl_read_callback)fread) { + if(data->set.fread_func != (curl_read_callback)fread) { poll_cnt = 1; interval_ms = 100; /* poll user-supplied read function */ } else { /* really using fread, so infile is a FILE* */ - pfd[1].fd = fileno((FILE *)conn->fread_in); + pfd[1].fd = fileno((FILE *)data->set.in); pfd[1].events = POLLIN; poll_cnt = 2; interval_ms = 1 * 1000; @@ -1627,7 +1628,7 @@ } else { /* read from user-supplied method */ - nread = (int)conn->fread_func(buf, 1, BUFSIZE - 1, conn->fread_in); + nread = (int)data->set.fread_func(buf, 1, BUFSIZE - 1, data->set.in); if(nread == CURL_READFUNC_ABORT) { keepon = FALSE; break; diff -Nru curl-7.42.1/lib/transfer.c curl-7.43.0/lib/transfer.c --- curl-7.42.1/lib/transfer.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/transfer.c 2015-06-14 21:31:01.000000000 +0000 @@ -115,8 +115,8 @@ /* this function returns a size_t, so we typecast to int to prevent warnings with picky compilers */ - nread = (int)conn->fread_func(data->req.upload_fromhere, 1, - buffersize, conn->fread_in); + nread = (int)data->set.fread_func(data->req.upload_fromhere, 1, + buffersize, data->set.in); if(nread == CURL_READFUNC_ABORT) { failf(data, "operation aborted by callback"); @@ -317,8 +317,7 @@ TRUE. The thing is if we read everything, then http2_recv won't be called and we cannot signal the HTTP/2 stream has closed. As a workaround, we return nonzero here to call http2_recv. */ - ((conn->handler->protocol&PROTO_FAMILY_HTTP) && conn->httpversion == 20 && - conn->proto.httpc.closed); + ((conn->handler->protocol&PROTO_FAMILY_HTTP) && conn->httpversion == 20); #else Curl_ssl_data_pending(conn, FIRSTSOCKET); #endif @@ -433,6 +432,7 @@ else { /* read nothing but since we wanted nothing we consider this an OK situation to proceed from */ + DEBUGF(infof(data, "readwrite_data: we're done!\n")); nread = 0; } @@ -494,7 +494,7 @@ /* We've stopped dealing with input, get out of the do-while loop */ if(nread > 0) { - if(Curl_multi_pipeline_enabled(conn->data->multi)) { + if(Curl_pipeline_wanted(conn->data->multi, CURLPIPE_HTTP1)) { infof(data, "Rewinding stream by : %zd" " bytes on url %s (zero-length body)\n", @@ -639,7 +639,7 @@ if(dataleft != 0) { infof(conn->data, "Leftovers after chunking: %zu bytes\n", dataleft); - if(Curl_multi_pipeline_enabled(conn->data->multi)) { + if(Curl_pipeline_wanted(conn->data->multi, CURLPIPE_HTTP1)) { /* only attempt the rewind if we truly are pipelining */ infof(conn->data, "Rewinding %zu bytes\n",dataleft); read_rewind(conn, dataleft); @@ -662,7 +662,7 @@ excess = (size_t)(k->bytecount + nread - k->maxdownload); if(excess > 0 && !k->ignorebody) { - if(Curl_multi_pipeline_enabled(conn->data->multi)) { + if(Curl_pipeline_wanted(conn->data->multi, CURLPIPE_HTTP1)) { /* The 'excess' amount below can't be more than BUFSIZE which always will fit in a size_t */ infof(data, @@ -828,13 +828,6 @@ *didwhat |= KEEP_SEND; - /* - * We loop here to do the READ and SEND loop until we run out of - * data to send or until we get EWOULDBLOCK back - * - * FIXME: above comment is misleading. Currently no looping is - * actually done in do-while loop below. - */ do { /* only read more data if there's no upload data already @@ -1020,9 +1013,9 @@ * be read and written to/from the connection. */ CURLcode Curl_readwrite(struct connectdata *conn, + struct SessionHandle *data, bool *done) { - struct SessionHandle *data = conn->data; struct SingleRequest *k = &data->req; CURLcode result; int didwhat=0; @@ -1046,6 +1039,11 @@ else fd_write = CURL_SOCKET_BAD; + if(conn->data->state.drain) { + select_res |= CURL_CSELECT_IN; + DEBUGF(infof(data, "Curl_readwrite: forcibly told to drain data\n")); + } + if(!select_res) /* Call for select()/poll() only, if read/write/error status is not known. */ select_res = Curl_socket_ready(fd_read, fd_write, 0); diff -Nru curl-7.42.1/lib/transfer.h curl-7.43.0/lib/transfer.h --- curl-7.42.1/lib/transfer.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/transfer.h 2015-06-11 17:50:43.000000000 +0000 @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,7 +40,8 @@ followtype type); -CURLcode Curl_readwrite(struct connectdata *conn, bool *done); +CURLcode Curl_readwrite(struct connectdata *conn, + struct SessionHandle *data, bool *done); int Curl_single_getsock(const struct connectdata *conn, curl_socket_t *socks, int numsocks); diff -Nru curl-7.42.1/lib/url.c curl-7.43.0/lib/url.c --- curl-7.42.1/lib/url.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/url.c 2015-06-12 22:20:46.000000000 +0000 @@ -124,7 +124,6 @@ #include "curl_rtmp.h" #include "gopher.h" #include "http_proxy.h" -#include "bundles.h" #include "conncache.h" #include "multihandle.h" #include "pipeline.h" @@ -576,6 +575,18 @@ (char *) CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE); if(result) return result; + + /* set default negotiate proxy service name */ + result = setstropt(&set->str[STRING_PROXY_SERVICE_NAME], + (char *) CURL_DEFAULT_PROXY_SERVICE_NAME); + if(result) + return result; + + /* set default negotiate service name */ + result = setstropt(&set->str[STRING_SERVICE_NAME], + (char *) CURL_DEFAULT_SERVICE_NAME); + if(result) + return result; #endif /* This is our preferred CA cert bundle/path since install time */ @@ -1473,12 +1484,29 @@ va_arg(param, char *)); break; + case CURLOPT_PROXY_SERVICE_NAME: + /* + * Set negotiate proxy service name + */ + result = setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME], + va_arg(param, char *)); + break; + case CURLOPT_SOCKS5_GSSAPI_NEC: /* * set flag for nec socks5 support */ data->set.socks5_gssapi_nec = (0 != va_arg(param, long))?TRUE:FALSE; break; + + case CURLOPT_SERVICE_NAME: + /* + * Set negotiate service identity + */ + result = setstropt(&data->set.str[STRING_SERVICE_NAME], + va_arg(param, char *)); + break; + #endif case CURLOPT_HEADERDATA: @@ -2158,9 +2186,9 @@ data->share->dirty++; - if(data->share->hostcache) { + if(data->share->specifier & (1<< CURL_LOCK_DATA_DNS)) { /* use shared host cache */ - data->dns.hostcache = data->share->hostcache; + data->dns.hostcache = &data->share->hostcache; data->dns.hostcachetype = HCACHE_SHARED; } #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) @@ -2621,6 +2649,9 @@ case CURLOPT_PATH_AS_IS: data->set.path_as_is = (0 != va_arg(param, long))?TRUE:FALSE; break; + case CURLOPT_PIPEWAIT: + data->set.pipewait = (0 != va_arg(param, long))?TRUE:FALSE; + break; default: /* unknown tag and its companion, just ignore: */ result = CURLE_UNKNOWN_OPTION; @@ -2754,7 +2785,7 @@ Curl_ssl_close(conn, FIRSTSOCKET); /* Indicate to all handles on the pipe that we're dead */ - if(Curl_multi_pipeline_enabled(data->multi)) { + if(Curl_pipeline_wanted(data->multi, CURLPIPE_ANY)) { signalPipeClose(conn->send_pipe, TRUE); signalPipeClose(conn->recv_pipe, TRUE); } @@ -2782,30 +2813,29 @@ return ret_val; } +/* + * IsPipeliningPossible() returns TRUE if the options set would allow + * pipelining/multiplexing and the connection is using a HTTP protocol. + */ static bool IsPipeliningPossible(const struct SessionHandle *handle, const struct connectdata *conn) { - if((conn->handler->protocol & PROTO_FAMILY_HTTP) && - Curl_multi_pipeline_enabled(handle->multi) && - (handle->set.httpreq == HTTPREQ_GET || - handle->set.httpreq == HTTPREQ_HEAD) && - handle->set.httpversion != CURL_HTTP_VERSION_1_0) - return TRUE; - - return FALSE; -} + /* If a HTTP protocol and pipelining is enabled */ + if(conn->handler->protocol & PROTO_FAMILY_HTTP) { -bool Curl_isPipeliningEnabled(const struct SessionHandle *handle) -{ - return Curl_multi_pipeline_enabled(handle->multi); -} + if(Curl_pipeline_wanted(handle->multi, CURLPIPE_HTTP1) && + (handle->set.httpversion != CURL_HTTP_VERSION_1_0) && + (handle->set.httpreq == HTTPREQ_GET || + handle->set.httpreq == HTTPREQ_HEAD)) + /* didn't ask for HTTP/1.0 and a GET or HEAD */ + return TRUE; -CURLcode Curl_addHandleToPipeline(struct SessionHandle *data, - struct curl_llist *pipeline) -{ - if(!Curl_llist_insert_next(pipeline, pipeline->tail, data)) - return CURLE_OUT_OF_MEMORY; - return CURLE_OK; + if(Curl_pipeline_wanted(handle->multi, CURLPIPE_MULTIPLEX) && + (handle->set.httpversion == CURL_HTTP_VERSION_2_0)) + /* allows HTTP/2 */ + return TRUE; + } + return FALSE; } int Curl_removeHandleFromPipeline(struct SessionHandle *handle, @@ -2855,15 +2885,14 @@ struct connectdata *conn) { bool recv_head = (conn->readchannel_inuse && - (gethandleathead(conn->recv_pipe) == data)) ? TRUE : FALSE; - + Curl_recvpipe_head(data, conn)); bool send_head = (conn->writechannel_inuse && - (gethandleathead(conn->send_pipe) == data)) ? TRUE : FALSE; + Curl_sendpipe_head(data, conn)); if(Curl_removeHandleFromPipeline(data, conn->recv_pipe) && recv_head) - conn->readchannel_inuse = FALSE; + Curl_pipeline_leave_read(conn); if(Curl_removeHandleFromPipeline(data, conn->send_pipe) && send_head) - conn->writechannel_inuse = FALSE; + Curl_pipeline_leave_write(conn); } static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke) @@ -2915,7 +2944,7 @@ now = Curl_tvnow(); - Curl_hash_start_iterate(bc->hash, &iter); + Curl_hash_start_iterate(&bc->hash, &iter); he = Curl_hash_next_element(&iter); while(he) { @@ -3049,6 +3078,13 @@ } } + +static size_t max_pipeline_length(struct Curl_multi *multi) +{ + return multi ? multi->max_pipeline_length : 0; +} + + /* * Given one filled in connection struct (named needle), this function should * detect if there already is one that has all the significant details @@ -3065,7 +3101,8 @@ ConnectionExists(struct SessionHandle *data, struct connectdata *needle, struct connectdata **usethis, - bool *force_reuse) + bool *force_reuse, + bool *waitpipe) { struct connectdata *check; struct connectdata *chosen = 0; @@ -3078,6 +3115,7 @@ struct connectbundle *bundle; *force_reuse = FALSE; + *waitpipe = FALSE; /* We can't pipe if the site is blacklisted */ if(canPipeline && Curl_pipeline_site_blacklisted(data, needle)) { @@ -3088,7 +3126,9 @@ particular host */ bundle = Curl_conncache_find_bundle(needle, data->state.conn_cache); if(bundle) { - size_t max_pipe_len = Curl_multi_max_pipeline_length(data->multi); + /* Max pipe length is zero (unlimited) for multiplexed connections */ + size_t max_pipe_len = (bundle->multiuse != BUNDLE_MULTIPLEX)? + max_pipeline_length(data->multi):0; size_t best_pipe_len = max_pipe_len; struct curl_llist_element *curr; @@ -3096,9 +3136,17 @@ needle->host.name, (void *)bundle); /* We can't pipe if we don't know anything about the server */ - if(canPipeline && !bundle->server_supports_pipelining) { - infof(data, "Server doesn't support pipelining\n"); - canPipeline = FALSE; + if(canPipeline) { + if(bundle->multiuse <= BUNDLE_UNKNOWN) { + if((bundle->multiuse == BUNDLE_UNKNOWN) && data->set.pipewait) { + infof(data, "Server doesn't support multi-use yet, wait\n"); + *waitpipe = TRUE; + return FALSE; /* no re-use */ + } + + infof(data, "Server doesn't support multi-use (yet)\n"); + canPipeline = FALSE; + } } curr = bundle->conn_list->head; @@ -3122,16 +3170,19 @@ pipeLen = check->send_pipe->size + check->recv_pipe->size; if(canPipeline) { - /* Make sure the pipe has only GET requests */ - struct SessionHandle* sh = gethandleathead(check->send_pipe); - struct SessionHandle* rh = gethandleathead(check->recv_pipe); - if(sh) { - if(!IsPipeliningPossible(sh, check)) - continue; - } - else if(rh) { - if(!IsPipeliningPossible(rh, check)) - continue; + + if(!check->bits.multiplex) { + /* If not multiplexing, make sure the pipe has only GET requests */ + struct SessionHandle* sh = gethandleathead(check->send_pipe); + struct SessionHandle* rh = gethandleathead(check->recv_pipe); + if(sh) { + if(!IsPipeliningPossible(sh, check)) + continue; + } + else if(rh) { + if(!IsPipeliningPossible(rh, check)) + continue; + } } } else { @@ -3310,19 +3361,42 @@ } /* We can't use the connection if the pipe is full */ - if(pipeLen >= max_pipe_len) + if(max_pipe_len && (pipeLen >= max_pipe_len)) { + infof(data, "Pipe is full, skip (%zu)\n", pipeLen); continue; - + } +#ifdef USE_NGHTTP2 + /* If multiplexed, make sure we don't go over concurrency limit */ + if(check->bits.multiplex) { + /* Multiplexed connections can only be HTTP/2 for now */ + struct http_conn *httpc = &check->proto.httpc; + if(pipeLen >= httpc->settings.max_concurrent_streams) { + infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)\n", + pipeLen); + continue; + } + } +#endif /* We can't use the connection if the pipe is penalized */ - if(Curl_pipeline_penalized(data, check)) + if(Curl_pipeline_penalized(data, check)) { + infof(data, "Penalized, skip\n"); continue; + } - if(pipeLen < best_pipe_len) { - /* This connection has a shorter pipe so far. We'll pick this - and continue searching */ + if(max_pipe_len) { + if(pipeLen < best_pipe_len) { + /* This connection has a shorter pipe so far. We'll pick this + and continue searching */ + chosen = check; + best_pipe_len = pipeLen; + continue; + } + } + else { + /* When not pipelining (== multiplexed), we have a match here! */ chosen = check; - best_pipe_len = pipeLen; - continue; + infof(data, "Multiplexed connection found!\n"); + break; } } else { @@ -3374,20 +3448,6 @@ return (conn_candidate == conn) ? FALSE : TRUE; } -/* - * The given input connection struct pointer is to be stored in the connection - * cache. If the cache is already full, least interesting existing connection - * (if any) gets closed. - * - * The given connection should be unique. That must've been checked prior to - * this call. - */ -static CURLcode ConnectionStore(struct SessionHandle *data, - struct connectdata *conn) -{ - return Curl_conncache_add_conn(data->state.conn_cache, conn); -} - /* after a TCP connection to the proxy has been verified, this function does the next magic step. @@ -3763,9 +3823,9 @@ conn->response_header = NULL; #endif - if(Curl_multi_pipeline_enabled(data->multi) && - !conn->master_buffer) { - /* Allocate master_buffer to be used for pipelining */ + if(Curl_pipeline_wanted(data->multi, CURLPIPE_HTTP1) && + !conn->master_buffer) { + /* Allocate master_buffer to be used for HTTP/1 pipelining */ conn->master_buffer = calloc(BUFSIZE, sizeof (char)); if(!conn->master_buffer) goto error; @@ -4458,7 +4518,6 @@ * If this is supposed to use a proxy, we need to figure out the proxy * host name, so that we can re-use an existing connection * that may exist registered to the same proxy host. - * proxy will be freed before this function returns. */ static CURLcode parse_proxy(struct SessionHandle *data, struct connectdata *conn, char *proxy) @@ -5295,8 +5354,9 @@ bool reuse; char *proxy = NULL; bool prot_missing = FALSE; - bool no_connections_available = FALSE; + bool connections_available = TRUE; bool force_reuse = FALSE; + bool waitpipe = FALSE; size_t max_host_connections = Curl_multi_max_host_connections(data->multi); size_t max_total_connections = Curl_multi_max_total_connections(data->multi); @@ -5505,8 +5565,10 @@ conn->bits.httpproxy = TRUE; #endif } - else + else { conn->bits.httpproxy = FALSE; /* not a HTTP proxy */ + conn->bits.tunnel_proxy = FALSE; /* no tunneling if not HTTP */ + } conn->bits.proxy = TRUE; } else { @@ -5571,7 +5633,7 @@ conn->data = data; conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */ - ConnectionStore(data, conn); + Curl_conncache_add_conn(data->state.conn_cache, conn); /* * Setup whatever necessary for a resumed transfer @@ -5636,7 +5698,7 @@ if(data->set.reuse_fresh && !data->state.this_is_a_follow) reuse = FALSE; else - reuse = ConnectionExists(data, conn, &conn_temp, &force_reuse); + reuse = ConnectionExists(data, conn, &conn_temp, &force_reuse, &waitpipe); /* If we found a reusable connection, we may still want to open a new connection if we are pipelining. */ @@ -5682,9 +5744,15 @@ /* We have decided that we want a new connection. However, we may not be able to do that if we have reached the limit of how many connections we are allowed to open. */ - struct connectbundle *bundle; + struct connectbundle *bundle = NULL; + + if(waitpipe) + /* There is a connection that *might* become usable for pipelining + "soon", and we wait for that */ + connections_available = FALSE; + else + bundle = Curl_conncache_find_bundle(conn, data->state.conn_cache); - bundle = Curl_conncache_find_bundle(conn, data->state.conn_cache); if(max_host_connections > 0 && bundle && (bundle->num_connections >= max_host_connections)) { struct connectdata *conn_candidate; @@ -5697,11 +5765,15 @@ conn_candidate->data = data; (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE); } - else - no_connections_available = TRUE; + else { + infof(data, "No more connections allowed to host: %d\n", + max_host_connections); + connections_available = FALSE; + } } - if(max_total_connections > 0 && + if(connections_available && + (max_total_connections > 0) && (data->state.conn_cache->num_connections >= max_total_connections)) { struct connectdata *conn_candidate; @@ -5713,12 +5785,13 @@ conn_candidate->data = data; (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE); } - else - no_connections_available = TRUE; + else { + infof(data, "No connections available in cache\n"); + connections_available = FALSE; + } } - - if(no_connections_available) { + if(!connections_available) { infof(data, "No connections available.\n"); conn_free(conn); @@ -5732,7 +5805,7 @@ * This is a brand new connection, so let's store it in the connection * cache of ours! */ - ConnectionStore(data, conn); + Curl_conncache_add_conn(data->state.conn_cache, conn); } #if defined(USE_NTLM) @@ -5772,8 +5845,6 @@ * Inherit the proper values from the urldata struct AFTER we have arranged * the persistent connection stuff */ - conn->fread_func = data->set.fread_func; - conn->fread_in = data->set.in; conn->seek_func = data->set.seek_func; conn->seek_client = data->set.seek_client; @@ -5931,34 +6002,20 @@ conn = *connp; data = conn->data; - if(conn->bits.done) + DEBUGF(infof(data, "Curl_done\n")); + + if(data->state.done) /* Stop if Curl_done() has already been called */ return CURLE_OK; Curl_getoff_all_pipelines(data, conn); - if((conn->send_pipe->size + conn->recv_pipe->size != 0 && - !data->set.reuse_forbid && - !conn->bits.close)) - /* Stop if pipeline is not empty and we do not have to close - connection. */ - return CURLE_OK; - - conn->bits.done = TRUE; /* called just now! */ - /* Cleanup possible redirect junk */ free(data->req.newurl); data->req.newurl = NULL; free(data->req.location); data->req.location = NULL; - Curl_resolver_cancel(conn); - - if(conn->dns_entry) { - Curl_resolv_unlock(data, conn->dns_entry); /* done with this */ - conn->dns_entry = NULL; - } - switch(status) { case CURLE_ABORTED_BY_CALLBACK: case CURLE_READ_ERROR: @@ -5981,6 +6038,23 @@ if(!result && Curl_pgrsDone(conn)) result = CURLE_ABORTED_BY_CALLBACK; + if((conn->send_pipe->size + conn->recv_pipe->size != 0 && + !data->set.reuse_forbid && + !conn->bits.close)) { + /* Stop if pipeline is not empty and we do not have to close + connection. */ + DEBUGF(infof(data, "Connection still in use, no more Curl_done now!\n")); + return CURLE_OK; + } + + data->state.done = TRUE; /* called just now! */ + Curl_resolver_cancel(conn); + + if(conn->dns_entry) { + Curl_resolv_unlock(data, conn->dns_entry); /* done with this */ + conn->dns_entry = NULL; + } + /* if the transfer was completed in a paused state there can be buffered data left to write and then kill */ free(data->state.tempwrite); @@ -6050,7 +6124,7 @@ struct SessionHandle *data = conn->data; struct SingleRequest *k = &data->req; - conn->bits.done = FALSE; /* Curl_done() is not called yet */ + data->state.done = FALSE; /* Curl_done() is not called yet */ conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to use */ data->state.expect100header = FALSE; diff -Nru curl-7.42.1/lib/urldata.h curl-7.43.0/lib/urldata.h --- curl-7.42.1/lib/urldata.h 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/urldata.h 2015-06-17 05:43:13.000000000 +0000 @@ -322,6 +322,9 @@ size_t encdata_offset, decdata_offset; unsigned char *encdata_buffer, *decdata_buffer; unsigned long req_flags, ret_flags; + CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */ + bool recv_sspi_close_notify; /* true if connection closed by close_notify */ + bool recv_connection_closed; /* true if connection closed, regardless how */ #endif /* USE_SCHANNEL */ #ifdef USE_DARWINSSL SSLContextRef ssl_ctx; @@ -516,11 +519,6 @@ requests */ bool netrc; /* name+password provided by netrc */ bool userpwd_in_url; /* name+password found in url */ - - bool done; /* set to FALSE when Curl_do() is called and set to TRUE - when Curl_done() is called, to prevent Curl_done() to - get invoked twice when the multi interface is - used. */ bool stream_was_rewound; /* Indicates that the stream was rewound after a request read past the end of its response byte boundary */ @@ -530,6 +528,7 @@ bool bound; /* set true if bind() has already been done on this socket/ connection */ bool type_set; /* type= was used in the URL */ + bool multiplex; /* connection is multiplexed */ }; struct hostname { @@ -992,10 +991,6 @@ /*************** Request - specific items ************/ - /* previously this was in the urldata struct */ - curl_read_callback fread_func; /* function that reads the input */ - void *fread_in; /* pointer to pass to the fread() above */ - #if defined(USE_NTLM) struct ntlmdata ntlm; /* NTLM differs from other authentication schemes because it authenticates connections, not @@ -1309,6 +1304,13 @@ curl_off_t infilesize; /* size of file to upload, -1 means unknown. Copied from set.filesize at start of operation */ + + int drain; /* Increased when this stream has data to read, even if its + socket not necessarily is readable. Decreased when + checked. */ + bool done; /* set to FALSE when Curl_do() is called and set to TRUE when + Curl_done() is called, to prevent Curl_done() to get invoked + twice when the multi interface is used. */ }; @@ -1389,6 +1391,8 @@ #endif #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */ + STRING_PROXY_SERVICE_NAME, /* Proxy service name */ + STRING_SERVICE_NAME, /* Service name */ #endif STRING_MAIL_FROM, STRING_MAIL_AUTH, @@ -1421,8 +1425,8 @@ long proxyport; /* If non-zero, use this port number by default. If the proxy string features a ":[port]" that one will override this. */ - void *out; /* the fetched file goes here */ - void *in; /* the uploaded file is read from here */ + void *out; /* CURLOPT_WRITEDATA */ + void *in; /* CURLOPT_READDATA */ void *writeheader; /* write the header to this if non-NULL */ void *rtp_out; /* write RTP to this if non-NULL */ long use_port; /* which port to use (when not using default) */ @@ -1618,6 +1622,8 @@ bool ssl_enable_npn; /* TLS NPN extension? */ bool ssl_enable_alpn; /* TLS ALPN extension? */ bool path_as_is; /* allow dotdots? */ + bool pipewait; /* wait for pipe/multiplex status before starting a + new connection */ long expect_100_timeout; /* in milliseconds */ }; diff -Nru curl-7.42.1/lib/url.h curl-7.43.0/lib/url.h --- curl-7.42.1/lib/url.h 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/url.h 2015-06-12 22:20:46.000000000 +0000 @@ -69,6 +69,9 @@ #define CURL_DEFAULT_PROXY_PORT 1080 /* default proxy port unless specified */ #define CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE "rcmd" /* default socks5 gssapi service */ +#define CURL_DEFAULT_PROXY_SERVICE_NAME "HTTP" /* default negotiate proxy + service */ +#define CURL_DEFAULT_SERVICE_NAME "HTTP" /* default negotiate service */ CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex); diff -Nru curl-7.42.1/lib/vtls/cyassl.c curl-7.43.0/lib/vtls/cyassl.c --- curl-7.42.1/lib/vtls/cyassl.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/vtls/cyassl.c 2015-06-12 22:20:46.000000000 +0000 @@ -57,6 +57,7 @@ #include "connect.h" /* for the connect timeout */ #include "select.h" #include "rawstr.h" +#include "x509asn1.h" #include "curl_printf.h" #include @@ -403,6 +404,44 @@ } } + if(data->set.str[STRING_SSL_PINNEDPUBLICKEY]) { + X509 *x509; + const char *x509_der; + int x509_der_len; + curl_X509certificate x509_parsed; + curl_asn1Element *pubkey; + CURLcode result; + + x509 = SSL_get_peer_certificate(conssl->handle); + if(!x509) { + failf(data, "SSL: failed retrieving server certificate"); + return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + } + + x509_der = (const char *)CyaSSL_X509_get_der(x509, &x509_der_len); + if(!x509_der) { + failf(data, "SSL: failed retrieving ASN.1 server certificate"); + return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + } + + memset(&x509_parsed, 0, sizeof x509_parsed); + Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len); + + pubkey = &x509_parsed.subjectPublicKeyInfo; + if(!pubkey->header || pubkey->end <= pubkey->header) { + failf(data, "SSL: failed retrieving public key from server certificate"); + return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + } + + result = Curl_pin_peer_pubkey(data->set.str[STRING_SSL_PINNEDPUBLICKEY], + (const unsigned char *)pubkey->header, + (size_t)(pubkey->end - pubkey->header)); + if(result) { + failf(data, "SSL: public key does not match pinned public key!"); + return result; + } + } + conssl->connecting_state = ssl_connect_3; infof(data, "SSL connected\n"); diff -Nru curl-7.42.1/lib/vtls/gtls.c curl-7.43.0/lib/vtls/gtls.c --- curl-7.42.1/lib/vtls/gtls.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/vtls/gtls.c 2015-06-12 22:20:46.000000000 +0000 @@ -231,7 +231,7 @@ long filelen; void *ptr; - if(!(f = fopen(file, "r"))) + if(!(f = fopen(file, "rb"))) return loaded_file; if(fseek(f, 0, SEEK_END) != 0 || (filelen = ftell(f)) < 0 @@ -327,7 +327,8 @@ if(strerr == NULL) strerr = gnutls_strerror(rc); - failf(data, "gnutls_handshake() warning: %s", strerr); + infof(data, "gnutls_handshake() warning: %s\n", strerr); + continue; } else if(rc < 0) { const char *strerr = NULL; @@ -897,10 +898,98 @@ #ifdef HAS_OCSP if(data->set.ssl.verifystatus) { if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { - if(verify_status & GNUTLS_CERT_REVOKED) - infof(data, "\t server certificate was REVOKED\n"); - else - infof(data, "\t server certificate status verification FAILED\n"); + gnutls_datum_t status_request; + gnutls_ocsp_resp_t ocsp_resp; + + gnutls_ocsp_cert_status_t status; + gnutls_x509_crl_reason_t reason; + + rc = gnutls_ocsp_status_request_get(session, &status_request); + + infof(data, "\t server certificate status verification FAILED\n"); + + if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + failf(data, "No OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } + + if(rc < 0) { + failf(data, "Invalid OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } + + gnutls_ocsp_resp_init(&ocsp_resp); + + rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); + if(rc < 0) { + failf(data, "Invalid OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } + + rc = gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, + &status, NULL, NULL, NULL, &reason); + + switch(status) { + case GNUTLS_OCSP_CERT_GOOD: + break; + + case GNUTLS_OCSP_CERT_REVOKED: { + const char *crl_reason; + + switch(reason) { + default: + case GNUTLS_X509_CRLREASON_UNSPECIFIED: + crl_reason = "unspecified reason"; + break; + + case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: + crl_reason = "private key compromised"; + break; + + case GNUTLS_X509_CRLREASON_CACOMPROMISE: + crl_reason = "CA compromised"; + break; + + case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: + crl_reason = "affiliation has changed"; + break; + + case GNUTLS_X509_CRLREASON_SUPERSEDED: + crl_reason = "certificate superseded"; + break; + + case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: + crl_reason = "operation has ceased"; + break; + + case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: + crl_reason = "certificate is on hold"; + break; + + case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: + crl_reason = "will be removed from delta CRL"; + break; + + case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: + crl_reason = "privilege withdrawn"; + break; + + case GNUTLS_X509_CRLREASON_AACOMPROMISE: + crl_reason = "AA compromised"; + break; + } + + failf(data, "Server certificate was revoked: %s", crl_reason); + break; + } + + default: + case GNUTLS_OCSP_CERT_UNKNOWN: + failf(data, "Server certificate status is unknown"); + break; + } + + gnutls_ocsp_resp_deinit(ocsp_resp); return CURLE_SSL_INVALIDCERTSTATUS; } diff -Nru curl-7.42.1/lib/vtls/nss.c curl-7.43.0/lib/vtls/nss.c --- curl-7.42.1/lib/vtls/nss.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/vtls/nss.c 2015-06-12 22:20:46.000000000 +0000 @@ -56,6 +56,7 @@ #include #include #include +#include /* for SECKEY_DestroyPublicKey() */ #define NSSVERNUM ((NSS_VMAJOR<<16)|(NSS_VMINOR<<8)|NSS_VPATCH) @@ -724,6 +725,7 @@ } } +#if NSSVERNUM >= 0x030f04 /* 3.15.4 */ static SECStatus CanFalseStartCallback(PRFileDesc *sock, void *client_data, PRBool *canFalseStart) { @@ -781,6 +783,7 @@ end: return SECSuccess; } +#endif static void display_cert_info(struct SessionHandle *data, CERTCertificate *cert) @@ -943,6 +946,53 @@ return res; } +static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl, + const char *pinnedpubkey) +{ + CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; + struct SessionHandle *data = connssl->data; + CERTCertificate *cert; + + if(!pinnedpubkey) + /* no pinned public key specified */ + return CURLE_OK; + + /* get peer certificate */ + cert = SSL_PeerCertificate(connssl->handle); + if(cert) { + /* extract public key from peer certificate */ + SECKEYPublicKey *pubkey = CERT_ExtractPublicKey(cert); + if(pubkey) { + /* encode the public key as DER */ + SECItem *cert_der = PK11_DEREncodePublicKey(pubkey); + if(cert_der) { + /* compare the public key with the pinned public key */ + result = Curl_pin_peer_pubkey(pinnedpubkey, + cert_der->data, + cert_der->len); + SECITEM_FreeItem(cert_der, PR_TRUE); + } + SECKEY_DestroyPublicKey(pubkey); + } + CERT_DestroyCertificate(cert); + } + + /* report the resulting status */ + switch(result) { + case CURLE_OK: + infof(data, "pinned public key verified successfully!\n"); + break; + case CURLE_SSL_PINNEDPUBKEYNOTMATCH: + failf(data, "failed to verify pinned public key"); + break; + default: + /* OOM, etc. */ + break; + } + + return result; +} + /** * * Callback to pick the SSL client certificate. @@ -1706,7 +1756,7 @@ goto error; #endif -#ifdef SSL_ENABLE_FALSE_START +#if NSSVERNUM >= 0x030f04 /* 3.15.4 */ if(data->set.ssl.falsestart) { if(SSL_OptionSet(connssl->handle, SSL_ENABLE_FALSE_START, PR_TRUE) != SECSuccess) @@ -1806,6 +1856,11 @@ } } + result = cmp_peer_pubkey(connssl, data->set.str[STRING_SSL_PINNEDPUBLICKEY]); + if(result) + /* status already printed */ + goto error; + return CURLE_OK; error: @@ -1996,7 +2051,7 @@ } bool Curl_nss_false_start(void) { -#ifdef SSL_ENABLE_FALSE_START +#if NSSVERNUM >= 0x030f04 /* 3.15.4 */ return TRUE; #else return FALSE; diff -Nru curl-7.42.1/lib/vtls/openssl.c curl-7.43.0/lib/vtls/openssl.c --- curl-7.42.1/lib/vtls/openssl.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/vtls/openssl.c 2015-06-14 21:31:01.000000000 +0000 @@ -83,18 +83,6 @@ #error "OPENSSL_VERSION_NUMBER not defined" #endif -#if OPENSSL_VERSION_NUMBER >= 0x0090581fL -#define HAVE_SSL_GET1_SESSION 1 -#else -#undef HAVE_SSL_GET1_SESSION -#endif - -#if OPENSSL_VERSION_NUMBER >= 0x00904100L -#define HAVE_USERDATA_IN_PWD_CALLBACK 1 -#else -#undef HAVE_USERDATA_IN_PWD_CALLBACK -#endif - #if OPENSSL_VERSION_NUMBER >= 0x00907001L && !defined(OPENSSL_IS_BORINGSSL) /* ENGINE_load_private_key() takes four arguments */ #define HAVE_ENGINE_LOAD_FOUR_ARGS @@ -114,10 +102,6 @@ #undef HAVE_PKCS12_SUPPORT #endif -#if OPENSSL_VERSION_NUMBER >= 0x00906001L -#define HAVE_ERR_ERROR_STRING_N 1 -#endif - #if OPENSSL_VERSION_NUMBER >= 0x00909000L #define SSL_METHOD_QUAL const #else @@ -160,18 +144,8 @@ */ #define RAND_LOAD_LENGTH 1024 -#ifndef HAVE_USERDATA_IN_PWD_CALLBACK -static char global_passwd[64]; -#endif - -static int passwd_callback(char *buf, int num, int encrypting -#ifdef HAVE_USERDATA_IN_PWD_CALLBACK - /* This was introduced in 0.9.4, we can set this - using SSL_CTX_set_default_passwd_cb_userdata() - */ - , void *global_passwd -#endif - ) +static int passwd_callback(char *buf, int num, int encrypting, + void *global_passwd) { DEBUGASSERT(0 == encrypting); @@ -376,23 +350,9 @@ int cert_done = 0; if(data->set.str[STRING_KEY_PASSWD]) { -#ifndef HAVE_USERDATA_IN_PWD_CALLBACK - /* - * If password has been given, we store that in the global - * area (*shudder*) for a while: - */ - size_t len = strlen(data->set.str[STRING_KEY_PASSWD]); - if(len < sizeof(global_passwd)) - memcpy(global_passwd, data->set.str[STRING_KEY_PASSWD], len+1); - else - global_passwd[0] = '\0'; -#else - /* - * We set the password in the callback userdata - */ + /* set the password in the callback userdata */ SSL_CTX_set_default_passwd_cb_userdata(ctx, data->set.str[STRING_KEY_PASSWD]); -#endif /* Set passwd callback: */ SSL_CTX_set_default_passwd_cb(ctx, passwd_callback); } @@ -678,10 +638,6 @@ failf(data, "Private key does not match the certificate public key"); return 0; } -#ifndef HAVE_USERDATA_IN_PWD_CALLBACK - /* erase it now */ - memset(global_passwd, 0, sizeof(global_passwd)); -#endif } return 1; } @@ -716,30 +672,14 @@ #endif } -static -int cert_verify_callback(int ok, X509_STORE_CTX *ctx) -{ - X509 *err_cert; - char buf[256]; - - err_cert=X509_STORE_CTX_get_current_cert(ctx); - (void)x509_name_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); - return ok; -} - /* Return error string for last OpenSSL error */ static char *SSL_strerror(unsigned long error, char *buf, size_t size) { -#ifdef HAVE_ERR_ERROR_STRING_N /* OpenSSL 0.9.6 and later has a function named - ERRO_error_string_n() that takes the size of the buffer as a + ERR_error_string_n() that takes the size of the buffer as a third argument */ ERR_error_string_n(error, buf, size); -#else - (void) size; - ERR_error_string(error, buf); -#endif return buf; } @@ -751,6 +691,8 @@ */ int Curl_ossl_init(void) { + OPENSSL_load_builtin_modules(); + #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES ENGINE_load_builtin_engines(); #endif @@ -1485,8 +1427,10 @@ return "Client hello"; case SSL3_MT_SERVER_HELLO: return "Server hello"; + case SSL3_MT_NEWSESSION_TICKET: + return "Newsession Ticket"; case SSL3_MT_CERTIFICATE: - return "CERT"; + return "Certificate"; case SSL3_MT_SERVER_KEY_EXCHANGE: return "Server key exchange"; case SSL3_MT_CLIENT_KEY_EXCHANGE: @@ -1499,6 +1443,10 @@ return "CERT verify"; case SSL3_MT_FINISHED: return "Finished"; +#ifdef SSL3_MT_CERTIFICATE_STATUS + case SSL3_MT_CERTIFICATE_STATUS: + return "Certificate Status"; +#endif } } return "Unknown"; @@ -1506,12 +1454,22 @@ static const char *tls_rt_type(int type) { - return ( - type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " : - type == SSL3_RT_ALERT ? "TLS alert, " : - type == SSL3_RT_HANDSHAKE ? "TLS handshake, " : - type == SSL3_RT_APPLICATION_DATA ? "TLS app data, " : - "TLS Unknown, "); + switch(type) { +#ifdef SSL3_RT_HEADER + case SSL3_RT_HEADER: + return "TLS header"; +#endif + case SSL3_RT_CHANGE_CIPHER_SPEC: + return "TLS change cipher"; + case SSL3_RT_ALERT: + return "TLS alert"; + case SSL3_RT_HANDSHAKE: + return "TLS handshake"; + case SSL3_RT_APPLICATION_DATA: + return "TLS app data"; + default: + return "TLS Unknown"; + } } @@ -1519,8 +1477,8 @@ * Our callback from the SSL/TLS layers. */ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, - const void *buf, size_t len, const SSL *ssl, - struct connectdata *conn) + const void *buf, size_t len, SSL *ssl, + void *userp) { struct SessionHandle *data; const char *msg_name, *tls_rt_name; @@ -1528,6 +1486,7 @@ char unknown[32]; int msg_type, txt_len; const char *verstr; + struct connectdata *conn = userp; if(!conn || !conn->data || !conn->data->set.fdebug || (direction != 0 && direction != 1)) @@ -1536,8 +1495,8 @@ data = conn->data; switch(ssl_ver) { -#ifdef SSL2_VERSION_MAJOR /* removed in recent versions */ - case SSL2_VERSION_MAJOR: +#ifdef SSL2_VERSION /* removed in recent versions */ + case SSL2_VERSION: verstr = "SSLv2"; break; #endif @@ -1559,29 +1518,36 @@ verstr = "TLSv1.2"; break; #endif + case 0: + break; default: snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver); verstr = unknown; break; } - ssl_ver >>= 8; /* check the upper 8 bits only below */ + if(ssl_ver) { + /* the info given when the version is zero is not that useful for us */ - /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL - * always pass-up content-type as 0. But the interesting message-type - * is at 'buf[0]'. - */ - if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0) - tls_rt_name = tls_rt_type(content_type); - else - tls_rt_name = ""; + ssl_ver >>= 8; /* check the upper 8 bits only below */ + + /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL + * always pass-up content-type as 0. But the interesting message-type + * is at 'buf[0]'. + */ + if(ssl_ver == SSL3_VERSION_MAJOR && content_type) + tls_rt_name = tls_rt_type(content_type); + else + tls_rt_name = ""; - msg_type = *(char*)buf; - msg_name = ssl_msg_type(ssl_ver, msg_type); + msg_type = *(char*)buf; + msg_name = ssl_msg_type(ssl_ver, msg_type); - txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s, %s%s (%d):\n", - verstr, tls_rt_name, msg_name, msg_type); - Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n", + verstr, direction?"OUT":"IN", + tls_rt_name, msg_name, msg_type); + Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + } Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT : CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL); @@ -1733,7 +1699,12 @@ case CURL_SSLVERSION_TLSv1_1: case CURL_SSLVERSION_TLSv1_2: /* it will be handled later with the context options */ +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ + !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL) + req_method = TLS_client_method(); +#else req_method = SSLv23_client_method(); +#endif use_sni(TRUE); break; case CURL_SSLVERSION_SSLv2: @@ -1780,16 +1751,9 @@ #ifdef SSL_CTRL_SET_MSG_CALLBACK if(data->set.fdebug && data->set.verbose) { - /* the SSL trace callback is only used for verbose logging so we only - inform about failures of setting it */ - if(!SSL_CTX_callback_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK, - (void (*)(void))ssl_tls_trace)) { - infof(data, "SSL: couldn't set callback!\n"); - } - else if(!SSL_CTX_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, - conn)) { - infof(data, "SSL: couldn't set callback argument!\n"); - } + /* the SSL trace callback is only used for verbose logging */ + SSL_CTX_set_msg_callback(connssl->ctx, ssl_tls_trace); + SSL_CTX_set_msg_callback_arg(connssl->ctx, conn); } #endif @@ -2050,13 +2014,27 @@ data->set.str[STRING_SSL_CRLFILE]: "none"); } + /* Try building a chain using issuers in the trusted store first to avoid + problems with server-sent legacy intermediates. + Newer versions of OpenSSL do alternate chain checking by default which + gives us the same fix without as much of a performance hit (slight), so we + prefer that if available. + https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest + */ +#if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS) + if(data->set.ssl.verifypeer) { + X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx), + X509_V_FLAG_TRUSTED_FIRST); + } +#endif + /* SSL always tries to verify the peer, this only says whether it should * fail to connect if the verification fails, or if it should continue * anyway. In the latter case the result of the verification is checked with * SSL_get_verify_result() below. */ SSL_CTX_set_verify(connssl->ctx, data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE, - cert_verify_callback); + NULL); /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { @@ -2702,7 +2680,7 @@ /* e.g. match issuer name with provided issuer certificate */ if(data->set.str[STRING_SSL_ISSUERCERT]) { - fp = fopen(data->set.str[STRING_SSL_ISSUERCERT], "r"); + fp = fopen(data->set.str[STRING_SSL_ISSUERCERT], FOPEN_READTEXT); if(!fp) { if(strict) failf(data, "SSL: Unable to open issuer cert (%s)", @@ -2802,25 +2780,11 @@ DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); -#ifdef HAVE_SSL_GET1_SESSION our_ssl_sessionid = SSL_get1_session(connssl->handle); - /* SSL_get1_session() will increment the reference - count and the session will stay in memory until explicitly freed with - SSL_SESSION_free(3), regardless of its state. - This function was introduced in openssl 0.9.5a. */ -#else - our_ssl_sessionid = SSL_get_session(connssl->handle); - - /* if SSL_get1_session() is unavailable, use SSL_get_session(). - This is an inferior option because the session can be flushed - at any time by openssl. It is included only so curl compiles - under versions of openssl < 0.9.5a. - - WARNING: How curl behaves if it's session is flushed is - untested. - */ -#endif + /* SSL_get1_session() will increment the reference count and the session + will stay in memory until explicitly freed with SSL_SESSION_free(3), + regardless of its state. */ incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL)); if(incache) { @@ -2839,7 +2803,6 @@ return result; } } -#ifdef HAVE_SSL_GET1_SESSION else { /* Session was incache, so refcount already incremented earlier. * Avoid further increments with each SSL_get1_session() call. @@ -2847,7 +2810,6 @@ */ SSL_SESSION_free(our_ssl_sessionid); } -#endif /* * We check certificates to authenticate the server; otherwise we risk diff -Nru curl-7.42.1/lib/vtls/schannel.c curl-7.43.0/lib/vtls/schannel.c --- curl-7.42.1/lib/vtls/schannel.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/vtls/schannel.c 2015-06-17 05:43:13.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2014, Marc Hoersken, + * Copyright (C) 2012 - 2015, Marc Hoersken, * Copyright (C) 2012, Mark Salisbury, * Copyright (C) 2012 - 2015, Daniel Stenberg, , et al. * @@ -125,56 +125,56 @@ /* certificate validation on CE doesn't seem to work right; we'll do it following a more manual process. */ schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION | - SCH_CRED_IGNORE_NO_REVOCATION_CHECK | - SCH_CRED_IGNORE_REVOCATION_OFFLINE; + SCH_CRED_IGNORE_NO_REVOCATION_CHECK | + SCH_CRED_IGNORE_REVOCATION_OFFLINE; #else schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION | - SCH_CRED_REVOCATION_CHECK_CHAIN; + SCH_CRED_REVOCATION_CHECK_CHAIN; #endif infof(data, "schannel: checking server certificate revocation\n"); } else { schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION | - SCH_CRED_IGNORE_NO_REVOCATION_CHECK | - SCH_CRED_IGNORE_REVOCATION_OFFLINE; + SCH_CRED_IGNORE_NO_REVOCATION_CHECK | + SCH_CRED_IGNORE_REVOCATION_OFFLINE; infof(data, "schannel: disable server certificate revocation checks\n"); } if(!data->set.ssl.verifyhost) { schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK; infof(data, "schannel: verifyhost setting prevents Schannel from " - "comparing the supplied target name with the subject " - "names in server certificates. Also disables SNI.\n"); + "comparing the supplied target name with the subject " + "names in server certificates. Also disables SNI.\n"); } switch(data->set.ssl.version) { - default: - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: - schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT | - SP_PROT_TLS1_1_CLIENT | - SP_PROT_TLS1_2_CLIENT; - break; - case CURL_SSLVERSION_TLSv1_0: - schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT; - break; - case CURL_SSLVERSION_TLSv1_1: - schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_1_CLIENT; - break; - case CURL_SSLVERSION_TLSv1_2: - schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT; - break; - case CURL_SSLVERSION_SSLv3: - schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT; - break; - case CURL_SSLVERSION_SSLv2: - schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT; - break; + default: + case CURL_SSLVERSION_DEFAULT: + case CURL_SSLVERSION_TLSv1: + schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT | + SP_PROT_TLS1_1_CLIENT | + SP_PROT_TLS1_2_CLIENT; + break; + case CURL_SSLVERSION_TLSv1_0: + schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT; + break; + case CURL_SSLVERSION_TLSv1_1: + schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_1_CLIENT; + break; + case CURL_SSLVERSION_TLSv1_2: + schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT; + break; + case CURL_SSLVERSION_SSLv3: + schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT; + break; + case CURL_SSLVERSION_SSLv2: + schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT; + break; } /* allocate memory for the re-usable credential handle */ connssl->cred = (struct curl_schannel_cred *) - malloc(sizeof(struct curl_schannel_cred)); + malloc(sizeof(struct curl_schannel_cred)); if(!connssl->cred) { failf(data, "schannel: unable to allocate memory"); return CURLE_OUT_OF_MEMORY; @@ -182,9 +182,12 @@ memset(connssl->cred, 0, sizeof(struct curl_schannel_cred)); /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx */ - sspi_status = s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)UNISP_NAME, - SECPKG_CRED_OUTBOUND, NULL, &schannel_cred, NULL, NULL, - &connssl->cred->cred_handle, &connssl->cred->time_stamp); + sspi_status = + s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)UNISP_NAME, + SECPKG_CRED_OUTBOUND, NULL, + &schannel_cred, NULL, NULL, + &connssl->cred->cred_handle, + &connssl->cred->time_stamp); if(sspi_status != SEC_E_OK) { if(sspi_status == SEC_E_WRONG_PRINCIPAL) @@ -213,12 +216,12 @@ /* setup request flags */ connssl->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | - ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY | - ISC_REQ_STREAM; + ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY | + ISC_REQ_STREAM; /* allocate memory for the security context handle */ connssl->ctxt = (struct curl_schannel_ctxt *) - malloc(sizeof(struct curl_schannel_ctxt)); + malloc(sizeof(struct curl_schannel_ctxt)); if(!connssl->ctxt) { failf(data, "schannel: unable to allocate memory"); return CURLE_OUT_OF_MEMORY; @@ -265,6 +268,10 @@ infof(data, "schannel: sent initial handshake data: " "sent %zd bytes\n", written); + connssl->recv_unrecoverable_err = CURLE_OK; + connssl->recv_sspi_close_notify = false; + connssl->recv_connection_closed = false; + /* continue to second handshake step */ connssl->connecting_state = ssl_connect_2; @@ -280,7 +287,7 @@ struct ssl_connect_data *connssl = &conn->ssl[sockindex]; unsigned char *reallocated_buffer; size_t reallocated_length; - SecBuffer outbuf[2]; + SecBuffer outbuf[3]; SecBufferDesc outbuf_desc; SecBuffer inbuf[2]; SecBufferDesc inbuf_desc; @@ -297,6 +304,17 @@ if(!connssl->cred || !connssl->ctxt) return CURLE_SSL_CONNECT_ERROR; + /* buffer to store previously received and decrypted data */ + if(connssl->decdata_buffer == NULL) { + connssl->decdata_offset = 0; + connssl->decdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE; + connssl->decdata_buffer = malloc(connssl->decdata_length); + if(connssl->decdata_buffer == NULL) { + failf(data, "schannel: unable to allocate memory"); + return CURLE_OUT_OF_MEMORY; + } + } + /* buffer to store previously received and encrypted data */ if(connssl->encdata_buffer == NULL) { connssl->encdata_offset = 0; @@ -313,7 +331,7 @@ CURL_SCHANNEL_BUFFER_FREE_SIZE) { /* increase internal encrypted data buffer */ reallocated_length = connssl->encdata_offset + - CURL_SCHANNEL_BUFFER_FREE_SIZE; + CURL_SCHANNEL_BUFFER_FREE_SIZE; reallocated_buffer = realloc(connssl->encdata_buffer, reallocated_length); @@ -354,7 +372,7 @@ } infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n", - connssl->encdata_offset, connssl->encdata_length); + connssl->encdata_offset, connssl->encdata_length); /* setup input buffers */ InitSecBuffer(&inbuf[0], SECBUFFER_TOKEN, malloc(connssl->encdata_offset), @@ -365,7 +383,8 @@ /* setup output buffers */ InitSecBuffer(&outbuf[0], SECBUFFER_TOKEN, NULL, 0); InitSecBuffer(&outbuf[1], SECBUFFER_ALERT, NULL, 0); - InitSecBufferDesc(&outbuf_desc, outbuf, 2); + InitSecBuffer(&outbuf[2], SECBUFFER_EMPTY, NULL, 0); + InitSecBufferDesc(&outbuf_desc, outbuf, 3); if(inbuf[0].pvBuffer == NULL) { failf(data, "schannel: unable to allocate memory"); @@ -399,9 +418,20 @@ return CURLE_OK; } + /* If the server has requested a client certificate, attempt to continue + the handshake without one. This will allow connections to servers which + request a client certificate but do not require it. */ + if(sspi_status == SEC_I_INCOMPLETE_CREDENTIALS && + !(connssl->req_flags & ISC_REQ_USE_SUPPLIED_CREDS)) { + connssl->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS; + connssl->connecting_state = ssl_connect_2_writing; + infof(data, "schannel: a client certificate has been requested\n"); + return CURLE_OK; + } + /* check if the handshake needs to be continued */ if(sspi_status == SEC_I_CONTINUE_NEEDED || sspi_status == SEC_E_OK) { - for(i = 0; i < 2; i++) { + for(i = 0; i < 3; i++) { /* search for handshake tokens that need to be send */ if(outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) { infof(data, "schannel: sending next handshake data: " @@ -439,21 +469,21 @@ if(inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) { infof(data, "schannel: encrypted data length: %lu\n", inbuf[1].cbBuffer); /* - There are two cases where we could be getting extra data here: - 1) If we're renegotiating a connection and the handshake is already - complete (from the server perspective), it can encrypted app data - (not handshake data) in an extra buffer at this point. - 2) (sspi_status == SEC_I_CONTINUE_NEEDED) We are negotiating a - connection and this extra data is part of the handshake. - We should process the data immediately; waiting for the socket to - be ready may fail since the server is done sending handshake data. - */ + There are two cases where we could be getting extra data here: + 1) If we're renegotiating a connection and the handshake is already + complete (from the server perspective), it can encrypted app data + (not handshake data) in an extra buffer at this point. + 2) (sspi_status == SEC_I_CONTINUE_NEEDED) We are negotiating a + connection and this extra data is part of the handshake. + We should process the data immediately; waiting for the socket to + be ready may fail since the server is done sending handshake data. + */ /* check if the remaining data is less than the total amount and therefore begins after the already processed data */ if(connssl->encdata_offset > inbuf[1].cbBuffer) { memmove(connssl->encdata_buffer, (connssl->encdata_buffer + connssl->encdata_offset) - - inbuf[1].cbBuffer, inbuf[1].cbBuffer); + inbuf[1].cbBuffer, inbuf[1].cbBuffer); connssl->encdata_offset = inbuf[1].cbBuffer; if(sspi_status == SEC_I_CONTINUE_NEEDED) { doread = FALSE; @@ -683,9 +713,9 @@ /* check if the maximum stream sizes were queried */ if(connssl->stream_sizes.cbMaximumMessage == 0) { sspi_status = s_pSecFn->QueryContextAttributes( - &connssl->ctxt->ctxt_handle, - SECPKG_ATTR_STREAM_SIZES, - &connssl->stream_sizes); + &connssl->ctxt->ctxt_handle, + SECPKG_ATTR_STREAM_SIZES, + &connssl->stream_sizes); if(sspi_status != SEC_E_OK) { *err = CURLE_SEND_ERROR; return -1; @@ -700,7 +730,7 @@ /* calculate the complete message length and allocate a buffer for it */ data_len = connssl->stream_sizes.cbHeader + len + - connssl->stream_sizes.cbTrailer; + connssl->stream_sizes.cbTrailer; data = (unsigned char *) malloc(data_len); if(data == NULL) { *err = CURLE_OUT_OF_MEMORY; @@ -733,19 +763,19 @@ len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer; /* - It's important to send the full message which includes the header, - encrypted payload, and trailer. Until the client receives all the - data a coherent message has not been delivered and the client - can't read any of it. - - If we wanted to buffer the unwritten encrypted bytes, we would - tell the client that all data it has requested to be sent has been - sent. The unwritten encrypted bytes would be the first bytes to - send on the next invocation. - Here's the catch with this - if we tell the client that all the - bytes have been sent, will the client call this method again to - send the buffered data? Looking at who calls this function, it - seems the answer is NO. + It's important to send the full message which includes the header, + encrypted payload, and trailer. Until the client receives all the + data a coherent message has not been delivered and the client + can't read any of it. + + If we wanted to buffer the unwritten encrypted bytes, we would + tell the client that all data it has requested to be sent has been + sent. The unwritten encrypted bytes would be the first bytes to + send on the next invocation. + Here's the catch with this - if we tell the client that all the + bytes have been sent, will the client call this method again to + send the buffered data? Looking at who calls this function, it + seems the answer is NO. */ /* send entire message or fail */ @@ -819,8 +849,7 @@ char *buf, size_t len, CURLcode *err) { size_t size = 0; - ssize_t nread = 0, ret = -1; - CURLcode result; + ssize_t nread = -1; struct SessionHandle *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; unsigned char *reallocated_buffer; @@ -829,72 +858,103 @@ SecBuffer inbuf[4]; SecBufferDesc inbuf_desc; SECURITY_STATUS sspi_status = SEC_E_OK; + /* we want the length of the encrypted buffer to be at least large enough + that it can hold all the bytes requested and some TLS record overhead. */ + size_t min_encdata_length = len + CURL_SCHANNEL_BUFFER_FREE_SIZE; + + /**************************************************************************** + * Don't return or set connssl->recv_unrecoverable_err unless in the cleanup. + * The pattern for return error is set *err, optional infof, goto cleanup. + * + * Our priority is to always return as much decrypted data to the caller as + * possible, even if an error occurs. The state of the decrypted buffer must + * always be valid. Transfer of decrypted data to the caller's buffer is + * handled in the cleanup. + */ infof(data, "schannel: client wants to read %zu bytes\n", len); *err = CURLE_OK; - /* buffer to store previously received and decrypted data */ - if(connssl->decdata_buffer == NULL) { - connssl->decdata_offset = 0; - connssl->decdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE; - connssl->decdata_buffer = malloc(connssl->decdata_length); - if(connssl->decdata_buffer == NULL) { - failf(data, "schannel: unable to allocate memory"); - *err = CURLE_OUT_OF_MEMORY; - return -1; - } + if(len && len <= connssl->decdata_offset) { + infof(data, "schannel: enough decrypted data is already available\n"); + goto cleanup; + } + else if(connssl->recv_unrecoverable_err) { + *err = connssl->recv_unrecoverable_err; + infof(data, "schannel: an unrecoverable error occurred in a prior call\n"); + goto cleanup; + } + else if(connssl->recv_sspi_close_notify) { + /* once a server has indicated shutdown there is no more encrypted data */ + infof(data, "schannel: server indicated shutdown in a prior call\n"); + goto cleanup; + } + else if(!len) { + /* It's debatable what to return when !len. Regardless we can't return + immediately because there may be data to decrypt (in the case we want to + decrypt all encrypted cached data) so handle !len later in cleanup. + */ + ; /* do nothing */ } + else if(!connssl->recv_connection_closed) { + /* increase enc buffer in order to fit the requested amount of data */ + size = connssl->encdata_length - connssl->encdata_offset; + if(size < CURL_SCHANNEL_BUFFER_FREE_SIZE || + connssl->encdata_length < min_encdata_length) { + reallocated_length = connssl->encdata_offset + + CURL_SCHANNEL_BUFFER_FREE_SIZE; + if(reallocated_length < min_encdata_length) { + reallocated_length = min_encdata_length; + } + reallocated_buffer = realloc(connssl->encdata_buffer, + reallocated_length); + if(reallocated_buffer == NULL) { + *err = CURLE_OUT_OF_MEMORY; + failf(data, "schannel: unable to re-allocate memory"); + goto cleanup; + } - /* increase buffer in order to fit the requested amount of data */ - if(connssl->encdata_length - connssl->encdata_offset < - CURL_SCHANNEL_BUFFER_FREE_SIZE || connssl->encdata_length < len) { - /* increase internal encrypted data buffer */ - reallocated_length = connssl->encdata_offset + - CURL_SCHANNEL_BUFFER_FREE_SIZE; - /* make sure that the requested amount of data fits */ - if(reallocated_length < len) { - reallocated_length = len; - } - reallocated_buffer = realloc(connssl->encdata_buffer, - reallocated_length); - - if(reallocated_buffer == NULL) { - failf(data, "schannel: unable to re-allocate memory"); - *err = CURLE_OUT_OF_MEMORY; - return -1; - } - else { connssl->encdata_buffer = reallocated_buffer; connssl->encdata_length = reallocated_length; + size = connssl->encdata_length - connssl->encdata_offset; + infof(data, "schannel: encdata_buffer resized %zu\n", + connssl->encdata_length); } - } - /* read encrypted data from socket */ - infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n", - connssl->encdata_offset, connssl->encdata_length); - size = connssl->encdata_length - connssl->encdata_offset; - if(size > 0) { + infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n", + connssl->encdata_offset, connssl->encdata_length); + + /* read encrypted data from socket */ *err = Curl_read_plain(conn->sock[sockindex], - (char *) (connssl->encdata_buffer + connssl->encdata_offset), + (char *)(connssl->encdata_buffer + + connssl->encdata_offset), size, &nread); - /* check for received data */ - if(*err != CURLE_OK) - ret = -1; - else { - if(nread > 0) - /* increase encrypted data buffer offset */ - connssl->encdata_offset += nread; - ret = nread; + if(*err) { + nread = -1; + if(*err == CURLE_AGAIN) + infof(data, "schannel: Curl_read_plain returned CURLE_AGAIN\n"); + else if(*err == CURLE_RECV_ERROR) + infof(data, "schannel: Curl_read_plain returned CURLE_RECV_ERROR\n"); + else + infof(data, "schannel: Curl_read_plain returned error %d\n", *err); + } + else if(nread == 0) { + connssl->recv_connection_closed = true; + infof(data, "schannel: server closed the connection\n"); + } + else if(nread > 0) { + connssl->encdata_offset += (size_t)nread; + infof(data, "schannel: encrypted data got %zd\n", nread); } - infof(data, "schannel: encrypted data got %zd\n", ret); } infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n", connssl->encdata_offset, connssl->encdata_length); - /* check if we still have some data in our buffers */ + /* decrypt loop */ while(connssl->encdata_offset > 0 && sspi_status == SEC_E_OK && - connssl->decdata_offset < len) { + (!len || connssl->decdata_offset < len || + connssl->recv_connection_closed)) { /* prepare data buffer for DecryptMessage call */ InitSecBuffer(&inbuf[0], SECBUFFER_DATA, connssl->encdata_buffer, curlx_uztoul(connssl->encdata_offset)); @@ -903,24 +963,16 @@ InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0); InitSecBuffer(&inbuf[2], SECBUFFER_EMPTY, NULL, 0); InitSecBuffer(&inbuf[3], SECBUFFER_EMPTY, NULL, 0); - InitSecBufferDesc(&inbuf_desc, inbuf, 4); /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx */ sspi_status = s_pSecFn->DecryptMessage(&connssl->ctxt->ctxt_handle, &inbuf_desc, 0, NULL); - /* check if we need more data */ - if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { - infof(data, "schannel: failed to decrypt data, need more data\n"); - *err = CURLE_AGAIN; - return -1; - } - /* check if everything went fine (server may want to renegotiate or shutdown the connection context) */ if(sspi_status == SEC_E_OK || sspi_status == SEC_I_RENEGOTIATE || - sspi_status == SEC_I_CONTEXT_EXPIRED) { + sspi_status == SEC_I_CONTEXT_EXPIRED) { /* check for successfully decrypted data, even before actual renegotiation or shutdown of the connection context */ if(inbuf[1].BufferType == SECBUFFER_DATA) { @@ -940,21 +992,18 @@ } reallocated_buffer = realloc(connssl->decdata_buffer, reallocated_length); - if(reallocated_buffer == NULL) { - failf(data, "schannel: unable to re-allocate memory"); *err = CURLE_OUT_OF_MEMORY; - return -1; - } - else { - connssl->decdata_buffer = reallocated_buffer; - connssl->decdata_length = reallocated_length; + failf(data, "schannel: unable to re-allocate memory"); + goto cleanup; } + connssl->decdata_buffer = reallocated_buffer; + connssl->decdata_length = reallocated_length; } /* copy decrypted data to internal buffer */ size = inbuf[1].cbBuffer; - if(size > 0) { + if(size) { memcpy(connssl->decdata_buffer + connssl->decdata_offset, inbuf[1].pvBuffer, size); connssl->decdata_offset += size; @@ -972,83 +1021,138 @@ /* check if the remaining data is less than the total amount * and therefore begins after the already processed data - */ + */ if(connssl->encdata_offset > inbuf[3].cbBuffer) { /* move remaining encrypted data forward to the beginning of buffer */ memmove(connssl->encdata_buffer, (connssl->encdata_buffer + connssl->encdata_offset) - - inbuf[3].cbBuffer, inbuf[3].cbBuffer); + inbuf[3].cbBuffer, inbuf[3].cbBuffer); connssl->encdata_offset = inbuf[3].cbBuffer; } infof(data, "schannel: encrypted data cached: offset %zu length %zu\n", connssl->encdata_offset, connssl->encdata_length); } - else{ + else { /* reset encrypted buffer offset, because there is no data remaining */ connssl->encdata_offset = 0; } - } - /* check if server wants to renegotiate the connection context */ - if(sspi_status == SEC_I_RENEGOTIATE) { - infof(data, "schannel: remote party requests SSL/TLS renegotiation\n"); - - /* begin renegotiation */ - infof(data, "schannel: renegotiating SSL/TLS connection\n"); - connssl->state = ssl_connection_negotiating; - connssl->connecting_state = ssl_connect_2_writing; - result = schannel_connect_common(conn, sockindex, FALSE, &done); - if(result) - *err = result; - else { - infof(data, "schannel: SSL/TLS connection renegotiated\n"); + /* check if server wants to renegotiate the connection context */ + if(sspi_status == SEC_I_RENEGOTIATE) { + infof(data, "schannel: remote party requests renegotiation\n"); + if(*err && *err != CURLE_AGAIN) { + infof(data, "schannel: can't renogotiate, an error is pending\n"); + goto cleanup; + } + if(connssl->encdata_offset) { + *err = CURLE_RECV_ERROR; + infof(data, "schannel: can't renogotiate, " + "encrypted data available\n"); + goto cleanup; + } + /* begin renegotiation */ + infof(data, "schannel: renegotiating SSL/TLS connection\n"); + connssl->state = ssl_connection_negotiating; + connssl->connecting_state = ssl_connect_2_writing; + *err = schannel_connect_common(conn, sockindex, FALSE, &done); + if(*err) { + infof(data, "schannel: renegotiation failed\n"); + goto cleanup; + } /* now retry receiving data */ - return schannel_recv(conn, sockindex, buf, len, err); + sspi_status = SEC_E_OK; + infof(data, "schannel: SSL/TLS connection renegotiated\n"); + continue; + } + /* check if the server closed the connection */ + else if(sspi_status == SEC_I_CONTEXT_EXPIRED) { + /* In Windows 2000 SEC_I_CONTEXT_EXPIRED (close_notify) is not + returned so we have to work around that in cleanup. */ + connssl->recv_sspi_close_notify = true; + if(!connssl->recv_connection_closed) { + connssl->recv_connection_closed = true; + infof(data, "schannel: server closed the connection\n"); + } + goto cleanup; } } + else if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { + if(!*err) + *err = CURLE_AGAIN; + infof(data, "schannel: failed to decrypt data, need more data\n"); + goto cleanup; + } + else { + *err = CURLE_RECV_ERROR; + infof(data, "schannel: failed to read data from server: %s\n", + Curl_sspi_strerror(conn, sspi_status)); + goto cleanup; + } } + infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n", + connssl->encdata_offset, connssl->encdata_length); + infof(data, "schannel: decrypted data buffer: offset %zu length %zu\n", connssl->decdata_offset, connssl->decdata_length); - /* copy requested decrypted data to supplied buffer */ +cleanup: + /* Warning- there is no guarantee the encdata state is valid at this point */ + infof(data, "schannel: schannel_recv cleanup\n"); + + /* Error if the connection has closed without a close_notify. + Behavior here is a matter of debate. We don't want to be vulnerable to a + truncation attack however there's some browser precedent for ignoring the + close_notify for compatibility reasons. + Additionally, Windows 2000 (v5.0) is a special case since it seems it doesn't + return close_notify. In that case if the connection was closed we assume it + was graceful (close_notify) since there doesn't seem to be a way to tell. + */ + if(len && !connssl->decdata_offset && connssl->recv_connection_closed && + !connssl->recv_sspi_close_notify) { + DWORD winver_full, winver_major, winver_minor; + winver_full = GetVersion(); + winver_major = (DWORD)(LOBYTE(LOWORD(winver_full))); + winver_minor = (DWORD)(HIBYTE(LOWORD(winver_full))); + + if(winver_major == 5 && winver_minor == 0 && sspi_status == SEC_E_OK) + connssl->recv_sspi_close_notify = true; + else { + *err = CURLE_RECV_ERROR; + infof(data, "schannel: server closed abruptly (missing close_notify)\n"); + } + } + + /* Any error other than CURLE_AGAIN is an unrecoverable error. */ + if(*err && *err != CURLE_AGAIN) + connssl->recv_unrecoverable_err = *err; + size = len < connssl->decdata_offset ? len : connssl->decdata_offset; - if(size > 0) { + if(size) { memcpy(buf, connssl->decdata_buffer, size); - ret = size; - - /* move remaining decrypted data forward to the beginning of buffer */ memmove(connssl->decdata_buffer, connssl->decdata_buffer + size, connssl->decdata_offset - size); connssl->decdata_offset -= size; - infof(data, "schannel: decrypted data returned %zd\n", size); + infof(data, "schannel: decrypted data returned %zu\n", size); infof(data, "schannel: decrypted data buffer: offset %zu length %zu\n", connssl->decdata_offset, connssl->decdata_length); - } - else - ret = 0; - - /* check if the server closed the connection */ - if(ret <= 0 && ( /* special check for Windows 2000 Professional */ - sspi_status == SEC_I_CONTEXT_EXPIRED || (sspi_status == SEC_E_OK && - connssl->encdata_offset > 0 && connssl->encdata_buffer[0] == 0x15))) { - infof(data, "schannel: server closed the connection\n"); *err = CURLE_OK; - return 0; + return (ssize_t)size; } - /* check if something went wrong and we need to return an error */ - if(ret < 0 && sspi_status != SEC_E_OK) { - infof(data, "schannel: failed to read data from server: %s\n", - Curl_sspi_strerror(conn, sspi_status)); - *err = CURLE_RECV_ERROR; - return -1; - } + if(!*err && !connssl->recv_connection_closed) + *err = CURLE_AGAIN; + + /* It's debatable what to return when !len. We could return whatever error we + got from decryption but instead we override here so the return is consistent. + */ + if(!len) + *err = CURLE_OK; - return ret; + return *err ? -1 : 0; } CURLcode @@ -1131,18 +1235,18 @@ InitSecBufferDesc(&outbuf_desc, &outbuf, 1); sspi_status = s_pSecFn->InitializeSecurityContext( - &connssl->cred->cred_handle, - &connssl->ctxt->ctxt_handle, - host_name, - connssl->req_flags, - 0, - 0, - NULL, - 0, - &connssl->ctxt->ctxt_handle, - &outbuf_desc, - &connssl->ret_flags, - &connssl->ctxt->time_stamp); + &connssl->cred->cred_handle, + &connssl->ctxt->ctxt_handle, + host_name, + connssl->req_flags, + 0, + 0, + NULL, + 0, + &connssl->ctxt->ctxt_handle, + &outbuf_desc, + &connssl->ret_flags, + &connssl->ctxt->time_stamp); Curl_unicodefree(host_name); @@ -1292,18 +1396,18 @@ if(result == CURLE_OK) { CERT_SIMPLE_CHAIN *pSimpleChain = pChainContext->rgpChain[0]; DWORD dwTrustErrorMask = ~(DWORD)(CERT_TRUST_IS_NOT_TIME_NESTED| - CERT_TRUST_REVOCATION_STATUS_UNKNOWN); + CERT_TRUST_REVOCATION_STATUS_UNKNOWN); dwTrustErrorMask &= pSimpleChain->TrustStatus.dwErrorStatus; if(dwTrustErrorMask) { if(dwTrustErrorMask & CERT_TRUST_IS_PARTIAL_CHAIN) failf(data, "schannel: CertGetCertificateChain trust error" - " CERT_TRUST_IS_PARTIAL_CHAIN"); + " CERT_TRUST_IS_PARTIAL_CHAIN"); if(dwTrustErrorMask & CERT_TRUST_IS_UNTRUSTED_ROOT) failf(data, "schannel: CertGetCertificateChain trust error" - " CERT_TRUST_IS_UNTRUSTED_ROOT"); + " CERT_TRUST_IS_UNTRUSTED_ROOT"); if(dwTrustErrorMask & CERT_TRUST_IS_NOT_TIME_VALID) failf(data, "schannel: CertGetCertificateChain trust error" - " CERT_TRUST_IS_NOT_TIME_VALID"); + " CERT_TRUST_IS_NOT_TIME_VALID"); failf(data, "schannel: CertGetCertificateChain error mask: 0x%08x", dwTrustErrorMask); result = CURLE_PEER_FAILED_VERIFICATION; diff -Nru curl-7.42.1/lib/vtls/schannel.h curl-7.43.0/lib/vtls/schannel.h --- curl-7.42.1/lib/vtls/schannel.h 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/lib/vtls/schannel.h 2015-06-17 05:43:13.000000000 +0000 @@ -72,6 +72,7 @@ #define SECBUFFER_ALERT 17 #endif +/* Both schannel buffer sizes must be > 0 */ #define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096 #define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024 diff -Nru curl-7.42.1/lib/x509asn1.c curl-7.43.0/lib/x509asn1.c --- curl-7.42.1/lib/x509asn1.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/x509asn1.c 2015-06-11 17:50:43.000000000 +0000 @@ -22,7 +22,8 @@ #include "curl_setup.h" -#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) +#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ + defined(USE_CYASSL) #include #include "urldata.h" @@ -1023,7 +1024,7 @@ return CURLE_OK; } -#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS */ +#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_CYASSL */ #if defined(USE_GSKIT) diff -Nru curl-7.42.1/lib/x509asn1.h curl-7.43.0/lib/x509asn1.h --- curl-7.42.1/lib/x509asn1.h 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/lib/x509asn1.h 2015-06-11 17:50:43.000000000 +0000 @@ -25,7 +25,8 @@ #include "curl_setup.h" -#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) +#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ + defined(USE_CYASSL) #include "urldata.h" @@ -127,5 +128,5 @@ CURLcode Curl_verifyhost(struct connectdata * conn, const char * beg, const char * end); -#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS */ +#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_CYASSL */ #endif /* HEADER_CURL_X509ASN1_H */ diff -Nru curl-7.42.1/m4/curl-openssl.m4 curl-7.43.0/m4/curl-openssl.m4 --- curl-7.42.1/m4/curl-openssl.m4 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/m4/curl-openssl.m4 2015-06-15 21:14:25.000000000 +0000 @@ -67,6 +67,7 @@ esac case $tst_api in 0x110) tst_show="1.1.0" ;; + 0x102) tst_show="1.0.2" ;; 0x101) tst_show="1.0.1" ;; 0x100) tst_show="1.0.0" ;; 0x099) tst_show="0.9.9" ;; @@ -140,6 +141,13 @@ fi if test "$tst_api" = "unknown"; then AC_LINK_IFELSE([ + AC_LANG_FUNC_LINK_TRY([SSL_CONF_CTX_new]) + ],[ + tst_api="0x102" + ]) + fi + if test "$tst_api" = "unknown"; then + AC_LINK_IFELSE([ AC_LANG_FUNC_LINK_TRY([SSL_renegotiate_abbreviated]) ],[ tst_api="0x101" @@ -210,6 +218,7 @@ fi case $tst_api in 0x110) tst_show="1.1.0" ;; + 0x102) tst_show="1.0.2" ;; 0x101) tst_show="1.0.1" ;; 0x100) tst_show="1.0.0" ;; 0x099) tst_show="0.9.9" ;; diff -Nru curl-7.42.1/Makefile.am curl-7.43.0/Makefile.am --- curl-7.42.1/Makefile.am 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/Makefile.am 2015-06-11 17:50:43.000000000 +0000 @@ -118,7 +118,7 @@ winbuild/Makefile.msvc.names EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ - RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework \ + RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl \ $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ diff -Nru curl-7.42.1/Makefile.in curl-7.43.0/Makefile.in --- curl-7.42.1/Makefile.in 2015-04-29 06:07:43.000000000 +0000 +++ curl-7.43.0/Makefile.in 2015-06-17 05:56:23.000000000 +0000 @@ -134,9 +134,9 @@ host_triplet = @host@ DIST_COMMON = $(srcdir)/lib/Makefile.inc $(srcdir)/src/Makefile.inc \ $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/configure $(am__configure_deps) mkinstalldirs \ + $(top_srcdir)/configure $(am__configure_deps) \ $(srcdir)/curl-config.in $(srcdir)/libcurl.pc.in COPYING \ - README TODO compile config.guess config.sub depcomp install-sh \ + README compile config.guess config.sub depcomp install-sh \ missing ltmain.sh subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -161,7 +161,7 @@ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = curl-config libcurl.pc @@ -567,7 +567,7 @@ winbuild/Makefile.msvc.names EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ - RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework \ + RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl \ $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ @@ -604,7 +604,7 @@ http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c \ asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \ curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c \ - hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c \ + hostcheck.c conncache.c pipeline.c dotdot.c x509asn1.c \ http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c \ curl_des.c @@ -622,7 +622,7 @@ rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h \ curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h \ curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \ - curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h \ + curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h \ conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h \ dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ curl_printf.h diff -Nru curl-7.42.1/maketgz curl-7.43.0/maketgz --- curl-7.42.1/maketgz 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/maketgz 2015-06-11 17:50:43.000000000 +0000 @@ -9,7 +9,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -128,7 +128,7 @@ make -s vc-ide echo "produce CHANGES" -git log --pretty=fuller --no-color --date=short --decorate=full -1000 | ./log2changes.pl > CHANGES.dist +git log --pretty=fuller --no-color --date=short --decorate=full -1000 | ./scripts/log2changes.pl > CHANGES.dist ############################################################################ # diff -Nru curl-7.42.1/missing curl-7.43.0/missing --- curl-7.42.1/missing 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/missing 2015-06-11 17:51:46.000000000 +0000 @@ -1,7 +1,10 @@ #! /bin/sh -# Common stub for a few missing GNU programs while installing. -# Copyright 1996, 1997, 1999, 2000 Free Software Foundation, Inc. -# Originally by Fran,cois Pinard , 1996. +# Common wrapper for a few potentially missing GNU programs. + +scriptversion=2013-10-28.13; # UTC + +# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -14,9 +17,7 @@ # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA -# 02111-1307, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -24,260 +25,191 @@ # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "Try '$0 --help' for more information" exit 1 fi -run=: - -# In the cases where this matters, `missing' is being run in the -# srcdir already. -if test -f configure.ac; then - configure_ac=configure.ac -else - configure_ac=configure.in -fi +case $1 in -case "$1" in ---run) - # Try to run requested program, and just exit if it succeeds. - run= - shift - "$@" && exit 0 - ;; -esac + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; -# If it does not exist, or fails to run (possibly an outdated version), -# try to emulate it. -case "$1" in + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... -Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an -error status if there is no known handling for PROGRAM. +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. Options: -h, --help display this help and exit -v, --version output version information and exit - --run try to run the given command, and emulate it if it fails Supported PROGRAM values: - aclocal touch file \`aclocal.m4' - autoconf touch file \`configure' - autoheader touch file \`curl_config.h.in' - automake touch all \`Makefile.in' files - bison create \`y.tab.[ch]', if possible, from existing .[ch] - flex create \`lex.yy.c', if possible, from existing .c - help2man touch the output file - lex create \`lex.yy.c', if possible, from existing .c - makeinfo touch the output file - tar try tar, gnutar, gtar, then tar without non-portable flags - yacc create \`y.tab.[ch]', if possible, from existing .[ch]" + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man + +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. + +Send bug reports to ." + exit $? ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) - echo "missing 0.3 - GNU automake" + echo "missing $scriptversion (GNU Automake)" + exit $? ;; -*) - echo 1>&2 "$0: Unknown \`$1' option" - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; - aclocal) - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified \`acinclude.m4' or \`${configure_ac}'. You might want - to install the \`Automake' and \`Perl' packages. Grab them from - any GNU archive site." - touch aclocal.m4 - ;; - - autoconf) - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified \`${configure_ac}'. You might want to install the - \`Autoconf' and \`GNU m4' packages. Grab them from any GNU - archive site." - touch configure - ;; - - autoheader) - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified \`acconfig.h' or \`${configure_ac}'. You might want - to install the \`Autoconf' and \`GNU m4' packages. Grab them - from any GNU archive site." - files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` - test -z "$files" && files="curl_config.h" - touch_files= - for f in $files; do - case "$f" in - *:*) touch_files="$touch_files "`echo "$f" | - sed -e 's/^[^:]*://' -e 's/:.*//'`;; - *) touch_files="$touch_files $f.in";; - esac - done - touch $touch_files - ;; - - automake) - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. - You might want to install the \`Automake' and \`Perl' packages. - Grab them from any GNU archive site." - find . -type f -name Makefile.am -print | - sed 's/\.am$/.in/' | - while read f; do touch "$f"; done - ;; - - bison|yacc) - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified a \`.y' file. You may need the \`Bison' package - in order for those modifications to take effect. You can get - \`Bison' from any GNU archive site." - rm -f y.tab.c y.tab.h - if [ $# -ne 1 ]; then - eval LASTARG="\${$#}" - case "$LASTARG" in - *.y) - SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" y.tab.c - fi - SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" y.tab.h - fi - ;; - esac - fi - if [ ! -f y.tab.h ]; then - echo >y.tab.h - fi - if [ ! -f y.tab.c ]; then - echo 'main() { return 0; }' >y.tab.c - fi - ;; - - lex|flex) - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified a \`.l' file. You may need the \`Flex' package - in order for those modifications to take effect. You can get - \`Flex' from any GNU archive site." - rm -f lex.yy.c - if [ $# -ne 1 ]; then - eval LASTARG="\${$#}" - case "$LASTARG" in - *.l) - SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" lex.yy.c - fi - ;; - esac - fi - if [ ! -f lex.yy.c ]; then - echo 'main() { return 0; }' >lex.yy.c - fi - ;; +esac - help2man) - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified a dependency of a manual page. You may need the - \`Help2man' package in order for those modifications to take - effect. You can get \`Help2man' from any GNU archive site." - - file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` - if test -z "$file"; then - file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'` - fi - if [ -f "$file" ]; then - touch $file - else - test -z "$file" || exec >$file - echo ".ab help2man is required to generate this page" - exit 1 - fi - ;; +# Run the given program, remember its exit status. +"$@"; st=$? - makeinfo) - if test -z "$run" && (makeinfo --version) > /dev/null 2>&1; then - # We have makeinfo, but it failed. - exit 1 - fi - - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified a \`.texi' or \`.texinfo' file, or any other file - indirectly affecting the aspect of the manual. The spurious - call might also be the consequence of using a buggy \`make' (AIX, - DU, IRIX). You might want to install the \`Texinfo' package or - the \`GNU make' package. Grab either from any GNU archive site." - file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` - if test -z "$file"; then - file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` - file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` - fi - touch $file - ;; +# If it succeeded, we are done. +test $st -eq 0 && exit 0 - tar) - shift - if test -n "$run"; then - echo 1>&2 "ERROR: \`tar' requires --run" - exit 1 - fi - - # We have already tried tar in the generic part. - # Look for gnutar/gtar before invocation to avoid ugly error - # messages. - if (gnutar --version > /dev/null 2>&1); then - gnutar ${1+"$@"} && exit 0 - fi - if (gtar --version > /dev/null 2>&1); then - gtar ${1+"$@"} && exit 0 - fi - firstarg="$1" - if shift; then - case "$firstarg" in - *o*) - firstarg=`echo "$firstarg" | sed s/o//` - tar "$firstarg" ${1+"$@"} && exit 0 - ;; - esac - case "$firstarg" in - *h*) - firstarg=`echo "$firstarg" | sed s/h//` - tar "$firstarg" ${1+"$@"} && exit 0 - ;; - esac - fi - - echo 1>&2 "\ -WARNING: I can't seem to be able to run \`tar' with the given arguments. - You may want to install GNU tar or Free paxutils, or check the - command line arguments." - exit 1 - ;; - - *) - echo 1>&2 "\ -WARNING: \`$1' is needed, and you do not seem to have it handy on your - system. You might have modified some files without having the - proper tools for further handling them. Check the \`README' file, - it often tells you about the needed prerequirements for installing - this package. You may also peek at any GNU archive site, in case - some other package would contain this missing \`$1' program." - exit 1 - ;; -esac +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi -exit 0 +perl_URL=http://www.perl.org/ +flex_URL=http://flex.sourceforge.net/ +gnu_software_URL=http://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'autom4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" + ;; + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff -Nru curl-7.42.1/mkinstalldirs curl-7.43.0/mkinstalldirs --- curl-7.42.1/mkinstalldirs 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/mkinstalldirs 1970-01-01 00:00:00.000000000 +0000 @@ -1,162 +0,0 @@ -#! /bin/sh -# mkinstalldirs --- make directory hierarchy - -scriptversion=2009-04-28.21; # UTC - -# Original author: Noah Friedman -# Created: 1993-05-16 -# Public domain. -# -# This file is maintained in Automake, please report -# bugs to or send patches to -# . - -nl=' -' -IFS=" "" $nl" -errstatus=0 -dirmode= - -usage="\ -Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ... - -Create each directory DIR (with mode MODE, if specified), including all -leading file name components. - -Report bugs to ." - -# process command line arguments -while test $# -gt 0 ; do - case $1 in - -h | --help | --h*) # -h for help - echo "$usage" - exit $? - ;; - -m) # -m PERM arg - shift - test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } - dirmode=$1 - shift - ;; - --version) - echo "$0 $scriptversion" - exit $? - ;; - --) # stop option processing - shift - break - ;; - -*) # unknown option - echo "$usage" 1>&2 - exit 1 - ;; - *) # first non-opt arg - break - ;; - esac -done - -for file -do - if test -d "$file"; then - shift - else - break - fi -done - -case $# in - 0) exit 0 ;; -esac - -# Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and -# mkdir -p a/c at the same time, both will detect that a is missing, -# one will create a, then the other will try to create a and die with -# a "File exists" error. This is a problem when calling mkinstalldirs -# from a parallel make. We use --version in the probe to restrict -# ourselves to GNU mkdir, which is thread-safe. -case $dirmode in - '') - if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then - echo "mkdir -p -- $*" - exec mkdir -p -- "$@" - else - # On NextStep and OpenStep, the 'mkdir' command does not - # recognize any option. It will interpret all options as - # directories to create, and then abort because '.' already - # exists. - test -d ./-p && rmdir ./-p - test -d ./--version && rmdir ./--version - fi - ;; - *) - if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 && - test ! -d ./--version; then - echo "mkdir -m $dirmode -p -- $*" - exec mkdir -m "$dirmode" -p -- "$@" - else - # Clean up after NextStep and OpenStep mkdir. - for d in ./-m ./-p ./--version "./$dirmode"; - do - test -d $d && rmdir $d - done - fi - ;; -esac - -for file -do - case $file in - /*) pathcomp=/ ;; - *) pathcomp= ;; - esac - oIFS=$IFS - IFS=/ - set fnord $file - shift - IFS=$oIFS - - for d - do - test "x$d" = x && continue - - pathcomp=$pathcomp$d - case $pathcomp in - -*) pathcomp=./$pathcomp ;; - esac - - if test ! -d "$pathcomp"; then - echo "mkdir $pathcomp" - - mkdir "$pathcomp" || lasterr=$? - - if test ! -d "$pathcomp"; then - errstatus=$lasterr - else - if test ! -z "$dirmode"; then - echo "chmod $dirmode $pathcomp" - lasterr= - chmod "$dirmode" "$pathcomp" || lasterr=$? - - if test ! -z "$lasterr"; then - errstatus=$lasterr - fi - fi - fi - fi - - pathcomp=$pathcomp/ - done -done - -exit $errstatus - -# Local Variables: -# mode: shell-script -# sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "scriptversion=" -# time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" -# time-stamp-end: "; # UTC" -# End: diff -Nru curl-7.42.1/packages/AIX/Makefile.in curl-7.43.0/packages/AIX/Makefile.in --- curl-7.42.1/packages/AIX/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/packages/AIX/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -78,8 +78,7 @@ build_triplet = @build@ host_triplet = @host@ subdir = packages/AIX -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -100,7 +99,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = diff -Nru curl-7.42.1/packages/AIX/RPM/Makefile.in curl-7.43.0/packages/AIX/RPM/Makefile.in --- curl-7.42.1/packages/AIX/RPM/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/packages/AIX/RPM/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -79,7 +79,7 @@ host_triplet = @host@ subdir = packages/AIX/RPM DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs $(srcdir)/curl.spec.in README + $(srcdir)/curl.spec.in README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -100,7 +100,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = curl.spec diff -Nru curl-7.42.1/packages/EPM/Makefile.in curl-7.43.0/packages/EPM/Makefile.in --- curl-7.42.1/packages/EPM/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/packages/EPM/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -79,7 +79,7 @@ host_triplet = @host@ subdir = packages/EPM DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs $(srcdir)/curl.list.in README + $(srcdir)/curl.list.in README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -100,7 +100,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = curl.list diff -Nru curl-7.42.1/packages/Linux/Makefile.in curl-7.43.0/packages/Linux/Makefile.in --- curl-7.42.1/packages/Linux/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/packages/Linux/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -78,8 +78,7 @@ build_triplet = @build@ host_triplet = @host@ subdir = packages/Linux -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -100,7 +99,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = diff -Nru curl-7.42.1/packages/Linux/RPM/Makefile.in curl-7.43.0/packages/Linux/RPM/Makefile.in --- curl-7.42.1/packages/Linux/RPM/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/packages/Linux/RPM/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -79,8 +79,7 @@ host_triplet = @host@ subdir = packages/Linux/RPM DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs $(srcdir)/curl.spec.in \ - $(srcdir)/curl-ssl.spec.in README + $(srcdir)/curl.spec.in $(srcdir)/curl-ssl.spec.in README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -101,7 +100,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = curl.spec curl-ssl.spec diff -Nru curl-7.42.1/packages/Makefile.in curl-7.43.0/packages/Makefile.in --- curl-7.42.1/packages/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/packages/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -78,8 +78,7 @@ build_triplet = @build@ host_triplet = @host@ subdir = packages -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs README +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -100,7 +99,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = diff -Nru curl-7.42.1/packages/OS400/ccsidcurl.c curl-7.43.0/packages/OS400/ccsidcurl.c --- curl-7.42.1/packages/OS400/ccsidcurl.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/packages/OS400/ccsidcurl.c 2015-06-11 17:50:43.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1154,12 +1154,14 @@ case CURLOPT_PROXYPASSWORD: case CURLOPT_PROXYUSERNAME: case CURLOPT_PROXYUSERPWD: + case CURLOPT_PROXY_SERVICE_NAME: case CURLOPT_RANDOM_FILE: case CURLOPT_RANGE: case CURLOPT_REFERER: case CURLOPT_RTSP_SESSION_ID: case CURLOPT_RTSP_STREAM_URI: case CURLOPT_RTSP_TRANSPORT: + case CURLOPT_SERVICE_NAME: case CURLOPT_SOCKS5_GSSAPI_SERVICE: case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5: case CURLOPT_SSH_KNOWNHOSTS: diff -Nru curl-7.42.1/packages/OS400/curl.inc.in curl-7.43.0/packages/OS400/curl.inc.in --- curl-7.42.1/packages/OS400/curl.inc.in 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/packages/OS400/curl.inc.in 2015-06-12 22:20:46.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1211,6 +1211,10 @@ d c 00233 d CURLOPT_PATH_AS_IS... d c 00234 + d CURLOPT_PROXY_SERVICE_NAME... + d c 10235 + d CURLOPT_SERVICE_NAME... + d c 10236 * /if not defined(CURL_NO_OLDIES) d CURLOPT_FILE c 10001 diff -Nru curl-7.42.1/packages/OS400/README.OS400 curl-7.43.0/packages/OS400/README.OS400 --- curl-7.42.1/packages/OS400/README.OS400 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/packages/OS400/README.OS400 2015-06-11 17:50:43.000000000 +0000 @@ -93,12 +93,14 @@ CURLOPT_PROXYPASSWORD CURLOPT_PROXYUSERNAME CURLOPT_PROXYUSERPWD + CURLOPT_PROXY_SERVICE_NAME CURLOPT_RANDOM_FILE CURLOPT_RANGE CURLOPT_REFERER CURLOPT_RTSP_SESSION_UID CURLOPT_RTSP_STREAM_URI CURLOPT_RTSP_TRANSPORT + CURLOPT_SERVICE_NAME CURLOPT_SOCKS5_GSSAPI_SERVICE CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 Note: SSH not available on OS400. CURLOPT_SSH_KNOWNHOSTS Note: SSH not available on OS400. diff -Nru curl-7.42.1/packages/Solaris/Makefile.in curl-7.43.0/packages/Solaris/Makefile.in --- curl-7.42.1/packages/Solaris/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/packages/Solaris/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -81,8 +81,7 @@ build_triplet = @build@ host_triplet = @host@ subdir = packages/Solaris -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -103,7 +102,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = diff -Nru curl-7.42.1/packages/Symbian/group/libcurl.mmp curl-7.43.0/packages/Symbian/group/libcurl.mmp --- curl-7.42.1/packages/Symbian/group/libcurl.mmp 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/packages/Symbian/group/libcurl.mmp 2015-06-11 17:50:43.000000000 +0000 @@ -39,7 +39,7 @@ http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \ curl_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_ntlm_msgs.c \ curl_sasl.c vtls/schannel.c curl_multibyte.c vtls/darwinssl.c \ - bundles.c conncache.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c \ + conncache.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c \ curl_endian.c curl_des.c USERINCLUDE ../../../lib ../../../include/curl diff -Nru curl-7.42.1/packages/vms/Makefile.in curl-7.43.0/packages/vms/Makefile.in --- curl-7.42.1/packages/vms/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/packages/vms/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -78,8 +78,7 @@ build_triplet = @build@ host_triplet = @host@ subdir = packages/vms -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -100,7 +99,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = diff -Nru curl-7.42.1/packages/Win32/cygwin/Makefile.in curl-7.43.0/packages/Win32/cygwin/Makefile.in --- curl-7.42.1/packages/Win32/cygwin/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/packages/Win32/cygwin/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -78,8 +78,7 @@ build_triplet = @build@ host_triplet = @host@ subdir = packages/Win32/cygwin -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs README +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -100,7 +99,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = diff -Nru curl-7.42.1/packages/Win32/Makefile.in curl-7.43.0/packages/Win32/Makefile.in --- curl-7.42.1/packages/Win32/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/packages/Win32/Makefile.in 2015-06-15 21:31:48.000000000 +0000 @@ -78,8 +78,7 @@ build_triplet = @build@ host_triplet = @host@ subdir = packages/Win32 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs README +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -100,7 +99,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = diff -Nru curl-7.42.1/projects/Windows/VC10/lib/libcurl.vcxproj curl-7.43.0/projects/Windows/VC10/lib/libcurl.vcxproj --- curl-7.42.1/projects/Windows/VC10/lib/libcurl.vcxproj 2015-04-29 06:08:49.000000000 +0000 +++ curl-7.43.0/projects/Windows/VC10/lib/libcurl.vcxproj 2015-06-17 05:57:03.000000000 +0000 @@ -1987,7 +1987,6 @@ - @@ -2104,7 +2103,6 @@ - diff -Nru curl-7.42.1/projects/Windows/VC11/lib/libcurl.vcxproj curl-7.43.0/projects/Windows/VC11/lib/libcurl.vcxproj --- curl-7.42.1/projects/Windows/VC11/lib/libcurl.vcxproj 2015-04-29 06:08:50.000000000 +0000 +++ curl-7.43.0/projects/Windows/VC11/lib/libcurl.vcxproj 2015-06-17 05:57:03.000000000 +0000 @@ -2035,7 +2035,6 @@ - @@ -2152,7 +2151,6 @@ - diff -Nru curl-7.42.1/projects/Windows/VC12/lib/libcurl.vcxproj curl-7.43.0/projects/Windows/VC12/lib/libcurl.vcxproj --- curl-7.42.1/projects/Windows/VC12/lib/libcurl.vcxproj 2015-04-29 06:08:49.000000000 +0000 +++ curl-7.43.0/projects/Windows/VC12/lib/libcurl.vcxproj 2015-06-17 05:57:03.000000000 +0000 @@ -2035,7 +2035,6 @@ - @@ -2152,7 +2151,6 @@ - diff -Nru curl-7.42.1/projects/Windows/VC6/lib/libcurl.dsp curl-7.43.0/projects/Windows/VC6/lib/libcurl.dsp --- curl-7.42.1/projects/Windows/VC6/lib/libcurl.dsp 2015-04-29 06:08:49.000000000 +0000 +++ curl-7.43.0/projects/Windows/VC6/lib/libcurl.dsp 2015-06-17 05:57:03.000000000 +0000 @@ -746,10 +746,6 @@ # End Source File # Begin Source File -SOURCE=..\..\..\..\lib\bundles.c -# End Source File -# Begin Source File - SOURCE=..\..\..\..\lib\conncache.c # End Source File # Begin Source File @@ -1210,10 +1206,6 @@ # End Source File # Begin Source File -SOURCE=..\..\..\..\lib\bundles.h -# End Source File -# Begin Source File - SOURCE=..\..\..\..\lib\config-win32.h # End Source File # Begin Source File diff -Nru curl-7.42.1/projects/Windows/VC7/lib/libcurl.vcproj curl-7.43.0/projects/Windows/VC7/lib/libcurl.vcproj --- curl-7.42.1/projects/Windows/VC7/lib/libcurl.vcproj 2015-04-29 06:08:49.000000000 +0000 +++ curl-7.43.0/projects/Windows/VC7/lib/libcurl.vcproj 2015-06-17 05:57:03.000000000 +0000 @@ -1122,9 +1122,6 @@ RelativePath="..\..\..\..\lib\base64.c"> - - - - - - - - - - @@ -4053,10 +4049,6 @@ > - - diff -Nru curl-7.42.1/projects/Windows/VC9/lib/libcurl.vcproj curl-7.43.0/projects/Windows/VC9/lib/libcurl.vcproj --- curl-7.42.1/projects/Windows/VC9/lib/libcurl.vcproj 2015-04-29 06:08:49.000000000 +0000 +++ curl-7.43.0/projects/Windows/VC9/lib/libcurl.vcproj 2015-06-17 05:57:03.000000000 +0000 @@ -3574,10 +3574,6 @@ > - - @@ -3994,10 +3990,6 @@ > - - diff -Nru curl-7.42.1/README curl-7.43.0/README --- curl-7.42.1/README 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/README 2015-06-16 05:46:48.000000000 +0000 @@ -38,12 +38,12 @@ To download the very latest source off the GIT server do this: - git clone git://github.com/bagder/curl.git + git clone https://github.com/bagder/curl.git (you'll get a directory named curl created, filled with the source code) NOTICE Curl contains pieces of source code that is Copyright (c) 1998, 1999 - Kungliga Tekniska Hgskolan. This notice is included here to comply with the + Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms. diff -Nru curl-7.42.1/RELEASE-NOTES curl-7.43.0/RELEASE-NOTES --- curl-7.42.1/RELEASE-NOTES 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/RELEASE-NOTES 2015-06-17 05:47:21.000000000 +0000 @@ -1,22 +1,92 @@ -Curl and libcurl 7.42.1 +Curl and libcurl 7.43.0 - Public curl releases: 146 - Command line options: 173 - curl_easy_setopt() options: 216 + Public curl releases: 147 + Command line options: 176 + curl_easy_setopt() options: 219 Public functions in libcurl: 58 - Contributors: 1265 + Contributors: 1291 + +This release includes the following changes: + + o Added CURLOPT_PROXY_SERVICE_NAME[11] + o Added CURLOPT_SERVICE_NAME[12] + o New curl option: --proxy-service-name[13] + o Mew curl option: --service-name [14] + o New curl option: --data-raw [5] + o Added CURLOPT_PIPEWAIT [15] + o Added support for multiplexing transfers using HTTP/2, enable this + with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING [16] + o HTTP/2: requires nghttp2 1.0.0 or later + o scripts: add zsh.pl for generating zsh completion + o curl.h: add CURL_HTTP_VERSION_2 This release includes the following bugfixes: - o CURLOPT_HEADEROPT: default to separate [5] - o dist: include {src,lib}/checksrc.whitelist [1] - o connectionexists: fix build without NTLM [2] - o docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too - o curl -z: do not write empty file on unmet condition [3] - o openssl: fix serial number output [4] + o CVE-2015-3236: lingering HTTP credentials in connection re-use [30] + o CVE-2015-3237: SMB send off unrelated memory contents [31] + o nss: fix compilation failure with old versions of NSS [1] o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION - o sws: init http2 state properly - o curl.1: fix typo + o schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error + o Curl_ossl_init: load builtin modules [2] + o configure: follow-up fix for krb5-config [3] + o sasl_sspi: Populate domain from the realm in the challenge [4] + o netrc: support 'default' token + o README: convert to UTF-8 + o cyassl: Implement public key pinning + o nss: implement public key pinning for NSS backend + o mingw build: add arch -m32/-m64 to LDFLAGS + o schannel: Fix out of bounds array [6] + o configure: remove autogenerated files by autoconf + o configure: remove --automake from libtoolize call + o acinclude.m4: fix shell test for default CA cert bundle/path + o schannel: fix regression in schannel_recv [7] + o openssl: skip trace outputs for ssl_ver == 0 [8] + o gnutls: properly retrieve certificate status + o netrc: Read in text mode when cygwin [9] + o winbuild: Document the option used to statically link the CRT [10] + o FTP: Make EPSV use the control IP address rather than the original host + o FTP: fix dangling conn->ip_addr dereference on verbose EPSV + o conncache: keep bundles on host+port bases, not only host names + o runtests.pl: use 'h2c' now, no -14 anymore + o curlver: introducing new version number (checking) macros + o openssl: boringssl build brekage, use SSL_CTX_set_msg_callback [17] + o CURLOPT_POSTFIELDS.3: correct variable names [18] + o curl_easy_unescape.3: update RFC reference [19] + o gnutls: don't fail on non-fatal alerts during handshake + o testcurl.pl: allow source to be in an arbitrary directory + o CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy + o SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description [20] + o parse_proxy: switch off tunneling if non-HTTP proxy [21] + o share_init: fix OOM crash + o perl: remove subdir, not touched in 9 years + o CURLOPT_COOKIELIST.3: Add example + o CURLOPT_COOKIE.3: Explain that the cookies won't be modified [22] + o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23] + o FAQ: How do I port libcurl to my OS? + o openssl: Use TLS_client_method for OpenSSL 1.1.0+ + o HTTP-NTLM: fail auth on connection close instead of looping [24] + o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25] + o curl_getdate.3: update RFC reference + o curl_multi_info_read.3: added example + o curl_multi_perform.3: added example + o curl_multi_timeout.3: added example + o cookie: Stop exporting any-domain cookies [26] + o openssl: remove dummy callback use from SSL_CTX_set_verify() + o openssl: remove SSL_get_session()-using code + o openssl: removed USERDATA_IN_PWD_CALLBACK kludge + o openssl: removed error string #ifdef + o openssl: Fix verification of server-sent legacy intermediates [27] + o docs: man page indentation and syntax fixes + o docs: Spelling fixes + o fopen.c: fix a few compiler warnings + o CURLOPT_OPENSOCKETFUNCTION: return error at once [28] + o schannel: Add support for optional client certificates + o build: Properly detect OpenSSL 1.0.2 when using configure + o urldata: store POST size in state.infilesize too [29] + o security:choose_mech remove dead code + o rtsp_do: remove dead code + o docs: many HTTP URIs changed to HTTPS + o schannel: schannel_recv overhaul [32] This release includes the following known bugs: @@ -25,17 +95,51 @@ This release would not have looked like this without help, code, reports and advice from friends like these: - Alessandro Ghedini, Alexander Elgert, Daniel Stenberg, Kamil Dudka, - Oren Souroujon, Patrick Rapin, Viktor Szakáts, Yehezkel Horowitz, - (8 contributors) + Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina, + Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman, + Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg, + Dmitry Eremin-Solenikov, Drake Arconis, Egon Eckert, Frank Meier, Fred Stluka, + Gisle Vanem, Grant Pannell, Isaac Boukris, Jens Rantil, Joel Depooter, + Kamil Dudka, Linus Nielsen Feltzing, Linus Nielsen Feltzing Feltzing, + Liviu Chircu, Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh, + Patrick Monnerat, Patrick Rapin, Paul Howarth, Paul Oliver, Rafayel Mkrtchyan, + Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Tomas Tomecek, Viktor Szakáts, + Ville Skyttä, Yehezkel Horowitz, + (43 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = http://curl.haxx.se/mail/archive-2015-04/0046.html - [2] = http://curl.haxx.se/bug/?i=231 - [3] = https://github.com/bagder/curl/issues/237 - [4] = https://github.com/bagder/curl/issues/235 - [5] = http://curl.haxx.se/docs/adv_20150429.html - \ No newline at end of file + [1] = http://curl.haxx.se/mail/lib-2015-04/0095.html + [2] = https://github.com/bagder/curl/pull/206 + [3] = https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445 + [4] = https://github.com/bagder/curl/pull/141 + [5] = https://github.com/bagder/curl/issues/198 + [6] = http://curl.haxx.se/mail/lib-2015-04/0199.html + [7] = https://github.com/bagder/curl/issues/244 + [8] = https://github.com/bagder/curl/issues/219 + [9] = https://github.com/bagder/curl/pull/258 + [10] = https://github.com/bagder/curl/issues/254 + [11] = http://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SERVICE_NAME.html + [12] = http://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html + [13] = http://curl.haxx.se/docs/manpage.html#--proxy-service-name + [14] = http://curl.haxx.se/docs/manpage.html#--service-name + [15] = http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html + [16] = http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html + [17] = https://github.com/bagder/curl/issues/275 + [18] = https://github.com/bagder/curl/issues/281 + [19] = https://github.com/bagder/curl/issues/282 + [20] = https://github.com/bagder/curl/issues/267 + [21] = http://curl.haxx.se/mail/lib-2015-05/0056.html + [22] = http://curl.haxx.se/mail/lib-2015-05/0115.html + [23] = http://curl.haxx.se/mail/lib-2015-05/0137.html + [24] = https://github.com/bagder/curl/issues/256 + [25] = https://github.com/bagder/curl/pull/258#issuecomment-107093055 + [26] = https://github.com/bagder/curl/issues/292 + [27] = https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest + [28] = http://curl.haxx.se/mail/lib-2015-06/0047.html + [29] = http://curl.haxx.se/mail/lib-2015-06/0019.html + [30] = http://curl.haxx.se/docs/adv_20150617A.html + [31] = http://curl.haxx.se/docs/adv_20150617B.html + [32] = https://github.com/bagder/curl/issues/244 diff -Nru curl-7.42.1/scripts/zsh.pl curl-7.43.0/scripts/zsh.pl --- curl-7.42.1/scripts/zsh.pl 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/scripts/zsh.pl 2015-06-11 17:50:43.000000000 +0000 @@ -0,0 +1,77 @@ +#!/usr/bin/perl + +# Generate ZSH completion + +use strict; +use warnings; + +my $curl = $ARGV[0] || 'curl'; + +my $regex = '\s+(?:(-[^\s]+),\s)?(--[^\s]+)\s([^\s.]+)?\s+(.*)'; +my @opts = parse_main_opts('--help', $regex); + +my $opts_str; + +$opts_str .= qq{ $_ \\\n} foreach (@opts); +chomp $opts_str; + +my $tmpl = <<"EOS"; +#compdef curl + +# curl zsh completion + +local curcontext="\$curcontext" state state_descr line +typeset -A opt_args + +local rc=1 + +_arguments -C -S \\ +$opts_str + '*:URL:_urls' && rc=0 + +return rc +EOS + +print $tmpl; + +sub parse_main_opts { + my ($cmd, $regex) = @_; + + my @list; + my @lines = split /\n/, `"$curl" $cmd`; + + foreach my $line (@lines) { + my ($short, $long, $arg, $desc) = ($line =~ /^$regex/) or next; + + my $option = ''; + + $desc =~ s/'/''/g if defined $desc; + $desc =~ s/\[/\\\[/g if defined $desc; + $desc =~ s/\]/\\\]/g if defined $desc; + + $option .= '{' . trim($short) . ',' if defined $short; + $option .= trim($long) if defined $long; + $option .= '}' if defined $short; + $option .= '\'[' . trim($desc) . ']\'' if defined $desc; + + $option .= ":$arg" if defined $arg; + + $option .= ':_files' + if defined $arg and ($arg eq 'FILE' || $arg eq 'DIR'); + + push @list, $option; + } + + # Sort longest first, because zsh won't complete an option listed + # after one that's a prefix of it. + @list = sort { + $a =~ /([^=]*)/; my $ma = $1; + $b =~ /([^=]*)/; my $mb = $1; + + length($mb) <=> length($ma) + } @list; + + return @list; +} + +sub trim { my $s = shift; $s =~ s/^\s+|\s+$//g; return $s }; diff -Nru curl-7.42.1/src/checksrc.whitelist curl-7.43.0/src/checksrc.whitelist --- curl-7.42.1/src/checksrc.whitelist 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/src/checksrc.whitelist 2015-06-11 17:50:43.000000000 +0000 @@ -1,3 +1,3 @@ * 'name=@filename,filename2,filename3' * 'name=@filename;type=image/gif,filename2,filename3' - \ No newline at end of file + file = fopen(name, "r"); /* VMS */ diff -Nru curl-7.42.1/src/Makefile.b32 curl-7.43.0/src/Makefile.b32 --- curl-7.42.1/src/Makefile.b32 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/src/Makefile.b32 2015-06-11 17:50:43.000000000 +0000 @@ -27,7 +27,7 @@ # Edit the path below to point to the base of your OpenSSL package. !ifndef OPENSSL_PATH -OPENSSL_PATH = ..\..\openssl-0.9.8zc +OPENSSL_PATH = ..\..\openssl-1.0.2a !endif # Set program's name diff -Nru curl-7.42.1/src/Makefile.in curl-7.43.0/src/Makefile.in --- curl-7.42.1/src/Makefile.in 2015-04-29 06:07:44.000000000 +0000 +++ curl-7.43.0/src/Makefile.in 2015-06-15 21:31:49.000000000 +0000 @@ -91,8 +91,7 @@ bin_PROGRAMS = curl$(EXEEXT) @USE_CPPFLAG_CURL_STATICLIB_TRUE@am__append_1 = -DCURL_STATICLIB DIST_COMMON = $(srcdir)/Makefile.inc $(srcdir)/Makefile.in \ - $(srcdir)/Makefile.am $(top_srcdir)/mkinstalldirs \ - $(top_srcdir)/depcomp + $(srcdir)/Makefile.am $(top_srcdir)/depcomp subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ @@ -114,7 +113,7 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = diff -Nru curl-7.42.1/src/Makefile.m32 curl-7.43.0/src/Makefile.m32 --- curl-7.42.1/src/Makefile.m32 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/src/Makefile.m32 2015-06-11 17:50:43.000000000 +0000 @@ -1,7 +1,7 @@ ########################################################################### # ## Makefile for building curl.exe with MingW (GCC-3.2 or later) -## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3) +## and optionally OpenSSL (1.0.2a), libssh2 (1.5), zlib (1.2.8), librtmp (2.4) ## ## Usage: mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...] ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn @@ -18,19 +18,19 @@ endif # Edit the path below to point to the base of your OpenSSL package. ifndef OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a endif # Edit the path below to point to the base of your LibSSH2 package. ifndef LIBSSH2_PATH -LIBSSH2_PATH = ../../libssh2-1.4.3 +LIBSSH2_PATH = ../../libssh2-1.5.0 endif # Edit the path below to point to the base of your librtmp package. ifndef LIBRTMP_PATH -LIBRTMP_PATH = ../../librtmp-2.3 +LIBRTMP_PATH = ../../librtmp-2.4 endif # Edit the path below to point to the base of your libmetalink package. ifndef LIBMETALINK_PATH -LIBMETALINK_PATH = ../../libmetalink-0.1.2 +LIBMETALINK_PATH = ../../libmetalink-0.1.3 endif # Edit the path below to point to the base of your libexpat package. ifndef LIBEXPAT_PATH @@ -38,15 +38,15 @@ endif # Edit the path below to point to the base of your libxml2 package. ifndef LIBXML2_PATH -LIBXML2_PATH = ../../libxml2-2.9.0 +LIBXML2_PATH = ../../libxml2-2.9.2 endif # Edit the path below to point to the base of your libidn package. ifndef LIBIDN_PATH -LIBIDN_PATH = ../../libidn-1.18 +LIBIDN_PATH = ../../libidn-1.30 endif # Edit the path below to point to the base of your MS IDN package. # Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1 -# http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815 +# https://www.microsoft.com/en-us/download/details.aspx?id=734 ifndef WINIDN_PATH WINIDN_PATH = ../../Microsoft IDN Mitigation APIs endif @@ -56,7 +56,7 @@ endif # Edit the path below to point to the base of your nghttp2 package. ifndef NGHTTP2_PATH -NGHTTP2_PATH = ../../nghttp2-0.6.7 +NGHTTP2_PATH = ../../nghttp2-1.0.0 endif PROOT = .. diff -Nru curl-7.42.1/src/Makefile.netware curl-7.43.0/src/Makefile.netware --- curl-7.42.1/src/Makefile.netware 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/src/Makefile.netware 2015-06-11 17:50:43.000000000 +0000 @@ -19,12 +19,12 @@ # Edit the path below to point to the base of your OpenSSL package. ifndef OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a endif # Edit the path below to point to the base of your LibSSH2 package. ifndef LIBSSH2_PATH -LIBSSH2_PATH = ../../libssh2-1.4.3 +LIBSSH2_PATH = ../../libssh2-1.5.0 endif # Edit the path below to point to the base of your axTLS package. diff -Nru curl-7.42.1/src/Makefile.vc10 curl-7.43.0/src/Makefile.vc10 --- curl-7.42.1/src/Makefile.vc10 2015-04-29 06:08:50.000000000 +0000 +++ curl-7.43.0/src/Makefile.vc10 2015-06-17 05:57:03.000000000 +0000 @@ -56,7 +56,7 @@ !IFNDEF OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a !ENDIF !IFNDEF ZLIB_PATH @@ -77,7 +77,7 @@ # If, for some reason the Windows SDK is installed but not installed # in the default location, you can specify WINDOWS_SDK_PATH. # It can be downloaded from: -# http://www.microsoft.com/msdownload/platformsdk/sdkupdate/ +# https://msdn.microsoft.com/windows/bb980924.aspx # WINDOWS_SSPI = 1 diff -Nru curl-7.42.1/src/Makefile.vc6 curl-7.43.0/src/Makefile.vc6 --- curl-7.42.1/src/Makefile.vc6 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/src/Makefile.vc6 2015-06-11 17:50:43.000000000 +0000 @@ -56,7 +56,7 @@ !IFNDEF OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a !ENDIF !IFNDEF ZLIB_PATH @@ -77,7 +77,7 @@ # If, for some reason the Windows SDK is installed but not installed # in the default location, you can specify WINDOWS_SDK_PATH. # It can be downloaded from: -# http://www.microsoft.com/msdownload/platformsdk/sdkupdate/ +# https://msdn.microsoft.com/windows/bb980924.aspx # WINDOWS_SSPI = 1 diff -Nru curl-7.42.1/src/Makefile.vc8 curl-7.43.0/src/Makefile.vc8 --- curl-7.42.1/src/Makefile.vc8 2015-04-29 06:08:50.000000000 +0000 +++ curl-7.43.0/src/Makefile.vc8 2015-06-17 05:57:03.000000000 +0000 @@ -56,7 +56,7 @@ !IFNDEF OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a !ENDIF !IFNDEF ZLIB_PATH @@ -77,7 +77,7 @@ # If, for some reason the Windows SDK is installed but not installed # in the default location, you can specify WINDOWS_SDK_PATH. # It can be downloaded from: -# http://www.microsoft.com/msdownload/platformsdk/sdkupdate/ +# https://msdn.microsoft.com/windows/bb980924.aspx # WINDOWS_SSPI = 1 diff -Nru curl-7.42.1/src/Makefile.vc9 curl-7.43.0/src/Makefile.vc9 --- curl-7.42.1/src/Makefile.vc9 2015-04-29 06:08:50.000000000 +0000 +++ curl-7.43.0/src/Makefile.vc9 2015-06-17 05:57:03.000000000 +0000 @@ -56,7 +56,7 @@ !IFNDEF OPENSSL_PATH -OPENSSL_PATH = ../../openssl-0.9.8zc +OPENSSL_PATH = ../../openssl-1.0.2a !ENDIF !IFNDEF ZLIB_PATH @@ -77,7 +77,7 @@ # If, for some reason the Windows SDK is installed but not installed # in the default location, you can specify WINDOWS_SDK_PATH. # It can be downloaded from: -# http://www.microsoft.com/msdownload/platformsdk/sdkupdate/ +# https://msdn.microsoft.com/windows/bb980924.aspx # WINDOWS_SSPI = 1 diff -Nru curl-7.42.1/src/Makefile.Watcom curl-7.43.0/src/Makefile.Watcom --- curl-7.42.1/src/Makefile.Watcom 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/src/Makefile.Watcom 2015-06-11 17:50:43.000000000 +0000 @@ -96,7 +96,7 @@ !ifdef %libssh2_root LIBSSH2_ROOT = $(%libssh2_root) !else -LIBSSH2_ROOT = ../../libssh2-1.4.3 +LIBSSH2_ROOT = ../../libssh2-1.5.0 !endif !ifdef %librtmp_root @@ -108,7 +108,7 @@ !ifdef %openssl_root OPENSSL_ROOT = $(%openssl_root) !else -OPENSSL_ROOT = ../../openssl-0.9.8zc +OPENSSL_ROOT = ../../openssl-1.0.2a !endif !ifdef %ares_root diff -Nru curl-7.42.1/src/tool_cb_dbg.c curl-7.43.0/src/tool_cb_dbg.c --- curl-7.42.1/src/tool_cb_dbg.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/src/tool_cb_dbg.c 2015-06-11 17:50:43.000000000 +0000 @@ -79,7 +79,7 @@ /* Ok, this is somewhat hackish but we do it undocumented for now */ config->trace_stream = config->errors; /* aka stderr */ else { - config->trace_stream = fopen(config->trace_dump, "w"); + config->trace_stream = fopen(config->trace_dump, FOPEN_WRITETEXT); config->trace_fopened = TRUE; } } diff -Nru curl-7.42.1/src/tool_cfgable.c curl-7.43.0/src/tool_cfgable.c --- curl-7.42.1/src/tool_cfgable.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/src/tool_cfgable.c 2015-06-12 22:20:46.000000000 +0000 @@ -136,6 +136,8 @@ Curl_safefree(config->socksproxy); Curl_safefree(config->socks5_gssapi_service); + Curl_safefree(config->proxy_service_name); + Curl_safefree(config->service_name); Curl_safefree(config->ftp_account); Curl_safefree(config->ftp_alternative_to_user); diff -Nru curl-7.42.1/src/tool_cfgable.h curl-7.43.0/src/tool_cfgable.h --- curl-7.42.1/src/tool_cfgable.h 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/src/tool_cfgable.h 2015-06-12 22:20:46.000000000 +0000 @@ -166,8 +166,12 @@ int socksver; /* set to CURLPROXY_SOCKS* define */ char *socks5_gssapi_service; /* set service name for gssapi principal * default rcmd */ + char *proxy_service_name; /* set service name for proxy negotiation + * default HTTP */ int socks5_gssapi_nec ; /* The NEC reference server does not protect * the encryption type exchange */ + char *service_name; /* set negotiation service name + * default HTTP */ bool tcp_nodelay; long req_retry; /* number of retries */ diff -Nru curl-7.42.1/src/tool_easysrc.c curl-7.43.0/src/tool_easysrc.c --- curl-7.42.1/src/tool_easysrc.c 2015-04-23 10:09:24.000000000 +0000 +++ curl-7.43.0/src/tool_easysrc.c 2015-06-11 17:50:43.000000000 +0000 @@ -176,7 +176,7 @@ FILE *out; bool fopened = FALSE; if(strcmp(o, "-")) { - out = fopen(o, "w"); + out = fopen(o, FOPEN_WRITETEXT); fopened = TRUE; } else diff -Nru curl-7.42.1/src/tool_getparam.c curl-7.43.0/src/tool_getparam.c --- curl-7.42.1/src/tool_getparam.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/src/tool_getparam.c 2015-06-12 22:20:46.000000000 +0000 @@ -145,7 +145,7 @@ {"$v", "ssl-reqd", FALSE}, /* 'ssl-reqd' new in 7.20.0, previously this was ftp-ssl-reqd */ {"$w", "sessionid", FALSE}, - /* sessionid' listed as --no-sessionid in the help */ + /* 'sessionid' listed as --no-sessionid in the help */ {"$x", "ftp-ssl-control", FALSE}, {"$y", "ftp-ssl-ccc", FALSE}, {"$j", "ftp-ssl-ccc-mode", TRUE}, @@ -161,6 +161,8 @@ #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) {"$6", "socks5-gssapi-service", TRUE}, {"$7", "socks5-gssapi-nec", FALSE}, + {"$O", "proxy-service-name", TRUE}, + {"$P", "service-name", TRUE}, #endif {"$8", "proxy1.0", TRUE}, {"$9", "tftp-blksize", TRUE}, @@ -196,6 +198,7 @@ {"c", "cookie-jar", TRUE}, {"C", "continue-at", TRUE}, {"d", "data", TRUE}, + {"dr", "data-raw", TRUE}, {"da", "data-ascii", TRUE}, {"db", "data-binary", TRUE}, {"de", "data-urlencode", TRUE}, @@ -678,7 +681,7 @@ case 'v': /* --stderr */ if(strcmp(nextarg, "-")) { - FILE *newfile = fopen(nextarg, "wt"); + FILE *newfile = fopen(nextarg, FOPEN_WRITETEXT); if(!newfile) warnf(global, "Failed to open %s!\n", nextarg); else { @@ -902,6 +905,12 @@ case '7': /* --socks5-gssapi-nec*/ config->socks5_gssapi_nec = toggle; break; + case 'O': /* --proxy-service-name */ + GetStr(&config->proxy_service_name, nextarg); + break; + case 'P': /* --service-name */ + GetStr(&config->service_name, nextarg); + break; #endif case '8': /* --proxy1.0 */ /* http 1.0 proxy */ @@ -1099,6 +1108,7 @@ char *postdata = NULL; FILE *file; size_t size = 0; + bool raw_mode = (subletter == 'r'); if(subletter == 'e') { /* --data-urlencode*/ /* [name]=[content], we encode the content part only @@ -1124,7 +1134,6 @@ } if('@' == is_file) { /* a '@' letter, it means that a file name or - (stdin) follows */ - if(curlx_strequal("-", p)) { file = stdin; set_binmode(stdin); @@ -1185,7 +1194,7 @@ return PARAM_NO_MEM; } } - else if('@' == *nextarg) { + else if('@' == *nextarg && !raw_mode) { /* the data begins with a '@' letter, it means that a file name or - (stdin) follows */ nextarg++; /* pass the @ */ @@ -1739,7 +1748,7 @@ } else { fname = nextarg; - file = fopen(nextarg, "r"); + file = fopen(nextarg, FOPEN_READTEXT); } err = file2string(&config->writeout, file); if(file && (file != stdin)) diff -Nru curl-7.42.1/src/tool_help.c curl-7.43.0/src/tool_help.c --- curl-7.42.1/src/tool_help.c 2015-04-29 06:06:52.000000000 +0000 +++ curl-7.43.0/src/tool_help.c 2015-06-14 21:31:01.000000000 +0000 @@ -65,6 +65,7 @@ " --crlf Convert LF to CRLF in upload", " --crlfile FILE Get a CRL list in PEM format from the given file", " -d, --data DATA HTTP POST data (H)", + " --data-raw DATA HTTP POST data, '@' allowed (H)", " --data-ascii DATA HTTP POST ASCII data (H)", " --data-binary DATA HTTP POST binary data (H)", " --data-urlencode DATA HTTP POST data url encoded (H)", @@ -142,7 +143,7 @@ " -n, --netrc Must read .netrc for user name and password", " --netrc-optional Use either .netrc or URL; overrides -n", " --netrc-file FILE Specify FILE for netrc", - " -: --next " + " -:, --next " "Allows the following URL to use a separate set of options", " --no-alpn Disable the ALPN TLS extension (H)", " -N, --no-buffer Disable buffering of the output stream", @@ -156,7 +157,7 @@ " --pass PASS Pass phrase for the private key (SSL/SSH)", " --path-as-is Do not squash .. sequences in URL path", " --pinnedpubkey FILE Public key (PEM/DER) to verify peer against " - "(OpenSSL/GnuTLS/GSKit only)", + "(OpenSSL/GnuTLS/NSS/wolfSSL/CyaSSL/GSKit only)", " --post301 " "Do not switch to GET after following a 301 redirect (H)", " --post302 " @@ -173,6 +174,10 @@ " --proxy-negotiate " "Use HTTP Negotiate (SPNEGO) authentication on the proxy (H)", " --proxy-ntlm Use NTLM authentication on the proxy (H)", +#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) + " --proxy-service-name NAME SPNEGO proxy service name", + " --service-name NAME SPNEGO service name", +#endif " -U, --proxy-user USER[:PASSWORD] Proxy user and password", " --proxy1.0 HOST[:PORT] Use HTTP/1.0 proxy on given port", " -p, --proxytunnel Operate through a HTTP proxy tunnel (using CONNECT)", diff -Nru curl-7.42.1/src/tool_hugehelp.c curl-7.43.0/src/tool_hugehelp.c --- curl-7.42.1/src/tool_hugehelp.c 2015-04-29 06:08:46.000000000 +0000 +++ curl-7.43.0/src/tool_hugehelp.c 2015-06-16 07:13:08.000000000 +0000 @@ -2,7 +2,7 @@ #ifndef HAVE_LIBZ /* * NEVER EVER edit this manually, fix the mkhelp.pl script instead! - * Generation time: Wed Apr 29 08:08:46 2015 + * Generation time: Tue Jun 16 09:13:08 2015 */ #ifdef USE_MANUAL #include "tool_hugehelp.h" @@ -359,13 +359,13 @@ " (SSL) Specifies which ciphers to use in the connection. The list\n" " of ciphers must specify valid ciphers. Read up on SSL cipher\n" " list details on this URL:\n" -" http://www.openssl.org/docs/apps/ciphers.html\n" +" https://www.openssl.org/docs/apps/ciphers.html\n" "\n" " NSS ciphers are done differently than OpenSSL and GnuTLS. The\n" , stdout); fputs( " full list of NSS ciphers is in the NSSCipherSuite entry at this\n" -" URL: http://git.fedora-\n" +" URL: https://git.fedora-\n" " hosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\n" "\n" " If this option is used several times, the last one will be used.\n" @@ -425,38 +425,44 @@ fputs( " application/x-www-form-urlencoded. Compare to -F, --form.\n" "\n" -" -d, --data is the same as --data-ascii. To post data purely\n" -" binary, you should instead use the --data-binary option. To URL-\n" -" encode the value of a form field you may use --data-urlencode.\n" +" -d, --data is the same as --data-ascii. --data-raw is almost the\n" +" same but does not have a special interpretation of the @ charac-\n" +" ter. To post data purely binary, you should instead use the\n" +" --data-binary option. To URL-encode the value of a form field\n" +" you may use --data-urlencode.\n" "\n" -" If any of these options is used more than once on the same com-\n" -" mand line, the data pieces specified will be merged together\n" , stdout); fputs( +" If any of these options is used more than once on the same com-\n" +" mand line, the data pieces specified will be merged together\n" " with a separating &-symbol. Thus, using '-d name=daniel -d\n" " skill=lousy' would generate a post chunk that looks like\n" " 'name=daniel&skill=lousy'.\n" "\n" " If you start the data with the letter @, the rest should be a\n" -" file name to read the data from, or - if you want curl to read\n" -" the data from stdin. Multiple files can also be specified. Post-\n" , stdout); fputs( +" file name to read the data from, or - if you want curl to read\n" +" the data from stdin. Multiple files can also be specified. Post-\n" " ing data from a file named 'foobar' would thus be done with\n" " --data @foobar. When --data is told to read from a file like\n" -" that, carriage returns and newlines will be stripped out.\n" +" that, carriage returns and newlines will be stripped out. If you\n" +" don't want the @ character to have a special interpretation use\n" +, stdout); + fputs( +" --data-raw instead.\n" "\n" " -D, --dump-header \n" " Write the protocol headers to the specified file.\n" "\n" " This option is handy to use when you want to store the headers\n" " that an HTTP site sends to you. Cookies from the headers could\n" -, stdout); - fputs( " then be read in a second curl invocation by using the -b,\n" " --cookie option! The -c, --cookie-jar option is a better way to\n" " store cookies.\n" "\n" +, stdout); + fputs( " When used in FTP, the FTP server response lines are considered\n" " being \"headers\" and thus are saved there.\n" "\n" @@ -466,30 +472,35 @@ " See -d, --data.\n" "\n" " --data-binary \n" -, stdout); - fputs( " (HTTP) This posts data exactly as specified with no extra pro-\n" " cessing whatsoever.\n" "\n" " If you start the data with the letter @, the rest should be a\n" +, stdout); + fputs( " filename. Data is posted in a similar manner as --data-ascii\n" " does, except that newlines and carriage returns are preserved\n" " and conversions are never done.\n" "\n" " If this option is used several times, the ones following the\n" +" first will append data as described in -d, --data.\n" +"\n" +" --data-raw \n" +" (HTTP) This posts data similarly to --data but without the spe-\n" , stdout); fputs( -" first will append data as described in -d, --data.\n" +" cial interpretation of the @ character. See -d, --data. (Added\n" +" in 7.43.0)\n" "\n" " --data-urlencode \n" " (HTTP) This posts data, similar to the other --data options with\n" " the exception that this performs URL-encoding. (Added in 7.18.0)\n" " To be CGI-compliant, the part should begin with a name\n" " followed by a separator and a content specification. The \n" -" part can be passed to curl using one of the following syntaxes:\n" -"\n" , stdout); fputs( +" part can be passed to curl using one of the following syntaxes:\n" +"\n" " content\n" " This will make curl URL-encode the content and pass that\n" " on. Just be careful so that the content doesn't contain\n" @@ -498,10 +509,10 @@ "\n" " =content\n" " This will make curl URL-encode the content and pass that\n" -" on. The preceding = symbol is not included in the data.\n" -"\n" , stdout); fputs( +" on. The preceding = symbol is not included in the data.\n" +"\n" " name=content\n" " This will make curl URL-encode the content part and pass\n" " that on. Note that the name part is expected to be URL-\n" @@ -510,11 +521,11 @@ " @filename\n" " This will make curl load data from the given file\n" " (including any newlines), URL-encode that data and pass\n" +, stdout); + fputs( " it on in the POST.\n" "\n" " name@filename\n" -, stdout); - fputs( " This will make curl load data from the given file\n" " (including any newlines), URL-encode that data and pass\n" " it on in the POST. The name part gets an equal sign\n" @@ -522,9 +533,9 @@ " that the name is expected to be URL-encoded already.\n" "\n" " --delegation LEVEL\n" -" Set LEVEL to tell the server what it is allowed to delegate when\n" , stdout); fputs( +" Set LEVEL to tell the server what it is allowed to delegate when\n" " it comes to user credentials. Used with GSS/kerberos.\n" "\n" " none Don't allow any delegation.\n" @@ -536,9 +547,9 @@ " always Unconditionally allow the server to delegate.\n" "\n" " --digest\n" -" (HTTP) Enables HTTP Digest authentication. This is an authenti-\n" , stdout); fputs( +" (HTTP) Enables HTTP Digest authentication. This is an authenti-\n" " cation scheme that prevents the password from being sent over\n" " the wire in clear text. Use this in combination with the normal\n" " -u, --user option to set user name and password. See also\n" @@ -547,9 +558,9 @@ " If this option is used several times, only the first one is\n" " used.\n" "\n" -" --disable-eprt\n" , stdout); fputs( +" --disable-eprt\n" " (FTP) Tell curl to disable the use of the EPRT and LPRT commands\n" " when doing active FTP transfers. Curl will normally always first\n" " attempt to use EPRT, then LPRT before using PORT, but with this\n" @@ -765,84 +776,85 @@ " lic key provided to this option, curl will abort the connection\n" " before sending or receiving any data.\n" "\n" -" This is currently only implemented in the OpenSSL, GnuTLS and\n" -" GSKit backends.\n" +" Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0\n" +" for NSS and wolfSSL/CyaSSL. Other SSL backends not supported.\n" "\n" -" If this option is used several times, the last one will be used.\n" , stdout); fputs( -" (Added in 7.39.0)\n" +" If this option is used several times, the last one will be used.\n" "\n" " --cert-status\n" -" (SSL) Tells curl to verify the status of the server certificate\n" +" (SSL) Tells curl to verify the status of the server certificate\n" " by using the Certificate Status Request (aka. OCSP stapling) TLS\n" " extension.\n" "\n" -" If this option is enabled and the server sends an invalid (e.g.\n" +" If this option is enabled and the server sends an invalid (e.g.\n" " expired) response, if the response suggests that the server cer-\n" -" tificate has been revoked, or no response at all is received,\n" , stdout); fputs( +" tificate has been revoked, or no response at all is received,\n" " the verification fails.\n" "\n" -" This is currently only implemented in the OpenSSL, GnuTLS and\n" +" This is currently only implemented in the OpenSSL, GnuTLS and\n" " NSS backends. (Added in 7.41.0)\n" "\n" " --false-start\n" "\n" -" (SSL) Tells curl to use false start during the TLS handshake.\n" -" False start is a mode where a TLS client will start sending\n" +" (SSL) Tells curl to use false start during the TLS handshake.\n" +" False start is a mode where a TLS client will start sending\n" +, stdout); + fputs( " application data before verifying the server's Finished message,\n" " thus saving a round trip when performing a full handshake.\n" "\n" -, stdout); - fputs( -" This is currently only implemented in the NSS and Secure Trans-\n" -" port (on iOS 7.0 or later, or OS X 10.9 or later) backends.\n" +" This is currently only implemented in the NSS and Secure Trans-\n" +" port (on iOS 7.0 or later, or OS X 10.9 or later) backends.\n" " (Added in 7.42.0)\n" "\n" " -f, --fail\n" -" (HTTP) Fail silently (no output at all) on server errors. This\n" -" is mostly done to better enable scripts etc to better deal with\n" -" failed attempts. In normal cases when an HTTP server fails to\n" +" (HTTP) Fail silently (no output at all) on server errors. This\n" , stdout); fputs( -" deliver a document, it returns an HTML document stating so\n" -" (which often also describes why and more). This flag will pre-\n" +" is mostly done to better enable scripts etc to better deal with\n" +" failed attempts. In normal cases when an HTTP server fails to\n" +" deliver a document, it returns an HTML document stating so\n" +" (which often also describes why and more). This flag will pre-\n" " vent curl from outputting that and return error 22.\n" "\n" -" This method is not fail-safe and there are occasions where non-\n" -" successful response codes will slip through, especially when\n" +" This method is not fail-safe and there are occasions where non-\n" +, stdout); + fputs( +" successful response codes will slip through, especially when\n" " authentication is involved (response codes 401 and 407).\n" "\n" " -F, --form \n" +" (HTTP) This lets curl emulate a filled-in form in which a user\n" +" has pressed the submit button. This causes curl to POST data\n" +" using the Content-Type multipart/form-data according to RFC\n" +" 2388. This enables uploading of binary files etc. To force the\n" , stdout); fputs( -" (HTTP) This lets curl emulate a filled-in form in which a user\n" -" has pressed the submit button. This causes curl to POST data\n" -" using the Content-Type multipart/form-data according to RFC\n" -" 2388. This enables uploading of binary files etc. To force the\n" -" 'content' part to be a file, prefix the file name with an @\n" -" sign. To just get the content part from a file, prefix the file\n" -, stdout); - fputs( -" name with the symbol <. The difference between @ and < is then\n" -" that @ makes a file get attached in the post as a file upload,\n" -" while the < makes a text field and just get the contents for\n" +" 'content' part to be a file, prefix the file name with an @\n" +" sign. To just get the content part from a file, prefix the file\n" +" name with the symbol <. The difference between @ and < is then\n" +" that @ makes a file get attached in the post as a file upload,\n" +" while the < makes a text field and just get the contents for\n" " that text field from a file.\n" "\n" -" Example, to send your password file to the server, where 'pass-\n" +, stdout); + fputs( +" Example, to send your password file to the server, where 'pass-\n" " word' is the name of the form-field to which /etc/passwd will be\n" " the input:\n" "\n" -, stdout); - fputs( " curl -F password=@/etc/passwd www.mypasswords.com\n" "\n" " To read content from stdin instead of a file, use - as the file-\n" " name. This goes for both @ and < constructs.\n" "\n" -" You can also tell curl what Content-Type to use by using\n" +" You can also tell curl what Content-Type to use by using\n" +, stdout); + fputs( " 'type=', in a manner similar to:\n" "\n" " curl -F \"web=@index.html;type=text/html\" url.com\n" @@ -851,15 +863,15 @@ "\n" " curl -F \"name=daniel;type=text/foo\" url.com\n" "\n" -, stdout); - fputs( -" You can also explicitly change the name field of a file upload\n" +" You can also explicitly change the name field of a file upload\n" " part by setting filename=, like this:\n" "\n" " curl -F \"file=@localfile;filename=nameinpost\" url.com\n" "\n" -" If filename/path contains ',' or ';', it must be quoted by dou-\n" +" If filename/path contains ',' or ';', it must be quoted by dou-\n" " ble-quotes like:\n" +, stdout); + fputs( "\n" " curl -F \"file=@\\\"localfile\\\";filename=\\\"nameinpost\\\"\" url.com\n" "\n" @@ -867,9 +879,7 @@ "\n" " curl -F 'file=@\"localfile\";filename=\"nameinpost\"' url.com\n" "\n" -, stdout); - fputs( -" Note that if a filename/path is quoted by double-quotes, any\n" +" Note that if a filename/path is quoted by double-quotes, any\n" " double-quote or backslash within the filename must be escaped by\n" " backslash.\n" "\n" @@ -878,173 +888,174 @@ " This option can be used multiple times.\n" "\n" " --ftp-account [data]\n" -" (FTP) When an FTP server asks for \"account data\" after user name\n" -" and password has been provided, this data is sent off using the\n" , stdout); fputs( +" (FTP) When an FTP server asks for \"account data\" after user name\n" +" and password has been provided, this data is sent off using the\n" " ACCT command. (Added in 7.13.0)\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " --ftp-alternative-to-user \n" -" (FTP) If authenticating with the USER and PASS commands fails,\n" -" send this command. When connecting to Tumbleweed's Secure\n" -" Transport server over FTPS using a client certificate, using\n" -" \"SITE AUTH\" will tell the server to retrieve the username from\n" +" (FTP) If authenticating with the USER and PASS commands fails,\n" +" send this command. When connecting to Tumbleweed's Secure\n" , stdout); fputs( +" Transport server over FTPS using a client certificate, using\n" +" \"SITE AUTH\" will tell the server to retrieve the username from\n" " the certificate. (Added in 7.15.5)\n" "\n" " --ftp-create-dirs\n" -" (FTP/SFTP) When an FTP or SFTP URL/operation uses a path that\n" -" doesn't currently exist on the server, the standard behavior of\n" +" (FTP/SFTP) When an FTP or SFTP URL/operation uses a path that\n" +" doesn't currently exist on the server, the standard behavior of\n" " curl is to fail. Using this option, curl will instead attempt to\n" +, stdout); + fputs( " create missing directories.\n" "\n" " --ftp-method [method]\n" -" (FTP) Control what method curl should use to reach a file on an\n" -, stdout); - fputs( -" FTP(S) server. The method argument should be one of the follow-\n" +" (FTP) Control what method curl should use to reach a file on an\n" +" FTP(S) server. The method argument should be one of the follow-\n" " ing alternatives:\n" "\n" " multicwd\n" -" curl does a single CWD operation for each path part in\n" -" the given URL. For deep hierarchies this means very many\n" -" commands. This is how RFC 1738 says it should be done.\n" -" This is the default but the slowest behavior.\n" -"\n" +" curl does a single CWD operation for each path part in\n" +" the given URL. For deep hierarchies this means very many\n" , stdout); fputs( -" nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR\n" +" commands. This is how RFC 1738 says it should be done.\n" +" This is the default but the slowest behavior.\n" +"\n" +" nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR\n" " etc and give a full path to the server for all these com-\n" " mands. This is the fastest behavior.\n" "\n" " singlecwd\n" " curl does one CWD with the full target directory and then\n" -" operates on the file \"normally\" (like in the multicwd\n" -" case). This is somewhat more standards compliant than\n" , stdout); fputs( +" operates on the file \"normally\" (like in the multicwd\n" +" case). This is somewhat more standards compliant than\n" " 'nocwd' but without the full penalty of 'multicwd'.\n" -" (Added in 7.15.1)\n" "\n" -" --ftp-pasv\n" -" (FTP) Use passive mode for the data connection. Passive is the\n" -" internal default behavior, but using this option can be used to\n" -" override a previous -P/-ftp-port option. (Added in 7.11.0)\n" +" (Added in 7.15.1)\n" "\n" -" If this option is used several times, only the first one is\n" +" --ftp-pasv\n" +" (FTP) Use passive mode for the data connection. Passive is the\n" +" internal default behavior, but using this option can be used to\n" , stdout); fputs( -" used. Undoing an enforced passive really isn't doable but you\n" +" override a previous -P/-ftp-port option. (Added in 7.11.0)\n" +"\n" +" If this option is used several times, only the first one is\n" +" used. Undoing an enforced passive really isn't doable but you\n" " must then instead enforce the correct -P, --ftp-port again.\n" "\n" " Passive mode means that curl will try the EPSV command first and\n" " then PASV, unless --disable-epsv is used.\n" "\n" " --ftp-skip-pasv-ip\n" -" (FTP) Tell curl to not use the IP address the server suggests in\n" -" its response to curl's PASV command when curl connects the data\n" , stdout); fputs( -" connection. Instead curl will re-use the same IP address it\n" +" (FTP) Tell curl to not use the IP address the server suggests in\n" +" its response to curl's PASV command when curl connects the data\n" +" connection. Instead curl will re-use the same IP address it\n" " already uses for the control connection. (Added in 7.14.2)\n" "\n" -" This option has no effect if PORT, EPRT or EPSV is used instead\n" +" This option has no effect if PORT, EPRT or EPSV is used instead\n" " of PASV.\n" "\n" " --ftp-pret\n" -" (FTP) Tell curl to send a PRET command before PASV (and EPSV).\n" -" Certain FTP servers, mainly drftpd, require this non-standard\n" , stdout); fputs( -" command for directory listings as well as up and downloads in\n" +" (FTP) Tell curl to send a PRET command before PASV (and EPSV).\n" +" Certain FTP servers, mainly drftpd, require this non-standard\n" +" command for directory listings as well as up and downloads in\n" " PASV mode. (Added in 7.20.x)\n" "\n" " --ftp-ssl-ccc\n" -" (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS\n" +" (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS\n" " layer after authenticating. The rest of the control channel com-\n" -" munication will be unencrypted. This allows NAT routers to fol-\n" -" low the FTP transaction. The default mode is passive. See --ftp-\n" , stdout); fputs( +" munication will be unencrypted. This allows NAT routers to fol-\n" +" low the FTP transaction. The default mode is passive. See --ftp-\n" " ssl-ccc-mode for other modes. (Added in 7.16.1)\n" "\n" " --ftp-ssl-ccc-mode [active/passive]\n" -" (FTP) Use CCC (Clear Command Channel) Sets the CCC mode. The\n" -" passive mode will not initiate the shutdown, but instead wait\n" +" (FTP) Use CCC (Clear Command Channel) Sets the CCC mode. The\n" +" passive mode will not initiate the shutdown, but instead wait\n" +, stdout); + fputs( " for the server to do it, and will not reply to the shutdown from\n" " the server. The active mode initiates the shutdown and waits for\n" " a reply from the server. (Added in 7.16.2)\n" "\n" +" --ftp-ssl-control\n" +" (FTP) Require SSL/TLS for the FTP login, clear for transfer.\n" +" Allows secure authentication, but non-encrypted data transfers\n" +" for efficiency. Fails the transfer if the server doesn't sup-\n" , stdout); fputs( -" --ftp-ssl-control\n" -" (FTP) Require SSL/TLS for the FTP login, clear for transfer.\n" -" Allows secure authentication, but non-encrypted data transfers\n" -" for efficiency. Fails the transfer if the server doesn't sup-\n" " port SSL/TLS. (Added in 7.16.0) that can still be used but will\n" " be removed in a future version.\n" "\n" " --form-string \n" -, stdout); - fputs( -" (HTTP) Similar to --form except that the value string for the\n" -" named parameter is used literally. Leading '@' and '<' charac-\n" +" (HTTP) Similar to --form except that the value string for the\n" +" named parameter is used literally. Leading '@' and '<' charac-\n" " ters, and the ';type=' string in the value have no special mean-\n" " ing. Use this in preference to --form if there's any possibility\n" -" that the string value may accidentally trigger the '@' or '<'\n" +, stdout); + fputs( +" that the string value may accidentally trigger the '@' or '<'\n" " features of --form.\n" "\n" " -g, --globoff\n" +" This option switches off the \"URL globbing parser\". When you set\n" +" this option, you can specify URLs that contain the letters {}[]\n" +" without having them being interpreted by curl itself. Note that\n" +" these letters are not normal legal URL contents but they should\n" , stdout); fputs( -" This option switches off the \"URL globbing parser\". When you set\n" -" this option, you can specify URLs that contain the letters {}[]\n" -" without having them being interpreted by curl itself. Note that\n" -" these letters are not normal legal URL contents but they should\n" " be encoded according to the URI standard.\n" "\n" " -G, --get\n" -" When used, this option will make all data specified with -d,\n" +" When used, this option will make all data specified with -d,\n" +" --data, --data-binary or --data-urlencode to be used in an HTTP\n" +" GET request instead of the POST request that otherwise would be\n" +" used. The data will be appended to the URL with a '?' separator.\n" +" If used in combination with -I, the POST data will instead be\n" , stdout); fputs( -" --data, --data-binary or --data-urlencode to be used in an HTTP\n" -" GET request instead of the POST request that otherwise would be\n" -" used. The data will be appended to the URL with a '?' separator.\n" -" If used in combination with -I, the POST data will instead be\n" " appended to the URL with a HEAD request.\n" "\n" -" If this option is used several times, only the first one is\n" -, stdout); - fputs( -" used. This is because undoing a GET doesn't make sense, but you\n" +" If this option is used several times, only the first one is\n" +" used. This is because undoing a GET doesn't make sense, but you\n" " should then instead enforce the alternative method you prefer.\n" "\n" " -H, --header

\n" -" (HTTP) Extra header to include in the request when sending HTTP\n" -" to a server. You may specify any number of extra headers. Note\n" -" that if you should add a custom header that has the same name as\n" +" (HTTP) Extra header to include in the request when sending HTTP\n" +" to a server. You may specify any number of extra headers. Note\n" , stdout); fputs( -" one of the internal ones curl would use, your externally set\n" +" that if you should add a custom header that has the same name as\n" +" one of the internal ones curl would use, your externally set\n" " header will be used instead of the internal one. This allows you\n" -" to make even trickier stuff than curl would normally do. You\n" -" should not replace internally set headers without knowing per-\n" +" to make even trickier stuff than curl would normally do. You\n" +" should not replace internally set headers without knowing per-\n" " fectly well what you're doing. Remove an internal header by giv-\n" -" ing a replacement without content on the right side of the\n" , stdout); fputs( +" ing a replacement without content on the right side of the\n" " colon, as in: -H \"Host:\". If you send the custom header with no-\n" -" value then its header must be terminated with a semicolon, such\n" +" value then its header must be terminated with a semicolon, such\n" " as -H \"X-Custom-Header;\" to send \"X-Custom-Header:\".\n" "\n" -" curl will make sure that each header you add/replace is sent\n" +" curl will make sure that each header you add/replace is sent\n" " with the proper end-of-line marker, you should thus not add that\n" -" as a part of the header content: do not add newlines or carriage\n" , stdout); fputs( +" as a part of the header content: do not add newlines or carriage\n" " returns, they will only mess things up for you.\n" "\n" " See also the -A, --user-agent and -e, --referer options.\n" @@ -1056,152 +1067,152 @@ "\n" " # curl -H \"X-First-Name: Joe\" http://192.168.0.1/\n" "\n" -" WARNING: headers set with this option will be set in all\n" , stdout); fputs( -" requests - even after redirects are followed, like when told\n" -" with -L, --location. This can lead to the header being sent to\n" -" other hosts than the original host, so sensitive headers should\n" +" WARNING: headers set with this option will be set in all\n" +" requests - even after redirects are followed, like when told\n" +" with -L, --location. This can lead to the header being sent to\n" +" other hosts than the original host, so sensitive headers should\n" " be used with caution combined with following redirects.\n" "\n" -" This option can be used multiple times to add/replace/remove\n" +" This option can be used multiple times to add/replace/remove\n" " multiple headers.\n" "\n" -" --hostpubmd5 \n" , stdout); fputs( -" (SCP/SFTP) Pass a string containing 32 hexadecimal digits. The\n" -" string should be the 128 bit MD5 checksum of the remote host's\n" +" --hostpubmd5 \n" +" (SCP/SFTP) Pass a string containing 32 hexadecimal digits. The\n" +" string should be the 128 bit MD5 checksum of the remote host's\n" " public key, curl will refuse the connection with the host unless\n" " the md5sums match. (Added in 7.17.1)\n" "\n" " --ignore-content-length\n" -" (HTTP) Ignore the Content-Length header. This is particularly\n" -" useful for servers running Apache 1.x, which will report incor-\n" +" (HTTP) Ignore the Content-Length header. This is particularly\n" , stdout); fputs( +" useful for servers running Apache 1.x, which will report incor-\n" " rect Content-Length for files larger than 2 gigabytes.\n" "\n" " -i, --include\n" -" (HTTP) Include the HTTP-header in the output. The HTTP-header\n" -" includes things like server-name, date of the document, HTTP-\n" +" (HTTP) Include the HTTP-header in the output. The HTTP-header\n" +" includes things like server-name, date of the document, HTTP-\n" " version and more...\n" "\n" " -I, --head\n" " (HTTP/FTP/FILE) Fetch the HTTP-header only! HTTP-servers feature\n" -" the command HEAD which this uses to get nothing but the header\n" , stdout); fputs( -" of a document. When used on an FTP or FILE file, curl displays\n" +" the command HEAD which this uses to get nothing but the header\n" +" of a document. When used on an FTP or FILE file, curl displays\n" " the file size and last modification time only.\n" "\n" " --interface \n" -" Perform an operation using a specified interface. You can enter\n" -" interface name, IP address or host name. An example could look\n" +" Perform an operation using a specified interface. You can enter\n" +" interface name, IP address or host name. An example could look\n" " like:\n" "\n" " curl --interface eth0:1 http://www.netscape.com/\n" "\n" -" If this option is used several times, the last one will be used.\n" -"\n" , stdout); fputs( +" If this option is used several times, the last one will be used.\n" +"\n" " -j, --junk-session-cookies\n" " (HTTP) When curl is told to read cookies from a given file, this\n" -" option will make it discard all \"session cookies\". This will\n" -" basically have the same effect as if a new session is started.\n" -" Typical browsers always discard session cookies when they're\n" +" option will make it discard all \"session cookies\". This will\n" +" basically have the same effect as if a new session is started.\n" +" Typical browsers always discard session cookies when they're\n" " closed down.\n" "\n" " -J, --remote-header-name\n" -" (HTTP) This option tells the -O, --remote-name option to use the\n" , stdout); fputs( +" (HTTP) This option tells the -O, --remote-name option to use the\n" " server-specified Content-Disposition filename instead of\n" " extracting a filename from the URL.\n" "\n" -" There's no attempt to decode %-sequences (yet) in the provided\n" +" There's no attempt to decode %-sequences (yet) in the provided\n" " file name, so this option may provide you with rather unexpected\n" " file names.\n" "\n" " -k, --insecure\n" -" (SSL) This option explicitly allows curl to perform \"insecure\"\n" -" SSL connections and transfers. All SSL connections are attempted\n" +" (SSL) This option explicitly allows curl to perform \"insecure\"\n" , stdout); fputs( -" to be made secure by using the CA certificate bundle installed\n" -" by default. This makes all connections considered \"insecure\"\n" +" SSL connections and transfers. All SSL connections are attempted\n" +" to be made secure by using the CA certificate bundle installed\n" +" by default. This makes all connections considered \"insecure\"\n" " fail unless -k, --insecure is used.\n" "\n" -" See this online resource for further details:\n" +" See this online resource for further details:\n" " http://curl.haxx.se/docs/sslcerts.html\n" "\n" " -K, --config \n" -" Specify which config file to read curl arguments from. The con-\n" , stdout); fputs( -" fig file is a text file in which command line arguments can be\n" -" written which then will be used as if they were written on the\n" +" Specify which config file to read curl arguments from. The con-\n" +" fig file is a text file in which command line arguments can be\n" +" written which then will be used as if they were written on the\n" " actual command line.\n" "\n" -" Options and their parameters must be specified on the same con-\n" -" fig file line, separated by whitespace, colon, or the equals\n" -" sign. Long option names can optionally be given in the config\n" +" Options and their parameters must be specified on the same con-\n" +" fig file line, separated by whitespace, colon, or the equals\n" , stdout); fputs( -" file without the initial double dashes and if so, the colon or\n" -" equals characters can be used as separators. If the option is\n" -" specified with one or two dashes, there can be no colon or\n" +" sign. Long option names can optionally be given in the config\n" +" file without the initial double dashes and if so, the colon or\n" +" equals characters can be used as separators. If the option is\n" +" specified with one or two dashes, there can be no colon or\n" " equals character between the option and its parameter.\n" "\n" " If the parameter is to contain whitespace, the parameter must be\n" -" enclosed within quotes. Within double quotes, the following\n" , stdout); fputs( -" escape sequences are available: \\\\, \\\", \\t, \\n, \\r and \\v. A\n" -" backslash preceding any other letter is ignored. If the first\n" +" enclosed within quotes. Within double quotes, the following\n" +" escape sequences are available: \\\\, \\\", \\t, \\n, \\r and \\v. A\n" +" backslash preceding any other letter is ignored. If the first\n" " column of a config line is a '#' character, the rest of the line\n" " will be treated as a comment. Only write one option per physical\n" " line in the config file.\n" "\n" -" Specify the filename to -K, --config as '-' to make curl read\n" -" the file from stdin.\n" -"\n" , stdout); fputs( -" Note that to be able to specify a URL in the config file, you\n" -" need to specify it using the --url option, and not by simply\n" -" writing the URL on its own line. So, it could look similar to\n" +" Specify the filename to -K, --config as '-' to make curl read\n" +" the file from stdin.\n" +"\n" +" Note that to be able to specify a URL in the config file, you\n" +" need to specify it using the --url option, and not by simply\n" +" writing the URL on its own line. So, it could look similar to\n" " this:\n" "\n" " url = \"http://curl.haxx.se/docs/\"\n" "\n" -" When curl is invoked, it always (unless -q is used) checks for a\n" -" default config file and uses it if found. The default config\n" , stdout); fputs( +" When curl is invoked, it always (unless -q is used) checks for a\n" +" default config file and uses it if found. The default config\n" " file is checked for in the following places in this order:\n" "\n" -" 1) curl tries to find the \"home dir\": It first checks for the\n" +" 1) curl tries to find the \"home dir\": It first checks for the\n" " CURL_HOME and then the HOME environment variables. Failing that,\n" -" it uses getpwuid() on Unix-like systems (which returns the home\n" -" dir given the current user in your system). On Windows, it then\n" -" checks for the APPDATA variable, or as a last resort the '%USER-\n" +" it uses getpwuid() on Unix-like systems (which returns the home\n" , stdout); fputs( +" dir given the current user in your system). On Windows, it then\n" +" checks for the APPDATA variable, or as a last resort the '%USER-\n" " PROFILE%\\Application Data'.\n" "\n" -" 2) On windows, if there is no _curlrc file in the home dir, it\n" +" 2) On windows, if there is no _curlrc file in the home dir, it\n" " checks for one in the same dir the curl executable is placed. On\n" -" Unix-like systems, it will simply try to load .curlrc from the\n" +" Unix-like systems, it will simply try to load .curlrc from the\n" " determined home dir.\n" "\n" +, stdout); + fputs( " # --- Example file ---\n" " # this is a comment\n" " url = \"curl.haxx.se\"\n" " output = \"curlhere.html\"\n" -, stdout); - fputs( " user-agent = \"superagent/1.0\"\n" "\n" " # and fetch another URL too\n" @@ -1210,183 +1221,183 @@ " referer = \"http://nowhereatall.com/\"\n" " # --- End of example file ---\n" "\n" -" This option can be used multiple times to load multiple config\n" +" This option can be used multiple times to load multiple config\n" " files.\n" "\n" -" --keepalive-time \n" -" This option sets the time a connection needs to remain idle\n" , stdout); fputs( -" before sending keepalive probes and the time between individual\n" +" --keepalive-time \n" +" This option sets the time a connection needs to remain idle\n" +" before sending keepalive probes and the time between individual\n" " keepalive probes. It is currently effective on operating systems\n" " offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options\n" -" (meaning Linux, recent AIX, HP-UX and more). This option has no\n" +" (meaning Linux, recent AIX, HP-UX and more). This option has no\n" " effect if --no-keepalive is used. (Added in 7.18.0)\n" "\n" -" If this option is used several times, the last one will be used.\n" , stdout); fputs( +" If this option is used several times, the last one will be used.\n" " If unspecified, the option defaults to 60 seconds.\n" "\n" " --key \n" " (SSL/SSH) Private key file name. Allows you to provide your pri-\n" -" vate key in this separate file. For SSH, if not specified, curl\n" -" tries the following candidates in order: '~/.ssh/id_rsa',\n" +" vate key in this separate file. For SSH, if not specified, curl\n" +" tries the following candidates in order: '~/.ssh/id_rsa',\n" " '~/.ssh/id_dsa', './id_rsa', './id_dsa'.\n" "\n" +, stdout); + fputs( " If this option is used several times, the last one will be used.\n" "\n" " --key-type \n" -, stdout); - fputs( -" (SSL) Private key file type. Specify which type your --key pro-\n" -" vided private key is. DER, PEM, and ENG are supported. If not\n" +" (SSL) Private key file type. Specify which type your --key pro-\n" +" vided private key is. DER, PEM, and ENG are supported. If not\n" " specified, PEM is assumed.\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " --krb \n" -" (FTP) Enable Kerberos authentication and use. The level must be\n" -" entered and should be one of 'clear', 'safe', 'confidential', or\n" +" (FTP) Enable Kerberos authentication and use. The level must be\n" , stdout); fputs( -" 'private'. Should you use a level that is not one of these,\n" +" entered and should be one of 'clear', 'safe', 'confidential', or\n" +" 'private'. Should you use a level that is not one of these,\n" " 'private' will instead be used.\n" "\n" -" This option requires a library built with kerberos4 support.\n" -" This is not very common. Use -V, --version to see if your curl\n" +" This option requires a library built with kerberos4 support.\n" +" This is not very common. Use -V, --version to see if your curl\n" " supports it.\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " -l, --list-only\n" -" (FTP) When listing an FTP directory, this switch forces a name-\n" , stdout); fputs( -" only view. This is especially useful if the user wants to\n" -" machine-parse the contents of an FTP directory since the normal\n" -" directory view doesn't use a standard look or format. When used\n" -" like this, the option causes a NLST command to be sent to the\n" +" (FTP) When listing an FTP directory, this switch forces a name-\n" +" only view. This is especially useful if the user wants to\n" +" machine-parse the contents of an FTP directory since the normal\n" +" directory view doesn't use a standard look or format. When used\n" +" like this, the option causes a NLST command to be sent to the\n" " server instead of LIST.\n" "\n" -" Note: Some FTP servers list only files in their response to\n" , stdout); fputs( +" Note: Some FTP servers list only files in their response to\n" " NLST; they do not include sub-directories and symbolic links.\n" "\n" -" (POP3) When retrieving a specific email from POP3, this switch\n" -" forces a LIST command to be performed instead of RETR. This is\n" -" particularly useful if the user wants to see if a specific mes-\n" +" (POP3) When retrieving a specific email from POP3, this switch\n" +" forces a LIST command to be performed instead of RETR. This is\n" +" particularly useful if the user wants to see if a specific mes-\n" " sage id exists on the server and what size it is.\n" "\n" -" Note: When combined with -X, --request , this option\n" , stdout); fputs( +" Note: When combined with -X, --request , this option\n" " can be used to send an UIDL command instead, so the user may use\n" -" the email's unique identifier rather than it's message id to\n" +" the email's unique identifier rather than it's message id to\n" " make the request. (Added in 7.21.5)\n" "\n" " -L, --location\n" -" (HTTP/HTTPS) If the server reports that the requested page has\n" +" (HTTP/HTTPS) If the server reports that the requested page has\n" " moved to a different location (indicated with a Location: header\n" -" and a 3XX response code), this option will make curl redo the\n" , stdout); fputs( +" and a 3XX response code), this option will make curl redo the\n" " request on the new place. If used together with -i, --include or\n" " -I, --head, headers from all requested pages will be shown. When\n" -" authentication is used, curl only sends its credentials to the\n" -" initial host. If a redirect takes curl to a different host, it\n" -" won't be able to intercept the user+password. See also --loca-\n" -" tion-trusted on how to change this. You can limit the amount of\n" +" authentication is used, curl only sends its credentials to the\n" +" initial host. If a redirect takes curl to a different host, it\n" +" won't be able to intercept the user+password. See also --loca-\n" , stdout); fputs( +" tion-trusted on how to change this. You can limit the amount of\n" " redirects to follow by using the --max-redirs option.\n" "\n" -" When curl follows a redirect and the request is not a plain GET\n" +" When curl follows a redirect and the request is not a plain GET\n" " (for example POST or PUT), it will do the following request with\n" " a GET if the HTTP response was 301, 302, or 303. If the response\n" -" code was any other 3xx code, curl will re-send the following\n" -" request using the same unmodified method.\n" -"\n" +" code was any other 3xx code, curl will re-send the following\n" , stdout); fputs( -" You can tell curl to not change the non-GET request method to\n" -" GET after a 30x response by using the dedicated options for\n" +" request using the same unmodified method.\n" +"\n" +" You can tell curl to not change the non-GET request method to\n" +" GET after a 30x response by using the dedicated options for\n" " that: --post301, --post302 and -post303.\n" "\n" " --libcurl \n" -" Append this option to any ordinary curl command line, and you\n" -" will get a libcurl-using C source code written to the file that\n" -" does the equivalent of what your command-line operation does!\n" -"\n" +" Append this option to any ordinary curl command line, and you\n" +" will get a libcurl-using C source code written to the file that\n" , stdout); fputs( -" If this option is used several times, the last given file name\n" +" does the equivalent of what your command-line operation does!\n" +"\n" +" If this option is used several times, the last given file name\n" " will be used. (Added in 7.16.1)\n" "\n" " --limit-rate \n" -" Specify the maximum transfer rate you want curl to use - for\n" +" Specify the maximum transfer rate you want curl to use - for\n" " both downloads and uploads. This feature is useful if you have a\n" " limited pipe and you'd like your transfer not to use your entire\n" -" bandwidth. To make it slower than it otherwise would be.\n" -"\n" , stdout); fputs( -" The given speed is measured in bytes/second, unless a suffix is\n" -" appended. Appending 'k' or 'K' will count the number as kilo-\n" -" bytes, 'm' or M' makes it megabytes, while 'g' or 'G' makes it\n" +" bandwidth. To make it slower than it otherwise would be.\n" +"\n" +" The given speed is measured in bytes/second, unless a suffix is\n" +" appended. Appending 'k' or 'K' will count the number as kilo-\n" +" bytes, 'm' or M' makes it megabytes, while 'g' or 'G' makes it\n" " gigabytes. Examples: 200K, 3m and 1G.\n" "\n" -" The given rate is the average speed counted during the entire\n" -" transfer. It means that curl might use higher transfer speeds in\n" +" The given rate is the average speed counted during the entire\n" , stdout); fputs( +" transfer. It means that curl might use higher transfer speeds in\n" " short bursts, but over time it uses no more than the given rate.\n" -" If you also use the -Y, --speed-limit option, that option will\n" +" If you also use the -Y, --speed-limit option, that option will\n" " take precedence and might cripple the rate-limiting slightly, to\n" " help keeping the speed-limit logic working.\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " --local-port [-num]\n" -" Set a preferred number or range of local port numbers to use for\n" , stdout); fputs( -" the connection(s). Note that port numbers by nature are a\n" +" Set a preferred number or range of local port numbers to use for\n" +" the connection(s). Note that port numbers by nature are a\n" " scarce resource that will be busy at times so setting this range\n" " to something too narrow might cause unnecessary connection setup\n" " failures. (Added in 7.15.2)\n" "\n" " --location-trusted\n" -" (HTTP/HTTPS) Like -L, --location, but will allow sending the\n" -" name + password to all hosts that the site may redirect to. This\n" +" (HTTP/HTTPS) Like -L, --location, but will allow sending the\n" , stdout); fputs( +" name + password to all hosts that the site may redirect to. This\n" " may or may not introduce a security breach if the site redirects\n" -" you to a site to which you'll send your authentication info\n" +" you to a site to which you'll send your authentication info\n" " (which is plaintext in the case of HTTP Basic authentication).\n" "\n" " -m, --max-time \n" -" Maximum time in seconds that you allow the whole operation to\n" -" take. This is useful for preventing your batch jobs from hang-\n" +" Maximum time in seconds that you allow the whole operation to\n" , stdout); fputs( -" ing for hours due to slow networks or links going down. Since\n" +" take. This is useful for preventing your batch jobs from hang-\n" +" ing for hours due to slow networks or links going down. Since\n" " 7.32.0, this option accepts decimal values, but the actual time-\n" " out will decrease in accuracy as the specified timeout increases\n" " in decimal precision. See also the --connect-timeout option.\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" -" --login-options \n" , stdout); fputs( +" --login-options \n" " Specify the login options to use during server authentication.\n" "\n" -" You can use the login options to specify protocol specific\n" -" options that may be used during authentication. At present only\n" -" IMAP, POP3 and SMTP support login options. For more information\n" -" about the login options please see RFC 2384, RFC 5092 and IETF\n" +" You can use the login options to specify protocol specific\n" +" options that may be used during authentication. At present only\n" +" IMAP, POP3 and SMTP support login options. For more information\n" +" about the login options please see RFC 2384, RFC 5092 and IETF\n" " draft draft-earhart-url-smtp-00.txt (Added in 7.34.0).\n" "\n" , stdout); @@ -1394,14 +1405,14 @@ " If this option is used several times, the last one will be used.\n" "\n" " --mail-auth
\n" -" (SMTP) Specify a single address. This will be used to specify\n" -" the authentication address (identity) of a submitted message\n" +" (SMTP) Specify a single address. This will be used to specify\n" +" the authentication address (identity) of a submitted message\n" " that is being relayed to another server.\n" "\n" " (Added in 7.25.0)\n" "\n" " --mail-from
\n" -" (SMTP) Specify a single address that the given mail should get\n" +" (SMTP) Specify a single address that the given mail should get\n" " sent from.\n" "\n" , stdout); @@ -1409,52 +1420,52 @@ " (Added in 7.20.0)\n" "\n" " --max-filesize \n" -" Specify the maximum size (in bytes) of a file to download. If\n" -" the file requested is larger than this value, the transfer will\n" +" Specify the maximum size (in bytes) of a file to download. If\n" +" the file requested is larger than this value, the transfer will\n" " not start and curl will return with exit code 63.\n" "\n" -" NOTE: The file size is not always known prior to download, and\n" +" NOTE: The file size is not always known prior to download, and\n" " for such files this option has no effect even if the file trans-\n" , stdout); fputs( -" fer ends up being larger than this given limit. This concerns\n" +" fer ends up being larger than this given limit. This concerns\n" " both FTP and HTTP transfers.\n" "\n" " --mail-rcpt
\n" " (SMTP) Specify a single address, user name or mailing list name.\n" -" When performing a mail transfer, the recipient should specify a\n" +" When performing a mail transfer, the recipient should specify a\n" " valid email address to send the mail to. (Added in 7.20.0)\n" "\n" -" When performing an address verification (VRFY command), the\n" +" When performing an address verification (VRFY command), the\n" , stdout); fputs( -" recipient should be specified as the user name or user name and\n" +" recipient should be specified as the user name or user name and\n" " domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)\n" "\n" " When performing a mailing list expand (EXPN command), the recip-\n" -" ient should be specified using the mailing list name, such as\n" +" ient should be specified using the mailing list name, such as\n" " \"Friends\" or \"London-Office\". (Added in 7.34.0)\n" "\n" " --max-redirs \n" -" Set maximum number of redirection-followings allowed. If -L,\n" +" Set maximum number of redirection-followings allowed. If -L,\n" , stdout); fputs( " --location is used, this option can be used to prevent curl from\n" -" following redirections \"in absurdum\". By default, the limit is\n" -" set to 50 redirections. Set this option to -1 to make it limit-\n" +" following redirections \"in absurdum\". By default, the limit is\n" +" set to 50 redirections. Set this option to -1 to make it limit-\n" " less.\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " --metalink\n" -" This option can tell curl to parse and process a given URI as\n" +" This option can tell curl to parse and process a given URI as\n" , stdout); fputs( -" Metalink file (both version 3 and 4 (RFC 5854) are supported)\n" -" and make use of the mirrors listed within for failover if there\n" -" are errors (such as the file or server not being available). It\n" -" will also verify the hash of the file after the download com-\n" -" pletes. The Metalink file itself is downloaded and processed in\n" +" Metalink file (both version 3 and 4 (RFC 5854) are supported)\n" +" and make use of the mirrors listed within for failover if there\n" +" are errors (such as the file or server not being available). It\n" +" will also verify the hash of the file after the download com-\n" +" pletes. The Metalink file itself is downloaded and processed in\n" " memory and not stored in the local file system.\n" "\n" , stdout); @@ -1468,13 +1479,13 @@ "\n" " curl --metalink file://example.metalink\n" "\n" -" Please note that if FILE protocol is disabled, there is no way\n" -" to use a local Metalink file at the time of this writing. Also\n" +" Please note that if FILE protocol is disabled, there is no way\n" +" to use a local Metalink file at the time of this writing. Also\n" , stdout); fputs( " note that if --metalink and --include are used together,\n" -" --include will be ignored. This is because including headers in\n" -" the response will break Metalink parser and if the headers are\n" +" --include will be ignored. This is because including headers in\n" +" the response will break Metalink parser and if the headers are\n" " included in the file described in Metalink file, hash check will\n" " fail.\n" "\n" @@ -1483,19 +1494,19 @@ " -n, --netrc\n" , stdout); fputs( -" Makes curl scan the .netrc (_netrc on Windows) file in the\n" +" Makes curl scan the .netrc (_netrc on Windows) file in the\n" " user's home directory for login name and password. This is typi-\n" -" cally used for FTP on Unix. If used with HTTP, curl will enable\n" -" user authentication. See netrc(4) or ftp(1) for details on the\n" -" file format. Curl will not complain if that file doesn't have\n" -" the right permissions (it should not be either world- or group-\n" +" cally used for FTP on Unix. If used with HTTP, curl will enable\n" +" user authentication. See netrc(5) ftp(1) for details on the file\n" +" format. Curl will not complain if that file doesn't have the\n" +" right permissions (it should not be either world- or group-read-\n" , stdout); fputs( -" readable). The environment variable \"HOME\" is used to find the\n" -" home directory.\n" +" able). The environment variable \"HOME\" is used to find the home\n" +" directory.\n" "\n" -" A quick and very simple example of how to setup a .netrc to\n" -" allow curl to FTP to the machine host.domain.com with user name\n" +" A quick and very simple example of how to setup a .netrc to\n" +" allow curl to FTP to the machine host.domain.com with user name\n" " 'myself' and password 'secret' should look similar to:\n" "\n" " machine host.domain.com login myself password secret\n" @@ -1504,112 +1515,112 @@ , stdout); fputs( " Disables the buffering of the output stream. In normal work sit-\n" -" uations, curl will use a standard buffered output stream that\n" +" uations, curl will use a standard buffered output stream that\n" " will have the effect that it will output the data in chunks, not\n" -" necessarily exactly when the data arrives. Using this option\n" +" necessarily exactly when the data arrives. Using this option\n" " will disable that buffering.\n" "\n" -" Note that this is the negated option name documented. You can\n" +" Note that this is the negated option name documented. You can\n" " thus use --buffer to enforce the buffering.\n" "\n" , stdout); fputs( " --netrc-file\n" -" This option is similar to --netrc, except that you provide the\n" -" path (absolute or relative) to the netrc file that Curl should\n" -" use. You can only specify one netrc file per invocation. If\n" -" several --netrc-file options are provided, only the last one\n" +" This option is similar to --netrc, except that you provide the\n" +" path (absolute or relative) to the netrc file that Curl should\n" +" use. You can only specify one netrc file per invocation. If\n" +" several --netrc-file options are provided, only the last one\n" " will be used. (Added in 7.21.5)\n" "\n" -" This option overrides any use of --netrc as they are mutually\n" +" This option overrides any use of --netrc as they are mutually\n" , stdout); fputs( " exclusive. It will also abide by --netrc-optional if specified.\n" "\n" " --netrc-optional\n" -" Very similar to --netrc, but this option makes the .netrc usage\n" +" Very similar to --netrc, but this option makes the .netrc usage\n" " optional and not mandatory as the --netrc option does.\n" "\n" " --negotiate\n" " (HTTP) Enables Negotiate (SPNEGO) authentication.\n" "\n" -" If you want to enable Negotiate (SPNEGO) for proxy authentica-\n" +" If you want to enable Negotiate (SPNEGO) for proxy authentica-\n" " tion, then use --proxy-negotiate.\n" "\n" , stdout); fputs( -" This option requires a library built with GSS-API or SSPI sup-\n" -" port. Use -V, --version to see if your curl supports GSS-\n" +" This option requires a library built with GSS-API or SSPI sup-\n" +" port. Use -V, --version to see if your curl supports GSS-\n" " API/SSPI and SPNEGO.\n" "\n" -" When using this option, you must also provide a fake -u, --user\n" -" option to activate the authentication code properly. Sending a\n" -" '-u :' is enough as the user name and password from the -u\n" +" When using this option, you must also provide a fake -u, --user\n" +" option to activate the authentication code properly. Sending a\n" +" '-u :' is enough as the user name and password from the -u\n" " option aren't actually used.\n" "\n" , stdout); fputs( -" If this option is used several times, only the first one is\n" +" If this option is used several times, only the first one is\n" " used.\n" "\n" " --no-keepalive\n" " Disables the use of keepalive messages on the TCP connection, as\n" " by default curl enables them.\n" "\n" -" Note that this is the negated option name documented. You can\n" +" Note that this is the negated option name documented. You can\n" " thus use --keepalive to enforce keepalive.\n" "\n" " --no-sessionid\n" -" (SSL) Disable curl's use of SSL session-ID caching. By default\n" +" (SSL) Disable curl's use of SSL session-ID caching. By default\n" , stdout); fputs( -" all transfers are done using the cache. Note that while nothing\n" -" should ever get hurt by attempting to reuse SSL session-IDs,\n" +" all transfers are done using the cache. Note that while nothing\n" +" should ever get hurt by attempting to reuse SSL session-IDs,\n" " there seem to be broken SSL implementations in the wild that may\n" -" require you to disable this in order for you to succeed. (Added\n" +" require you to disable this in order for you to succeed. (Added\n" " in 7.16.0)\n" "\n" -" Note that this is the negated option name documented. You can\n" +" Note that this is the negated option name documented. You can\n" " thus use --sessionid to enforce session-ID caching.\n" "\n" , stdout); fputs( " --noproxy \n" -" Comma-separated list of hosts which do not use a proxy, if one\n" -" is specified. The only wildcard is a single * character, which\n" +" Comma-separated list of hosts which do not use a proxy, if one\n" +" is specified. The only wildcard is a single * character, which\n" " matches all hosts, and effectively disables the proxy. Each name\n" -" in this list is matched as either a domain which contains the\n" -" hostname, or the hostname itself. For example, local.com would\n" +" in this list is matched as either a domain which contains the\n" +" hostname, or the hostname itself. For example, local.com would\n" , stdout); fputs( -" match local.com, local.com:80, and www.local.com, but not\n" +" match local.com, local.com:80, and www.local.com, but not\n" " www.notlocal.com. (Added in 7.19.4).\n" "\n" -" --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication\n" +" --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication\n" " method was designed by Microsoft and is used by IIS web servers.\n" -" It is a proprietary protocol, reverse-engineered by clever peo-\n" +" It is a proprietary protocol, reverse-engineered by clever peo-\n" " ple and implemented in curl based on their efforts. This kind of\n" , stdout); fputs( -" behavior should not be endorsed, you should encourage everyone\n" -" who uses NTLM to switch to a public and documented authentica-\n" +" behavior should not be endorsed, you should encourage everyone\n" +" who uses NTLM to switch to a public and documented authentica-\n" " tion method instead, such as Digest.\n" "\n" -" If you want to enable NTLM for your proxy authentication, then\n" +" If you want to enable NTLM for your proxy authentication, then\n" " use --proxy-ntlm.\n" "\n" -" This option requires a library built with SSL support. Use -V,\n" +" This option requires a library built with SSL support. Use -V,\n" " --version to see if your curl supports NTLM.\n" "\n" , stdout); fputs( -" If this option is used several times, only the first one is\n" +" If this option is used several times, only the first one is\n" " used.\n" "\n" " -o, --output \n" " Write output to instead of stdout. If you are using {} or\n" -" [] to fetch multiple documents, you can use '#' followed by a\n" -" number in the specifier. That variable will be replaced\n" +" [] to fetch multiple documents, you can use '#' followed by a\n" +" number in the specifier. That variable will be replaced\n" " with the current string for the URL being fetched. Like in:\n" "\n" , stdout); @@ -1620,35 +1631,35 @@ "\n" " curl http://{site,host}.host[1-5].com -o \"#1_#2\"\n" "\n" -" You may use this option as many times as the number of URLs you\n" +" You may use this option as many times as the number of URLs you\n" " have.\n" "\n" -" See also the --create-dirs option to create the local directo-\n" -" ries dynamically. Specifying the output as '-' (a single dash)\n" +" See also the --create-dirs option to create the local directo-\n" +" ries dynamically. Specifying the output as '-' (a single dash)\n" " will force the output to be done to stdout.\n" "\n" , stdout); fputs( " -O, --remote-name\n" -" Write output to a local file named like the remote file we get.\n" -" (Only the file part of the remote file is used, the path is cut\n" +" Write output to a local file named like the remote file we get.\n" +" (Only the file part of the remote file is used, the path is cut\n" " off.)\n" "\n" -" The remote file name to use for saving is extracted from the\n" +" The remote file name to use for saving is extracted from the\n" " given URL, nothing else.\n" "\n" -" Consequentially, the file will be saved in the current working\n" -" directory. If you want the file saved in a different directory,\n" +" Consequentially, the file will be saved in the current working\n" +" directory. If you want the file saved in a different directory,\n" , stdout); fputs( " make sure you change current working directory before you invoke\n" " curl with the -O, --remote-name flag!\n" "\n" " There is no URL decoding done on the file name. If it has %20 or\n" -" other URL encoded parts of the name, they will end up as-is as\n" +" other URL encoded parts of the name, they will end up as-is as\n" " file name.\n" "\n" -" You may use this option as many times as the number of URLs you\n" +" You may use this option as many times as the number of URLs you\n" " have.\n" "\n" " --oauth2-bearer\n" @@ -1656,10 +1667,10 @@ fputs( " (IMAP, POP3, SMTP) Specify the Bearer Token for OAUTH 2.0 server\n" " authentication. The Bearer Token is used in conjunction with the\n" -" user name which can be specified as part of the --url or -u,\n" +" user name which can be specified as part of the --url or -u,\n" " --user options.\n" "\n" -" The Bearer Token and user name are formatted according to RFC\n" +" The Bearer Token and user name are formatted according to RFC\n" " 6750.\n" "\n" " If this option is used several times, the last one will be used.\n" @@ -1667,50 +1678,50 @@ " --proxy-header
\n" , stdout); fputs( -" (HTTP) Extra header to include in the request when sending HTTP\n" +" (HTTP) Extra header to include in the request when sending HTTP\n" " to a proxy. You may specify any number of extra headers. This is\n" -" the equivalent option to -H, --header but is for proxy communi-\n" -" cation only like in CONNECT requests when you want a separate\n" -" header sent to the proxy to what is sent to the actual remote\n" +" the equivalent option to -H, --header but is for proxy communi-\n" +" cation only like in CONNECT requests when you want a separate\n" +" header sent to the proxy to what is sent to the actual remote\n" " host.\n" "\n" -" curl will make sure that each header you add/replace is sent\n" +" curl will make sure that each header you add/replace is sent\n" , stdout); fputs( " with the proper end-of-line marker, you should thus not add that\n" " as a part of the header content: do not add newlines or carriage\n" " returns, they will only mess things up for you.\n" "\n" -" Headers specified with this option will not be included in\n" +" Headers specified with this option will not be included in\n" " requests that curl knows will not be sent to a proxy.\n" "\n" -" This option can be used multiple times to add/replace/remove\n" +" This option can be used multiple times to add/replace/remove\n" " multiple headers.\n" , stdout); fputs( " (Added in 7.37.0)\n" " -p, --proxytunnel\n" " When an HTTP proxy is used (-x, --proxy), this option will cause\n" -" non-HTTP protocols to attempt to tunnel through the proxy\n" -" instead of merely using it to do HTTP-like operations. The tun-\n" -" nel approach is made with the HTTP proxy CONNECT request and\n" +" non-HTTP protocols to attempt to tunnel through the proxy\n" +" instead of merely using it to do HTTP-like operations. The tun-\n" +" nel approach is made with the HTTP proxy CONNECT request and\n" " requires that the proxy allows direct connect to the remote port\n" , stdout); fputs( " number curl wants to tunnel through to.\n" "\n" " -P, --ftp-port
\n" -" (FTP) Reverses the default initiator/listener roles when con-\n" -" necting with FTP. This switch makes curl use active mode. In\n" -" practice, curl then tells the server to connect back to the\n" +" (FTP) Reverses the default initiator/listener roles when con-\n" +" necting with FTP. This switch makes curl use active mode. In\n" +" practice, curl then tells the server to connect back to the\n" " client's specified address and port, while passive mode asks the\n" -" server to setup an IP address and port for it to connect to.\n" +" server to setup an IP address and port for it to connect to.\n" , stdout); fputs( "
should be one of:\n" "\n" " interface\n" -" i.e \"eth0\" to specify which interface's IP address you\n" +" i.e \"eth0\" to specify which interface's IP address you\n" " want to use (Unix only)\n" "\n" " IP address\n" @@ -1719,23 +1730,23 @@ " host name\n" " i.e \"my.host.domain\" to specify the machine\n" "\n" -" - make curl pick the same IP address that is already used\n" +" - make curl pick the same IP address that is already used\n" , stdout); fputs( " for the control connection\n" "\n" -" If this option is used several times, the last one will be used. Dis-\n" -" able the use of PORT with --ftp-pasv. Disable the attempt to use the\n" -" EPRT command instead of PORT by using --disable-eprt. EPRT is really\n" -" PORT++.\n" -"\n" -" Starting in 7.19.5, you can append \":[start]-[end]\" to the right of the\n" -" address, to tell curl what TCP port range to use. That means you spec-\n" +" If this option is used several times, the last one will be used.\n" +" Disable the use of PORT with --ftp-pasv. Disable the attempt to\n" +" use the EPRT command instead of PORT by using --disable-eprt.\n" +" EPRT is really PORT++.\n" +"\n" +" Starting in 7.19.5, you can append \":[start]-[end]\" to the right\n" +" of the address, to tell curl what TCP port range to use. That\n" , stdout); fputs( -" ify a port range, from a lower to a higher number. A single number\n" -" works as well, but do note that it increases the risk of failure since\n" -" the port may not be available.\n" +" means you specify a port range, from a lower to a higher number.\n" +" A single number works as well, but do note that it increases the\n" +" risk of failure since the port may not be available.\n" "\n" " --pass \n" " (SSL/SSH) Passphrase for the private key\n" @@ -1743,53 +1754,53 @@ " If this option is used several times, the last one will be used.\n" "\n" " --path-as-is\n" -" Tell curl to not handle sequences of /../ or /./ in the given\n" +" Tell curl to not handle sequences of /../ or /./ in the given\n" , stdout); fputs( -" URL path. Normally curl will squash or merge them according to\n" +" URL path. Normally curl will squash or merge them according to\n" " standards but with this option set you tell it not to do that.\n" "\n" " (Added in 7.42.0)\n" "\n" " --post301\n" -" (HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert\n" -" POST requests into GET requests when following a 301 redirect-\n" -" ion. The non-RFC behaviour is ubiquitous in web browsers, so\n" +" (HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert\n" +" POST requests into GET requests when following a 301 redirect-\n" +" ion. The non-RFC behaviour is ubiquitous in web browsers, so\n" , stdout); fputs( -" curl does the conversion by default to maintain consistency.\n" +" curl does the conversion by default to maintain consistency.\n" " However, a server may require a POST to remain a POST after such\n" -" a redirection. This option is meaningful only when using -L,\n" +" a redirection. This option is meaningful only when using -L,\n" " --location (Added in 7.17.1)\n" "\n" " --post302\n" -" (HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert\n" -" POST requests into GET requests when following a 302 redirect-\n" +" (HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert\n" +" POST requests into GET requests when following a 302 redirect-\n" , stdout); fputs( -" ion. The non-RFC behaviour is ubiquitous in web browsers, so\n" -" curl does the conversion by default to maintain consistency.\n" +" ion. The non-RFC behaviour is ubiquitous in web browsers, so\n" +" curl does the conversion by default to maintain consistency.\n" " However, a server may require a POST to remain a POST after such\n" -" a redirection. This option is meaningful only when using -L,\n" +" a redirection. This option is meaningful only when using -L,\n" " --location (Added in 7.19.1)\n" "\n" " --post303\n" -" (HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert\n" +" (HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert\n" , stdout); fputs( -" POST requests into GET requests when following a 303 redirect-\n" -" ion. The non-RFC behaviour is ubiquitous in web browsers, so\n" -" curl does the conversion by default to maintain consistency.\n" +" POST requests into GET requests when following a 303 redirect-\n" +" ion. The non-RFC behaviour is ubiquitous in web browsers, so\n" +" curl does the conversion by default to maintain consistency.\n" " However, a server may require a POST to remain a POST after such\n" -" a redirection. This option is meaningful only when using -L,\n" +" a redirection. This option is meaningful only when using -L,\n" " --location (Added in 7.26.0)\n" "\n" " --proto \n" , stdout); fputs( -" Tells curl to use the listed protocols for its initial\n" +" Tells curl to use the listed protocols for its initial\n" " retrieval. Protocols are evaluated left to right, are comma sep-\n" -" arated, and are each a protocol name or 'all', optionally pre-\n" +" arated, and are each a protocol name or 'all', optionally pre-\n" " fixed by zero or more modifiers. Available modifiers are:\n" "\n" " + Permit this protocol in addition to protocols already permit-\n" @@ -1797,11 +1808,11 @@ "\n" , stdout); fputs( -" - Deny this protocol, removing it from the list of protocols\n" +" - Deny this protocol, removing it from the list of protocols\n" " already permitted.\n" "\n" -" = Permit only this protocol (ignoring the list already permit-\n" -" ted), though subject to later modification by subsequent\n" +" = Permit only this protocol (ignoring the list already permit-\n" +" ted), though subject to later modification by subsequent\n" " entries in the comma separated list.\n" "\n" " For example:\n" @@ -1816,21 +1827,21 @@ " --proto =http,https\n" " also only enables http and https\n" "\n" -" Unknown protocols produce a warning. This allows scripts to\n" -" safely rely on being able to disable potentially dangerous pro-\n" -" tocols, without relying upon support for that protocol being\n" +" Unknown protocols produce a warning. This allows scripts to\n" +" safely rely on being able to disable potentially dangerous pro-\n" +" tocols, without relying upon support for that protocol being\n" " built into curl to avoid an error.\n" "\n" , stdout); fputs( " This option can be used multiple times, in which case the effect\n" -" is the same as concatenating the protocols into one instance of\n" +" is the same as concatenating the protocols into one instance of\n" " the option.\n" "\n" " (Added in 7.20.2)\n" "\n" " --proto-redir \n" -" Tells curl to use the listed protocols after a redirect. See\n" +" Tells curl to use the listed protocols after a redirect. See\n" " --proto for how protocols are represented.\n" "\n" " (Added in 7.20.2)\n" @@ -1838,153 +1849,162 @@ " --proxy-anyauth\n" , stdout); fputs( -" Tells curl to pick a suitable authentication method when commu-\n" -" nicating with the given proxy. This might cause an extra\n" +" Tells curl to pick a suitable authentication method when commu-\n" +" nicating with the given proxy. This might cause an extra\n" " request/response round-trip. (Added in 7.13.2)\n" "\n" " --proxy-basic\n" -" Tells curl to use HTTP Basic authentication when communicating\n" +" Tells curl to use HTTP Basic authentication when communicating\n" " with the given proxy. Use --basic for enabling HTTP Basic with a\n" -" remote host. Basic is the default authentication method curl\n" +" remote host. Basic is the default authentication method curl\n" , stdout); fputs( " uses with proxies.\n" "\n" " --proxy-digest\n" -" Tells curl to use HTTP Digest authentication when communicating\n" +" Tells curl to use HTTP Digest authentication when communicating\n" " with the given proxy. Use --digest for enabling HTTP Digest with\n" " a remote host.\n" "\n" " --proxy-negotiate\n" -" Tells curl to use HTTP Negotiate (SPNEGO) authentication when\n" +" Tells curl to use HTTP Negotiate (SPNEGO) authentication when\n" " communicating with the given proxy. Use --negotiate for enabling\n" , stdout); fputs( " HTTP Negotiate (SPNEGO) with a remote host. (Added in 7.17.1)\n" "\n" " --proxy-ntlm\n" -" Tells curl to use HTTP NTLM authentication when communicating\n" +" Tells curl to use HTTP NTLM authentication when communicating\n" " with the given proxy. Use --ntlm for enabling NTLM with a remote\n" " host.\n" "\n" +" --proxy-service-name \n" +" This option allows you to change the service name for proxy\n" +" negotiation.\n" +"\n" +, stdout); + fputs( +" Examples: --proxy-negotiate proxy-name --proxy-service-name\n" +" sockd would use sockd/proxy-name. (Added in 7.43.0).\n" +"\n" " --proxy1.0 \n" -" Use the specified HTTP 1.0 proxy. If the port number is not\n" +" Use the specified HTTP 1.0 proxy. If the port number is not\n" " specified, it is assumed at port 1080.\n" "\n" +" The only difference between this and the HTTP proxy option (-x,\n" +" --proxy), is that attempts to use CONNECT through the proxy will\n" , stdout); fputs( -" The only difference between this and the HTTP proxy option (-x,\n" -" --proxy), is that attempts to use CONNECT through the proxy will\n" " specify an HTTP 1.0 protocol instead of the default HTTP 1.1.\n" "\n" " --pubkey \n" -" (SSH) Public key file name. Allows you to provide your public\n" +" (SSH) Public key file name. Allows you to provide your public\n" " key in this separate file.\n" "\n" " If this option is used several times, the last one will be used.\n" +" (As of 7.39.0, curl attempts to automatically extract the public\n" +" key from the private key file, so passing this option is gener-\n" , stdout); fputs( -" (As of 7.39.0, curl attempts to automatically extract the public\n" -" key from the private key file, so passing this option is gener-\n" " ally not required. Note that this public key extraction requires\n" -" libcurl to be linked against a copy of libssh2 1.2.8 or higher\n" +" libcurl to be linked against a copy of libssh2 1.2.8 or higher\n" " that is itself linked against OpenSSL.)\n" "\n" -" -q If used as the first parameter on the command line, the curlrc\n" -, stdout); - fputs( -" config file will not be read and used. See the -K, --config for\n" +" -q If used as the first parameter on the command line, the curlrc\n" +" config file will not be read and used. See the -K, --config for\n" " details on the default config file search path.\n" "\n" " -Q, --quote \n" -" (FTP/SFTP) Send an arbitrary command to the remote FTP or SFTP\n" -" server. Quote commands are sent BEFORE the transfer takes place\n" -" (just after the initial PWD command in an FTP transfer, to be\n" -" exact). To make commands take place after a successful transfer,\n" , stdout); fputs( -" prefix them with a dash '-'. To make commands be sent after\n" +" (FTP/SFTP) Send an arbitrary command to the remote FTP or SFTP\n" +" server. Quote commands are sent BEFORE the transfer takes place\n" +" (just after the initial PWD command in an FTP transfer, to be\n" +" exact). To make commands take place after a successful transfer,\n" +" prefix them with a dash '-'. To make commands be sent after\n" " curl has changed the working directory, just before the transfer\n" -" command(s), prefix the command with a '+' (this is only sup-\n" -" ported for FTP). You may specify any number of commands. If the\n" +, stdout); + fputs( +" command(s), prefix the command with a '+' (this is only sup-\n" +" ported for FTP). You may specify any number of commands. If the\n" " server returns failure for one of the commands, the entire oper-\n" -" ation will be aborted. You must send syntactically correct FTP\n" +" ation will be aborted. You must send syntactically correct FTP\n" +" commands as RFC 959 defines to FTP servers, or one of the com-\n" +" mands listed below to SFTP servers. This option can be used\n" , stdout); fputs( -" commands as RFC 959 defines to FTP servers, or one of the com-\n" -" mands listed below to SFTP servers. This option can be used\n" -" multiple times. When speaking to an FTP server, prefix the com-\n" +" multiple times. When speaking to an FTP server, prefix the com-\n" " mand with an asterisk (*) to make curl continue even if the com-\n" " mand fails as by default curl will stop at first failure.\n" "\n" -" SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP\n" +" SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP\n" +" quote commands itself before sending them to the server. File\n" +" names may be quoted shell-style to embed spaces or special char-\n" , stdout); fputs( -" quote commands itself before sending them to the server. File\n" -" names may be quoted shell-style to embed spaces or special char-\n" -" acters. Following is the list of all supported SFTP quote com-\n" +" acters. Following is the list of all supported SFTP quote com-\n" " mands:\n" "\n" " chgrp group file\n" -" The chgrp command sets the group ID of the file named by\n" -" the file operand to the group ID specified by the group\n" -, stdout); - fputs( +" The chgrp command sets the group ID of the file named by\n" +" the file operand to the group ID specified by the group\n" " operand. The group operand is a decimal integer group ID.\n" "\n" " chmod mode file\n" -" The chmod command modifies the file mode bits of the\n" +" The chmod command modifies the file mode bits of the\n" +, stdout); + fputs( " specified file. The mode operand is an octal integer mode\n" " number.\n" "\n" " chown user file\n" " The chown command sets the owner of the file named by the\n" -" file operand to the user ID specified by the user oper-\n" -, stdout); - fputs( +" file operand to the user ID specified by the user oper-\n" " and. The user operand is a decimal integer user ID.\n" "\n" " ln source_file target_file\n" " The ln and symlink commands create a symbolic link at the\n" -" target_file location pointing to the source_file loca-\n" +, stdout); + fputs( +" target_file location pointing to the source_file loca-\n" " tion.\n" "\n" " mkdir directory_name\n" -" The mkdir command creates the directory named by the\n" +" The mkdir command creates the directory named by the\n" " directory_name operand.\n" "\n" -, stdout); - fputs( " pwd The pwd command returns the absolute pathname of the cur-\n" " rent working directory.\n" "\n" " rename source target\n" +, stdout); + fputs( " The rename command renames the file or directory named by\n" -" the source operand to the destination path named by the\n" +" the source operand to the destination path named by the\n" " target operand.\n" "\n" " rm file\n" " The rm command removes the file specified by the file op-\n" " erand.\n" "\n" +" rmdir directory\n" +" The rmdir command removes the directory entry specified\n" , stdout); fputs( -" rmdir directory\n" -" The rmdir command removes the directory entry specified\n" " by the directory operand, provided it is empty.\n" "\n" " symlink source_file target_file\n" " See ln.\n" "\n" " -r, --range \n" -" (HTTP/FTP/SFTP/FILE) Retrieve a byte range (i.e a partial docu-\n" -" ment) from a HTTP/1.1, FTP or SFTP server or a local FILE.\n" +" (HTTP/FTP/SFTP/FILE) Retrieve a byte range (i.e a partial docu-\n" +" ment) from a HTTP/1.1, FTP or SFTP server or a local FILE.\n" " Ranges can be specified in a number of ways.\n" "\n" -, stdout); - fputs( " 0-499 specifies the first 500 bytes\n" "\n" +, stdout); + fputs( " 500-999 specifies the second 500 bytes\n" "\n" " -500 specifies the last 500 bytes\n" @@ -1997,70 +2017,70 @@ " specifies 300 bytes from offset 500(H)\n" "\n" " 100-199,500-599\n" -, stdout); - fputs( " specifies two separate 100-byte ranges(*)(H)\n" "\n" -" (*) = NOTE that this will cause the server to reply with a multipart\n" -" response!\n" +, stdout); + fputs( +" (*) = NOTE that this will cause the server to reply with a mul-\n" +" tipart response!\n" "\n" -" Only digit characters (0-9) are valid in the 'start' and 'stop' fields\n" -" of the 'start-stop' range syntax. If a non-digit character is given in\n" -" the range, the server's response will be unspecified, depending on the\n" -" server's configuration.\n" +" Only digit characters (0-9) are valid in the 'start' and 'stop'\n" +" fields of the 'start-stop' range syntax. If a non-digit charac-\n" +" ter is given in the range, the server's response will be unspec-\n" +" ified, depending on the server's configuration.\n" "\n" +" You should also be aware that many HTTP/1.1 servers do not have\n" , stdout); fputs( -" You should also be aware that many HTTP/1.1 servers do not have this\n" -" feature enabled, so that when you attempt to get a range, you'll\n" -" instead get the whole document.\n" +" this feature enabled, so that when you attempt to get a range,\n" +" you'll instead get the whole document.\n" "\n" -" FTP and SFTP range downloads only support the simple 'start-stop' syn-\n" -" tax (optionally with one of the numbers omitted). FTP use depends on\n" -" the extended FTP command SIZE.\n" +" FTP and SFTP range downloads only support the simple 'start-\n" +" stop' syntax (optionally with one of the numbers omitted). FTP\n" +" use depends on the extended FTP command SIZE.\n" "\n" -" If this option is used several times, the last one will be used.\n" +" If this option is used several times, the last one will be used.\n" "\n" " -R, --remote-time\n" , stdout); fputs( -" When used, this will make curl attempt to figure out the time-\n" -" stamp of the remote file, and if that is available make the\n" +" When used, this will make curl attempt to figure out the time-\n" +" stamp of the remote file, and if that is available make the\n" " local file get that same timestamp.\n" "\n" " --random-file \n" " (SSL) Specify the path name to file containing what will be con-\n" -" sidered as random data. The data is used to seed the random\n" +" sidered as random data. The data is used to seed the random\n" " engine for SSL connections. See also the --egd-file option.\n" "\n" , stdout); fputs( " --raw (HTTP) When used, it disables all internal HTTP decoding of con-\n" -" tent or transfer encodings and instead makes them passed on\n" +" tent or transfer encodings and instead makes them passed on\n" " unaltered, raw. (Added in 7.16.2)\n" "\n" " --remote-name-all\n" -" This option changes the default action for all given URLs to be\n" +" This option changes the default action for all given URLs to be\n" " dealt with as if -O, --remote-name were used for each one. So if\n" " you want to disable that for a specific URL after --remote-name-\n" , stdout); fputs( -" all has been used, you must use \"-o -\" or --no-remote-name.\n" +" all has been used, you must use \"-o -\" or --no-remote-name.\n" " (Added in 7.19.0)\n" "\n" " --resolve \n" -" Provide a custom address for a specific host and port pair.\n" -" Using this, you can make the curl requests(s) use a specified\n" -" address and prevent the otherwise normally resolved address to\n" -" be used. Consider it a sort of /etc/hosts alternative provided\n" +" Provide a custom address for a specific host and port pair.\n" +" Using this, you can make the curl requests(s) use a specified\n" +" address and prevent the otherwise normally resolved address to\n" +" be used. Consider it a sort of /etc/hosts alternative provided\n" , stdout); fputs( -" on the command line. The port number should be the number used\n" -" for the specific protocol the host will be used for. It means\n" -" you need several entries if you want to provide address for the\n" +" on the command line. The port number should be the number used\n" +" for the specific protocol the host will be used for. It means\n" +" you need several entries if you want to provide address for the\n" " same host but different ports.\n" "\n" -" This option can be used many times to add many host names to\n" +" This option can be used many times to add many host names to\n" " resolve.\n" "\n" " (Added in 7.21.3)\n" @@ -2068,20 +2088,20 @@ " --retry \n" , stdout); fputs( -" If a transient error is returned when curl tries to perform a\n" -" transfer, it will retry this number of times before giving up.\n" -" Setting the number to 0 makes curl do no retries (which is the\n" -" default). Transient error means either: a timeout, an FTP 4xx\n" +" If a transient error is returned when curl tries to perform a\n" +" transfer, it will retry this number of times before giving up.\n" +" Setting the number to 0 makes curl do no retries (which is the\n" +" default). Transient error means either: a timeout, an FTP 4xx\n" " response code or an HTTP 5xx response code.\n" "\n" -" When curl is about to retry a transfer, it will first wait one\n" +" When curl is about to retry a transfer, it will first wait one\n" , stdout); fputs( -" second and then for all forthcoming retries it will double the\n" -" waiting time until it reaches 10 minutes which then will be the\n" -" delay between the rest of the retries. By using --retry-delay\n" -" you disable this exponential backoff algorithm. See also\n" -" --retry-max-time to limit the total time allowed for retries.\n" +" second and then for all forthcoming retries it will double the\n" +" waiting time until it reaches 10 minutes which then will be the\n" +" delay between the rest of the retries. By using --retry-delay\n" +" you disable this exponential backoff algorithm. See also\n" +" --retry-max-time to limit the total time allowed for retries.\n" " (Added in 7.12.3)\n" "\n" , stdout); @@ -2089,129 +2109,135 @@ " If this option is used several times, the last one will be used.\n" "\n" " --retry-delay \n" -" Make curl sleep this amount of time before each retry when a\n" -" transfer has failed with a transient error (it changes the\n" -" default backoff time algorithm between retries). This option is\n" -" only interesting if --retry is also used. Setting this delay to\n" +" Make curl sleep this amount of time before each retry when a\n" +" transfer has failed with a transient error (it changes the\n" +" default backoff time algorithm between retries). This option is\n" +" only interesting if --retry is also used. Setting this delay to\n" , stdout); fputs( -" zero will make curl use the default backoff time. (Added in\n" +" zero will make curl use the default backoff time. (Added in\n" " 7.12.3)\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " --retry-max-time \n" -" The retry timer is reset before the first transfer attempt.\n" +" The retry timer is reset before the first transfer attempt.\n" " Retries will be done as usual (see --retry) as long as the timer\n" " hasn't reached this given limit. Notice that if the timer hasn't\n" , stdout); fputs( -" reached the limit, the request will be made and while perform-\n" -" ing, it may take longer than this given time period. To limit a\n" -" single request's maximum time, use -m, --max-time. Set this\n" +" reached the limit, the request will be made and while perform-\n" +" ing, it may take longer than this given time period. To limit a\n" +" single request's maximum time, use -m, --max-time. Set this\n" " option to zero to not timeout retries. (Added in 7.12.3)\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " -s, --silent\n" -" Silent or quiet mode. Don't show progress meter or error mes-\n" +" Silent or quiet mode. Don't show progress meter or error mes-\n" , stdout); fputs( -" sages. Makes Curl mute. It will still output the data you ask\n" +" sages. Makes Curl mute. It will still output the data you ask\n" " for, potentially even to the terminal/stdout unless you redirect\n" " it.\n" "\n" " --sasl-ir\n" -" Enable initial response in SASL authentication. (Added in\n" +" Enable initial response in SASL authentication. (Added in\n" " 7.31.0)\n" "\n" +" --service-name \n" +" This option allows you to change the service name for SPNEGO.\n" +"\n" +" Examples: --negotiate --service-name sockd would use\n" +, stdout); + fputs( +" sockd/server-name. (Added in 7.43.0).\n" +"\n" " -S, --show-error\n" " When used with -s it makes curl show an error message if it\n" " fails.\n" "\n" " --ssl (FTP, POP3, IMAP, SMTP) Try to use SSL/TLS for the connection.\n" -, stdout); - fputs( " Reverts to a non-secure connection if the server doesn't support\n" " SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for differ-\n" " ent levels of encryption required. (Added in 7.20.0)\n" "\n" +, stdout); + fputs( " This option was formerly known as --ftp-ssl (Added in 7.11.0).\n" " That option name can still be used but will be removed in a\n" " future version.\n" "\n" " --ssl-reqd\n" -, stdout); - fputs( " (FTP, POP3, IMAP, SMTP) Require SSL/TLS for the connection.\n" " Terminates the connection if the server doesn't support SSL/TLS.\n" " (Added in 7.20.0)\n" "\n" " This option was formerly known as --ftp-ssl-reqd (added in\n" +, stdout); + fputs( " 7.15.5). That option name can still be used but will be removed\n" " in a future version.\n" "\n" " --ssl-allow-beast\n" " (SSL) This option tells curl to not work around a security flaw\n" -, stdout); - fputs( " in the SSL3 and TLS1.0 protocols known as BEAST. If this option\n" " isn't used, the SSL layer may use workarounds known to cause\n" " interoperability problems with some older SSL implementations.\n" +, stdout); + fputs( " WARNING: this option loosens the SSL security, and by using this\n" " flag you ask for exactly that. (Added in 7.25.0)\n" "\n" " --socks4 \n" " Use the specified SOCKS4 proxy. If the port number is not speci-\n" -, stdout); - fputs( " fied, it is assumed at port 1080. (Added in 7.15.2)\n" "\n" " This option overrides any previous use of -x, --proxy, as they\n" " are mutually exclusive.\n" "\n" +, stdout); + fputs( " Since 7.21.7, this option is superfluous since you can specify a\n" " socks4 proxy with -x, --proxy using a socks4:// protocol prefix.\n" " If this option is used several times, the last one will be used.\n" "\n" " --socks4a \n" -, stdout); - fputs( " Use the specified SOCKS4a proxy. If the port number is not spec-\n" " ified, it is assumed at port 1080. (Added in 7.18.0)\n" "\n" " This option overrides any previous use of -x, --proxy, as they\n" +, stdout); + fputs( " are mutually exclusive.\n" "\n" " Since 7.21.7, this option is superfluous since you can specify a\n" " socks4a proxy with -x, --proxy using a socks4a:// protocol pre-\n" " fix.\n" "\n" -, stdout); - fputs( " If this option is used several times, the last one will be used.\n" "\n" " --socks5-hostname \n" " Use the specified SOCKS5 proxy (and let the proxy resolve the\n" " host name). If the port number is not specified, it is assumed\n" +, stdout); + fputs( " at port 1080. (Added in 7.18.0)\n" "\n" " This option overrides any previous use of -x, --proxy, as they\n" " are mutually exclusive.\n" "\n" -, stdout); - fputs( " Since 7.21.7, this option is superfluous since you can specify a\n" " socks5 hostname proxy with -x, --proxy using a socks5h:// proto-\n" " col prefix.\n" "\n" " If this option is used several times, the last one will be used.\n" +, stdout); + fputs( " (This option was previously wrongly documented and used as\n" " --socks without the number appended.)\n" "\n" " --socks5 \n" -, stdout); - fputs( " Use the specified SOCKS5 proxy - but resolve the host name\n" " locally. If the port number is not specified, it is assumed at\n" " port 1080.\n" @@ -2219,10 +2245,10 @@ " This option overrides any previous use of -x, --proxy, as they\n" " are mutually exclusive.\n" "\n" -" Since 7.21.7, this option is superfluous since you can specify a\n" -" socks5 proxy with -x, --proxy using a socks5:// protocol prefix.\n" , stdout); fputs( +" Since 7.21.7, this option is superfluous since you can specify a\n" +" socks5 proxy with -x, --proxy using a socks5:// protocol prefix.\n" " If this option is used several times, the last one will be used.\n" " (This option was previously wrongly documented and used as\n" " --socks without the number appended.)\n" @@ -2230,33 +2256,33 @@ " This option (as well as --socks4) does not work with IPV6, FTPS\n" " or LDAP.\n" "\n" +, stdout); + fputs( " --socks5-gssapi-service \n" " The default service name for a socks server is rcmd/server-fqdn.\n" " This option allows you to change it.\n" "\n" -, stdout); - fputs( " Examples: --socks5 proxy-name --socks5-gssapi-service sockd\n" " would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-\n" " service sockd/real-name would use sockd/real-name for cases\n" " where the proxy-name does not match the principal name. (Added\n" +, stdout); + fputs( " in 7.19.4).\n" "\n" " --socks5-gssapi-nec\n" " As part of the GSS-API negotiation a protection mode is negoti-\n" -, stdout); - fputs( " ated. RFC 1961 says in section 4.3/4.4 it should be protected,\n" " but the NEC reference implementation does not. The option\n" " --socks5-gssapi-nec allows the unprotected exchange of the pro-\n" " tection mode negotiation. (Added in 7.19.4).\n" "\n" " --stderr \n" +, stdout); + fputs( " Redirect all writes to stderr to the specified file instead. If\n" " the file name is a plain '-', it is instead written to stdout.\n" "\n" -, stdout); - fputs( " If this option is used several times, the last one will be used.\n" "\n" " -t, --telnet-option \n" @@ -2266,31 +2292,31 @@ "\n" " XDISPLOC= Sets the X display location.\n" "\n" +, stdout); + fputs( " NEW_ENV= Sets an environment variable.\n" "\n" " -T, --upload-file \n" " This transfers the specified local file to the remote URL. If\n" -, stdout); - fputs( " there is no file part in the specified URL, Curl will append the\n" " local file name. NOTE that you must use a trailing / on the last\n" " directory to really prove to Curl that there is no file name or\n" " curl will think that your last directory name is the remote file\n" +, stdout); + fputs( " name to use. That will most likely cause the upload operation to\n" " fail. If this is used on an HTTP(S) server, the PUT command will\n" " be used.\n" "\n" -, stdout); - fputs( " Use the file name \"-\" (a single dash) to use stdin instead of a\n" " given file. Alternately, the file name \".\" (a single period)\n" " may be specified instead of \"-\" to use stdin in non-blocking\n" " mode to allow reading server output while stdin is being\n" +, stdout); + fputs( " uploaded.\n" "\n" " You can specify one -T for each URL on the command line. Each -T\n" -, stdout); - fputs( " + URL pair specifies what to upload and to where. curl also sup-\n" " ports \"globbing\" of the -T argument, meaning that you can upload\n" " multiple files to a single URL by using the same URL globbing\n" @@ -2300,11 +2326,11 @@ "\n" " or even\n" "\n" +, stdout); + fputs( " curl -T \"img[1-1000].png\" ftp://ftp.picturemania.com/upload/\n" "\n" " --tcp-nodelay\n" -, stdout); - fputs( " Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man\n" " page for details about this option. (Added in 7.11.2)\n" "\n" @@ -2313,10 +2339,10 @@ " size that curl will try to use when transferring data to or from\n" " a TFTP server. By default 512 bytes will be used.\n" "\n" -" If this option is used several times, the last one will be used.\n" -"\n" , stdout); fputs( +" If this option is used several times, the last one will be used.\n" +"\n" " (Added in 7.20.0)\n" "\n" " --tlsauthtype \n" @@ -2326,9 +2352,9 @@ " option defaults to \"SRP\". (Added in 7.21.4)\n" "\n" " --tlspassword \n" -" Set password for use with the TLS authentication method speci-\n" , stdout); fputs( +" Set password for use with the TLS authentication method speci-\n" " fied with --tlsauthtype. Requires that --tlsuser also be set.\n" " (Added in 7.21.4)\n" "\n" @@ -2338,12 +2364,12 @@ " set. (Added in 7.21.4)\n" "\n" " --tlsv1.0\n" +, stdout); + fputs( " (SSL) Forces curl to use TLS version 1.0 when negotiating with a\n" " remote TLS server. (Added in 7.34.0)\n" "\n" " --tlsv1.1\n" -, stdout); - fputs( " (SSL) Forces curl to use TLS version 1.1 when negotiating with a\n" " remote TLS server. (Added in 7.34.0)\n" "\n" @@ -2352,12 +2378,12 @@ " remote TLS server. (Added in 7.34.0)\n" "\n" " --tr-encoding\n" +, stdout); + fputs( " (HTTP) Request a compressed Transfer-Encoding response using one\n" " of the algorithms curl supports, and uncompress the data while\n" " receiving it.\n" "\n" -, stdout); - fputs( " (Added in 7.21.6)\n" "\n" " --trace \n" @@ -2365,29 +2391,31 @@ " including descriptive information, to the given output file. Use\n" " \"-\" as filename to have the output sent to stdout.\n" "\n" +, stdout); + fputs( " This option overrides previous uses of -v, --verbose or --trace-\n" " ascii.\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " --trace-ascii \n" -, stdout); - fputs( " Enables a full trace dump of all incoming and outgoing data,\n" " including descriptive information, to the given output file. Use\n" " \"-\" as filename to have the output sent to stdout.\n" "\n" +, stdout); + fputs( " This is very similar to --trace, but leaves out the hex part and\n" " only shows the ASCII part of the dump. It makes smaller output\n" " that might be easier to read for untrained humans.\n" "\n" -, stdout); - fputs( " This option overrides previous uses of -v, --verbose or --trace.\n" " If this option is used several times, the last one will be used.\n" "\n" " --trace-time\n" " Prepends a time stamp to each trace or verbose line that curl\n" +, stdout); + fputs( " displays. (Added in 7.14.0)\n" "\n" " --unix-socket \n" @@ -2395,73 +2423,71 @@ " the network. (Added in 7.40.0)\n" "\n" " -u, --user \n" -, stdout); - fputs( " Specify the user name and password to use for server authentica-\n" " tion. Overrides -n, --netrc and --netrc-optional.\n" "\n" " If you simply specify the user name, curl will prompt for a\n" " password.\n" "\n" +, stdout); + fputs( " The user name and passwords are split up on the first colon,\n" " which makes it impossible to use a colon in the user name with\n" " this option. The password can, still.\n" "\n" -, stdout); - fputs( " When using Kerberos V5 with a Windows based server you should\n" " include the Windows domain name in the user name, in order for\n" " the server to successfully obtain a Kerberos Ticket. If you\n" +, stdout); + fputs( " don't then the initial authentication handshake may fail.\n" "\n" " When using NTLM, the user name can be specified simply as the\n" " user name, without the domain, if there is a single domain and\n" -, stdout); - fputs( " forest in your setup for example.\n" "\n" " To specify the domain name use either Down-Level Logon Name or\n" " UPN (User Principal Name) formats. For example, EXAMPLE\\user and\n" " user@example.com respectively.\n" "\n" +, stdout); + fputs( " If you use a Windows SSPI-enabled curl binary and perform Ker-\n" " beros V5, Negotiate, NTLM or Digest authentication then you can\n" " tell curl to select the user name and password from your envi-\n" -, stdout); - fputs( " ronment by specifying a single colon with this option: \"-u :\".\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " -U, --proxy-user \n" +, stdout); + fputs( " Specify the user name and password to use for proxy authentica-\n" " tion.\n" "\n" " If you use a Windows SSPI-enabled curl binary and do either\n" " Negotiate or NTLM authentication then you can tell curl to\n" -, stdout); - fputs( " select the user name and password from your environment by spec-\n" " ifying a single colon with this option: \"-U :\".\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " --url \n" +, stdout); + fputs( " Specify a URL to fetch. This option is mostly handy when you\n" " want to specify URL(s) in a config file.\n" "\n" " This option may be used any number of times. To control where\n" -, stdout); - fputs( " this URL is written, use the -o, --output or the -O, --remote-\n" " name options.\n" " -v, --verbose\n" " Be more verbose/talkative during the operation. Useful for\n" " debugging and seeing what's going on \"under the hood\". A line\n" -" starting with '>' means \"header data\" sent by curl, '<' means\n" -" \"header data\" received by curl that is hidden in normal cases,\n" , stdout); fputs( +" starting with '>' means \"header data\" sent by curl, '<' means\n" +" \"header data\" received by curl that is hidden in normal cases,\n" " and a line starting with '*' means additional info provided by\n" " curl.\n" "\n" @@ -2469,32 +2495,32 @@ " --include might be the option you're looking for.\n" "\n" " If you think this option still doesn't give you enough details,\n" +, stdout); + fputs( " consider using --trace or --trace-ascii instead.\n" "\n" " This option overrides previous uses of --trace-ascii or --trace.\n" "\n" -, stdout); - fputs( " Use -s, --silent to make curl quiet.\n" "\n" " -w, --write-out \n" " Make curl display information on stdout after a completed trans-\n" " fer. The format is a string that may contain plain text mixed\n" " with any number of variables. The format can be specified as a\n" -" literal \"string\", or you can have curl read the format from a\n" -" file with \"@filename\" and to tell curl to read the format from\n" , stdout); fputs( +" literal \"string\", or you can have curl read the format from a\n" +" file with \"@filename\" and to tell curl to read the format from\n" " stdin you write \"@-\".\n" "\n" " The variables present in the output format will be substituted\n" " by the value or text that curl thinks fit, as described below.\n" " All variables are specified as %{variable_name} and to output a\n" +, stdout); + fputs( " normal % you just write them as %%. You can output a newline by\n" " using \\n, a carriage return with \\r and a tab space with \\t.\n" "\n" -, stdout); - fputs( " NOTE: The %-symbol is a special symbol in the win32-environment,\n" " where all occurrences of % must be doubled when using this\n" " option.\n" @@ -2502,60 +2528,62 @@ " The variables available are:\n" "\n" " content_type The Content-Type of the requested document, if\n" +, stdout); + fputs( " there was any.\n" "\n" " filename_effective\n" " The ultimate filename that curl writes out to.\n" -, stdout); - fputs( " This is only meaningful if curl is told to write\n" " to a file with the --remote-name or --output\n" " option. It's most useful in combination with the\n" " --remote-header-name option. (Added in 7.25.1)\n" "\n" +, stdout); + fputs( " ftp_entry_path The initial path curl ended up in when logging on\n" " to the remote FTP server. (Added in 7.15.4)\n" "\n" -, stdout); - fputs( " http_code The numerical response code that was found in the\n" " last retrieved HTTP(S) or FTP(s) transfer. In\n" " 7.18.2 the alias response_code was added to show\n" " the same info.\n" "\n" +, stdout); + fputs( " http_connect The numerical code that was found in the last\n" " response (from a proxy) to a curl CONNECT\n" " request. (Added in 7.12.4)\n" "\n" -, stdout); - fputs( " local_ip The IP address of the local end of the most\n" " recently done connection - can be either IPv4 or\n" " IPv6 (Added in 7.29.0)\n" "\n" +, stdout); + fputs( " local_port The local port number of the most recently done\n" " connection (Added in 7.29.0)\n" "\n" " num_connects Number of new connects made in the recent trans-\n" " fer. (Added in 7.12.3)\n" "\n" -, stdout); - fputs( " num_redirects Number of redirects that were followed in the\n" " request. (Added in 7.12.3)\n" "\n" " redirect_url When an HTTP request was made without -L to fol-\n" +, stdout); + fputs( " low redirects, this variable will show the actual\n" " URL a redirect would take you to. (Added in\n" " 7.18.2)\n" "\n" " remote_ip The remote IP address of the most recently done\n" -, stdout); - fputs( " connection - can be either IPv4 or IPv6 (Added in\n" " 7.29.0)\n" "\n" " remote_port The remote port number of the most recently done\n" +, stdout); + fputs( " connection (Added in 7.29.0)\n" "\n" " size_download The total amount of bytes that were downloaded.\n" @@ -2563,35 +2591,35 @@ " size_header The total amount of bytes of the downloaded head-\n" " ers.\n" "\n" -, stdout); - fputs( " size_request The total amount of bytes that were sent in the\n" " HTTP request.\n" "\n" " size_upload The total amount of bytes that were uploaded.\n" "\n" +, stdout); + fputs( " speed_download The average download speed that curl measured for\n" " the complete download. Bytes per second.\n" "\n" " speed_upload The average upload speed that curl measured for\n" " the complete upload. Bytes per second.\n" "\n" -, stdout); - fputs( " ssl_verify_result\n" " The result of the SSL peer certificate verifica-\n" " tion that was requested. 0 means the verification\n" +, stdout); + fputs( " was successful. (Added in 7.19.0)\n" "\n" " time_appconnect\n" " The time, in seconds, it took from the start\n" " until the SSL/SSH/etc connect/handshake to the\n" -, stdout); - fputs( " remote host was completed. (Added in 7.19.0)\n" "\n" " time_connect The time, in seconds, it took from the start\n" " until the TCP connect to the remote host (or\n" +, stdout); + fputs( " proxy) was completed.\n" "\n" " time_namelookup\n" @@ -2599,52 +2627,52 @@ " until the name resolving was completed.\n" "\n" " time_pretransfer\n" -, stdout); - fputs( " The time, in seconds, it took from the start\n" " until the file transfer was just about to begin.\n" " This includes all pre-transfer commands and nego-\n" +, stdout); + fputs( " tiations that are specific to the particular pro-\n" " tocol(s) involved.\n" "\n" " time_redirect The time, in seconds, it took for all redirection\n" -, stdout); - fputs( " steps include name lookup, connect, pretransfer\n" " and transfer before the final transaction was\n" " started. time_redirect shows the complete execu-\n" +, stdout); + fputs( " tion time for multiple redirections. (Added in\n" " 7.12.3)\n" "\n" " time_starttransfer\n" " The time, in seconds, it took from the start\n" -, stdout); - fputs( " until the first byte was just about to be trans-\n" " ferred. This includes time_pretransfer and also\n" " the time the server needed to calculate the\n" +, stdout); + fputs( " result.\n" "\n" " time_total The total time, in seconds, that the full opera-\n" " tion lasted. The time will be displayed with mil-\n" " lisecond resolution.\n" "\n" -, stdout); - fputs( " url_effective The URL that was fetched last. This is most mean-\n" " ingful if you've told curl to follow location:\n" " headers.\n" "\n" -" If this option is used several times, the last one will be used.\n" +, stdout); + fputs( +" If this option is used several times, the last one will be used.\n" "\n" " -x, --proxy <[protocol://][user:password@]proxyhost[:port]>\n" " Use the specified proxy.\n" "\n" " The proxy string can be specified with a protocol:// prefix to\n" -, stdout); - fputs( " specify alternative proxy protocols. Use socks4://, socks4a://,\n" " socks5:// or socks5h:// to request the specific SOCKS version to\n" +, stdout); + fputs( " be used. No protocol specified, http:// and all others will be\n" " treated as HTTP proxies. (The protocol support was added in curl\n" " 7.21.7)\n" @@ -2652,128 +2680,126 @@ " If the port number is not specified in the proxy string, it is\n" " assumed to be 1080.\n" "\n" -, stdout); - fputs( " This option overrides existing environment variables that set\n" " the proxy to use. If there's an environment variable setting a\n" +, stdout); + fputs( " proxy, you can set proxy to \"\" to override it.\n" "\n" " All operations that are performed over an HTTP proxy will trans-\n" " parently be converted to HTTP. It means that certain protocol\n" " specific operations might not be available. This is not the case\n" -, stdout); - fputs( " if you can tunnel through the proxy, as one with the -p, --prox-\n" " ytunnel option.\n" "\n" " User and password that might be provided in the proxy string are\n" +, stdout); + fputs( " URL decoded by curl. This allows you to pass in special charac-\n" " ters such as @ by using %40 or pass in a colon with %3a.\n" "\n" " The proxy host can be specified the exact same way as the proxy\n" " environment variables, including the protocol prefix (http://)\n" -, stdout); - fputs( " and the embedded user + password.\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " -X, --request \n" +, stdout); + fputs( " (HTTP) Specifies a custom request method to use when communicat-\n" " ing with the HTTP server. The specified request method will be\n" " used instead of the method otherwise used (which defaults to\n" " GET). Read the HTTP 1.1 specification for details and explana-\n" -, stdout); - fputs( " tions. Common additional HTTP requests include PUT and DELETE,\n" " but related technologies like WebDAV offers PROPFIND, COPY, MOVE\n" " and more.\n" "\n" +, stdout); + fputs( " Normally you don't need this option. All sorts of GET, HEAD,\n" " POST and PUT requests are rather invoked by using dedicated com-\n" " mand line options.\n" "\n" " This option only changes the actual word used in the HTTP\n" -, stdout); - fputs( " request, it does not alter the way curl behaves. So for example\n" " if you want to make a proper HEAD request, using -X HEAD will\n" " not suffice. You need to use the -I, --head option.\n" "\n" +, stdout); + fputs( " The method string you set with -X will be used for all requests,\n" " which if you for example use -L, --location may cause unintended\n" " side-effects when curl doesn't change request method according\n" -, stdout); - fputs( " to the HTTP 30x response codes - and similar.\n" "\n" " (FTP) Specifies a custom FTP command to use instead of LIST when\n" " doing file lists with FTP.\n" "\n" " (POP3) Specifies a custom POP3 command to use instead of LIST or\n" +, stdout); + fputs( " RETR. (Added in 7.26.0)\n" "\n" " (IMAP) Specifies a custom IMAP command to use instead of LIST.\n" " (Added in 7.30.0)\n" "\n" " (SMTP) Specifies a custom SMTP command to use instead of HELP or\n" -, stdout); - fputs( " VRFY. (Added in 7.34.0)\n" "\n" " If this option is used several times, the last one will be used.\n" "\n" " --xattr\n" " When saving output to a file, this option tells curl to store\n" +, stdout); + fputs( " certain file metadata in extended file attributes. Currently,\n" " the URL is stored in the xdg.origin.url attribute and, for HTTP,\n" " the content type is stored in the mime_type attribute. If the\n" -, stdout); - fputs( " file system does not support extended attributes, a warning is\n" " issued.\n" "\n" " -y, --speed-time