aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/libs/curl/lib
diff options
context:
space:
mode:
authorrobot-contrib <robot-contrib@yandex-team.ru>2022-04-28 16:36:59 +0300
committerrobot-contrib <robot-contrib@yandex-team.ru>2022-04-28 16:36:59 +0300
commit1d80f65d6a77d0e4c1b3a18a6a970715934ecd75 (patch)
treee0363932ca34036e90ac4cd461092c763acb3a4d /contrib/libs/curl/lib
parent505c75794e448a38ffa0b066ccef3299aec10239 (diff)
downloadydb-1d80f65d6a77d0e4c1b3a18a6a970715934ecd75.tar.gz
Update contrib/libs/curl to 7.83.0
ref:72dd794f7af62e3844c14f0a9bcee77e66f30a36
Diffstat (limited to 'contrib/libs/curl/lib')
-rw-r--r--contrib/libs/curl/lib/altsvc.c4
-rw-r--r--contrib/libs/curl/lib/asyn-ares.c5
-rw-r--r--contrib/libs/curl/lib/c-hyper.c12
-rw-r--r--contrib/libs/curl/lib/conncache.c43
-rw-r--r--contrib/libs/curl/lib/conncache.h5
-rw-r--r--contrib/libs/curl/lib/connect.c25
-rw-r--r--contrib/libs/curl/lib/cookie.c15
-rw-r--r--contrib/libs/curl/lib/curl_config-linux.h9
-rw-r--r--contrib/libs/curl/lib/curl_gssapi.c4
-rw-r--r--contrib/libs/curl/lib/curl_multibyte.c12
-rw-r--r--contrib/libs/curl/lib/curl_sasl.c2
-rw-r--r--contrib/libs/curl/lib/curl_setup.h2
-rw-r--r--contrib/libs/curl/lib/doh.c2
-rw-r--r--contrib/libs/curl/lib/easy.c2
-rw-r--r--contrib/libs/curl/lib/ftp.c12
-rw-r--r--contrib/libs/curl/lib/h2h3.c2
-rw-r--r--contrib/libs/curl/lib/headers.c324
-rw-r--r--contrib/libs/curl/lib/headers.h53
-rw-r--r--contrib/libs/curl/lib/hmac.c6
-rw-r--r--contrib/libs/curl/lib/hostip.c10
-rw-r--r--contrib/libs/curl/lib/http.c95
-rw-r--r--contrib/libs/curl/lib/http.h50
-rw-r--r--contrib/libs/curl/lib/http2.c63
-rw-r--r--contrib/libs/curl/lib/http_chunks.c4
-rw-r--r--contrib/libs/curl/lib/http_proxy.c17
-rw-r--r--contrib/libs/curl/lib/http_proxy.h3
-rw-r--r--contrib/libs/curl/lib/idn_win32.c26
-rw-r--r--contrib/libs/curl/lib/imap.c4
-rw-r--r--contrib/libs/curl/lib/ldap.c6
-rw-r--r--contrib/libs/curl/lib/mime.c2
-rw-r--r--contrib/libs/curl/lib/mqtt.c8
-rw-r--r--contrib/libs/curl/lib/multi.c5
-rw-r--r--contrib/libs/curl/lib/nonblock.c6
-rw-r--r--contrib/libs/curl/lib/pingpong.c2
-rw-r--r--contrib/libs/curl/lib/pop3.c4
-rw-r--r--contrib/libs/curl/lib/quic.h5
-rw-r--r--contrib/libs/curl/lib/rand.c4
-rw-r--r--contrib/libs/curl/lib/rtsp.c2
-rw-r--r--contrib/libs/curl/lib/select.c61
-rw-r--r--contrib/libs/curl/lib/sendf.c27
-rw-r--r--contrib/libs/curl/lib/sendf.h10
-rw-r--r--contrib/libs/curl/lib/setopt.c4
-rw-r--r--contrib/libs/curl/lib/smtp.c8
-rw-r--r--contrib/libs/curl/lib/socks.c2
-rw-r--r--contrib/libs/curl/lib/socks.h4
-rw-r--r--contrib/libs/curl/lib/strcase.c10
-rw-r--r--contrib/libs/curl/lib/strcase.h4
-rw-r--r--contrib/libs/curl/lib/telnet.c2
-rw-r--r--contrib/libs/curl/lib/timediff.c84
-rw-r--r--contrib/libs/curl/lib/timediff.h50
-rw-r--r--contrib/libs/curl/lib/timeval.h10
-rw-r--r--contrib/libs/curl/lib/transfer.c80
-rw-r--r--contrib/libs/curl/lib/url.c61
-rw-r--r--contrib/libs/curl/lib/urlapi.c2
-rw-r--r--contrib/libs/curl/lib/urldata.h28
-rw-r--r--contrib/libs/curl/lib/vauth/ntlm.c2
-rw-r--r--contrib/libs/curl/lib/vquic/msh3.c498
-rw-r--r--contrib/libs/curl/lib/vquic/ngtcp2.c92
-rw-r--r--contrib/libs/curl/lib/vquic/quiche.c4
-rw-r--r--contrib/libs/curl/lib/vssh/libssh.c17
-rw-r--r--contrib/libs/curl/lib/vssh/libssh2.c45
-rw-r--r--contrib/libs/curl/lib/vssh/wolfssh.c14
-rw-r--r--contrib/libs/curl/lib/vtls/bearssl.c242
-rw-r--r--contrib/libs/curl/lib/vtls/gskit.c13
-rw-r--r--contrib/libs/curl/lib/vtls/gtls.c44
-rw-r--r--contrib/libs/curl/lib/vtls/mbedtls.c37
-rw-r--r--contrib/libs/curl/lib/vtls/nss.c20
-rw-r--r--contrib/libs/curl/lib/vtls/openssl.c55
-rw-r--r--contrib/libs/curl/lib/vtls/openssl.h8
-rw-r--r--contrib/libs/curl/lib/vtls/rustls.c10
-rw-r--r--contrib/libs/curl/lib/vtls/schannel.c12
-rw-r--r--contrib/libs/curl/lib/vtls/schannel_verify.c4
-rw-r--r--contrib/libs/curl/lib/vtls/sectransp.c14
-rw-r--r--contrib/libs/curl/lib/vtls/vtls.c21
-rw-r--r--contrib/libs/curl/lib/vtls/vtls.h11
-rw-r--r--contrib/libs/curl/lib/vtls/wolfssl.c21
-rw-r--r--contrib/libs/curl/lib/warnless.c6
-rw-r--r--contrib/libs/curl/lib/warnless.h8
78 files changed, 2023 insertions, 477 deletions
diff --git a/contrib/libs/curl/lib/altsvc.c b/contrib/libs/curl/lib/altsvc.c
index 242733bfd7..45929a5df7 100644
--- a/contrib/libs/curl/lib/altsvc.c
+++ b/contrib/libs/curl/lib/altsvc.c
@@ -54,6 +54,8 @@
#define H3VERSION "h3-29"
#elif defined(USE_NGTCP2) && !defined(UNITTESTS)
#define H3VERSION "h3-29"
+#elif defined(USE_MSH3) && !defined(UNITTESTS)
+#define H3VERSION "h3-29"
#else
#define H3VERSION "h3"
#endif
@@ -264,7 +266,7 @@ struct altsvcinfo *Curl_altsvc_init(void)
/* set default behavior */
asi->flags = CURLALTSVC_H1
-#ifdef USE_NGHTTP2
+#ifdef USE_HTTP2
| CURLALTSVC_H2
#endif
#ifdef ENABLE_QUIC
diff --git a/contrib/libs/curl/lib/asyn-ares.c b/contrib/libs/curl/lib/asyn-ares.c
index 2cedaa671e..b4e612d5e2 100644
--- a/contrib/libs/curl/lib/asyn-ares.c
+++ b/contrib/libs/curl/lib/asyn-ares.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -65,6 +65,7 @@
#include "connect.h"
#include "select.h"
#include "progress.h"
+#include "timediff.h"
# if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \
defined(WIN32)
@@ -292,7 +293,7 @@ int Curl_resolver_getsock(struct Curl_easy *data,
timeout = ares_timeout((ares_channel)data->state.async.resolver, &maxtime,
&timebuf);
- milli = (timeout->tv_sec * 1000) + (timeout->tv_usec/1000);
+ milli = (long)curlx_tvtoms(timeout);
if(milli == 0)
milli += 10;
Curl_expire(data, milli, EXPIRE_ASYNC_NAME);
diff --git a/contrib/libs/curl/lib/c-hyper.c b/contrib/libs/curl/lib/c-hyper.c
index 00f9d7a51d..08722ff65d 100644
--- a/contrib/libs/curl/lib/c-hyper.c
+++ b/contrib/libs/curl/lib/c-hyper.c
@@ -293,10 +293,8 @@ static CURLcode status_line(struct Curl_easy *data,
writetype |= CLIENTWRITE_BODY;
result = Curl_client_write(data, writetype,
Curl_dyn_ptr(&data->state.headerb), len);
- if(result) {
- data->state.hresult = CURLE_ABORTED_BY_CALLBACK;
- return HYPER_ITER_BREAK;
- }
+ if(result)
+ return result;
}
data->info.header_size += (long)len;
data->req.headerbytecount += (long)len;
@@ -416,7 +414,7 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data,
else if(h->endtask == task) {
/* end of transfer */
*done = TRUE;
- infof(data, "hyperstream is done!");
+ infof(data, "hyperstream is done");
if(!k->bodywrites) {
/* hyper doesn't always call the body write callback */
bool stilldone;
@@ -806,7 +804,7 @@ static void http1xx_cb(void *arg, struct hyper_response *resp)
}
if(data->state.hresult)
- infof(data, "ERROR in 1xx, bail out!");
+ infof(data, "ERROR in 1xx, bail out");
}
/*
@@ -906,6 +904,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
hyper_clientconn_options_http2(options, 1);
h2 = TRUE;
}
+ hyper_clientconn_options_set_preserve_header_case(options, 1);
+ hyper_clientconn_options_set_preserve_header_order(options, 1);
hyper_clientconn_options_exec(options, h->exec);
diff --git a/contrib/libs/curl/lib/conncache.c b/contrib/libs/curl/lib/conncache.c
index cd5756ae40..aa29620fa3 100644
--- a/contrib/libs/curl/lib/conncache.c
+++ b/contrib/libs/curl/lib/conncache.c
@@ -132,13 +132,11 @@ void Curl_conncache_destroy(struct conncache *connc)
}
/* creates a key to find a bundle for this connection */
-static void hashkey(struct connectdata *conn, char *buf,
- size_t len, /* something like 128 is fine */
- const char **hostp)
+static void hashkey(struct connectdata *conn, char *buf, size_t len)
{
const char *hostname;
long port = conn->remote_port;
-
+ DEBUGASSERT(len >= HASHKEY_SIZE);
#ifndef CURL_DISABLE_PROXY
if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) {
hostname = conn->http_proxy.host.name;
@@ -151,12 +149,12 @@ static void hashkey(struct connectdata *conn, char *buf,
else
hostname = conn->host.name;
- if(hostp)
- /* report back which name we used */
- *hostp = hostname;
-
- /* put the number first so that the hostname gets cut off if too long */
- msnprintf(buf, len, "%ld%s", port, hostname);
+ /* put the numbers first so that the hostname gets cut off if too long */
+#ifdef ENABLE_IPV6
+ msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname);
+#else
+ msnprintf(buf, len, "%ld/%s", port, hostname);
+#endif
Curl_strntolower(buf, buf, len);
}
@@ -179,14 +177,13 @@ size_t Curl_conncache_size(struct Curl_easy *data)
struct connectbundle *
Curl_conncache_find_bundle(struct Curl_easy *data,
struct connectdata *conn,
- struct conncache *connc,
- const char **hostp)
+ struct conncache *connc)
{
struct connectbundle *bundle = NULL;
CONNCACHE_LOCK(data);
if(connc) {
char key[HASHKEY_SIZE];
- hashkey(conn, key, sizeof(key), hostp);
+ hashkey(conn, key, sizeof(key));
bundle = Curl_hash_pick(&connc->hash, key, strlen(key));
}
@@ -233,8 +230,7 @@ CURLcode Curl_conncache_add_conn(struct Curl_easy *data)
DEBUGASSERT(conn);
/* *find_bundle() locks the connection cache */
- bundle = Curl_conncache_find_bundle(data, conn, data->state.conn_cache,
- NULL);
+ bundle = Curl_conncache_find_bundle(data, conn, data->state.conn_cache);
if(!bundle) {
char key[HASHKEY_SIZE];
@@ -243,7 +239,7 @@ CURLcode Curl_conncache_add_conn(struct Curl_easy *data)
goto unlock;
}
- hashkey(conn, key, sizeof(key), NULL);
+ hashkey(conn, key, sizeof(key));
if(!conncache_add_bundle(data->state.conn_cache, key, bundle)) {
bundle_destroy(bundle);
@@ -531,6 +527,7 @@ void Curl_conncache_close_all_connections(struct conncache *connc)
{
struct connectdata *conn;
char buffer[READBUFFER_MIN + 1];
+ SIGPIPE_VARIABLE(pipe_st);
if(!connc->closure_handle)
return;
connc->closure_handle->state.buffer = buffer;
@@ -538,7 +535,6 @@ void Curl_conncache_close_all_connections(struct conncache *connc)
conn = conncache_find_first_connection(connc);
while(conn) {
- SIGPIPE_VARIABLE(pipe_st);
sigpipe_ignore(connc->closure_handle, &pipe_st);
/* This will remove the connection from the cache */
connclose(conn, "kill all");
@@ -550,15 +546,12 @@ void Curl_conncache_close_all_connections(struct conncache *connc)
}
connc->closure_handle->state.buffer = NULL;
- if(connc->closure_handle) {
- SIGPIPE_VARIABLE(pipe_st);
- sigpipe_ignore(connc->closure_handle, &pipe_st);
+ sigpipe_ignore(connc->closure_handle, &pipe_st);
- Curl_hostcache_clean(connc->closure_handle,
- connc->closure_handle->dns.hostcache);
- Curl_close(&connc->closure_handle);
- sigpipe_restore(&pipe_st);
- }
+ Curl_hostcache_clean(connc->closure_handle,
+ connc->closure_handle->dns.hostcache);
+ Curl_close(&connc->closure_handle);
+ sigpipe_restore(&pipe_st);
}
#if 0
diff --git a/contrib/libs/curl/lib/conncache.h b/contrib/libs/curl/lib/conncache.h
index e9c1e32f87..ef11dcfd29 100644
--- a/contrib/libs/curl/lib/conncache.h
+++ b/contrib/libs/curl/lib/conncache.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2015 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se>
*
* This software is licensed as described in the file COPYING, which
@@ -87,8 +87,7 @@ void Curl_conncache_destroy(struct conncache *connc);
/* return the correct bundle, to a host or a proxy */
struct connectbundle *Curl_conncache_find_bundle(struct Curl_easy *data,
struct connectdata *conn,
- struct conncache *connc,
- const char **hostp);
+ struct conncache *connc);
/* returns number of connections currently held in the connection cache */
size_t Curl_conncache_size(struct Curl_easy *data);
diff --git a/contrib/libs/curl/lib/connect.c b/contrib/libs/curl/lib/connect.c
index 64f951118b..9bcf525ebb 100644
--- a/contrib/libs/curl/lib/connect.c
+++ b/contrib/libs/curl/lib/connect.c
@@ -74,6 +74,7 @@
#include "warnless.h"
#include "conncache.h"
#include "multihandle.h"
+#include "share.h"
#include "version_win32.h"
#include "quic.h"
#include "socks.h"
@@ -137,6 +138,14 @@ tcpkeepalive(struct Curl_easy *data,
(void *)&optval, sizeof(optval)) < 0) {
infof(data, "Failed to set TCP_KEEPIDLE on fd %d", sockfd);
}
+#elif defined(TCP_KEEPALIVE)
+ /* Mac OS X style */
+ optval = curlx_sltosi(data->set.tcp_keepidle);
+ KEEPALIVE_FACTOR(optval);
+ if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE,
+ (void *)&optval, sizeof(optval)) < 0) {
+ infof(data, "Failed to set TCP_KEEPALIVE on fd %d", sockfd);
+ }
#endif
#ifdef TCP_KEEPINTVL
optval = curlx_sltosi(data->set.tcp_keepintvl);
@@ -146,15 +155,6 @@ tcpkeepalive(struct Curl_easy *data,
infof(data, "Failed to set TCP_KEEPINTVL on fd %d", sockfd);
}
#endif
-#ifdef TCP_KEEPALIVE
- /* Mac OS X style */
- optval = curlx_sltosi(data->set.tcp_keepidle);
- KEEPALIVE_FACTOR(optval);
- if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE,
- (void *)&optval, sizeof(optval)) < 0) {
- infof(data, "Failed to set TCP_KEEPALIVE on fd %d", sockfd);
- }
-#endif
#endif
}
}
@@ -623,6 +623,7 @@ void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn,
data->info.conn_scheme = conn->handler->scheme;
data->info.conn_protocol = conn->handler->protocol;
data->info.conn_primary_port = conn->port;
+ data->info.conn_remote_port = conn->remote_port;
data->info.conn_local_port = local_port;
}
@@ -1487,7 +1488,11 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
find.id_tofind = data->state.lastconnect_id;
find.found = NULL;
- Curl_conncache_foreach(data, data->multi_easy?
+ Curl_conncache_foreach(data,
+ data->share && (data->share->specifier
+ & (1<< CURL_LOCK_DATA_CONNECT))?
+ &data->share->conn_cache:
+ data->multi_easy?
&data->multi_easy->conn_cache:
&data->multi->conn_cache, &find, conn_is_conn);
diff --git a/contrib/libs/curl/lib/cookie.c b/contrib/libs/curl/lib/cookie.c
index d418efa33d..451881f578 100644
--- a/contrib/libs/curl/lib/cookie.c
+++ b/contrib/libs/curl/lib/cookie.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1188,12 +1188,15 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
fp = stdin;
fromfile = FALSE;
}
- else if(file && !*file) {
- /* points to a "" string */
+ else if(!file || !*file) {
+ /* points to an empty string or NULL */
fp = NULL;
}
- else
- fp = file?fopen(file, FOPEN_READTEXT):NULL;
+ else {
+ fp = fopen(file, FOPEN_READTEXT);
+ if(!fp)
+ infof(data, "WARNING: failed to open cookie file \"%s\"", file);
+ }
c->newsession = newsession; /* new session? */
@@ -1227,7 +1230,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
*/
remove_expired(c);
- if(fromfile)
+ if(fromfile && fp)
fclose(fp);
}
diff --git a/contrib/libs/curl/lib/curl_config-linux.h b/contrib/libs/curl/lib/curl_config-linux.h
index 0ac2bc9a4d..097f22dcf3 100644
--- a/contrib/libs/curl/lib/curl_config-linux.h
+++ b/contrib/libs/curl/lib/curl_config-linux.h
@@ -447,6 +447,9 @@
/* Define to 1 if you have the MSG_NOSIGNAL flag. */
#define HAVE_MSG_NOSIGNAL 1
+/* Define to 1 if you have the <msh3.h> header file. */
+/* #undef HAVE_MSH3_H */
+
/* Define to 1 if you have the <netdb.h> header file. */
#define HAVE_NETDB_H 1
@@ -946,6 +949,9 @@
/* GSASL support enabled */
/* #undef USE_GSASL */
+/* enable headers-api */
+/* #undef USE_HEADERS_API */
+
/* if hyper is in use */
/* #undef USE_HYPER */
@@ -967,6 +973,9 @@
/* if mbedTLS is enabled */
/* #undef USE_MBEDTLS */
+/* if msh3 is in use */
+/* #undef USE_MSH3 */
+
/* if nghttp2 is in use */
#define USE_NGHTTP2 1
diff --git a/contrib/libs/curl/lib/curl_gssapi.c b/contrib/libs/curl/lib/curl_gssapi.c
index 70a607f3ab..50f78866d1 100644
--- a/contrib/libs/curl/lib/curl_gssapi.c
+++ b/contrib/libs/curl/lib/curl_gssapi.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2011 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -60,7 +60,7 @@ OM_uint32 Curl_gss_init_sec_context(
#ifdef GSS_C_DELEG_POLICY_FLAG
req_flags |= GSS_C_DELEG_POLICY_FLAG;
#else
- infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
+ infof(data, "WARNING: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
"compiled in");
#endif
}
diff --git a/contrib/libs/curl/lib/curl_multibyte.c b/contrib/libs/curl/lib/curl_multibyte.c
index e9d2a8cb88..32c03a5b71 100644
--- a/contrib/libs/curl/lib/curl_multibyte.c
+++ b/contrib/libs/curl/lib/curl_multibyte.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -104,7 +104,7 @@ int curlx_win32_open(const char *filename, int oflag, ...)
#ifdef _UNICODE
if(filename_w) {
result = _wopen(filename_w, oflag, pmode);
- free(filename_w);
+ curlx_unicodefree(filename_w);
}
else
errno = EINVAL;
@@ -124,8 +124,8 @@ FILE *curlx_win32_fopen(const char *filename, const char *mode)
result = _wfopen(filename_w, mode_w);
else
errno = EINVAL;
- free(filename_w);
- free(mode_w);
+ curlx_unicodefree(filename_w);
+ curlx_unicodefree(mode_w);
return result;
#else
return (fopen)(filename, mode);
@@ -143,7 +143,7 @@ int curlx_win32_stat(const char *path, struct_stat *buffer)
#else
result = _wstati64(path_w, buffer);
#endif
- free(path_w);
+ curlx_unicodefree(path_w);
}
else
errno = EINVAL;
@@ -164,7 +164,7 @@ int curlx_win32_access(const char *path, int mode)
wchar_t *path_w = curlx_convert_UTF8_to_wchar(path);
if(path_w) {
result = _waccess(path_w, mode);
- free(path_w);
+ curlx_unicodefree(path_w);
}
else
errno = EINVAL;
diff --git a/contrib/libs/curl/lib/curl_sasl.c b/contrib/libs/curl/lib/curl_sasl.c
index 7e28c92fd3..48d6625ba4 100644
--- a/contrib/libs/curl/lib/curl_sasl.c
+++ b/contrib/libs/curl/lib/curl_sasl.c
@@ -670,7 +670,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
#endif
case SASL_OAUTH2:
- /* Create the authorisation message */
+ /* Create the authorization message */
if(sasl->authused == SASL_MECH_OAUTHBEARER) {
result = Curl_auth_create_oauth_bearer_message(conn->user,
hostname,
diff --git a/contrib/libs/curl/lib/curl_setup.h b/contrib/libs/curl/lib/curl_setup.h
index 0086a3d696..09ba5e286e 100644
--- a/contrib/libs/curl/lib/curl_setup.h
+++ b/contrib/libs/curl/lib/curl_setup.h
@@ -794,7 +794,7 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf,
#define USE_HTTP2
#endif
-#if defined(USE_NGTCP2) || defined(USE_QUICHE)
+#if defined(USE_NGTCP2) || defined(USE_QUICHE) || defined(USE_MSH3)
#define ENABLE_QUIC
#endif
diff --git a/contrib/libs/curl/lib/doh.c b/contrib/libs/curl/lib/doh.c
index 292f5dc667..4aef8b266a 100644
--- a/contrib/libs/curl/lib/doh.c
+++ b/contrib/libs/curl/lib/doh.c
@@ -252,7 +252,7 @@ static CURLcode dohprobe(struct Curl_easy *data,
ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer);
ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen);
ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers);
-#ifdef USE_NGHTTP2
+#ifdef USE_HTTP2
ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
#endif
#ifndef CURLDEBUG
diff --git a/contrib/libs/curl/lib/easy.c b/contrib/libs/curl/lib/easy.c
index 0e23561376..65d74646ae 100644
--- a/contrib/libs/curl/lib/easy.c
+++ b/contrib/libs/curl/lib/easy.c
@@ -1102,7 +1102,7 @@ static CURLcode easy_connection(struct Curl_easy *data,
/* only allow these to be called on handles with CURLOPT_CONNECT_ONLY */
if(!data->set.connect_only) {
- failf(data, "CONNECT_ONLY is required!");
+ failf(data, "CONNECT_ONLY is required");
return CURLE_UNSUPPORTED_PROTOCOL;
}
diff --git a/contrib/libs/curl/lib/ftp.c b/contrib/libs/curl/lib/ftp.c
index c6efaedd3d..128cdc2f2d 100644
--- a/contrib/libs/curl/lib/ftp.c
+++ b/contrib/libs/curl/lib/ftp.c
@@ -591,7 +591,7 @@ static CURLcode ftp_readresp(struct Curl_easy *data,
* This response code can come at any point so having it treated
* generically is a good idea.
*/
- infof(data, "We got a 421 - timeout!");
+ infof(data, "We got a 421 - timeout");
state(data, FTP_STOP);
return CURLE_OPERATION_TIMEDOUT;
}
@@ -1165,7 +1165,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data,
/* maybe all ports were in use already*/
if(port > port_max) {
- failf(data, "bind() failed, we ran out of ports!");
+ failf(data, "bind() failed, we ran out of ports");
Curl_closesocket(data, conn, portsock);
return CURLE_FTP_PORT_FAILED;
}
@@ -2702,7 +2702,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
Curl_sec_request_prot(conn, data->set.str[STRING_KRB_LEVEL]);
if(Curl_sec_login(data, conn))
- infof(data, "Logging in with password in cleartext!");
+ infof(data, "Logging in with password in cleartext");
else
infof(data, "Authentication successful");
}
@@ -3381,7 +3381,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status,
(ftp->transfer == PPTRANSFER_BODY)) {
failf(data, "Uploaded unaligned file size (%" CURL_FORMAT_CURL_OFF_T
" out of %" CURL_FORMAT_CURL_OFF_T " bytes)",
- data->req.bytecount, data->state.infilesize);
+ data->req.writebytecount, data->state.infilesize);
result = CURLE_PARTIAL_FILE;
}
}
@@ -3404,7 +3404,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status,
else if(!ftpc->dont_check &&
!data->req.bytecount &&
(data->req.size>0)) {
- failf(data, "No data was received!");
+ failf(data, "No data was received");
result = CURLE_FTP_COULDNT_RETR_FILE;
}
}
@@ -4235,7 +4235,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data)
if(data->set.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) {
/* We need a file name when uploading. Return error! */
- failf(data, "Uploading to a URL without a file name!");
+ failf(data, "Uploading to a URL without a file name");
free(rawPath);
return CURLE_URL_MALFORMAT;
}
diff --git a/contrib/libs/curl/lib/h2h3.c b/contrib/libs/curl/lib/h2h3.c
index cf8d156945..c0ed58d37a 100644
--- a/contrib/libs/curl/lib/h2h3.c
+++ b/contrib/libs/curl/lib/h2h3.c
@@ -114,7 +114,7 @@ static header_instruction inspect_header(const char *name, size_t namelen,
}
CURLcode Curl_pseudo_headers(struct Curl_easy *data,
- const char *mem, /* the requeset */
+ const char *mem, /* the request */
const size_t len /* size of request */,
struct h2h3req **hp)
{
diff --git a/contrib/libs/curl/lib/headers.c b/contrib/libs/curl/lib/headers.c
new file mode 100644
index 0000000000..226c696be6
--- /dev/null
+++ b/contrib/libs/curl/lib/headers.c
@@ -0,0 +1,324 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "urldata.h"
+#include "strdup.h"
+#include "strcase.h"
+#include "headers.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_HEADERS_API)
+
+/* Generate the curl_header struct for the user. This function MUST assign all
+ struct fields in the output struct. */
+static void copy_header_external(struct Curl_easy *data,
+ struct Curl_header_store *hs,
+ size_t index,
+ size_t amount,
+ struct Curl_llist_element *e,
+ struct curl_header **hout)
+{
+ struct curl_header *h = *hout = &data->state.headerout;
+ h->name = hs->name;
+ h->value = hs->value;
+ h->amount = amount;
+ h->index = index;
+ /* this will randomly OR a reserved bit for the sole purpose of making it
+ impossible for applications to do == comparisons, as that would otherwise
+ be very tempting and then lead to the reserved bits not being reserved
+ anymore. */
+ h->origin = hs->type | (1<<27);
+ h->anchor = e;
+}
+
+/* public API */
+CURLHcode curl_easy_header(CURL *easy,
+ const char *name,
+ size_t nameindex,
+ unsigned int type,
+ int request,
+ struct curl_header **hout)
+{
+ struct Curl_llist_element *e;
+ struct Curl_llist_element *e_pick = NULL;
+ struct Curl_easy *data = easy;
+ size_t match = 0;
+ size_t amount = 0;
+ struct Curl_header_store *hs = NULL;
+ struct Curl_header_store *pick = NULL;
+ if(!name || !hout || !data ||
+ (type > (CURLH_HEADER|CURLH_TRAILER|CURLH_CONNECT|CURLH_1XX)) ||
+ !type || (request < -1))
+ return CURLHE_BAD_ARGUMENT;
+ if(!Curl_llist_count(&data->state.httphdrs))
+ return CURLHE_NOHEADERS; /* no headers available */
+ if(request > data->state.requests)
+ return CURLHE_NOREQUEST;
+ if(request == -1)
+ request = data->state.requests;
+
+ /* we need a first round to count amount of this header */
+ for(e = data->state.httphdrs.head; e; e = e->next) {
+ hs = e->ptr;
+ if(strcasecompare(hs->name, name) &&
+ (hs->type & type) &&
+ (hs->request == request)) {
+ amount++;
+ pick = hs;
+ e_pick = e;
+ }
+ }
+ if(!amount)
+ return CURLHE_MISSING;
+ else if(nameindex >= amount)
+ return CURLHE_BADINDEX;
+
+ if(nameindex == amount - 1)
+ /* if the last or only occurrence is what's asked for, then we know it */
+ hs = pick;
+ else {
+ for(e = data->state.httphdrs.head; e; e = e->next) {
+ hs = e->ptr;
+ if(strcasecompare(hs->name, name) &&
+ (hs->type & type) &&
+ (hs->request == request) &&
+ (match++ == nameindex)) {
+ e_pick = e;
+ break;
+ }
+ }
+ if(!e) /* this shouldn't happen */
+ return CURLHE_MISSING;
+ }
+ /* this is the name we want */
+ copy_header_external(data, hs, nameindex, amount, e_pick, hout);
+ return CURLHE_OK;
+}
+
+/* public API */
+struct curl_header *curl_easy_nextheader(CURL *easy,
+ unsigned int type,
+ int request,
+ struct curl_header *prev)
+{
+ struct Curl_easy *data = easy;
+ struct Curl_llist_element *pick;
+ struct Curl_llist_element *e;
+ struct Curl_header_store *hs;
+ struct curl_header *hout;
+ size_t amount = 0;
+ size_t index = 0;
+
+ if(request > data->state.requests)
+ return NULL;
+ if(request == -1)
+ request = data->state.requests;
+
+ if(prev) {
+ pick = prev->anchor;
+ if(!pick)
+ /* something is wrong */
+ return NULL;
+ pick = pick->next;
+ }
+ else
+ pick = data->state.httphdrs.head;
+
+ if(pick) {
+ /* make sure it is the next header of the desired type */
+ do {
+ hs = pick->ptr;
+ if((hs->type & type) && (hs->request == request))
+ break;
+ pick = pick->next;
+ } while(pick);
+ }
+
+ if(!pick)
+ /* no more headers available */
+ return NULL;
+
+ hs = pick->ptr;
+
+ /* count number of occurrences of this name within the mask and figure out
+ the index for the currently selected entry */
+ for(e = data->state.httphdrs.head; e; e = e->next) {
+ struct Curl_header_store *check = e->ptr;
+ if(strcasecompare(hs->name, check->name) &&
+ (check->request == request) &&
+ (check->type & type))
+ amount++;
+ if(e == pick)
+ index = amount - 1;
+ }
+
+ copy_header_external(data, hs, index, amount, pick, &hout);
+ return hout;
+}
+
+static CURLcode namevalue(char *header, size_t hlen, unsigned int type,
+ char **name, char **value)
+{
+ char *end = header + hlen - 1; /* point to the last byte */
+ DEBUGASSERT(hlen);
+ *name = header;
+
+ if(type == CURLH_PSEUDO) {
+ if(*header != ':')
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ header++;
+ }
+
+ /* Find the end of the header name */
+ while(*header && (*header != ':'))
+ ++header;
+
+ if(*header)
+ /* Skip over colon, null it */
+ *header++ = 0;
+ else
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ /* skip all leading space letters */
+ while(*header && ISSPACE(*header))
+ header++;
+
+ *value = header;
+
+ /* skip all trailing space letters */
+ while((end > header) && ISSPACE(*end))
+ *end-- = 0; /* nul terminate */
+ return CURLE_OK;
+}
+
+/*
+ * Curl_headers_push() gets passed a full HTTP header to store. It gets called
+ * immediately before the header callback. The header is CRLF terminated.
+ */
+CURLcode Curl_headers_push(struct Curl_easy *data, const char *header,
+ unsigned char type)
+{
+ char *value = NULL;
+ char *name = NULL;
+ char *end;
+ size_t hlen; /* length of the incoming header */
+ struct Curl_header_store *hs;
+ CURLcode result = CURLE_OUT_OF_MEMORY;
+
+ if((header[0] == '\r') || (header[0] == '\n'))
+ /* ignore the body separator */
+ return CURLE_OK;
+
+ end = strchr(header, '\r');
+ if(!end) {
+ end = strchr(header, '\n');
+ if(!end)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+ hlen = end - header + 1;
+
+ hs = calloc(1, sizeof(*hs) + hlen);
+ if(!hs)
+ return CURLE_OUT_OF_MEMORY;
+ memcpy(hs->buffer, header, hlen);
+ hs->buffer[hlen] = 0; /* nul terminate */
+
+ result = namevalue(hs->buffer, hlen, type, &name, &value);
+ if(result)
+ goto fail;
+
+ hs->name = name;
+ hs->value = value;
+ hs->type = type;
+ hs->request = data->state.requests;
+
+ /* insert this node into the list of headers */
+ Curl_llist_insert_next(&data->state.httphdrs, data->state.httphdrs.tail,
+ hs, &hs->node);
+
+ return CURLE_OK;
+ fail:
+ free(hs);
+ return result;
+}
+
+/*
+ * Curl_headers_init(). Init the headers subsystem.
+ */
+static void headers_init(struct Curl_easy *data)
+{
+ Curl_llist_init(&data->state.httphdrs, NULL);
+}
+
+/*
+ * Curl_headers_cleanup(). Free all stored headers and associated memory.
+ */
+CURLcode Curl_headers_cleanup(struct Curl_easy *data)
+{
+ struct Curl_llist_element *e;
+ struct Curl_llist_element *n;
+
+ for(e = data->state.httphdrs.head; e; e = n) {
+ struct Curl_header_store *hs = e->ptr;
+ n = e->next;
+ free(hs);
+ }
+ headers_init(data);
+ return CURLE_OK;
+}
+
+#else /* HTTP-disabled builds below */
+
+CURLHcode curl_easy_header(CURL *easy,
+ const char *name,
+ size_t index,
+ unsigned int origin,
+ int request,
+ struct curl_header **hout)
+{
+ (void)easy;
+ (void)name;
+ (void)index;
+ (void)origin;
+ (void)request;
+ (void)hout;
+ return CURLHE_NOT_BUILT_IN;
+}
+
+struct curl_header *curl_easy_nextheader(CURL *easy,
+ unsigned int type,
+ int request,
+ struct curl_header *prev)
+{
+ (void)easy;
+ (void)type;
+ (void)request;
+ (void)prev;
+ return NULL;
+}
+#endif
diff --git a/contrib/libs/curl/lib/headers.h b/contrib/libs/curl/lib/headers.h
new file mode 100644
index 0000000000..48c013b04d
--- /dev/null
+++ b/contrib/libs/curl/lib/headers.h
@@ -0,0 +1,53 @@
+#ifndef HEADER_CURL_HEADER_H
+#define HEADER_CURL_HEADER_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_HEADERS_API)
+
+struct Curl_header_store {
+ struct Curl_llist_element node;
+ char *name; /* points into 'buffer' */
+ char *value; /* points into 'buffer */
+ int request; /* 0 is the first request, then 1.. 2.. */
+ unsigned char type; /* CURLH_* defines */
+ char buffer[1]; /* this is the raw header blob */
+};
+
+/*
+ * Curl_headers_push() gets passed a full header to store.
+ */
+CURLcode Curl_headers_push(struct Curl_easy *data, const char *header,
+ unsigned char type);
+
+/*
+ * Curl_headers_cleanup(). Free all stored headers and associated memory.
+ */
+CURLcode Curl_headers_cleanup(struct Curl_easy *data);
+
+#else
+#define Curl_headers_push(x,y,z) CURLE_OK
+#define Curl_headers_cleanup(x) Curl_nop_stmt
+#endif
+
+#endif /* HEADER_CURL_HEADER_H */
diff --git a/contrib/libs/curl/lib/hmac.c b/contrib/libs/curl/lib/hmac.c
index 590abe6d2e..85b175d45f 100644
--- a/contrib/libs/curl/lib/hmac.c
+++ b/contrib/libs/curl/lib/hmac.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -39,8 +39,8 @@
* Generic HMAC algorithm.
*
* This module computes HMAC digests based on any hash function. Parameters
- * and computing procedures are set-up dynamically at HMAC computation
- * context initialisation.
+ * and computing procedures are set-up dynamically at HMAC computation context
+ * initialization.
*/
static const unsigned char hmac_ipad = 0x36;
diff --git a/contrib/libs/curl/lib/hostip.c b/contrib/libs/curl/lib/hostip.c
index 8536ec9cd3..d37eff17d9 100644
--- a/contrib/libs/curl/lib/hostip.c
+++ b/contrib/libs/curl/lib/hostip.c
@@ -945,7 +945,7 @@ clean_up:
less than 1! */
alarm(1);
rc = CURLRESOLV_TIMEDOUT;
- failf(data, "Previous alarm fired off!");
+ failf(data, "Previous alarm fired off");
}
else
alarm((unsigned int)alarm_set);
@@ -1131,7 +1131,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
ai = Curl_str2addr(address, port);
if(!ai) {
- infof(data, "Resolve address '%s' found illegal!", address);
+ infof(data, "Resolve address '%s' found illegal", address);
goto err;
}
@@ -1150,7 +1150,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
error = false;
err:
if(error) {
- failf(data, "Couldn't parse CURLOPT_RESOLVE entry '%s'!",
+ failf(data, "Couldn't parse CURLOPT_RESOLVE entry '%s'",
hostp->data);
Curl_freeaddrinfo(head);
return CURLE_SETOPT_OPTION_SYNTAX;
@@ -1167,8 +1167,8 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
if(dns) {
- infof(data, "RESOLVE %s:%d is - old addresses discarded!",
- hostname, port);
+ infof(data, "RESOLVE %s:%d is - old addresses discarded",
+ hostname, port);
/* delete old entry, there are two reasons for this
1. old entry may have different addresses.
2. even if entry with correct addresses is already in the cache,
diff --git a/contrib/libs/curl/lib/http.c b/contrib/libs/curl/lib/http.c
index 97ab1cbd4d..7cf30bdebd 100644
--- a/contrib/libs/curl/lib/http.c
+++ b/contrib/libs/curl/lib/http.c
@@ -775,6 +775,21 @@ output_auth_headers(struct Curl_easy *data,
return CURLE_OK;
}
+/*
+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
+ * "sensitive data" can (still) be sent to this host.
+ */
+bool Curl_allow_auth_to_host(struct Curl_easy *data)
+{
+ struct connectdata *conn = data->conn;
+ return (!data->state.this_is_a_follow ||
+ data->set.allow_auth_to_other_hosts ||
+ (data->state.first_host &&
+ strcasecompare(data->state.first_host, conn->host.name) &&
+ (data->state.first_remote_port == conn->remote_port) &&
+ (data->state.first_remote_protocol == conn->handler->protocol)));
+}
+
/**
* Curl_http_output_auth() setups the authentication headers for the
* host/proxy and the correct authentication
@@ -847,17 +862,14 @@ Curl_http_output_auth(struct Curl_easy *data,
with it */
authproxy->done = TRUE;
- /* To prevent the user+password to get sent to other than the original
- host due to a location-follow, we do some weirdo checks here */
- if(!data->state.this_is_a_follow ||
+ /* To prevent the user+password to get sent to other than the original host
+ due to a location-follow */
+ if(Curl_allow_auth_to_host(data)
#ifndef CURL_DISABLE_NETRC
- conn->bits.netrc ||
+ || conn->bits.netrc
#endif
- !data->state.first_host ||
- data->set.allow_auth_to_other_hosts ||
- strcasecompare(data->state.first_host, conn->host.name)) {
+ )
result = output_auth_headers(data, conn, authhost, request, path, FALSE);
- }
else
authhost->done = TRUE;
@@ -1767,7 +1779,7 @@ CURLcode Curl_http_compile_trailers(struct curl_slist *trailers,
return result;
}
else
- infof(handle, "Malformatted trailing header ! Skipping trailer.");
+ infof(handle, "Malformatted trailing header, skipping trailer");
trailers = trailers->next;
}
result = Curl_dyn_add(b, endofline_network);
@@ -1905,10 +1917,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data,
checkprefix("Cookie:", compare)) &&
/* be careful of sending this potentially sensitive header to
other hosts */
- (data->state.this_is_a_follow &&
- data->state.first_host &&
- !data->set.allow_auth_to_other_hosts &&
- !strcasecompare(data->state.first_host, conn->host.name)))
+ !Curl_allow_auth_to_host(data))
;
else {
#ifdef USE_HYPER
@@ -2084,6 +2093,7 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn)
return CURLE_OUT_OF_MEMORY;
data->state.first_remote_port = conn->remote_port;
+ data->state.first_remote_protocol = conn->handler->protocol;
}
Curl_safefree(data->state.aptr.host);
@@ -2927,7 +2937,7 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data,
/* The resume point is at the end of file, consider this fine even if it
doesn't allow resume from here. */
infof(data, "The entire document is already downloaded");
- connclose(conn, "already downloaded");
+ streamclose(conn, "already downloaded");
/* Abort download */
k->keepon &= ~KEEP_RECV;
*done = TRUE;
@@ -2952,10 +2962,10 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data,
/* We're simulating a http 304 from server so we return
what should have been returned from the server */
data->info.httpcode = 304;
- infof(data, "Simulate a HTTP 304 response!");
+ infof(data, "Simulate a HTTP 304 response");
/* we abort the transfer before it is completed == we ruin the
re-use ability. Close the connection */
- connclose(conn, "Simulated 304 handling");
+ streamclose(conn, "Simulated 304 handling");
return CURLE_OK;
}
} /* we have a time condition */
@@ -3385,7 +3395,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
return CURLE_FILESIZE_EXCEEDED;
}
streamclose(conn, "overflow content-length");
- infof(data, "Overflow Content-Length: value!");
+ infof(data, "Overflow Content-Length: value");
}
else {
/* negative or just rubbish - bad HTTP */
@@ -3419,7 +3429,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
* Default action for 1.0 is to close.
*/
connkeep(conn, "Proxy-Connection keep-alive"); /* don't close */
- infof(data, "HTTP/1.0 proxy connection set to keep alive!");
+ infof(data, "HTTP/1.0 proxy connection set to keep alive");
}
else if((conn->httpversion == 11) &&
conn->bits.httpproxy &&
@@ -3431,7 +3441,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
* close down after this transfer.
*/
connclose(conn, "Proxy-Connection: asked to close after done");
- infof(data, "HTTP/1.1 proxy connection set close!");
+ infof(data, "HTTP/1.1 proxy connection set close");
}
#endif
else if((conn->httpversion == 10) &&
@@ -3445,7 +3455,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
*
* [RFC2068, section 19.7.1] */
connkeep(conn, "Connection keep-alive");
- infof(data, "HTTP/1.0 connection set to keep alive!");
+ infof(data, "HTTP/1.0 connection set to keep alive");
}
else if(Curl_compareheader(headp,
STRCONST("Connection:"), STRCONST("close"))) {
@@ -3775,6 +3785,29 @@ CURLcode Curl_http_size(struct Curl_easy *data)
return CURLE_OK;
}
+static CURLcode verify_header(struct Curl_easy *data)
+{
+ struct SingleRequest *k = &data->req;
+ const char *header = Curl_dyn_ptr(&data->state.headerb);
+ size_t hlen = Curl_dyn_len(&data->state.headerb);
+ char *ptr = memchr(header, 0x00, hlen);
+ if(ptr) {
+ /* this is bad, bail out */
+ failf(data, "Nul byte in header");
+ return CURLE_WEIRD_SERVER_REPLY;
+ }
+ if(k->headerline < 2)
+ /* the first "header" is the status-line and it has no colon */
+ return CURLE_OK;
+ ptr = memchr(header, ':', hlen);
+ if(!ptr) {
+ /* this is bad, bail out */
+ failf(data, "Header without colon");
+ return CURLE_WEIRD_SERVER_REPLY;
+ }
+ return CURLE_OK;
+}
+
/*
* Read any HTTP header lines from the server and pass them to the client app.
*/
@@ -3997,9 +4030,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
/* now, only output this if the header AND body are requested:
*/
- writetype = CLIENTWRITE_HEADER;
- if(data->set.include_header)
- writetype |= CLIENTWRITE_BODY;
+ writetype = CLIENTWRITE_HEADER |
+ (data->set.include_header ? CLIENTWRITE_BODY : 0) |
+ ((k->httpcode/100 == 1) ? CLIENTWRITE_1XX : 0);
headerlen = Curl_dyn_len(&data->state.headerb);
result = Curl_client_write(data, writetype,
@@ -4096,7 +4129,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
if(conn->bits.rewindaftersend) {
/* We rewind after a complete send, so thus we continue
sending now */
- infof(data, "Keep sending data to get tossed away!");
+ infof(data, "Keep sending data to get tossed away");
k->keepon |= KEEP_SEND;
}
}
@@ -4152,6 +4185,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
* Checks for special headers coming up.
*/
+ writetype = CLIENTWRITE_HEADER;
if(!k->headerline++) {
/* This is the first header, it MUST be the error code line
or else we consider this to be the body right away! */
@@ -4204,10 +4238,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
switch(httpversion) {
case 10:
case 11:
-#if defined(USE_NGHTTP2) || defined(USE_HYPER)
+#ifdef USE_HTTP2
case 20:
#endif
-#if defined(ENABLE_QUIC)
+#ifdef ENABLE_QUIC
case 30:
#endif
conn->httpversion = (unsigned char)httpversion;
@@ -4276,6 +4310,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
result = Curl_http_statusline(data, conn);
if(result)
return result;
+ writetype |= CLIENTWRITE_STATUS;
}
else {
k->header = FALSE; /* this is not a header line */
@@ -4283,6 +4318,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
}
}
+ result = verify_header(data);
+ if(result)
+ return result;
+
result = Curl_http_header(data, conn, headp);
if(result)
return result;
@@ -4290,10 +4329,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
/*
* End of header-checks. Write them to the client.
*/
-
- writetype = CLIENTWRITE_HEADER;
if(data->set.include_header)
writetype |= CLIENTWRITE_BODY;
+ if(k->httpcode/100 == 1)
+ writetype |= CLIENTWRITE_1XX;
Curl_debug(data, CURLINFO_HEADER_IN, headp,
Curl_dyn_len(&data->state.headerb));
diff --git a/contrib/libs/curl/lib/http.h b/contrib/libs/curl/lib/http.h
index 07e963dc48..c4ab3c22de 100644
--- a/contrib/libs/curl/lib/http.h
+++ b/contrib/libs/curl/lib/http.h
@@ -38,6 +38,10 @@ typedef enum {
#include <nghttp2/nghttp2.h>
#endif
+#if defined(_WIN32) && defined(ENABLE_QUIC)
+#include <stdint.h>
+#endif
+
extern const struct Curl_handler Curl_handler_http;
#ifdef USE_SSL
@@ -163,6 +167,29 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data);
struct h3out; /* see ngtcp2 */
#endif
+#ifdef USE_MSH3
+#ifdef _WIN32
+#define msh3_lock CRITICAL_SECTION
+#define msh3_lock_initialize(lock) InitializeCriticalSection(lock)
+#define msh3_lock_uninitialize(lock) DeleteCriticalSection(lock)
+#define msh3_lock_acquire(lock) EnterCriticalSection(lock)
+#define msh3_lock_release(lock) LeaveCriticalSection(lock)
+#else /* !_WIN32 */
+#include <pthread.h>
+#define msh3_lock pthread_mutex_t
+#define msh3_lock_initialize(lock) { \
+ pthread_mutexattr_t attr; \
+ pthread_mutexattr_init(&attr); \
+ pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); \
+ pthread_mutex_init(lock, &attr); \
+ pthread_mutexattr_destroy(&attr); \
+}
+#define msh3_lock_uninitialize(lock) pthread_mutex_destroy(lock)
+#define msh3_lock_acquire(lock) pthread_mutex_lock(lock)
+#define msh3_lock_release(lock) pthread_mutex_unlock(lock)
+#endif /* _WIN32 */
+#endif /* USE_MSH3 */
+
/****************************************************************************
* HTTP unique setup
***************************************************************************/
@@ -228,11 +255,13 @@ struct HTTP {
#endif
#ifdef ENABLE_QUIC
+#ifndef USE_MSH3
/*********** for HTTP/3 we store stream-local data here *************/
int64_t stream3_id; /* stream we are interested in */
bool firstheader; /* FALSE until headers arrive */
bool firstbody; /* FALSE until body arrives */
bool h3req; /* FALSE until request is issued */
+#endif
bool upload_done;
#endif
#ifdef USE_NGHTTP3
@@ -240,6 +269,21 @@ struct HTTP {
struct h3out *h3out; /* per-stream buffers for upload */
struct dynbuf overflow; /* excess data received during a single Curl_read */
#endif
+#ifdef USE_MSH3
+ struct MSH3_REQUEST *req;
+ msh3_lock recv_lock;
+ /* Receive Buffer (Headers and Data) */
+ uint8_t* recv_buf;
+ size_t recv_buf_alloc;
+ /* Receive Headers */
+ size_t recv_header_len;
+ bool recv_header_complete;
+ /* Receive Data */
+ size_t recv_data_len;
+ bool recv_data_complete;
+ /* General Receive Error */
+ CURLcode recv_error;
+#endif
};
#ifdef USE_NGHTTP2
@@ -320,4 +364,10 @@ Curl_http_output_auth(struct Curl_easy *data,
bool proxytunnel); /* TRUE if this is the request setting
up the proxy tunnel */
+/*
+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
+ * "sensitive data" can (still) be sent to this host.
+ */
+bool Curl_allow_auth_to_host(struct Curl_easy *data);
+
#endif /* HEADER_CURL_HTTP_H */
diff --git a/contrib/libs/curl/lib/http2.c b/contrib/libs/curl/lib/http2.c
index 1254365847..0120b86311 100644
--- a/contrib/libs/curl/lib/http2.c
+++ b/contrib/libs/curl/lib/http2.c
@@ -39,6 +39,7 @@
#include "transfer.h"
#include "dynbuf.h"
#include "h2h3.h"
+#include "headers.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
#include "curl_memory.h"
@@ -561,7 +562,7 @@ static int push_promise(struct Curl_easy *data,
const nghttp2_push_promise *frame)
{
int rv; /* one of the CURL_PUSH_* defines */
- H2BUGF(infof(data, "PUSH_PROMISE received, stream %u!",
+ H2BUGF(infof(data, "PUSH_PROMISE received, stream %u",
frame->promised_stream_id));
if(data->multi->push_cb) {
struct HTTP *stream;
@@ -581,11 +582,11 @@ static int push_promise(struct Curl_easy *data,
heads.data = data;
heads.frame = frame;
/* ask the application */
- H2BUGF(infof(data, "Got PUSH_PROMISE, ask application!"));
+ H2BUGF(infof(data, "Got PUSH_PROMISE, ask application"));
stream = data->req.p.http;
if(!stream) {
- failf(data, "Internal NULL stream!");
+ failf(data, "Internal NULL stream");
(void)Curl_close(&newhandle);
rv = CURL_PUSH_DENY;
goto fail;
@@ -652,7 +653,7 @@ static int push_promise(struct Curl_easy *data,
Curl_dyn_init(&newstream->trailer_recvbuf, DYN_H2_TRAILERS);
}
else {
- H2BUGF(infof(data, "Got PUSH_PROMISE, ignore it!"));
+ H2BUGF(infof(data, "Got PUSH_PROMISE, ignore it"));
rv = CURL_PUSH_DENY;
}
fail:
@@ -801,7 +802,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
}
break;
default:
- H2BUGF(infof(data_s, "Got frame type %x for stream %u!",
+ H2BUGF(infof(data_s, "Got frame type %x for stream %u",
frame->hd.type, stream_id));
break;
}
@@ -824,10 +825,14 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
/* get the stream from the hash based on Stream ID */
data_s = nghttp2_session_get_stream_user_data(session, stream_id);
- if(!data_s)
- /* Receiving a Stream ID not in the hash should not happen, this is an
- internal error more than anything else! */
- return NGHTTP2_ERR_CALLBACK_FAILURE;
+ if(!data_s) {
+ /* Receiving a Stream ID not in the hash should not happen - unless
+ we have aborted a transfer artificially and there were more data
+ in the pipeline. Silently ignore. */
+ H2BUGF(fprintf(stderr, "Data for stream %u but it doesn't exist\n",
+ stream_id));
+ return 0;
+ }
stream = data_s->req.p.http;
if(!stream)
@@ -908,15 +913,15 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id,
/* remove the entry from the hash as the stream is now gone */
rv = nghttp2_session_set_stream_user_data(session, stream_id, 0);
if(rv) {
- infof(data_s, "http/2: failed to clear user_data for stream %d!",
+ infof(data_s, "http/2: failed to clear user_data for stream %d",
stream_id);
DEBUGASSERT(0);
}
if(stream_id == httpc->pause_stream_id) {
- H2BUGF(infof(data_s, "Stopped the pause stream!"));
+ H2BUGF(infof(data_s, "Stopped the pause stream"));
httpc->pause_stream_id = 0;
}
- H2BUGF(infof(data_s, "Removed stream %u hash!", stream_id));
+ H2BUGF(infof(data_s, "Removed stream %u hash", stream_id));
stream->stream_id = 0; /* cleared */
}
return 0;
@@ -1001,7 +1006,7 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
stream = data_s->req.p.http;
if(!stream) {
- failf(data_s, "Internal NULL stream!");
+ failf(data_s, "Internal NULL stream");
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
@@ -1078,9 +1083,14 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
/* nghttp2 guarantees :status is received first and only once, and
value is 3 digits status code, and decode_status_code always
succeeds. */
+ char buffer[32];
stream->status_code = decode_status_code(value, valuelen);
DEBUGASSERT(stream->status_code != -1);
-
+ msnprintf(buffer, sizeof(buffer), H2H3_PSEUDO_STATUS ":%u\r",
+ stream->status_code);
+ result = Curl_headers_push(data_s, buffer, CURLH_PSEUDO);
+ if(result)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST("HTTP/2 "));
if(result)
return NGHTTP2_ERR_CALLBACK_FAILURE;
@@ -1228,17 +1238,18 @@ void Curl_http2_done(struct Curl_easy *data, bool premature)
!httpc->h2) /* not HTTP/2 ? */
return;
- if(premature) {
+ /* do this before the reset handling, as that might clear ->stream_id */
+ if(http->stream_id == httpc->pause_stream_id) {
+ H2BUGF(infof(data, "DONE the pause stream (%x)", http->stream_id));
+ httpc->pause_stream_id = 0;
+ }
+ if(premature || (!http->closed && http->stream_id)) {
/* RST_STREAM */
set_transfer(httpc, data); /* set the transfer */
+ H2BUGF(infof(data, "RST stream %x", http->stream_id));
if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE,
http->stream_id, NGHTTP2_STREAM_CLOSED))
(void)nghttp2_session_send(httpc->h2);
-
- if(http->stream_id == httpc->pause_stream_id) {
- H2BUGF(infof(data, "stopped the pause stream!"));
- httpc->pause_stream_id = 0;
- }
}
if(data->state.drain)
@@ -1249,7 +1260,7 @@ void Curl_http2_done(struct Curl_easy *data, bool premature)
int rv = nghttp2_session_set_stream_user_data(httpc->h2,
http->stream_id, 0);
if(rv) {
- infof(data, "http/2: failed to clear user_data for stream %d!",
+ infof(data, "http/2: failed to clear user_data for stream %d",
http->stream_id);
DEBUGASSERT(0);
}
@@ -1274,7 +1285,7 @@ static CURLcode http2_init(struct Curl_easy *data, struct connectdata *conn)
rc = nghttp2_session_callbacks_new(&callbacks);
if(rc) {
- failf(data, "Couldn't initialize nghttp2 callbacks!");
+ failf(data, "Couldn't initialize nghttp2 callbacks");
return CURLE_OUT_OF_MEMORY; /* most likely at least */
}
@@ -1303,7 +1314,7 @@ static CURLcode http2_init(struct Curl_easy *data, struct connectdata *conn)
nghttp2_session_callbacks_del(callbacks);
if(rc) {
- failf(data, "Couldn't initialize nghttp2!");
+ failf(data, "Couldn't initialize nghttp2");
return CURLE_OUT_OF_MEMORY; /* most likely at least */
}
}
@@ -1508,7 +1519,7 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn,
/* Reset to FALSE to prevent infinite loop in readwrite_data function. */
stream->closed = FALSE;
if(stream->error == NGHTTP2_REFUSED_STREAM) {
- H2BUGF(infof(data, "REFUSED_STREAM (%d), try again on a new connection!",
+ H2BUGF(infof(data, "REFUSED_STREAM (%d), try again on a new connection",
stream->stream_id));
connclose(conn, "REFUSED_STREAM"); /* don't use this anymore */
data->state.refused_stream = TRUE;
@@ -1667,7 +1678,7 @@ static ssize_t http2_recv(struct Curl_easy *data, int sockindex,
));
if((data->state.drain) && stream->memlen) {
- H2BUGF(infof(data, "http2_recv: DRAIN %zu bytes stream %u!! (%p => %p)",
+ H2BUGF(infof(data, "http2_recv: DRAIN %zu bytes stream %u (%p => %p)",
stream->memlen, stream->stream_id,
stream->mem, mem));
if(mem != stream->mem) {
@@ -2083,7 +2094,7 @@ CURLcode Curl_http2_switched(struct Curl_easy *data,
stream->stream_id,
data);
if(rv) {
- infof(data, "http/2: failed to set user_data for stream %d!",
+ infof(data, "http/2: failed to set user_data for stream %d",
stream->stream_id);
DEBUGASSERT(0);
}
diff --git a/contrib/libs/curl/lib/http_chunks.c b/contrib/libs/curl/lib/http_chunks.c
index 7edfd64724..6bafcd9777 100644
--- a/contrib/libs/curl/lib/http_chunks.c
+++ b/contrib/libs/curl/lib/http_chunks.c
@@ -221,7 +221,9 @@ CHUNKcode Curl_httpchunk_read(struct Curl_easy *data,
tr = Curl_dyn_ptr(&conn->trailer);
trlen = Curl_dyn_len(&conn->trailer);
if(!data->set.http_te_skip) {
- result = Curl_client_write(data, CLIENTWRITE_HEADER, tr, trlen);
+ result = Curl_client_write(data,
+ CLIENTWRITE_HEADER|CLIENTWRITE_TRAILER,
+ tr, trlen);
if(result) {
*extrap = result;
return CHUNKE_PASSTHRU_ERROR;
diff --git a/contrib/libs/curl/lib/http_proxy.c b/contrib/libs/curl/lib/http_proxy.c
index e02211ca21..98473c68fb 100644
--- a/contrib/libs/curl/lib/http_proxy.c
+++ b/contrib/libs/curl/lib/http_proxy.c
@@ -172,7 +172,7 @@ static CURLcode connect_init(struct Curl_easy *data, bool reinit)
s = calloc(1, sizeof(struct http_connect_state));
if(!s)
return CURLE_OUT_OF_MEMORY;
- infof(data, "allocate connect buffer!");
+ infof(data, "allocate connect buffer");
conn->connect_state = s;
Curl_dyn_init(&s->rcvbuf, DYN_PROXY_CONNECT_HEADERS);
@@ -220,7 +220,7 @@ void Curl_connect_done(struct Curl_easy *data)
#ifdef USE_HYPER
data->state.hconnect = FALSE;
#endif
- infof(data, "CONNECT phase completed!");
+ infof(data, "CONNECT phase completed");
}
}
@@ -345,6 +345,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
/* Send the connect request to the proxy */
result = Curl_buffer_send(req, data, &data->info.request_size, 0,
sockindex);
+ s->headerlines = 0;
}
if(result)
failf(data, "Failed sending CONNECT to proxy");
@@ -472,7 +473,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
}
if(Curl_dyn_addn(&s->rcvbuf, &byte, 1)) {
- failf(data, "CONNECT response too large!");
+ failf(data, "CONNECT response too large");
return CURLE_RECV_ERROR;
}
@@ -480,6 +481,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
if(byte != 0x0a)
continue;
+ s->headerlines++;
linep = Curl_dyn_ptr(&s->rcvbuf);
perline = Curl_dyn_len(&s->rcvbuf); /* amount of bytes in this line */
@@ -488,9 +490,9 @@ static CURLcode CONNECT(struct Curl_easy *data,
if(!data->set.suppress_connect_headers) {
/* send the header to the callback */
- int writetype = CLIENTWRITE_HEADER;
- if(data->set.include_header)
- writetype |= CLIENTWRITE_BODY;
+ int writetype = CLIENTWRITE_HEADER | CLIENTWRITE_CONNECT |
+ (data->set.include_header ? CLIENTWRITE_BODY : 0) |
+ (s->headerlines == 1 ? CLIENTWRITE_STATUS : 0);
result = Curl_client_write(data, writetype, linep, perline);
if(result)
@@ -765,6 +767,9 @@ static CURLcode CONNECT(struct Curl_easy *data,
}
options = hyper_clientconn_options_new();
+ hyper_clientconn_options_set_preserve_header_case(options, 1);
+ hyper_clientconn_options_set_preserve_header_order(options, 1);
+
if(!options) {
failf(data, "Couldn't create hyper client options");
result = CURLE_OUT_OF_MEMORY;
diff --git a/contrib/libs/curl/lib/http_proxy.h b/contrib/libs/curl/lib/http_proxy.h
index 2820e11841..67543b589b 100644
--- a/contrib/libs/curl/lib/http_proxy.h
+++ b/contrib/libs/curl/lib/http_proxy.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -59,6 +59,7 @@ struct http_connect_state {
struct dynbuf rcvbuf;
struct dynbuf req;
size_t nsend;
+ size_t headerlines;
enum keeponval {
KEEPON_DONE,
KEEPON_CONNECT,
diff --git a/contrib/libs/curl/lib/idn_win32.c b/contrib/libs/curl/lib/idn_win32.c
index 1d475a4eff..0914e1f25a 100644
--- a/contrib/libs/curl/lib/idn_win32.c
+++ b/contrib/libs/curl/lib/idn_win32.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -76,11 +76,15 @@ bool curl_win32_idn_to_ascii(const char *in, char **out)
if(in_w) {
wchar_t punycode[IDN_MAX_LENGTH];
int chars = IdnToAscii(0, in_w, -1, punycode, IDN_MAX_LENGTH);
- free(in_w);
+ curlx_unicodefree(in_w);
if(chars) {
- *out = curlx_convert_wchar_to_UTF8(punycode);
- if(*out)
- success = TRUE;
+ char *mstr = curlx_convert_wchar_to_UTF8(punycode);
+ if(mstr) {
+ *out = strdup(mstr);
+ curlx_unicodefree(mstr);
+ if(*out)
+ success = TRUE;
+ }
}
}
@@ -97,11 +101,15 @@ bool curl_win32_ascii_to_idn(const char *in, char **out)
wchar_t unicode[IDN_MAX_LENGTH];
int chars = IdnToUnicode(0, in_w, curlx_uztosi(in_len),
unicode, IDN_MAX_LENGTH);
- free(in_w);
+ curlx_unicodefree(in_w);
if(chars) {
- *out = curlx_convert_wchar_to_UTF8(unicode);
- if(*out)
- success = TRUE;
+ char *mstr = curlx_convert_wchar_to_UTF8(unicode);
+ if(mstr) {
+ *out = strdup(mstr);
+ curlx_unicodefree(mstr);
+ if(*out)
+ success = TRUE;
+ }
}
}
diff --git a/contrib/libs/curl/lib/imap.c b/contrib/libs/curl/lib/imap.c
index fb5a114d1d..817513becf 100644
--- a/contrib/libs/curl/lib/imap.c
+++ b/contrib/libs/curl/lib/imap.c
@@ -624,7 +624,7 @@ static CURLcode imap_perform_authentication(struct Curl_easy *data,
result = imap_perform_login(data, conn);
else {
/* Other mechanisms not supported */
- infof(data, "No known authentication mechanisms supported!");
+ infof(data, "No known authentication mechanisms supported");
result = CURLE_LOGIN_DENIED;
}
}
@@ -874,7 +874,7 @@ static CURLcode imap_state_servergreet_resp(struct Curl_easy *data,
/* PREAUTH */
struct imap_conn *imapc = &conn->proto.imapc;
imapc->preauth = TRUE;
- infof(data, "PREAUTH connection, already authenticated!");
+ infof(data, "PREAUTH connection, already authenticated");
}
else if(imapcode != IMAP_RESP_OK) {
failf(data, "Got unexpected imap-server response");
diff --git a/contrib/libs/curl/lib/ldap.c b/contrib/libs/curl/lib/ldap.c
index 6e40f41ce5..b4dfc5f44d 100644
--- a/contrib/libs/curl/lib/ldap.c
+++ b/contrib/libs/curl/lib/ldap.c
@@ -361,7 +361,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
(strcasecompare(data->set.ssl.cert_type, "DER")))
cert_type = LDAPSSL_CERT_FILETYPE_DER;
if(!ldap_ca) {
- failf(data, "LDAP local: ERROR %s CA cert not set!",
+ failf(data, "LDAP local: ERROR %s CA cert not set",
(cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"));
result = CURLE_SSL_CERTPROBLEM;
goto quit;
@@ -400,12 +400,12 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
/* OpenLDAP SDK supports BASE64 files. */
if((data->set.ssl.cert_type) &&
(!strcasecompare(data->set.ssl.cert_type, "PEM"))) {
- failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!");
+ failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type");
result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
if(!ldap_ca) {
- failf(data, "LDAP local: ERROR PEM CA cert not set!");
+ failf(data, "LDAP local: ERROR PEM CA cert not set");
result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
diff --git a/contrib/libs/curl/lib/mime.c b/contrib/libs/curl/lib/mime.c
index cab3ef1c37..d6985d39c1 100644
--- a/contrib/libs/curl/lib/mime.c
+++ b/contrib/libs/curl/lib/mime.c
@@ -1563,7 +1563,7 @@ CURLcode Curl_mime_set_subparts(curl_mimepart *part,
root = root->parent->parent;
if(subparts == root) {
if(part->easy)
- failf(part->easy, "Can't add itself as a subpart!");
+ failf(part->easy, "Can't add itself as a subpart");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
}
diff --git a/contrib/libs/curl/lib/mqtt.c b/contrib/libs/curl/lib/mqtt.c
index e79bd3b482..9bcbaa1950 100644
--- a/contrib/libs/curl/lib/mqtt.c
+++ b/contrib/libs/curl/lib/mqtt.c
@@ -732,8 +732,14 @@ static CURLcode mqtt_doing(struct Curl_easy *data, bool *done)
case MQTT_FIRST:
/* Read the initial byte only */
result = Curl_read(data, sockfd, (char *)&mq->firstbyte, 1, &nread);
- if(!nread)
+ if(result)
+ break;
+ else if(!nread) {
+ failf(data, "Connection disconnected");
+ *done = TRUE;
+ result = CURLE_RECV_ERROR;
break;
+ }
Curl_debug(data, CURLINFO_HEADER_IN, (char *)&mq->firstbyte, 1);
/* remember the first byte */
mq->npacket = 0;
diff --git a/contrib/libs/curl/lib/multi.c b/contrib/libs/curl/lib/multi.c
index 429d656bcf..4179d4b278 100644
--- a/contrib/libs/curl/lib/multi.c
+++ b/contrib/libs/curl/lib/multi.c
@@ -721,7 +721,6 @@ static CURLcode multi_done(struct Curl_easy *data,
}
Curl_safefree(data->state.buffer);
- Curl_free_request_state(data);
return result;
}
@@ -1796,7 +1795,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
rc = CURLM_OK;
if(multi_ischanged(multi, TRUE)) {
- DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue!"));
+ DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue"));
process_pending_handles(multi); /* multiplexed */
}
@@ -2383,7 +2382,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
CURLcode ret = Curl_retry_request(data, &newurl);
if(!ret) {
- infof(data, "Downgrades to HTTP/1.1!");
+ infof(data, "Downgrades to HTTP/1.1");
streamclose(data->conn, "Disconnect HTTP/2 for HTTP/1");
data->state.httpwant = CURL_HTTP_VERSION_1_1;
/* clear the error message bit too as we ignore the one we got */
diff --git a/contrib/libs/curl/lib/nonblock.c b/contrib/libs/curl/lib/nonblock.c
index 92fb22ec22..28f6e75881 100644
--- a/contrib/libs/curl/lib/nonblock.c
+++ b/contrib/libs/curl/lib/nonblock.c
@@ -73,6 +73,12 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */
long flags = nonblock ? 1L : 0L;
return IoctlSocket(sockfd, FIONBIO, (char *)&flags);
+#elif defined(HAVE_SETSOCKOPT_SO_NONBLOCK)
+
+ /* Orbis OS */
+ long b = nonblock ? 1L : 0L;
+ return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
+
#else
# error "no non-blocking method was found/used/set"
#endif
diff --git a/contrib/libs/curl/lib/pingpong.c b/contrib/libs/curl/lib/pingpong.c
index 1453bf299a..e08c1d8663 100644
--- a/contrib/libs/curl/lib/pingpong.c
+++ b/contrib/libs/curl/lib/pingpong.c
@@ -293,7 +293,7 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data,
*/
if((ptr + pp->cache_size) > (buf + data->set.buffer_size + 1)) {
failf(data, "cached response data too big to handle");
- return CURLE_RECV_ERROR;
+ return CURLE_WEIRD_SERVER_REPLY;
}
memcpy(ptr, pp->cache, pp->cache_size);
gotbytes = (ssize_t)pp->cache_size;
diff --git a/contrib/libs/curl/lib/pop3.c b/contrib/libs/curl/lib/pop3.c
index 065bdbaf51..2c1b06c07f 100644
--- a/contrib/libs/curl/lib/pop3.c
+++ b/contrib/libs/curl/lib/pop3.c
@@ -571,7 +571,7 @@ static CURLcode pop3_perform_authentication(struct Curl_easy *data,
result = pop3_perform_user(data, conn);
else {
/* Other mechanisms not supported */
- infof(data, "No known authentication mechanisms supported!");
+ infof(data, "No known authentication mechanisms supported");
result = CURLE_LOGIN_DENIED;
}
}
@@ -924,7 +924,7 @@ static CURLcode pop3_state_command_resp(struct Curl_easy *data,
if(pop3code != '+') {
state(data, POP3_STOP);
- return CURLE_RECV_ERROR;
+ return CURLE_WEIRD_SERVER_REPLY;
}
/* This 'OK' line ends with a CR LF pair which is the two first bytes of the
diff --git a/contrib/libs/curl/lib/quic.h b/contrib/libs/curl/lib/quic.h
index edd65807cc..a2e9fee3ac 100644
--- a/contrib/libs/curl/lib/quic.h
+++ b/contrib/libs/curl/lib/quic.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -31,6 +31,9 @@
#ifdef USE_QUICHE
#error #include "vquic/quiche.h"
#endif
+#ifdef USE_MSH3
+#error #include "vquic/msh3.h"
+#endif
#include "urldata.h"
diff --git a/contrib/libs/curl/lib/rand.c b/contrib/libs/curl/lib/rand.c
index 8f2c1ba29e..8da1e8d968 100644
--- a/contrib/libs/curl/lib/rand.c
+++ b/contrib/libs/curl/lib/rand.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -87,7 +87,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
if(!seeded) {
struct curltime now = Curl_now();
- infof(data, "WARNING: Using weak random seed");
+ infof(data, "WARNING: using weak random seed");
randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec;
randseed = randseed * 1103515245 + 12345;
randseed = randseed * 1103515245 + 12345;
diff --git a/contrib/libs/curl/lib/rtsp.c b/contrib/libs/curl/lib/rtsp.c
index f16e87c12d..726bfb9ae1 100644
--- a/contrib/libs/curl/lib/rtsp.c
+++ b/contrib/libs/curl/lib/rtsp.c
@@ -219,7 +219,7 @@ static CURLcode rtsp_done(struct Curl_easy *data,
httpStatus = Curl_http_done(data, status, premature);
- if(rtsp) {
+ if(rtsp && !status && !httpStatus) {
/* Check the sequence numbers */
long CSeq_sent = rtsp->CSeq_sent;
long CSeq_recv = rtsp->CSeq_recv;
diff --git a/contrib/libs/curl/lib/select.c b/contrib/libs/curl/lib/select.c
index 1de207725f..a48da82bac 100644
--- a/contrib/libs/curl/lib/select.c
+++ b/contrib/libs/curl/lib/select.c
@@ -43,7 +43,7 @@
#include "urldata.h"
#include "connect.h"
#include "select.h"
-#include "timeval.h"
+#include "timediff.h"
#include "warnless.h"
/*
@@ -93,26 +93,7 @@ int Curl_wait_ms(timediff_t timeout_ms)
#else
{
struct timeval pending_tv;
- timediff_t tv_sec = timeout_ms / 1000;
- timediff_t tv_usec = (timeout_ms % 1000) * 1000; /* max=999999 */
-#ifdef HAVE_SUSECONDS_T
-#if TIMEDIFF_T_MAX > TIME_T_MAX
- /* tv_sec overflow check in case time_t is signed */
- if(tv_sec > TIME_T_MAX)
- tv_sec = TIME_T_MAX;
-#endif
- pending_tv.tv_sec = (time_t)tv_sec;
- pending_tv.tv_usec = (suseconds_t)tv_usec;
-#else
-#if TIMEDIFF_T_MAX > INT_MAX
- /* tv_sec overflow check in case time_t is signed */
- if(tv_sec > INT_MAX)
- tv_sec = INT_MAX;
-#endif
- pending_tv.tv_sec = (int)tv_sec;
- pending_tv.tv_usec = (int)tv_usec;
-#endif
- r = select(0, NULL, NULL, NULL, &pending_tv);
+ r = select(0, NULL, NULL, NULL, curlx_mstotv(&pending_tv, timeout_ms));
}
#endif /* HAVE_POLL_FINE */
#endif /* USE_WINSOCK */
@@ -152,43 +133,7 @@ static int our_select(curl_socket_t maxfd, /* highest socket number */
}
#endif
- ptimeout = &pending_tv;
- if(timeout_ms < 0) {
- ptimeout = NULL;
- }
- else if(timeout_ms > 0) {
- timediff_t tv_sec = timeout_ms / 1000;
- timediff_t tv_usec = (timeout_ms % 1000) * 1000; /* max=999999 */
-#ifdef HAVE_SUSECONDS_T
-#if TIMEDIFF_T_MAX > TIME_T_MAX
- /* tv_sec overflow check in case time_t is signed */
- if(tv_sec > TIME_T_MAX)
- tv_sec = TIME_T_MAX;
-#endif
- pending_tv.tv_sec = (time_t)tv_sec;
- pending_tv.tv_usec = (suseconds_t)tv_usec;
-#elif defined(WIN32) /* maybe also others in the future */
-#if TIMEDIFF_T_MAX > LONG_MAX
- /* tv_sec overflow check on Windows there we know it is long */
- if(tv_sec > LONG_MAX)
- tv_sec = LONG_MAX;
-#endif
- pending_tv.tv_sec = (long)tv_sec;
- pending_tv.tv_usec = (long)tv_usec;
-#else
-#if TIMEDIFF_T_MAX > INT_MAX
- /* tv_sec overflow check in case time_t is signed */
- if(tv_sec > INT_MAX)
- tv_sec = INT_MAX;
-#endif
- pending_tv.tv_sec = (int)tv_sec;
- pending_tv.tv_usec = (int)tv_usec;
-#endif
- }
- else {
- pending_tv.tv_sec = 0;
- pending_tv.tv_usec = 0;
- }
+ ptimeout = curlx_mstotv(&pending_tv, timeout_ms);
#ifdef USE_WINSOCK
/* WinSock select() must not be called with an fd_set that contains zero
diff --git a/contrib/libs/curl/lib/sendf.c b/contrib/libs/curl/lib/sendf.c
index 220c7dd7ba..d7d4d8abd4 100644
--- a/contrib/libs/curl/lib/sendf.c
+++ b/contrib/libs/curl/lib/sendf.c
@@ -45,6 +45,7 @@
#include "select.h"
#include "strdup.h"
#include "http2.h"
+#include "headers.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@@ -565,7 +566,7 @@ static CURLcode chop_write(struct Curl_easy *data,
/* Protocols that work without network cannot be paused. This is
actually only FILE:// just now, and it can't pause since the
transfer isn't done using the "normal" procedure. */
- failf(data, "Write callback asked for PAUSE when not supported!");
+ failf(data, "Write callback asked for PAUSE when not supported");
return CURLE_WRITE_ERROR;
}
return pausewrite(data, type, ptr, len);
@@ -580,21 +581,33 @@ static CURLcode chop_write(struct Curl_easy *data,
len -= chunklen;
}
+ /* HTTP header, but not status-line */
+ if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
+ (type & CLIENTWRITE_HEADER) && !(type & CLIENTWRITE_STATUS) ) {
+ CURLcode result =
+ Curl_headers_push(data, optr,
+ type & CLIENTWRITE_CONNECT ? CURLH_CONNECT :
+ (type & CLIENTWRITE_1XX ? CURLH_1XX :
+ (type & CLIENTWRITE_TRAILER ? CURLH_TRAILER :
+ CURLH_HEADER)));
+ if(result)
+ return result;
+ }
+
if(writeheader) {
size_t wrote;
- ptr = optr;
- len = olen;
+
Curl_set_in_callback(data, true);
- wrote = writeheader(ptr, 1, len, data->set.writeheader);
+ wrote = writeheader(optr, 1, olen, data->set.writeheader);
Curl_set_in_callback(data, false);
if(CURL_WRITEFUNC_PAUSE == wrote)
/* here we pass in the HEADER bit only since if this was body as well
then it was passed already and clearly that didn't trigger the
pause, so this is saved for later with the HEADER bit only */
- return pausewrite(data, CLIENTWRITE_HEADER, ptr, len);
+ return pausewrite(data, CLIENTWRITE_HEADER, optr, olen);
- if(wrote != len) {
+ if(wrote != olen) {
failf(data, "Failed writing header");
return CURLE_WRITE_ERROR;
}
@@ -620,8 +633,6 @@ CURLcode Curl_client_write(struct Curl_easy *data,
{
struct connectdata *conn = data->conn;
- DEBUGASSERT(!(type & ~CLIENTWRITE_BOTH));
-
if(!len)
return CURLE_OK;
diff --git a/contrib/libs/curl/lib/sendf.h b/contrib/libs/curl/lib/sendf.h
index 108a5e934a..6676003a91 100644
--- a/contrib/libs/curl/lib/sendf.h
+++ b/contrib/libs/curl/lib/sendf.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -45,8 +45,12 @@ void Curl_failf(struct Curl_easy *, const char *fmt, ...);
#define failf Curl_failf
-#define CLIENTWRITE_BODY (1<<0)
-#define CLIENTWRITE_HEADER (1<<1)
+#define CLIENTWRITE_BODY (1<<0)
+#define CLIENTWRITE_HEADER (1<<1)
+#define CLIENTWRITE_STATUS (1<<2) /* the first "header" is the status line */
+#define CLIENTWRITE_CONNECT (1<<3) /* a CONNECT response */
+#define CLIENTWRITE_1XX (1<<4) /* a 1xx response */
+#define CLIENTWRITE_TRAILER (1<<5) /* a trailer header */
#define CLIENTWRITE_BOTH (CLIENTWRITE_BODY|CLIENTWRITE_HEADER)
CURLcode Curl_client_write(struct Curl_easy *data, int type, char *ptr,
diff --git a/contrib/libs/curl/lib/setopt.c b/contrib/libs/curl/lib/setopt.c
index 8e1bf12791..0df1afa614 100644
--- a/contrib/libs/curl/lib/setopt.c
+++ b/contrib/libs/curl/lib/setopt.c
@@ -890,7 +890,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
;
else
#endif
-#if !defined(USE_NGHTTP2) && !defined(USE_HYPER)
+#ifndef USE_HTTP2
if(arg >= CURL_HTTP_VERSION_2)
return CURLE_UNSUPPORTED_PROTOCOL;
#else
@@ -2602,7 +2602,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
#endif
case CURLOPT_SASL_AUTHZID:
- /* Authorisation identity (identity to act as) */
+ /* Authorization identity (identity to act as) */
result = Curl_setstropt(&data->set.str[STRING_SASL_AUTHZID],
va_arg(param, char *));
break;
diff --git a/contrib/libs/curl/lib/smtp.c b/contrib/libs/curl/lib/smtp.c
index 28aa44a49a..c736cfae19 100644
--- a/contrib/libs/curl/lib/smtp.c
+++ b/contrib/libs/curl/lib/smtp.c
@@ -505,7 +505,7 @@ static CURLcode smtp_perform_authentication(struct Curl_easy *data)
state(data, SMTP_AUTH);
else {
/* Other mechanisms not supported */
- infof(data, "No known authentication mechanisms supported!");
+ infof(data, "No known authentication mechanisms supported");
result = CURLE_LOGIN_DENIED;
}
}
@@ -1037,7 +1037,7 @@ static CURLcode smtp_state_command_resp(struct Curl_easy *data, int smtpcode,
if((smtp->rcpt && smtpcode/100 != 2 && smtpcode != 553 && smtpcode != 1) ||
(!smtp->rcpt && smtpcode/100 != 2 && smtpcode != 1)) {
failf(data, "Command failed: %d", smtpcode);
- result = CURLE_RECV_ERROR;
+ result = CURLE_WEIRD_SERVER_REPLY;
}
else {
/* Temporarily add the LF character back and send as body to the client */
@@ -1182,7 +1182,7 @@ static CURLcode smtp_state_postdata_resp(struct Curl_easy *data,
(void)instate; /* no use for this yet */
if(smtpcode != 250)
- result = CURLE_RECV_ERROR;
+ result = CURLE_WEIRD_SERVER_REPLY;
/* End of DONE phase */
state(data, SMTP_STOP);
@@ -1840,7 +1840,7 @@ CURLcode Curl_smtp_escape_eob(struct Curl_easy *data, const ssize_t nread)
scratch = newscratch = malloc(2 * data->set.upload_buffer_size);
if(!newscratch) {
- failf(data, "Failed to alloc scratch buffer!");
+ failf(data, "Failed to alloc scratch buffer");
return CURLE_OUT_OF_MEMORY;
}
diff --git a/contrib/libs/curl/lib/socks.c b/contrib/libs/curl/lib/socks.c
index a014aa6684..d614ae59c6 100644
--- a/contrib/libs/curl/lib/socks.c
+++ b/contrib/libs/curl/lib/socks.c
@@ -326,7 +326,7 @@ CURLproxycode Curl_SOCKS4(const char *proxy_user,
if(proxy_user) {
size_t plen = strlen(proxy_user);
if(plen >= (size_t)data->set.buffer_size - 8) {
- failf(data, "Too long SOCKS proxy user name, can't use!");
+ failf(data, "Too long SOCKS proxy user name, can't use");
return CURLPX_LONG_USER;
}
/* copy the proxy name WITH trailing zero */
diff --git a/contrib/libs/curl/lib/socks.h b/contrib/libs/curl/lib/socks.h
index b0c7f9b26b..f30c610a86 100644
--- a/contrib/libs/curl/lib/socks.h
+++ b/contrib/libs/curl/lib/socks.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -69,7 +69,7 @@ CURLproxycode Curl_SOCKS5(const char *proxy_name,
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
/*
- * This function handles the SOCKS5 GSS-API negotiation and initialisation
+ * This function handles the SOCKS5 GSS-API negotiation and initialization
*/
CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
struct Curl_easy *data);
diff --git a/contrib/libs/curl/lib/strcase.c b/contrib/libs/curl/lib/strcase.c
index dd46ca1ba0..692a3f14ae 100644
--- a/contrib/libs/curl/lib/strcase.c
+++ b/contrib/libs/curl/lib/strcase.c
@@ -131,6 +131,16 @@ void Curl_strntolower(char *dest, const char *src, size_t n)
} while(*src++ && --n);
}
+/* Compare case-sensitive NUL-terminated strings, taking care of possible
+ * null pointers. Return true if arguments match.
+ */
+bool Curl_safecmp(char *a, char *b)
+{
+ if(a && b)
+ return !strcmp(a, b);
+ return !a && !b;
+}
+
/* --- public functions --- */
int curl_strequal(const char *first, const char *second)
diff --git a/contrib/libs/curl/lib/strcase.h b/contrib/libs/curl/lib/strcase.h
index b628656b97..2635f5117e 100644
--- a/contrib/libs/curl/lib/strcase.h
+++ b/contrib/libs/curl/lib/strcase.h
@@ -29,6 +29,8 @@
* and only compare strings we know are safe for this.
*
* The function is capable of comparing a-z case insensitively.
+ *
+ * Result is 1 if text matches and 0 if not.
*/
#define strcasecompare(a,b) Curl_strcasecompare(a,b)
@@ -47,4 +49,6 @@ char Curl_raw_toupper(char in);
void Curl_strntoupper(char *dest, const char *src, size_t n);
void Curl_strntolower(char *dest, const char *src, size_t n);
+bool Curl_safecmp(char *a, char *b);
+
#endif /* HEADER_CURL_STRCASE_H */
diff --git a/contrib/libs/curl/lib/telnet.c b/contrib/libs/curl/lib/telnet.c
index e709973244..2abfcd952a 100644
--- a/contrib/libs/curl/lib/telnet.c
+++ b/contrib/libs/curl/lib/telnet.c
@@ -687,7 +687,7 @@ static void printsub(struct Curl_easy *data,
infof(data, "%s", CURL_TELCMD(j));
else
infof(data, "%d", j);
- infof(data, ", not IAC SE!) ");
+ infof(data, ", not IAC SE) ");
}
}
length -= 2;
diff --git a/contrib/libs/curl/lib/timediff.c b/contrib/libs/curl/lib/timediff.c
new file mode 100644
index 0000000000..003477c63c
--- /dev/null
+++ b/contrib/libs/curl/lib/timediff.c
@@ -0,0 +1,84 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "timediff.h"
+
+/*
+ * Converts number of milliseconds into a timeval structure.
+ *
+ * Return values:
+ * NULL IF tv is NULL or ms < 0 (eg. no timeout -> blocking select)
+ * tv with 0 in both fields IF ms == 0 (eg. 0ms timeout -> polling select)
+ * tv with converted fields IF ms > 0 (eg. >0ms timeout -> waiting select)
+ */
+struct timeval *curlx_mstotv(struct timeval *tv, timediff_t ms)
+{
+ if(!tv)
+ return NULL;
+
+ if(ms < 0)
+ return NULL;
+
+ if(ms > 0) {
+ timediff_t tv_sec = ms / 1000;
+ timediff_t tv_usec = (ms % 1000) * 1000; /* max=999999 */
+#ifdef HAVE_SUSECONDS_T
+#if TIMEDIFF_T_MAX > TIME_T_MAX
+ /* tv_sec overflow check in case time_t is signed */
+ if(tv_sec > TIME_T_MAX)
+ tv_sec = TIME_T_MAX;
+#endif
+ tv->tv_sec = (time_t)tv_sec;
+ tv->tv_usec = (suseconds_t)tv_usec;
+#elif defined(WIN32) /* maybe also others in the future */
+#if TIMEDIFF_T_MAX > LONG_MAX
+ /* tv_sec overflow check on Windows there we know it is long */
+ if(tv_sec > LONG_MAX)
+ tv_sec = LONG_MAX;
+#endif
+ tv->tv_sec = (long)tv_sec;
+ tv->tv_usec = (long)tv_usec;
+#else
+#if TIMEDIFF_T_MAX > INT_MAX
+ /* tv_sec overflow check in case time_t is signed */
+ if(tv_sec > INT_MAX)
+ tv_sec = INT_MAX;
+#endif
+ tv->tv_sec = (int)tv_sec;
+ tv->tv_usec = (int)tv_usec;
+#endif
+ }
+ else {
+ tv->tv_sec = 0;
+ tv->tv_usec = 0;
+ }
+
+ return tv;
+}
+
+/*
+ * Converts a timeval structure into number of milliseconds.
+ */
+timediff_t curlx_tvtoms(struct timeval *tv)
+{
+ return (tv->tv_sec*1000) + (timediff_t)(((double)tv->tv_usec)/1000.0);
+}
diff --git a/contrib/libs/curl/lib/timediff.h b/contrib/libs/curl/lib/timediff.h
new file mode 100644
index 0000000000..fcd5f05636
--- /dev/null
+++ b/contrib/libs/curl/lib/timediff.h
@@ -0,0 +1,50 @@
+#ifndef HEADER_CURL_TIMEDIFF_H
+#define HEADER_CURL_TIMEDIFF_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+/* Use a larger type even for 32 bit time_t systems so that we can keep
+ microsecond accuracy in it */
+typedef curl_off_t timediff_t;
+#define CURL_FORMAT_TIMEDIFF_T CURL_FORMAT_CURL_OFF_T
+
+#define TIMEDIFF_T_MAX CURL_OFF_T_MAX
+#define TIMEDIFF_T_MIN CURL_OFF_T_MIN
+
+/*
+ * Converts number of milliseconds into a timeval structure.
+ *
+ * Return values:
+ * NULL IF tv is NULL or ms < 0 (eg. no timeout -> blocking select)
+ * tv with 0 in both fields IF ms == 0 (eg. 0ms timeout -> polling select)
+ * tv with converted fields IF ms > 0 (eg. >0ms timeout -> waiting select)
+ */
+struct timeval *curlx_mstotv(struct timeval *tv, timediff_t ms);
+
+/*
+ * Converts a timeval structure into number of milliseconds.
+ */
+timediff_t curlx_tvtoms(struct timeval *tv);
+
+#endif /* HEADER_CURL_TIMEDIFF_H */
diff --git a/contrib/libs/curl/lib/timeval.h b/contrib/libs/curl/lib/timeval.h
index 685e72961d..dce32f4cde 100644
--- a/contrib/libs/curl/lib/timeval.h
+++ b/contrib/libs/curl/lib/timeval.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -24,13 +24,7 @@
#include "curl_setup.h"
-/* Use a larger type even for 32 bit time_t systems so that we can keep
- microsecond accuracy in it */
-typedef curl_off_t timediff_t;
-#define CURL_FORMAT_TIMEDIFF_T CURL_FORMAT_CURL_OFF_T
-
-#define TIMEDIFF_T_MAX CURL_OFF_T_MAX
-#define TIMEDIFF_T_MIN CURL_OFF_T_MIN
+#include "timediff.h"
struct curltime {
time_t tv_sec; /* seconds */
diff --git a/contrib/libs/curl/lib/transfer.c b/contrib/libs/curl/lib/transfer.c
index 1f8019b3d0..315da876c4 100644
--- a/contrib/libs/curl/lib/transfer.c
+++ b/contrib/libs/curl/lib/transfer.c
@@ -79,6 +79,7 @@
#include "urlapi-int.h"
#include "hsts.h"
#include "setopt.h"
+#include "headers.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@@ -245,7 +246,7 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes,
/* protocols that work without network cannot be paused. This is
actually only FILE:// just now, and it can't pause since the transfer
isn't done using the "normal" procedure. */
- failf(data, "Read callback asked for PAUSE when not supported!");
+ failf(data, "Read callback asked for PAUSE when not supported");
return CURLE_READ_ERROR;
}
@@ -459,7 +460,7 @@ static int data_pending(const struct Curl_easy *data)
/* in the case of libssh2, we can never be really sure that we have emptied
its internal buffers so we MUST always try until we get EAGAIN back */
return conn->handler->protocol&(CURLPROTO_SCP|CURLPROTO_SFTP) ||
-#if defined(USE_NGHTTP2)
+#ifdef USE_NGHTTP2
/* For HTTP/2, we may read up everything including response body
with header fields in Curl_http_readwrite_headers. If no
content-length is provided, curl waits for the connection
@@ -542,15 +543,14 @@ static CURLcode readwrite_data(struct Curl_easy *data,
if(
#ifdef USE_NGHTTP2
- /* For HTTP/2, read data without caring about the content
- length. This is safe because body in HTTP/2 is always
- segmented thanks to its framing layer. Meanwhile, we have to
- call Curl_read to ensure that http2_handle_stream_close is
- called when we read all incoming bytes for a particular
- stream. */
- !is_http2 &&
+ /* For HTTP/2, read data without caring about the content length. This
+ is safe because body in HTTP/2 is always segmented thanks to its
+ framing layer. Meanwhile, we have to call Curl_read to ensure that
+ http2_handle_stream_close is called when we read all incoming bytes
+ for a particular stream. */
+ !is_http2 &&
#endif
- k->size != -1 && !k->header) {
+ k->size != -1 && !k->header) {
/* make sure we don't read too much */
curl_off_t totalleft = k->size - k->bytecount;
if(totalleft < (curl_off_t)bytestoread)
@@ -571,7 +571,7 @@ static CURLcode readwrite_data(struct Curl_easy *data,
else {
/* read nothing but since we wanted nothing we consider this an OK
situation to proceed from */
- DEBUGF(infof(data, "readwrite_data: we're done!"));
+ DEBUGF(infof(data, "readwrite_data: we're done"));
nread = 0;
}
@@ -995,7 +995,7 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
if(!data->state.scratch) {
data->state.scratch = malloc(2 * data->set.upload_buffer_size);
if(!data->state.scratch) {
- failf(data, "Failed to alloc scratch buffer!");
+ failf(data, "Failed to alloc scratch buffer");
return CURLE_OUT_OF_MEMORY;
}
@@ -1360,7 +1360,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
if(!data->state.url && !data->set.uh) {
/* we can't do anything without URL */
- failf(data, "No URL set!");
+ failf(data, "No URL set");
return CURLE_URL_MALFORMAT;
}
@@ -1377,7 +1377,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
uc = curl_url_get(data->set.uh,
CURLUPART_URL, &data->set.str[STRING_SET_URL], 0);
if(uc) {
- failf(data, "No URL set!");
+ failf(data, "No URL set");
return CURLE_URL_MALFORMAT;
}
}
@@ -1489,6 +1489,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
data->set.str[STRING_PROXYPASSWORD]);
data->req.headerbytecount = 0;
+ Curl_headers_cleanup(data);
return result;
}
@@ -1533,6 +1534,8 @@ CURLcode Curl_follow(struct Curl_easy *data,
DEBUGASSERT(type != FOLLOW_NONE);
+ if(type != FOLLOW_FAKE)
+ data->state.requests++; /* count all real follows */
if(type == FOLLOW_REDIR) {
if((data->set.maxredirs != -1) &&
(data->state.followlocation >= data->set.maxredirs)) {
@@ -1608,10 +1611,57 @@ CURLcode Curl_follow(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
}
else {
-
uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0);
if(uc)
return Curl_uc_to_curlcode(uc);
+
+ /* Clear auth if this redirects to a different port number or protocol,
+ unless permitted */
+ if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) {
+ char *portnum;
+ int port;
+ bool clear = FALSE;
+
+ if(data->set.use_port && data->state.allow_port)
+ /* a custom port is used */
+ port = (int)data->set.use_port;
+ else {
+ uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum,
+ CURLU_DEFAULT_PORT);
+ if(uc) {
+ free(newurl);
+ return Curl_uc_to_curlcode(uc);
+ }
+ port = atoi(portnum);
+ free(portnum);
+ }
+ if(port != data->info.conn_remote_port) {
+ infof(data, "Clear auth, redirects to port from %u to %u",
+ data->info.conn_remote_port, port);
+ clear = TRUE;
+ }
+ else {
+ char *scheme;
+ const struct Curl_handler *p;
+ uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0);
+ if(uc) {
+ free(newurl);
+ return Curl_uc_to_curlcode(uc);
+ }
+
+ p = Curl_builtin_scheme(scheme);
+ if(p && (p->protocol != data->info.conn_protocol)) {
+ infof(data, "Clear auth, redirects scheme from %s to %s",
+ data->info.conn_scheme, scheme);
+ clear = TRUE;
+ }
+ free(scheme);
+ }
+ if(clear) {
+ Curl_safefree(data->state.aptr.user);
+ Curl_safefree(data->state.aptr.passwd);
+ }
+ }
}
if(type == FOLLOW_FAKE) {
diff --git a/contrib/libs/curl/lib/url.c b/contrib/libs/curl/lib/url.c
index 75f43db3d8..5b6bd2b866 100644
--- a/contrib/libs/curl/lib/url.c
+++ b/contrib/libs/curl/lib/url.c
@@ -130,6 +130,7 @@ bool curl_win32_idn_to_ascii(const char *in, char **out);
#include "setopt.h"
#include "altsvc.h"
#include "dynbuf.h"
+#include "headers.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@@ -470,6 +471,7 @@ CURLcode Curl_close(struct Curl_easy **datap)
/* destruct wildcard structures if it is needed */
Curl_wildcard_dtor(&data->wildcard);
Curl_freeset(data);
+ Curl_headers_cleanup(data);
free(data);
return CURLE_OK;
}
@@ -618,7 +620,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
set->maxlifetime_conn = 0;
set->http09_allowed = FALSE;
set->httpwant =
-#ifdef USE_NGHTTP2
+#ifdef USE_HTTP2
CURL_HTTP_VERSION_2TLS
#else
CURL_HTTP_VERSION_1_1
@@ -779,6 +781,7 @@ static void conn_free(struct connectdata *conn)
Curl_safefree(conn->passwd);
Curl_safefree(conn->sasl_authzid);
Curl_safefree(conn->options);
+ Curl_safefree(conn->oauth_bearer);
Curl_dyn_free(&conn->trailer);
Curl_safefree(conn->host.rawalloc); /* host name buffer */
Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */
@@ -1031,7 +1034,7 @@ static bool extract_if_dead(struct connectdata *conn,
}
if(dead) {
- infof(data, "Connection %ld seems to be dead!", conn->connection_id);
+ infof(data, "Connection %ld seems to be dead", conn->connection_id);
Curl_conncache_remove_conn(data, conn, FALSE);
return TRUE;
}
@@ -1120,7 +1123,6 @@ ConnectionExists(struct Curl_easy *data,
bool foundPendingCandidate = FALSE;
bool canmultiplex = IsMultiplexingPossible(data, needle);
struct connectbundle *bundle;
- const char *hostbundle;
#ifdef USE_NTLM
bool wantNTLMhttp = ((data->state.authhost.want &
@@ -1141,15 +1143,14 @@ ConnectionExists(struct Curl_easy *data,
/* Look up the bundle with all the connections to this particular host.
Locks the connection cache, beware of early returns! */
- bundle = Curl_conncache_find_bundle(data, needle, data->state.conn_cache,
- &hostbundle);
+ bundle = Curl_conncache_find_bundle(data, needle, data->state.conn_cache);
if(bundle) {
/* Max pipe length is zero (unlimited) for multiplexed connections */
struct Curl_llist_element *curr;
- infof(data, "Found bundle for host %s: %p [%s]",
- hostbundle, (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ?
- "can multiplex" : "serially"));
+ infof(data, "Found bundle for host: %p [%s]",
+ (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ?
+ "can multiplex" : "serially"));
/* We can't multiplex if we don't know anything about the server */
if(canmultiplex) {
@@ -1166,11 +1167,11 @@ ConnectionExists(struct Curl_easy *data,
}
if((bundle->multiuse == BUNDLE_MULTIPLEX) &&
!Curl_multiplex_wanted(data->multi)) {
- infof(data, "Could multiplex, but not asked to!");
+ infof(data, "Could multiplex, but not asked to");
canmultiplex = FALSE;
}
if(bundle->multiuse == BUNDLE_NO_MULTIUSE) {
- infof(data, "Can not multiplex, even if we wanted to!");
+ infof(data, "Can not multiplex, even if we wanted to");
canmultiplex = FALSE;
}
}
@@ -1340,7 +1341,9 @@ ConnectionExists(struct Curl_easy *data,
/* This protocol requires credentials per connection,
so verify that we're using the same name and password as well */
if(strcmp(needle->user, check->user) ||
- strcmp(needle->passwd, check->passwd)) {
+ strcmp(needle->passwd, check->passwd) ||
+ !Curl_safecmp(needle->sasl_authzid, check->sasl_authzid) ||
+ !Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) {
/* one of them was different */
continue;
}
@@ -1491,7 +1494,7 @@ ConnectionExists(struct Curl_easy *data,
#endif
/* When not multiplexed, we have a match here! */
chosen = check;
- infof(data, "Multiplexed connection found!");
+ infof(data, "Multiplexed connection found");
break;
}
else {
@@ -3108,7 +3111,7 @@ static CURLcode parse_connect_to_host_port(struct Curl_easy *data,
* name nor a numeric can legally start with a bracket.
*/
#else
- failf(data, "Use of IPv6 in *_CONNECT_TO without IPv6 support built-in!");
+ failf(data, "Use of IPv6 in *_CONNECT_TO without IPv6 support built-in");
result = CURLE_NOT_BUILT_IN;
goto error;
#endif
@@ -3279,16 +3282,16 @@ static CURLcode parse_connect_to_slist(struct Curl_easy *data,
bool hit;
struct altsvc *as;
const int allowed_versions = ( ALPN_h1
-#ifdef USE_NGHTTP2
- | ALPN_h2
+#ifdef USE_HTTP2
+ | ALPN_h2
#endif
#ifdef ENABLE_QUIC
- | ALPN_h3
+ | ALPN_h3
#endif
) & data->asi->flags;
host = conn->host.rawalloc;
-#ifdef USE_NGHTTP2
+#ifdef USE_HTTP2
/* with h2 support, check that first */
srcalpnid = ALPN_h2;
hit = Curl_altsvc_lookup(data->asi,
@@ -3635,6 +3638,14 @@ static CURLcode create_conn(struct Curl_easy *data,
}
}
+ if(data->set.str[STRING_BEARER]) {
+ conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]);
+ if(!conn->oauth_bearer) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto out;
+ }
+ }
+
#ifdef USE_UNIX_SOCKETS
if(data->set.str[STRING_UNIX_SOCKET_PATH]) {
conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]);
@@ -3911,14 +3922,14 @@ static CURLcode create_conn(struct Curl_easy *data,
*in_connect = conn;
#ifndef CURL_DISABLE_PROXY
- infof(data, "Re-using existing connection! (#%ld) with %s %s",
+ infof(data, "Re-using existing connection #%ld with %s %s",
conn->connection_id,
conn->bits.proxy?"proxy":"host",
conn->socks_proxy.host.name ? conn->socks_proxy.host.dispname :
conn->http_proxy.host.name ? conn->http_proxy.host.dispname :
conn->host.dispname);
#else
- infof(data, "Re-using existing connection! (#%ld) with host %s",
+ infof(data, "Re-using existing connection #%ld with host %s",
conn->connection_id, conn->host.dispname);
#endif
}
@@ -3942,10 +3953,8 @@ static CURLcode create_conn(struct Curl_easy *data,
connections_available = FALSE;
else {
/* this gets a lock on the conncache */
- const char *bundlehost;
struct connectbundle *bundle =
- Curl_conncache_find_bundle(data, conn, data->state.conn_cache,
- &bundlehost);
+ Curl_conncache_find_bundle(data, conn, data->state.conn_cache);
if(max_host_connections > 0 && bundle &&
(bundle->num_connections >= max_host_connections)) {
@@ -3958,8 +3967,8 @@ static CURLcode create_conn(struct Curl_easy *data,
if(conn_candidate)
Curl_disconnect(data, conn_candidate, FALSE);
else {
- infof(data, "No more connections allowed to host %s: %zu",
- bundlehost, max_host_connections);
+ infof(data, "No more connections allowed to host: %zu",
+ max_host_connections);
connections_available = FALSE;
}
}
@@ -4009,14 +4018,14 @@ static CURLcode create_conn(struct Curl_easy *data,
connection based. */
if((data->state.authhost.picked & (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
data->state.authhost.done) {
- infof(data, "NTLM picked AND auth done set, clear picked!");
+ infof(data, "NTLM picked AND auth done set, clear picked");
data->state.authhost.picked = CURLAUTH_NONE;
data->state.authhost.done = FALSE;
}
if((data->state.authproxy.picked & (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
data->state.authproxy.done) {
- infof(data, "NTLM-proxy picked AND auth done set, clear picked!");
+ infof(data, "NTLM-proxy picked AND auth done set, clear picked");
data->state.authproxy.picked = CURLAUTH_NONE;
data->state.authproxy.done = FALSE;
}
diff --git a/contrib/libs/curl/lib/urlapi.c b/contrib/libs/curl/lib/urlapi.c
index ff00ee4243..99a0f69282 100644
--- a/contrib/libs/curl/lib/urlapi.c
+++ b/contrib/libs/curl/lib/urlapi.c
@@ -1144,7 +1144,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags)
}
/*
- * Parse the URL and, if successful, replace everyting in the Curl_URL struct.
+ * Parse the URL and, if successful, replace everything in the Curl_URL struct.
*/
static CURLUcode parseurl_and_replace(const char *url, CURLU *u,
unsigned int flags)
diff --git a/contrib/libs/curl/lib/urldata.h b/contrib/libs/curl/lib/urldata.h
index ccf3c32cfe..9249c9c60e 100644
--- a/contrib/libs/curl/lib/urldata.h
+++ b/contrib/libs/curl/lib/urldata.h
@@ -983,7 +983,8 @@ struct connectdata {
char *user; /* user name string, allocated */
char *passwd; /* password string, allocated */
char *options; /* options string, allocated */
- char *sasl_authzid; /* authorisation identity string, allocated */
+ char *sasl_authzid; /* authorization identity string, allocated */
+ char *oauth_bearer; /* OAUTH2 bearer, allocated */
unsigned char httpversion; /* the HTTP version*10 reported by the server */
struct curltime now; /* "current" time */
struct curltime created; /* creation time */
@@ -1159,7 +1160,11 @@ struct PureInfo {
reused, in the connection cache. */
char conn_primary_ip[MAX_IPADR_LEN];
- int conn_primary_port;
+ int conn_primary_port; /* this is the destination port to the connection,
+ which might have been a proxy */
+ int conn_remote_port; /* this is the "remote port", which is the port
+ number of the used URL, independent of proxy or
+ not */
char conn_local_ip[MAX_IPADR_LEN];
int conn_local_port;
const char *conn_scheme;
@@ -1328,14 +1333,16 @@ struct UrlState {
char *ulbuf; /* allocated upload buffer or NULL */
curl_off_t current_speed; /* the ProgressShow() function sets this,
bytes / second */
- char *first_host; /* host name of the first (not followed) request.
- if set, this should be the host name that we will
- sent authorization to, no else. Used to make Location:
- following not keep sending user+password... This is
- strdup() data.
- */
+
+ /* host name, port number and protocol of the first (not followed) request.
+ if set, this should be the host name that we will sent authorization to,
+ no else. Used to make Location: following not keep sending user+password.
+ This is strdup()ed data. */
+ char *first_host;
+ int first_remote_port;
+ unsigned int first_remote_protocol;
+
int retrycount; /* number of retries on a new connection */
- int first_remote_port; /* remote port of the first (not followed) request */
struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */
long sessionage; /* number of the most recent session */
struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */
@@ -1343,6 +1350,7 @@ struct UrlState {
int os_errno; /* filled in with errno whenever an error occurs */
char *scratch; /* huge buffer[set.buffer_size*2] for upload CRLF replacing */
long followlocation; /* redirect counter */
+ int requests; /* request counter: redirects + authentication retakes */
#ifdef HAVE_SIGNAL
/* storage for the previous bag^H^H^HSIGPIPE signal handler :-) */
void (*prev_signal)(int sig);
@@ -1414,6 +1422,8 @@ struct UrlState {
size_t trailers_bytes_sent;
struct dynbuf trailers_buf; /* a buffer containing the compiled trailing
headers */
+ struct Curl_llist httphdrs; /* received headers */
+ struct curl_header headerout; /* for external purposes */
#endif
trailers_state trailers_state; /* whether we are sending trailers
and what stage are we at */
diff --git a/contrib/libs/curl/lib/vauth/ntlm.c b/contrib/libs/curl/lib/vauth/ntlm.c
index b769e0f5d2..115f70b0e1 100644
--- a/contrib/libs/curl/lib/vauth/ntlm.c
+++ b/contrib/libs/curl/lib/vauth/ntlm.c
@@ -524,7 +524,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
/* Get the machine's un-qualified host name as NTLM doesn't like the fully
qualified domain name */
if(Curl_gethostname(host, sizeof(host))) {
- infof(data, "gethostname() failed, continuing without!");
+ infof(data, "gethostname() failed, continuing without");
hostlen = 0;
}
else {
diff --git a/contrib/libs/curl/lib/vquic/msh3.c b/contrib/libs/curl/lib/vquic/msh3.c
new file mode 100644
index 0000000000..071f13e1fc
--- /dev/null
+++ b/contrib/libs/curl/lib/vquic/msh3.c
@@ -0,0 +1,498 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_MSH3
+
+#include "urldata.h"
+#include "curl_printf.h"
+#include "timeval.h"
+#include "multiif.h"
+#include "sendf.h"
+#include "connect.h"
+#include "h2h3.h"
+#error #include "msh3.h"
+
+/* #define DEBUG_HTTP3 1 */
+#ifdef DEBUG_HTTP3
+#define H3BUGF(x) x
+#else
+#define H3BUGF(x) do { } while(0)
+#endif
+
+#define MSH3_REQ_INIT_BUF_LEN 8192
+
+static CURLcode msh3_do_it(struct Curl_easy *data, bool *done);
+static int msh3_getsock(struct Curl_easy *data,
+ struct connectdata *conn, curl_socket_t *socks);
+static CURLcode msh3_disconnect(struct Curl_easy *data,
+ struct connectdata *conn,
+ bool dead_connection);
+static unsigned int msh3_conncheck(struct Curl_easy *data,
+ struct connectdata *conn,
+ unsigned int checks_to_perform);
+static Curl_recv msh3_stream_recv;
+static Curl_send msh3_stream_send;
+static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request,
+ void *IfContext,
+ const MSH3_HEADER *Header);
+static void MSH3_CALL msh3_data_received(MSH3_REQUEST *Request,
+ void *IfContext, uint32_t Length,
+ const uint8_t *Data);
+static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext,
+ bool Aborted, uint64_t AbortError);
+static void MSH3_CALL msh3_shutdown(MSH3_REQUEST *Request, void *IfContext);
+
+static const struct Curl_handler msh3_curl_handler_http3 = {
+ "HTTPS", /* scheme */
+ ZERO_NULL, /* setup_connection */
+ msh3_do_it, /* do_it */
+ Curl_http_done, /* done */
+ ZERO_NULL, /* do_more */
+ ZERO_NULL, /* connect_it */
+ ZERO_NULL, /* connecting */
+ ZERO_NULL, /* doing */
+ msh3_getsock, /* proto_getsock */
+ msh3_getsock, /* doing_getsock */
+ ZERO_NULL, /* domore_getsock */
+ msh3_getsock, /* perform_getsock */
+ msh3_disconnect, /* disconnect */
+ ZERO_NULL, /* readwrite */
+ msh3_conncheck, /* connection_check */
+ ZERO_NULL, /* attach connection */
+ PORT_HTTP, /* defport */
+ CURLPROTO_HTTPS, /* protocol */
+ CURLPROTO_HTTP, /* family */
+ PROTOPT_SSL | PROTOPT_STREAM /* flags */
+};
+
+static const MSH3_REQUEST_IF msh3_request_if = {
+ msh3_header_received,
+ msh3_data_received,
+ msh3_complete,
+ msh3_shutdown
+};
+
+void Curl_quic_ver(char *p, size_t len)
+{
+ (void)msnprintf(p, len, "msh3/%s", "0.0.1");
+}
+
+CURLcode Curl_quic_connect(struct Curl_easy *data,
+ struct connectdata *conn,
+ curl_socket_t sockfd,
+ int sockindex,
+ const struct sockaddr *addr,
+ socklen_t addrlen)
+{
+ struct quicsocket *qs = &conn->hequic[sockindex];
+ bool unsecure = !conn->ssl_config.verifypeer;
+ memset(qs, 0, sizeof(*qs));
+
+ (void)sockfd;
+ (void)addr; /* TODO - Pass address along */
+ (void)addrlen;
+
+ H3BUGF(infof(data, "creating new api/connection"));
+
+ qs->api = MsH3ApiOpen();
+ if(!qs->api) {
+ failf(data, "can't create msh3 api");
+ return CURLE_FAILED_INIT;
+ }
+
+ qs->conn = MsH3ConnectionOpen(qs->api, conn->host.name, unsecure);
+ if(!qs->conn) {
+ failf(data, "can't create msh3 connection");
+ if(qs->api) {
+ MsH3ApiClose(qs->api);
+ }
+ return CURLE_FAILED_INIT;
+ }
+
+ return CURLE_OK;
+}
+
+CURLcode Curl_quic_is_connected(struct Curl_easy *data,
+ struct connectdata *conn,
+ int sockindex,
+ bool *connected)
+{
+ struct quicsocket *qs = &conn->hequic[sockindex];
+ MSH3_CONNECTION_STATE state;
+
+ state = MsH3ConnectionGetState(qs->conn, false);
+ if(state == MSH3_CONN_HANDSHAKE_FAILED || state == MSH3_CONN_DISCONNECTED) {
+ failf(data, "failed to connect, state=%u", (uint32_t)state);
+ return CURLE_COULDNT_CONNECT;
+ }
+
+ if(state == MSH3_CONN_CONNECTED) {
+ H3BUGF(infof(data, "connection connected"));
+ *connected = true;
+ conn->quic = qs;
+ conn->recv[sockindex] = msh3_stream_recv;
+ conn->send[sockindex] = msh3_stream_send;
+ conn->handler = &msh3_curl_handler_http3;
+ conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
+ conn->httpversion = 30;
+ conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+ /* TODO - Clean up other happy-eyeballs connection(s)? */
+ }
+
+ return CURLE_OK;
+}
+
+static int msh3_getsock(struct Curl_easy *data,
+ struct connectdata *conn, curl_socket_t *socks)
+{
+ struct HTTP *stream = data->req.p.http;
+ int bitmap = GETSOCK_BLANK;
+
+ socks[0] = conn->sock[FIRSTSOCKET];
+
+ if(stream->recv_error) {
+ bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
+ data->state.drain++;
+ }
+ else if(stream->recv_header_len || stream->recv_data_len) {
+ bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
+ data->state.drain++;
+ }
+
+ H3BUGF(infof(data, "msh3_getsock %u", (uint32_t)data->state.drain));
+
+ return bitmap;
+}
+
+static CURLcode msh3_do_it(struct Curl_easy *data, bool *done)
+{
+ struct HTTP *stream = data->req.p.http;
+ H3BUGF(infof(data, "msh3_do_it"));
+ stream->recv_buf = malloc(MSH3_REQ_INIT_BUF_LEN);
+ if(!stream->recv_buf) {
+ return CURLE_OUT_OF_MEMORY;
+ }
+ stream->req = ZERO_NULL;
+ msh3_lock_initialize(&stream->recv_lock);
+ stream->recv_buf_alloc = MSH3_REQ_INIT_BUF_LEN;
+ stream->recv_header_len = 0;
+ stream->recv_header_complete = false;
+ stream->recv_data_len = 0;
+ stream->recv_data_complete = false;
+ stream->recv_error = CURLE_OK;
+ return Curl_http(data, done);
+}
+
+static unsigned int msh3_conncheck(struct Curl_easy *data,
+ struct connectdata *conn,
+ unsigned int checks_to_perform)
+{
+ (void)data;
+ (void)conn;
+ (void)checks_to_perform;
+ H3BUGF(infof(data, "msh3_conncheck"));
+ return CONNRESULT_NONE;
+}
+
+static void msh3_cleanup(struct quicsocket *qs, struct HTTP *stream)
+{
+ if(stream && stream->recv_buf) {
+ free(stream->recv_buf);
+ stream->recv_buf = ZERO_NULL;
+ msh3_lock_uninitialize(&stream->recv_lock);
+ }
+ if(qs->conn) {
+ MsH3ConnectionClose(qs->conn);
+ qs->conn = ZERO_NULL;
+ }
+ if(qs->api) {
+ MsH3ApiClose(qs->api);
+ qs->api = ZERO_NULL;
+ }
+}
+
+static CURLcode msh3_disconnect(struct Curl_easy *data,
+ struct connectdata *conn, bool dead_connection)
+{
+ (void)dead_connection;
+ H3BUGF(infof(data, "disconnecting (msh3)"));
+ msh3_cleanup(conn->quic, data->req.p.http);
+ return CURLE_OK;
+}
+
+void Curl_quic_disconnect(struct Curl_easy *data, struct connectdata *conn,
+ int tempindex)
+{
+ if(conn->transport == TRNSPRT_QUIC) {
+ H3BUGF(infof(data, "disconnecting (curl)"));
+ msh3_cleanup(&conn->hequic[tempindex], data->req.p.http);
+ }
+}
+
+/* Requires stream->recv_lock to be held */
+static bool msh3request_ensure_room(struct HTTP *stream, size_t len)
+{
+ uint8_t *new_recv_buf;
+ const size_t cur_recv_len = stream->recv_header_len + stream->recv_data_len;
+ if(cur_recv_len + len > stream->recv_buf_alloc) {
+ size_t new_recv_buf_alloc_len = stream->recv_buf_alloc;
+ do {
+ new_recv_buf_alloc_len <<= 1; /* TODO - handle overflow */
+ } while(cur_recv_len + len > new_recv_buf_alloc_len);
+ new_recv_buf = malloc(new_recv_buf_alloc_len);
+ if(!new_recv_buf) {
+ return false;
+ }
+ if(cur_recv_len) {
+ memcpy(new_recv_buf, stream->recv_buf, cur_recv_len);
+ }
+ stream->recv_buf_alloc = new_recv_buf_alloc_len;
+ free(stream->recv_buf);
+ stream->recv_buf = new_recv_buf;
+ }
+ return true;
+}
+
+static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request,
+ void *IfContext,
+ const MSH3_HEADER *Header)
+{
+ struct HTTP *stream = IfContext;
+ size_t total_len;
+ (void)Request;
+ H3BUGF(printf("* msh3_header_received\n"));
+
+ if(stream->recv_header_complete) {
+ H3BUGF(printf("* ignoring header after data\n"));
+ return;
+ }
+
+ msh3_lock_acquire(&stream->recv_lock);
+
+ if((Header->NameLength == 7) &&
+ !strncmp(H2H3_PSEUDO_STATUS, (char *)Header->Name, 7)) {
+ total_len = 9 + Header->ValueLength;
+ if(!msh3request_ensure_room(stream, total_len)) {
+ /* TODO - handle error */
+ goto release_lock;
+ }
+ msnprintf((char *)stream->recv_buf + stream->recv_header_len,
+ stream->recv_buf_alloc - stream->recv_header_len,
+ "HTTP/3 %.*s\n", (int)Header->ValueLength, Header->Value);
+ }
+ else {
+ total_len = Header->NameLength + 4 + Header->ValueLength;
+ if(!msh3request_ensure_room(stream, total_len)) {
+ /* TODO - handle error */
+ goto release_lock;
+ }
+ msnprintf((char *)stream->recv_buf + stream->recv_header_len,
+ stream->recv_buf_alloc - stream->recv_header_len,
+ "%.*s: %.*s\n",
+ (int)Header->NameLength, Header->Name,
+ (int)Header->ValueLength, Header->Value);
+ }
+
+ stream->recv_header_len += total_len - 1; /* don't include null-terminator */
+
+release_lock:
+ msh3_lock_release(&stream->recv_lock);
+}
+
+static void MSH3_CALL msh3_data_received(MSH3_REQUEST *Request,
+ void *IfContext, uint32_t Length,
+ const uint8_t *Data)
+{
+ struct HTTP *stream = IfContext;
+ size_t cur_recv_len = stream->recv_header_len + stream->recv_data_len;
+ (void)Request;
+ H3BUGF(printf("* msh3_data_received %u. %zu buffered, %zu allocated\n",
+ Length, cur_recv_len, stream->recv_buf_alloc));
+ msh3_lock_acquire(&stream->recv_lock);
+ if(!stream->recv_header_complete) {
+ H3BUGF(printf("* Headers complete!\n"));
+ if(!msh3request_ensure_room(stream, 2)) {
+ /* TODO - handle error */
+ goto release_lock;
+ }
+ stream->recv_buf[stream->recv_header_len++] = '\r';
+ stream->recv_buf[stream->recv_header_len++] = '\n';
+ stream->recv_header_complete = true;
+ cur_recv_len += 2;
+ }
+ if(!msh3request_ensure_room(stream, Length)) {
+ /* TODO - handle error */
+ goto release_lock;
+ }
+ memcpy(stream->recv_buf + cur_recv_len, Data, Length);
+ stream->recv_data_len += (size_t)Length;
+release_lock:
+ msh3_lock_release(&stream->recv_lock);
+}
+
+static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext,
+ bool Aborted, uint64_t AbortError)
+{
+ struct HTTP *stream = IfContext;
+ (void)Request;
+ (void)AbortError;
+ H3BUGF(printf("* msh3_complete, aborted=%hhu\n", Aborted));
+ msh3_lock_acquire(&stream->recv_lock);
+ if(Aborted) {
+ stream->recv_error = CURLE_HTTP3; /* TODO - how do we pass AbortError? */
+ }
+ stream->recv_header_complete = true;
+ stream->recv_data_complete = true;
+ msh3_lock_release(&stream->recv_lock);
+}
+
+static void MSH3_CALL msh3_shutdown(MSH3_REQUEST *Request, void *IfContext)
+{
+ struct HTTP *stream = IfContext;
+ (void)Request;
+ (void)stream;
+}
+
+static_assert(sizeof(MSH3_HEADER) == sizeof(struct h2h3pseudo),
+ "Sizes must match for cast below to work");
+
+static ssize_t msh3_stream_send(struct Curl_easy *data,
+ int sockindex,
+ const void *mem,
+ size_t len,
+ CURLcode *curlcode)
+{
+ struct connectdata *conn = data->conn;
+ struct HTTP *stream = data->req.p.http;
+ struct quicsocket *qs = conn->quic;
+ struct h2h3req *hreq;
+
+ (void)sockindex;
+ H3BUGF(infof(data, "msh3_stream_send %zu", len));
+
+ if(!stream->req) {
+ *curlcode = Curl_pseudo_headers(data, mem, len, &hreq);
+ if(*curlcode) {
+ failf(data, "Curl_pseudo_headers failed");
+ return -1;
+ }
+ H3BUGF(infof(data, "starting request with %zu headers", hreq->entries));
+ stream->req = MsH3RequestOpen(qs->conn, &msh3_request_if, stream,
+ (MSH3_HEADER*)hreq->header, hreq->entries);
+ Curl_pseudo_free(hreq);
+ if(!stream->req) {
+ failf(data, "request open failed");
+ *curlcode = CURLE_SEND_ERROR;
+ return -1;
+ }
+ *curlcode = CURLE_OK;
+ return len;
+ }
+ H3BUGF(infof(data, "send %zd body bytes on request %p", len,
+ (void *)stream->req));
+ *curlcode = CURLE_SEND_ERROR;
+ return -1;
+}
+
+static ssize_t msh3_stream_recv(struct Curl_easy *data,
+ int sockindex,
+ char *buf,
+ size_t buffersize,
+ CURLcode *curlcode)
+{
+ struct HTTP *stream = data->req.p.http;
+ size_t outsize = 0;
+ (void)sockindex;
+ H3BUGF(infof(data, "msh3_stream_recv %zu", buffersize));
+
+ if(stream->recv_error) {
+ failf(data, "request aborted");
+ *curlcode = stream->recv_error;
+ return -1;
+ }
+
+ msh3_lock_acquire(&stream->recv_lock);
+
+ if(stream->recv_header_len) {
+ outsize = buffersize;
+ if(stream->recv_header_len < outsize) {
+ outsize = stream->recv_header_len;
+ }
+ memcpy(buf, stream->recv_buf, outsize);
+ if(outsize < stream->recv_header_len + stream->recv_data_len) {
+ memmove(stream->recv_buf, stream->recv_buf + outsize,
+ stream->recv_header_len + stream->recv_data_len - outsize);
+ }
+ stream->recv_header_len -= outsize;
+ H3BUGF(infof(data, "returned %zu bytes of headers", outsize));
+ }
+ else if(stream->recv_data_len) {
+ outsize = buffersize;
+ if(stream->recv_data_len < outsize) {
+ outsize = stream->recv_data_len;
+ }
+ memcpy(buf, stream->recv_buf, outsize);
+ if(outsize < stream->recv_data_len) {
+ memmove(stream->recv_buf, stream->recv_buf + outsize,
+ stream->recv_data_len - outsize);
+ }
+ stream->recv_data_len -= outsize;
+ H3BUGF(infof(data, "returned %zu bytes of data", outsize));
+ }
+ else if(stream->recv_data_complete) {
+ H3BUGF(infof(data, "receive complete"));
+ }
+
+ msh3_lock_release(&stream->recv_lock);
+
+ return (ssize_t)outsize;
+}
+
+CURLcode Curl_quic_done_sending(struct Curl_easy *data)
+{
+ struct connectdata *conn = data->conn;
+ H3BUGF(infof(data, "Curl_quic_done_sending"));
+ if(conn->handler == &msh3_curl_handler_http3) {
+ struct HTTP *stream = data->req.p.http;
+ stream->upload_done = TRUE;
+ }
+
+ return CURLE_OK;
+}
+
+void Curl_quic_done(struct Curl_easy *data, bool premature)
+{
+ (void)data;
+ (void)premature;
+ H3BUGF(infof(data, "Curl_quic_done"));
+}
+
+bool Curl_quic_data_pending(const struct Curl_easy *data)
+{
+ struct HTTP *stream = data->req.p.http;
+ H3BUGF(infof((struct Curl_easy *)data, "Curl_quic_data_pending"));
+ return stream->recv_header_len || stream->recv_data_len;
+}
+
+#endif /* USE_MSH3 */
diff --git a/contrib/libs/curl/lib/vquic/ngtcp2.c b/contrib/libs/curl/lib/vquic/ngtcp2.c
index bcf3d193d3..233d7e2e4f 100644
--- a/contrib/libs/curl/lib/vquic/ngtcp2.c
+++ b/contrib/libs/curl/lib/vquic/ngtcp2.c
@@ -47,6 +47,7 @@
#error #include "vquic.h"
#include "h2h3.h"
#include "vtls/keylog.h"
+#include "vtls/vtls.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@@ -72,7 +73,7 @@
* the far end, then start over at index 0 again.
*/
-#define H3_SEND_SIZE (20*1024)
+#define H3_SEND_SIZE (256*1024)
struct h3out {
uint8_t buf[H3_SEND_SIZE];
size_t used; /* number of bytes used in the buffer */
@@ -82,7 +83,7 @@ struct h3out {
#define QUIC_MAX_STREAMS (256*1024)
#define QUIC_MAX_DATA (1*1024*1024)
-#define QUIC_IDLE_TIMEOUT 60000 /* milliseconds */
+#define QUIC_IDLE_TIMEOUT (60*NGTCP2_SECONDS)
#ifdef USE_OPENSSL
#define QUIC_CIPHERS \
@@ -314,6 +315,25 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
return ssl_ctx;
}
+static CURLcode quic_set_client_cert(struct Curl_easy *data,
+ struct quicsocket *qs)
+{
+ struct connectdata *conn = data->conn;
+ SSL_CTX *ssl_ctx = qs->sslctx;
+ char *const ssl_cert = SSL_SET_OPTION(primary.clientcert);
+ const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
+ const char *const ssl_cert_type = SSL_SET_OPTION(cert_type);
+
+ if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
+ return Curl_ossl_set_client_cert(
+ data, ssl_ctx, ssl_cert, ssl_cert_blob, ssl_cert_type,
+ SSL_SET_OPTION(key), SSL_SET_OPTION(key_blob),
+ SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd));
+ }
+
+ return CURLE_OK;
+}
+
/** SSL callbacks ***/
static int quic_init_ssl(struct quicsocket *qs)
@@ -744,7 +764,8 @@ static ngtcp2_callbacks ng_callbacks = {
NULL, /* ack_datagram */
NULL, /* lost_datagram */
ngtcp2_crypto_get_path_challenge_data_cb,
- cb_stream_stop_sending
+ cb_stream_stop_sending,
+ NULL, /* version_negotiation */
};
/*
@@ -786,6 +807,10 @@ CURLcode Curl_quic_connect(struct Curl_easy *data,
qs->sslctx = quic_ssl_ctx(data);
if(!qs->sslctx)
return CURLE_QUIC_CONNECT_ERROR;
+
+ result = quic_set_client_cert(data, qs);
+ if(result)
+ return result;
#endif
if(quic_init_ssl(qs))
@@ -842,6 +867,8 @@ static int ng_getsock(struct Curl_easy *data, struct connectdata *conn,
{
struct SingleRequest *k = &data->req;
int bitmap = GETSOCK_BLANK;
+ struct HTTP *stream = data->req.p.http;
+ struct quicsocket *qs = conn->quic;
socks[0] = conn->sock[FIRSTSOCKET];
@@ -850,7 +877,11 @@ static int ng_getsock(struct Curl_easy *data, struct connectdata *conn,
bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
/* we're still uploading or the HTTP/2 layer wants to send data */
- if((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND)
+ if((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND &&
+ (!stream->h3out || stream->h3out->used < H3_SEND_SIZE) &&
+ ngtcp2_conn_get_cwnd_left(qs->qconn) &&
+ ngtcp2_conn_get_max_data_left(qs->qconn) &&
+ nghttp3_conn_is_stream_writable(qs->h3conn, stream->stream3_id))
bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
return bitmap;
@@ -858,8 +889,26 @@ static int ng_getsock(struct Curl_easy *data, struct connectdata *conn,
static void qs_disconnect(struct quicsocket *qs)
{
+ char buffer[NGTCP2_MAX_UDP_PAYLOAD_SIZE];
+ ngtcp2_tstamp ts;
+ ngtcp2_ssize rc;
+ ngtcp2_connection_close_error errorcode;
+
if(!qs->conn) /* already closed */
return;
+ ngtcp2_connection_close_error_set_application_error(&errorcode,
+ NGHTTP3_H3_NO_ERROR,
+ NULL, 0);
+ ts = timestamp();
+ rc = ngtcp2_conn_write_connection_close(qs->qconn, NULL, /* path */
+ NULL, /* pkt_info */
+ (uint8_t *)buffer, sizeof(buffer),
+ &errorcode, ts);
+ if(rc > 0) {
+ while((send(qs->conn->sock[FIRSTSOCKET], buffer, rc, 0) == -1) &&
+ SOCKERRNO == EINTR);
+ }
+
qs->conn = NULL;
if(qs->qlogfd != -1) {
close(qs->qlogfd);
@@ -1080,8 +1129,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
(void)flags;
(void)user_data;
- if(h3name.len == sizeof(H2H3_PSEUDO_STATUS) - 1 &&
- !memcmp(H2H3_PSEUDO_STATUS, h3name.base, h3name.len)) {
+ if(token == NGHTTP3_QPACK_TOKEN__STATUS) {
char line[14]; /* status line is always 13 characters long */
size_t ncopy;
int status = decode_status_code(h3val.base, h3val.len);
@@ -1333,6 +1381,10 @@ static ssize_t cb_h3_readfunction(nghttp3_conn *conn, int64_t stream_id,
return 1;
}
+ if(stream->upload_len && H3_SEND_SIZE <= stream->h3out->used) {
+ return NGHTTP3_ERR_WOULDBLOCK;
+ }
+
nread = CURLMIN(stream->upload_len, H3_SEND_SIZE - stream->h3out->used);
if(nread > 0) {
/* nghttp3 wants us to hold on to the data until it tells us it is okay to
@@ -1367,7 +1419,7 @@ static ssize_t cb_h3_readfunction(nghttp3_conn *conn, int64_t stream_id,
}
if(stream->upload_done && !stream->upload_len &&
(stream->upload_left <= 0)) {
- H3BUGF(infof(data, "!!!!!!!!! cb_h3_readfunction sets EOF"));
+ H3BUGF(infof(data, "cb_h3_readfunction sets EOF"));
*pflags = NGHTTP3_DATA_FLAG_EOF;
return nread ? 1 : 0;
}
@@ -1485,7 +1537,7 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data,
size_t len,
CURLcode *curlcode)
{
- ssize_t sent;
+ ssize_t sent = 0;
struct connectdata *conn = data->conn;
struct quicsocket *qs = conn->quic;
curl_socket_t sockfd = conn->sock[sockindex];
@@ -1497,6 +1549,9 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data,
*curlcode = CURLE_SEND_ERROR;
return -1;
}
+ /* Assume that mem of length len only includes HTTP/1.1 style
+ header fields. In other words, it does not contain request
+ body. */
sent = len;
}
else {
@@ -1506,7 +1561,6 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data,
stream->upload_mem = mem;
stream->upload_len = len;
(void)nghttp3_conn_resume_stream(qs->h3conn, stream->stream3_id);
- sent = len;
}
else {
*curlcode = CURLE_AGAIN;
@@ -1521,8 +1575,20 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data,
/* Reset post upload buffer after resumed. */
if(stream->upload_mem) {
+ if(data->set.postfields) {
+ sent = len;
+ }
+ else {
+ sent = len - stream->upload_len;
+ }
+
stream->upload_mem = NULL;
stream->upload_len = 0;
+
+ if(sent == 0) {
+ *curlcode = CURLE_AGAIN;
+ return -1;
+ }
}
*curlcode = CURLE_OK;
@@ -1653,7 +1719,6 @@ static CURLcode ng_flush_egress(struct Curl_easy *data,
uint8_t out[NGTCP2_MAX_UDP_PAYLOAD_SIZE];
ngtcp2_path_storage ps;
ngtcp2_tstamp ts = timestamp();
- struct sockaddr_storage remote_addr;
ngtcp2_tstamp expiry;
ngtcp2_duration timeout;
int64_t stream_id;
@@ -1742,7 +1807,6 @@ static CURLcode ng_flush_egress(struct Curl_easy *data,
}
}
- memcpy(&remote_addr, ps.path.remote.addr, ps.path.remote.addrlen);
while((sent = send(sockfd, (const char *)out, outlen, 0)) == -1 &&
SOCKERRNO == EINTR)
;
@@ -1763,10 +1827,13 @@ static CURLcode ng_flush_egress(struct Curl_easy *data,
expiry = ngtcp2_conn_get_expiry(qs->qconn);
if(expiry != UINT64_MAX) {
if(expiry <= ts) {
- timeout = NGTCP2_MILLISECONDS;
+ timeout = 0;
}
else {
timeout = expiry - ts;
+ if(timeout % NGTCP2_MILLISECONDS) {
+ timeout += NGTCP2_MILLISECONDS;
+ }
}
Curl_expire(data, timeout / NGTCP2_MILLISECONDS, EXPIRE_QUIC);
}
@@ -1802,6 +1869,7 @@ void Curl_quic_done(struct Curl_easy *data, bool premature)
/* only for HTTP/3 transfers */
struct HTTP *stream = data->req.p.http;
Curl_dyn_free(&stream->overflow);
+ free(stream->h3out);
}
}
diff --git a/contrib/libs/curl/lib/vquic/quiche.c b/contrib/libs/curl/lib/vquic/quiche.c
index a545cebdcc..b4665d76db 100644
--- a/contrib/libs/curl/lib/vquic/quiche.c
+++ b/contrib/libs/curl/lib/vquic/quiche.c
@@ -427,7 +427,7 @@ CURLcode Curl_quic_is_connected(struct Curl_easy *data,
if(quiche_conn_is_established(qs->conn)) {
*done = TRUE;
result = quiche_has_connected(data, conn, 0, sockindex);
- DEBUGF(infof(data, "quiche established connection!"));
+ DEBUGF(infof(data, "quiche established connection"));
}
return result;
@@ -781,7 +781,7 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem,
(uint8_t *)data->set.postfields,
stream->upload_left, TRUE);
if(sent <= 0) {
- failf(data, "quiche_h3_send_body failed!");
+ failf(data, "quiche_h3_send_body failed");
result = CURLE_SEND_ERROR;
}
stream->upload_left = 0; /* nothing left to send */
diff --git a/contrib/libs/curl/lib/vssh/libssh.c b/contrib/libs/curl/lib/vssh/libssh.c
index 253190c276..127967bc83 100644
--- a/contrib/libs/curl/lib/vssh/libssh.c
+++ b/contrib/libs/curl/lib/vssh/libssh.c
@@ -105,6 +105,14 @@
} while(0)
#endif
+/* These stat values may not be the same as the user's S_IFMT / S_IFLNK */
+#ifndef SSH_S_IFMT
+#define SSH_S_IFMT 00170000
+#endif
+#ifndef SSH_S_IFLNK
+#define SSH_S_IFLNK 0120000
+#endif
+
/* Local functions: */
static CURLcode myssh_connect(struct Curl_easy *data, bool *done);
static CURLcode myssh_multi_statemach(struct Curl_easy *data,
@@ -1962,6 +1970,10 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
}
ssh_disconnect(sshc->ssh_session);
+ /* conn->sock[FIRSTSOCKET] is closed by ssh_disconnect behind our back,
+ explicitly mark it as closed with the memdebug macro: */
+ fake_sclose(conn->sock[FIRSTSOCKET]);
+ conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD;
SSH_STRING_FREE_CHAR(sshc->homedir);
data->state.most_recent_ftp_entrypath = NULL;
@@ -2055,6 +2067,9 @@ static int myssh_getsock(struct Curl_easy *data,
if(conn->waitfor & KEEP_SEND)
bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
+ if(!conn->waitfor)
+ bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
+
return bitmap;
}
@@ -2687,7 +2702,7 @@ static void sftp_quote(struct Curl_easy *data)
*/
cp = strchr(cmd, ' ');
if(!cp) {
- failf(data, "Syntax error in SFTP command. Supply parameter(s)!");
+ failf(data, "Syntax error in SFTP command. Supply parameter(s)");
state(data, SSH_SFTP_CLOSE);
sshc->nextstate = SSH_NO_STATE;
sshc->actualcode = CURLE_QUOTE_ERROR;
diff --git a/contrib/libs/curl/lib/vssh/libssh2.c b/contrib/libs/curl/lib/vssh/libssh2.c
index 9a7b90678c..4f270809af 100644
--- a/contrib/libs/curl/lib/vssh/libssh2.c
+++ b/contrib/libs/curl/lib/vssh/libssh2.c
@@ -497,7 +497,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data)
break;
#endif
default:
- infof(data, "unsupported key type, can't check knownhosts!");
+ infof(data, "unsupported key type, can't check knownhosts");
keybit = 0;
break;
}
@@ -592,7 +592,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data)
LIBSSH2_KNOWNHOST_KEYENC_RAW|
keybit, NULL);
if(addrc)
- infof(data, "Warning adding the known host %s failed!",
+ infof(data, "WARNING: adding the known host %s failed",
conn->host.name);
else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE ||
rc == CURLKHSTAT_FINE_REPLACE) {
@@ -603,7 +603,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data)
data->set.str[STRING_SSH_KNOWNHOSTS],
LIBSSH2_KNOWNHOST_FILE_OPENSSH);
if(wrc) {
- infof(data, "Warning, writing %s failed!",
+ infof(data, "WARNING: writing %s failed",
data->set.str[STRING_SSH_KNOWNHOSTS]);
}
}
@@ -694,12 +694,12 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data)
* against a known fingerprint, if available.
*/
if((pub_pos != b64_pos) ||
- Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) {
+ strncmp(fingerprint_b64, pubkey_sha256, pub_pos)) {
free(fingerprint_b64);
failf(data,
- "Denied establishing ssh session: mismatch sha256 fingerprint. "
- "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256);
+ "Denied establishing ssh session: mismatch sha256 fingerprint. "
+ "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256);
state(data, SSH_SESSION_FREE);
sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
return sshc->actualcode;
@@ -707,7 +707,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data)
free(fingerprint_b64);
- infof(data, "SHA256 checksum match!");
+ infof(data, "SHA256 checksum match");
}
if(pubkey_md5) {
@@ -727,27 +727,24 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data)
infof(data, "SSH MD5 fingerprint: %s", md5buffer);
}
- /* Before we authenticate we check the hostkey's MD5 fingerprint
- * against a known fingerprint, if available.
- */
- if(pubkey_md5 && strlen(pubkey_md5) == 32) {
- if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) {
- if(fingerprint) {
- failf(data,
+ /* This does NOT verify the length of 'pubkey_md5' separately, which will
+ make the comparison below fail unless it is exactly 32 characters */
+ if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) {
+ if(fingerprint) {
+ failf(data,
"Denied establishing ssh session: mismatch md5 fingerprint. "
"Remote %s is not equal to %s", md5buffer, pubkey_md5);
- }
- else {
- failf(data,
+ }
+ else {
+ failf(data,
"Denied establishing ssh session: md5 fingerprint "
"not available");
- }
- state(data, SSH_SESSION_FREE);
- sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
- return sshc->actualcode;
}
- infof(data, "MD5 checksum match!");
+ state(data, SSH_SESSION_FREE);
+ sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
+ return sshc->actualcode;
}
+ infof(data, "MD5 checksum match");
}
if(!pubkey_md5 && !pubkey_sha256) {
@@ -1470,7 +1467,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
*/
cp = strchr(cmd, ' ');
if(!cp) {
- failf(data, "Syntax error command '%s'. Missing parameter!",
+ failf(data, "Syntax error command '%s', missing parameter",
cmd);
state(data, SSH_SFTP_CLOSE);
sshc->nextstate = SSH_NO_STATE;
@@ -3229,7 +3226,7 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done)
sshrecv.recvptr = ssh_tls_recv;
sshsend.sendptr = ssh_tls_send;
- infof(data, "Uses HTTPS proxy!");
+ infof(data, "Uses HTTPS proxy");
/*
Setup libssh2 callbacks to make it read/write TLS from the socket.
diff --git a/contrib/libs/curl/lib/vssh/wolfssh.c b/contrib/libs/curl/lib/vssh/wolfssh.c
index 12cc59b2a2..c694343675 100644
--- a/contrib/libs/curl/lib/vssh/wolfssh.c
+++ b/contrib/libs/curl/lib/vssh/wolfssh.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2019 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -469,7 +469,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
state(data, SSH_STOP);
return CURLE_SSH;
}
- infof(data, "wolfssh connected!");
+ infof(data, "wolfssh connected");
state(data, SSH_STOP);
break;
case SSH_STOP:
@@ -490,7 +490,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
return CURLE_OK;
}
else if(rc == WS_SUCCESS) {
- infof(data, "wolfssh SFTP connected!");
+ infof(data, "wolfssh SFTP connected");
state(data, SSH_SFTP_REALPATH);
}
else {
@@ -519,7 +519,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
else {
memcpy(sshc->homedir, name->fName, name->fSz);
sshc->homedir[name->fSz] = 0;
- infof(data, "wolfssh SFTP realpath succeeded!");
+ infof(data, "wolfssh SFTP realpath succeeded");
}
wolfSSH_SFTPNAME_list_free(name);
state(data, SSH_STOP);
@@ -617,7 +617,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
return CURLE_OK;
}
else if(rc == WS_SUCCESS) {
- infof(data, "wolfssh SFTP open succeeded!");
+ infof(data, "wolfssh SFTP open succeeded");
}
else {
failf(data, "wolfssh SFTP upload open failed: %d", rc);
@@ -728,7 +728,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
return CURLE_OK;
}
else if(rc == WS_SUCCESS) {
- infof(data, "wolfssh SFTP open succeeded!");
+ infof(data, "wolfssh SFTP open succeeded");
state(data, SSH_SFTP_DOWNLOAD_STAT);
return CURLE_OK;
}
@@ -754,7 +754,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
return CURLE_OK;
}
else if(rc == WS_SUCCESS) {
- infof(data, "wolfssh STAT succeeded!");
+ infof(data, "wolfssh STAT succeeded");
}
else {
failf(data, "wolfssh SFTP open failed: %d", rc);
diff --git a/contrib/libs/curl/lib/vtls/bearssl.c b/contrib/libs/curl/lib/vtls/bearssl.c
index 77e22cf3e0..91f4416e8f 100644
--- a/contrib/libs/curl/lib/vtls/bearssl.c
+++ b/contrib/libs/curl/lib/vtls/bearssl.c
@@ -35,6 +35,7 @@
#include "multiif.h"
#include "curl_printf.h"
#include "curl_memory.h"
+#include "strcase.h"
struct x509_context {
const br_x509_class *vtable;
@@ -353,6 +354,216 @@ static const br_x509_class x509_vtable = {
x509_get_pkey
};
+struct st_cipher {
+ const char *name; /* Cipher suite IANA name. It starts with "TLS_" prefix */
+ const char *alias_name; /* Alias name is the same as OpenSSL cipher name */
+ uint16_t num; /* BearSSL cipher suite */
+};
+
+/* Macro to initialize st_cipher data structure */
+#define CIPHER_DEF(num, alias) { #num, alias, BR_##num }
+
+static const struct st_cipher ciphertable[] = {
+ /* RFC 2246 TLS 1.0 */
+ CIPHER_DEF(TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */
+ "DES-CBC3-SHA"),
+
+ /* RFC 3268 TLS 1.0 AES */
+ CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA, /* 0x002F */
+ "AES128-SHA"),
+ CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA, /* 0x0035 */
+ "AES256-SHA"),
+
+ /* RFC 5246 TLS 1.2 */
+ CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA256, /* 0x003C */
+ "AES128-SHA256"),
+ CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA256, /* 0x003D */
+ "AES256-SHA256"),
+
+ /* RFC 5288 TLS 1.2 AES GCM */
+ CIPHER_DEF(TLS_RSA_WITH_AES_128_GCM_SHA256, /* 0x009C */
+ "AES128-GCM-SHA256"),
+ CIPHER_DEF(TLS_RSA_WITH_AES_256_GCM_SHA384, /* 0x009D */
+ "AES256-GCM-SHA384"),
+
+ /* RFC 4492 TLS 1.0 ECC */
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */
+ "ECDH-ECDSA-DES-CBC3-SHA"),
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */
+ "ECDH-ECDSA-AES128-SHA"),
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC005 */
+ "ECDH-ECDSA-AES256-SHA"),
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC008 */
+ "ECDHE-ECDSA-DES-CBC3-SHA"),
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC009 */
+ "ECDHE-ECDSA-AES128-SHA"),
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC00A */
+ "ECDHE-ECDSA-AES256-SHA"),
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC00D */
+ "ECDH-RSA-DES-CBC3-SHA"),
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* 0xC00E */
+ "ECDH-RSA-AES128-SHA"),
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* 0xC00F */
+ "ECDH-RSA-AES256-SHA"),
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC012 */
+ "ECDHE-RSA-DES-CBC3-SHA"),
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* 0xC013 */
+ "ECDHE-RSA-AES128-SHA"),
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, /* 0xC014 */
+ "ECDHE-RSA-AES256-SHA"),
+
+ /* RFC 5289 TLS 1.2 ECC HMAC SHA256/384 */
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC023 */
+ "ECDHE-ECDSA-AES128-SHA256"),
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC024 */
+ "ECDHE-ECDSA-AES256-SHA384"),
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC025 */
+ "ECDH-ECDSA-AES128-SHA256"),
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC026 */
+ "ECDH-ECDSA-AES256-SHA384"),
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, /* 0xC027 */
+ "ECDHE-RSA-AES128-SHA256"),
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, /* 0xC028 */
+ "ECDHE-RSA-AES256-SHA384"),
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, /* 0xC029 */
+ "ECDH-RSA-AES128-SHA256"),
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, /* 0xC02A */
+ "ECDH-RSA-AES256-SHA384"),
+
+ /* RFC 5289 TLS 1.2 GCM */
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02B */
+ "ECDHE-ECDSA-AES128-GCM-SHA256"),
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02C */
+ "ECDHE-ECDSA-AES256-GCM-SHA384"),
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02D */
+ "ECDH-ECDSA-AES128-GCM-SHA256"),
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02E */
+ "ECDH-ECDSA-AES256-GCM-SHA384"),
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* 0xC02F */
+ "ECDHE-RSA-AES128-GCM-SHA256"),
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* 0xC030 */
+ "ECDHE-RSA-AES256-GCM-SHA384"),
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, /* 0xC031 */
+ "ECDH-RSA-AES128-GCM-SHA256"),
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, /* 0xC032 */
+ "ECDH-RSA-AES256-GCM-SHA384"),
+#ifdef BR_TLS_RSA_WITH_AES_128_CCM
+
+ /* RFC 6655 TLS 1.2 CCM
+ Supported since BearSSL 0.6 */
+ CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM, /* 0xC09C */
+ "AES128-CCM"),
+ CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM, /* 0xC09D */
+ "AES256-CCM"),
+ CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM_8, /* 0xC0A0 */
+ "AES128-CCM8"),
+ CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM_8, /* 0xC0A1 */
+ "AES256-CCM8"),
+
+ /* RFC 7251 TLS 1.2 ECC CCM
+ Supported since BearSSL 0.6 */
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM, /* 0xC0AC */
+ "ECDHE-ECDSA-AES128-CCM"),
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM, /* 0xC0AD */
+ "ECDHE-ECDSA-AES256-CCM"),
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, /* 0xC0AE */
+ "ECDHE-ECDSA-AES128-CCM8"),
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, /* 0xC0AF */
+ "ECDHE-ECDSA-AES256-CCM8"),
+#endif
+
+ /* RFC 7905 TLS 1.2 ChaCha20-Poly1305
+ Supported since BearSSL 0.2 */
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */
+ "ECDHE-RSA-CHACHA20-POLY1305"),
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */
+ "ECDHE-ECDSA-CHACHA20-POLY1305"),
+};
+
+#define NUM_OF_CIPHERS (sizeof(ciphertable) / sizeof(ciphertable[0]))
+#define CIPHER_NAME_BUF_LEN 64
+
+static bool is_separator(char c)
+{
+ /* Return whether character is a cipher list separator. */
+ switch(c) {
+ case ' ':
+ case '\t':
+ case ':':
+ case ',':
+ case ';':
+ return true;
+ }
+ return false;
+}
+
+static CURLcode bearssl_set_selected_ciphers(struct Curl_easy *data,
+ br_ssl_engine_context *ssl_eng,
+ const char *ciphers)
+{
+ uint16_t selected_ciphers[NUM_OF_CIPHERS];
+ size_t selected_count = 0;
+ char cipher_name[CIPHER_NAME_BUF_LEN];
+ const char *cipher_start = ciphers;
+ const char *cipher_end;
+ size_t i, j;
+
+ if(!cipher_start)
+ return CURLE_SSL_CIPHER;
+
+ while(true) {
+ /* Extract the next cipher name from the ciphers string */
+ while(is_separator(*cipher_start))
+ ++cipher_start;
+ if(*cipher_start == '\0')
+ break;
+ cipher_end = cipher_start;
+ while(*cipher_end != '\0' && !is_separator(*cipher_end))
+ ++cipher_end;
+ j = cipher_end - cipher_start < CIPHER_NAME_BUF_LEN - 1 ?
+ cipher_end - cipher_start : CIPHER_NAME_BUF_LEN - 1;
+ strncpy(cipher_name, cipher_start, j);
+ cipher_name[j] = '\0';
+ cipher_start = cipher_end;
+
+ /* Lookup the cipher name in the table of available ciphers. If the cipher
+ name starts with "TLS_" we do the lookup by IANA name. Otherwise, we try
+ to match cipher name by an (OpenSSL) alias. */
+ if(strncasecompare(cipher_name, "TLS_", 4)) {
+ for(i = 0; i < NUM_OF_CIPHERS &&
+ !strcasecompare(cipher_name, ciphertable[i].name); ++i);
+ }
+ else {
+ for(i = 0; i < NUM_OF_CIPHERS &&
+ !strcasecompare(cipher_name, ciphertable[i].alias_name); ++i);
+ }
+ if(i == NUM_OF_CIPHERS) {
+ infof(data, "BearSSL: unknown cipher in list: %s", cipher_name);
+ continue;
+ }
+
+ /* No duplicates allowed */
+ for(j = 0; j < selected_count &&
+ selected_ciphers[j] != ciphertable[i].num; j++);
+ if(j < selected_count) {
+ infof(data, "BearSSL: duplicate cipher in list: %s", cipher_name);
+ continue;
+ }
+
+ DEBUGASSERT(selected_count < NUM_OF_CIPHERS);
+ selected_ciphers[selected_count] = ciphertable[i].num;
+ ++selected_count;
+ }
+
+ if(selected_count == 0) {
+ failf(data, "BearSSL: no supported cipher in list");
+ return CURLE_SSL_CIPHER;
+ }
+
+ br_ssl_engine_set_suites(ssl_eng, selected_ciphers, selected_count);
+ return CURLE_OK;
+}
+
static CURLcode bearssl_connect_step1(struct Curl_easy *data,
struct connectdata *conn, int sockindex)
{
@@ -446,6 +657,15 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data,
br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf,
sizeof(backend->buf), 1);
+ if(SSL_CONN_CONFIG(cipher_list)) {
+ /* Override the ciphers as specified. For the default cipher list see the
+ BearSSL source code of br_ssl_client_init_full() */
+ ret = bearssl_set_selected_ciphers(data, &backend->ctx.eng,
+ SSL_CONN_CONFIG(cipher_list));
+ if(ret)
+ return ret;
+ }
+
/* initialize X.509 context */
backend->x509.vtable = &x509_vtable;
backend->x509.verifypeer = verifypeer;
@@ -478,12 +698,12 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data,
#endif
) {
backend->protocols[cur++] = ALPN_H2;
- infof(data, "ALPN, offering %s", ALPN_H2);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif
backend->protocols[cur++] = ALPN_HTTP_1_1;
- infof(data, "ALPN, offering %s", ALPN_HTTP_1_1);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
br_ssl_engine_set_protocol_names(&backend->ctx.eng,
backend->protocols, cur);
@@ -510,6 +730,18 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data,
hostname = snihost;
}
+ /* give application a chance to interfere with SSL set up. */
+ if(data->set.ssl.fsslctx) {
+ Curl_set_in_callback(data, true);
+ ret = (*data->set.ssl.fsslctx)(data, &backend->ctx,
+ data->set.ssl.fsslctxp);
+ Curl_set_in_callback(data, false);
+ if(ret) {
+ failf(data, "BearSSL: error signaled by ssl ctx callback");
+ return ret;
+ }
+ }
+
if(!br_ssl_client_reset(&backend->ctx, hostname, 1))
return CURLE_FAILED_INIT;
backend->active = TRUE;
@@ -637,7 +869,7 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data,
protocol = br_ssl_engine_get_selected_protocol(&backend->ctx.eng);
if(protocol) {
- infof(data, "ALPN, server accepted to use %s", protocol);
+ infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, protocol);
#ifdef USE_HTTP2
if(!strcmp(protocol, ALPN_H2))
@@ -652,7 +884,7 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data,
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
else
- infof(data, "ALPN, server did not agree to a protocol");
+ infof(data, VTLS_INFOF_NO_ALPN);
}
if(SSL_SET_OPTION(primary.sessionid)) {
@@ -950,7 +1182,7 @@ static CURLcode bearssl_sha256sum(const unsigned char *input,
const struct Curl_ssl Curl_ssl_bearssl = {
{ CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */
- SSLSUPP_CAINFO_BLOB,
+ SSLSUPP_CAINFO_BLOB | SSLSUPP_SSL_CTX,
sizeof(struct ssl_backend_data),
Curl_none_init, /* init */
diff --git a/contrib/libs/curl/lib/vtls/gskit.c b/contrib/libs/curl/lib/vtls/gskit.c
index 56d48497db..9b5fbe4dd6 100644
--- a/contrib/libs/curl/lib/vtls/gskit.c
+++ b/contrib/libs/curl/lib/vtls/gskit.c
@@ -74,6 +74,7 @@
#include "connect.h" /* for the connect timeout */
#include "select.h"
#include "strcase.h"
+#include "timediff.h"
#include "x509asn1.h"
#include "curl_printf.h"
@@ -449,8 +450,7 @@ static CURLcode set_ciphers(struct Curl_easy *data,
static int gskit_init(void)
{
- /* No initialisation needed. */
-
+ /* No initialization needed. */
return 1;
}
@@ -976,11 +976,12 @@ static CURLcode gskit_connect_step2(struct Curl_easy *data,
for(;;) {
timediff_t timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
+ stmv.tv_sec = 0;
+ stmv.tv_usec = 0;
if(timeout_ms < 0)
timeout_ms = 0;
- stmv.tv_sec = timeout_ms / 1000;
- stmv.tv_usec = (timeout_ms - stmv.tv_sec * 1000) * 1000;
- switch(QsoWaitForIOCompletion(BACKEND->iocport, &cstat, &stmv)) {
+ switch(QsoWaitForIOCompletion(BACKEND->iocport, &cstat,
+ curlx_mstotv(&stmv, timeout_ms))) {
case 1: /* Operation complete. */
break;
case -1: /* An error occurred: handshake still in progress. */
@@ -1095,7 +1096,7 @@ static CURLcode gskit_connect_step3(struct Curl_easy *data,
p = &x509.subjectPublicKeyInfo;
result = Curl_pin_peer_pubkey(data, ptr, p->header, p->end - p->header);
if(result) {
- failf(data, "SSL: public key does not match pinned public key!");
+ failf(data, "SSL: public key does not match pinned public key");
return result;
}
}
diff --git a/contrib/libs/curl/lib/vtls/gtls.c b/contrib/libs/curl/lib/vtls/gtls.c
index 57493767e5..0535011911 100644
--- a/contrib/libs/curl/lib/vtls/gtls.c
+++ b/contrib/libs/curl/lib/vtls/gtls.c
@@ -55,6 +55,14 @@
/* The last #include file should be: */
#include "memdebug.h"
+#ifdef HAVE_GNUTLS_SRP
+/* the function exists */
+#ifdef USE_TLS_SRP
+/* the functionality is not disabled */
+#define USE_GNUTLS_SRP
+#endif
+#endif
+
/* Enable GnuTLS debugging by defining GTLSDEBUG */
/*#define GTLSDEBUG */
@@ -75,7 +83,7 @@ static bool gtls_inited = FALSE;
struct ssl_backend_data {
gnutls_session_t session;
gnutls_certificate_credentials_t cred;
-#ifdef HAVE_GNUTLS_SRP
+#ifdef USE_GNUTLS_SRP
gnutls_srp_client_credentials_t srp_client_cred;
#endif
};
@@ -436,12 +444,12 @@ gtls_connect_step1(struct Curl_easy *data,
return CURLE_SSL_CONNECT_ERROR;
}
-#ifdef HAVE_GNUTLS_SRP
- if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
+#ifdef USE_GNUTLS_SRP
+ if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) &&
+ Curl_allow_auth_to_host(data)) {
infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username));
- rc = gnutls_srp_allocate_client_credentials(
- &backend->srp_client_cred);
+ rc = gnutls_srp_allocate_client_credentials(&backend->srp_client_cred);
if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
gnutls_strerror(rc));
@@ -587,7 +595,7 @@ gtls_connect_step1(struct Curl_easy *data,
if(result)
return result;
-#ifdef HAVE_GNUTLS_SRP
+#ifdef USE_GNUTLS_SRP
/* Only add SRP to the cipher list if SRP is requested. Otherwise
* GnuTLS will disable TLS 1.3 support. */
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
@@ -609,7 +617,7 @@ gtls_connect_step1(struct Curl_easy *data,
#endif
infof(data, "GnuTLS ciphers: %s", prioritylist);
rc = gnutls_priority_set_direct(session, prioritylist, &err);
-#ifdef HAVE_GNUTLS_SRP
+#ifdef USE_GNUTLS_SRP
}
#endif
@@ -632,14 +640,14 @@ gtls_connect_step1(struct Curl_easy *data,
protocols[cur].data = (unsigned char *)ALPN_H2;
protocols[cur].size = ALPN_H2_LENGTH;
cur++;
- infof(data, "ALPN, offering %.*s", ALPN_H2_LENGTH, ALPN_H2);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif
protocols[cur].data = (unsigned char *)ALPN_HTTP_1_1;
protocols[cur].size = ALPN_HTTP_1_1_LENGTH;
cur++;
- infof(data, "ALPN, offering %s", ALPN_HTTP_1_1);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
if(gnutls_alpn_set_protocols(session, protocols, cur, 0)) {
failf(data, "failed setting ALPN");
@@ -683,7 +691,7 @@ gtls_connect_step1(struct Curl_easy *data,
}
}
-#ifdef HAVE_GNUTLS_SRP
+#ifdef USE_GNUTLS_SRP
/* put the credentials to the current session */
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
@@ -866,7 +874,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
if(SSL_CONN_CONFIG(verifypeer) ||
SSL_CONN_CONFIG(verifyhost) ||
SSL_CONN_CONFIG(issuercert)) {
-#ifdef HAVE_GNUTLS_SRP
+#ifdef USE_GNUTLS_SRP
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
&& SSL_SET_OPTION(username) != NULL
&& !SSL_CONN_CONFIG(verifypeer)
@@ -879,7 +887,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
failf(data, "failed to get server cert");
*certverifyresult = GNUTLS_E_NO_CERTIFICATE_FOUND;
return CURLE_PEER_FAILED_VERIFICATION;
-#ifdef HAVE_GNUTLS_SRP
+#ifdef USE_GNUTLS_SRP
}
#endif
}
@@ -1198,7 +1206,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
if(ptr) {
result = pkp_pin_peer_pubkey(data, x509_cert, ptr);
if(result != CURLE_OK) {
- failf(data, "SSL: public key does not match pinned public key!");
+ failf(data, "SSL: public key does not match pinned public key");
gnutls_x509_crt_deinit(x509_cert);
return result;
}
@@ -1255,8 +1263,8 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
if(conn->bits.tls_enable_alpn) {
rc = gnutls_alpn_get_selected_protocol(session, &proto);
if(rc == 0) {
- infof(data, "ALPN, server accepted to use %.*s", proto.size,
- proto.data);
+ infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, proto.size,
+ proto.data);
#ifdef USE_HTTP2
if(proto.size == ALPN_H2_LENGTH &&
@@ -1272,7 +1280,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
}
}
else
- infof(data, "ALPN, server did not agree to a protocol");
+ infof(data, VTLS_INFOF_NO_ALPN);
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
@@ -1469,7 +1477,7 @@ static void close_one(struct ssl_connect_data *connssl)
gnutls_certificate_free_credentials(backend->cred);
backend->cred = NULL;
}
-#ifdef HAVE_GNUTLS_SRP
+#ifdef USE_GNUTLS_SRP
if(backend->srp_client_cred) {
gnutls_srp_free_client_credentials(backend->srp_client_cred);
backend->srp_client_cred = NULL;
@@ -1555,7 +1563,7 @@ static int gtls_shutdown(struct Curl_easy *data, struct connectdata *conn,
}
gnutls_certificate_free_credentials(backend->cred);
-#ifdef HAVE_GNUTLS_SRP
+#ifdef USE_GNUTLS_SRP
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
&& SSL_SET_OPTION(username) != NULL)
gnutls_srp_free_client_credentials(backend->srp_client_cred);
diff --git a/contrib/libs/curl/lib/vtls/mbedtls.c b/contrib/libs/curl/lib/vtls/mbedtls.c
index d59ad92581..a1ab6b42c9 100644
--- a/contrib/libs/curl/lib/vtls/mbedtls.c
+++ b/contrib/libs/curl/lib/vtls/mbedtls.c
@@ -70,11 +70,18 @@
#include "curl_memory.h"
#include "memdebug.h"
+/* ALPN for http2 */
+#ifdef USE_HTTP2
+# undef HAS_ALPN
+# ifdef MBEDTLS_SSL_ALPN
+# define HAS_ALPN
+# endif
+#endif
+
struct ssl_backend_data {
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
mbedtls_ssl_context ssl;
- int server_fd;
mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert;
#ifdef MBEDTLS_X509_CRL_PARSE_C
@@ -82,7 +89,9 @@ struct ssl_backend_data {
#endif
mbedtls_pk_context pk;
mbedtls_ssl_config config;
+#ifdef HAS_ALPN
const char *protocols[3];
+#endif
};
/* apply threading? */
@@ -144,15 +153,6 @@ static void mbed_debug(void *context, int level, const char *f_name,
#else
#endif
-/* ALPN for http2? */
-#ifdef USE_NGHTTP2
-# undef HAS_ALPN
-# ifdef MBEDTLS_SSL_ALPN
-# define HAS_ALPN
-# endif
-#endif
-
-
/*
* profile
*/
@@ -614,9 +614,9 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
#ifdef HAS_ALPN
if(conn->bits.tls_enable_alpn) {
const char **p = &backend->protocols[0];
-#ifdef USE_NGHTTP2
+#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2)
- *p++ = NGHTTP2_PROTO_VERSION_ID;
+ *p++ = ALPN_H2;
#endif
*p++ = ALPN_HTTP_1_1;
*p = NULL;
@@ -628,7 +628,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
return CURLE_SSL_CONNECT_ERROR;
}
for(p = &backend->protocols[0]; *p; ++p)
- infof(data, "ALPN, offering %s", *p);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, *p);
}
#endif
@@ -813,11 +813,10 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
const char *next_protocol = mbedtls_ssl_get_alpn_protocol(&backend->ssl);
if(next_protocol) {
- infof(data, "ALPN, server accepted to use %s", next_protocol);
-#ifdef USE_NGHTTP2
- if(!strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID,
- NGHTTP2_PROTO_VERSION_ID_LEN) &&
- !next_protocol[NGHTTP2_PROTO_VERSION_ID_LEN]) {
+ infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, next_protocol);
+#ifdef USE_HTTP2
+ if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LEN) &&
+ !next_protocol[ALPN_H2_LEN]) {
conn->negnpn = CURL_HTTP_VERSION_2;
}
else
@@ -828,7 +827,7 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
}
}
else {
- infof(data, "ALPN, server did not agree to a protocol");
+ infof(data, VTLS_INFOF_NO_ALPN);
}
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
diff --git a/contrib/libs/curl/lib/vtls/nss.c b/contrib/libs/curl/lib/vtls/nss.c
index 558e3bed39..5b7de9f818 100644
--- a/contrib/libs/curl/lib/vtls/nss.c
+++ b/contrib/libs/curl/lib/vtls/nss.c
@@ -434,7 +434,7 @@ static char *dup_nickname(struct Curl_easy *data, const char *str)
/* search the first slash; we require at least one slash in a file name */
n = strchr(str, '/');
if(!n) {
- infof(data, "warning: certificate file name \"%s\" handled as nickname; "
+ infof(data, "WARNING: certificate file name \"%s\" handled as nickname; "
"please use \"./%s\" to force file name", str, str);
return strdup(str);
}
@@ -862,11 +862,11 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
#endif
case SSL_NEXT_PROTO_NO_SUPPORT:
case SSL_NEXT_PROTO_NO_OVERLAP:
- infof(data, "ALPN/NPN, server did not agree to a protocol");
+ infof(data, VTLS_INFOF_NO_ALPN);
return;
#ifdef SSL_ENABLE_ALPN
case SSL_NEXT_PROTO_SELECTED:
- infof(data, "ALPN, server accepted to use %.*s", buflen, buf);
+ infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, buflen, buf);
break;
#endif
case SSL_NEXT_PROTO_NEGOTIATED:
@@ -874,7 +874,7 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
break;
}
-#ifdef USE_NGHTTP2
+#ifdef USE_HTTP2
if(buflen == ALPN_H2_LENGTH &&
!memcmp(ALPN_H2, buf, ALPN_H2_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_2;
@@ -1146,7 +1146,7 @@ static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl,
/* report the resulting status */
switch(result) {
case CURLE_OK:
- infof(data, "pinned public key verified successfully!");
+ infof(data, "pinned public key verified successfully");
break;
case CURLE_SSL_PINNEDPUBKEYNOTMATCH:
failf(data, "failed to verify pinned public key");
@@ -1748,7 +1748,7 @@ static CURLcode nss_load_ca_certificates(struct Curl_easy *data,
PR_CloseDir(dir);
}
else
- infof(data, "warning: CURLOPT_CAPATH not a directory (%s)", capath);
+ infof(data, "WARNING: CURLOPT_CAPATH not a directory (%s)", capath);
}
return CURLE_OK;
@@ -1985,11 +1985,11 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
/* unless the user explicitly asks to allow the protocol vulnerability, we
use the work-around */
if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess)
- infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d",
+ infof(data, "WARNING: failed to set SSL_CBC_RANDOM_IV = %d",
ssl_cbc_random_iv);
#else
if(ssl_cbc_random_iv)
- infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in");
+ infof(data, "WARNING: support for SSL_CBC_RANDOM_IV not compiled in");
#endif
if(SSL_CONN_CONFIG(cipher_list)) {
@@ -2000,7 +2000,7 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
}
if(!SSL_CONN_CONFIG(verifypeer) && SSL_CONN_CONFIG(verifyhost))
- infof(data, "warning: ignoring value of ssl.verifyhost");
+ infof(data, "WARNING: ignoring value of ssl.verifyhost");
/* bypass the default SSL_AuthCertificate() hook in case we do not want to
* verify peer */
@@ -2020,7 +2020,7 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
const CURLcode rv = nss_load_ca_certificates(data, conn, sockindex);
if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer))
/* not a fatal error because we are not going to verify the peer */
- infof(data, "warning: CA certificates failed to load");
+ infof(data, "WARNING: CA certificates failed to load");
else if(rv) {
result = rv;
goto error;
diff --git a/contrib/libs/curl/lib/vtls/openssl.c b/contrib/libs/curl/lib/vtls/openssl.c
index d3ed3e7ba0..f15ac28a76 100644
--- a/contrib/libs/curl/lib/vtls/openssl.c
+++ b/contrib/libs/curl/lib/vtls/openssl.c
@@ -208,9 +208,18 @@
!defined(OPENSSL_IS_BORINGSSL))
#define HAVE_SSL_CTX_SET_CIPHERSUITES
#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
-/* SET_EC_CURVES is available under the same preconditions: see
- * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html
+#endif
+
+/*
+ * Whether SSL_CTX_set1_curves_list is available.
+ * OpenSSL: supported since 1.0.2, see
+ * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html
+ * BoringSSL: supported since 5fd1807d95f7 (committed 2016-09-30)
+ * LibreSSL: not tested.
*/
+#if ((OPENSSL_VERSION_NUMBER >= 0x10002000L) && \
+ !defined(LIBRESSL_VERSION_NUMBER)) || \
+ defined(OPENSSL_IS_BORINGSSL)
#define HAVE_SSL_CTX_SET_EC_CURVES
#endif
@@ -548,7 +557,7 @@ static CURLcode ossl_seed(struct Curl_easy *data)
}
}
- infof(data, "libcurl is now using a weak random seed!");
+ infof(data, "libcurl is now using a weak random seed");
return (rand_enough() ? CURLE_OK :
CURLE_SSL_CONNECT_ERROR /* confusing error code */);
#endif
@@ -1158,6 +1167,22 @@ int cert_stuff(struct Curl_easy *data,
return 1;
}
+CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, SSL_CTX *ctx,
+ char *cert_file,
+ const struct curl_blob *cert_blob,
+ const char *cert_type, char *key_file,
+ const struct curl_blob *key_blob,
+ const char *key_type, char *key_passwd)
+{
+ int rv = cert_stuff(data, ctx, cert_file, cert_blob, cert_type, key_file,
+ key_blob, key_type, key_passwd);
+ if(rv != 1) {
+ return CURLE_SSL_CERTPROBLEM;
+ }
+
+ return CURLE_OK;
+}
+
/* returns non-zero on failure */
static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
{
@@ -1902,6 +1927,11 @@ static CURLcode verifystatus(struct Curl_easy *data,
}
ch = SSL_get_peer_cert_chain(backend->handle);
+ if(!ch) {
+ failf(data, "Could not get peer certificate chain");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
st = SSL_CTX_get_cert_store(backend->ctx);
#if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
@@ -2821,14 +2851,14 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
cur += ALPN_H2_LENGTH;
- infof(data, "ALPN, offering %s", ALPN_H2);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif
protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
cur += ALPN_HTTP_1_1_LENGTH;
- infof(data, "ALPN, offering %s", ALPN_HTTP_1_1);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
/* expects length prefixed preference ordered list of protocols in wire
* format
@@ -2894,7 +2924,8 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
#endif
#ifdef USE_OPENSSL_SRP
- if(ssl_authtype == CURL_TLSAUTH_SRP) {
+ if((ssl_authtype == CURL_TLSAUTH_SRP) &&
+ Curl_allow_auth_to_host(data)) {
char * const ssl_username = SSL_SET_OPTION(username);
infof(data, "Using TLS-SRP username: %s", ssl_username);
@@ -3201,7 +3232,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
SSL_free(backend->handle);
backend->handle = SSL_new(backend->ctx);
if(!backend->handle) {
- failf(data, "SSL: couldn't create a context (handle)!");
+ failf(data, "SSL: couldn't create a context (handle)");
return CURLE_OUT_OF_MEMORY;
}
@@ -3427,7 +3458,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data,
unsigned int len;
SSL_get0_alpn_selected(backend->handle, &neg_protocol, &len);
if(len) {
- infof(data, "ALPN, server accepted to use %.*s", len, neg_protocol);
+ infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, len, neg_protocol);
#ifdef USE_HTTP2
if(len == ALPN_H2_LENGTH &&
@@ -3442,7 +3473,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data,
}
}
else
- infof(data, "ALPN, server did not agree to a protocol");
+ infof(data, VTLS_INFOF_NO_ALPN);
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
@@ -3892,7 +3923,7 @@ static CURLcode servercert(struct Curl_easy *data,
if(!strict)
return CURLE_OK;
- failf(data, "SSL: couldn't get peer certificate!");
+ failf(data, "SSL: couldn't get peer certificate");
return CURLE_PEER_FAILED_VERIFICATION;
}
@@ -3932,7 +3963,7 @@ static CURLcode servercert(struct Curl_easy *data,
buffer, sizeof(buffer));
if(rc) {
if(strict)
- failf(data, "SSL: couldn't get X509-issuer name!");
+ failf(data, "SSL: couldn't get X509-issuer name");
result = CURLE_PEER_FAILED_VERIFICATION;
}
else {
@@ -4050,7 +4081,7 @@ static CURLcode servercert(struct Curl_easy *data,
if(!result && ptr) {
result = pkp_pin_peer_pubkey(data, backend->server_cert, ptr);
if(result)
- failf(data, "SSL: public key does not match pinned public key!");
+ failf(data, "SSL: public key does not match pinned public key");
}
X509_free(backend->server_cert);
diff --git a/contrib/libs/curl/lib/vtls/openssl.h b/contrib/libs/curl/lib/vtls/openssl.h
index 7df642bc9a..0a7536ea3e 100644
--- a/contrib/libs/curl/lib/vtls/openssl.h
+++ b/contrib/libs/curl/lib/vtls/openssl.h
@@ -43,5 +43,13 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
struct x509_st *server_cert);
extern const struct Curl_ssl Curl_ssl_openssl;
+struct ssl_ctx_st;
+CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data,
+ struct ssl_ctx_st *ctx, char *cert_file,
+ const struct curl_blob *cert_blob,
+ const char *cert_type, char *key_file,
+ const struct curl_blob *key_blob,
+ const char *key_type, char *key_passwd);
+
#endif /* USE_OPENSSL */
#endif /* HEADER_CURL_SSLUSE_H */
diff --git a/contrib/libs/curl/lib/vtls/rustls.c b/contrib/libs/curl/lib/vtls/rustls.c
index 0e651aed9d..16970b7c36 100644
--- a/contrib/libs/curl/lib/vtls/rustls.c
+++ b/contrib/libs/curl/lib/vtls/rustls.c
@@ -325,12 +325,12 @@ cr_init_backend(struct Curl_easy *data, struct connectdata *conn,
config_builder = rustls_client_config_builder_new();
#ifdef USE_HTTP2
- infof(data, "offering ALPN for HTTP/1.1 and HTTP/2");
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 2);
#else
- infof(data, "offering ALPN for HTTP/1.1 only");
rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 1);
#endif
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
if(!verifypeer) {
rustls_client_config_builder_dangerous_set_certificate_verifier(
config_builder, cr_verify_none);
@@ -406,20 +406,20 @@ cr_set_negotiated_alpn(struct Curl_easy *data, struct connectdata *conn,
rustls_connection_get_alpn_protocol(rconn, &protocol, &len);
if(!protocol) {
- infof(data, "ALPN, server did not agree to a protocol");
+ infof(data, VTLS_INFOF_NO_ALPN);
return;
}
#ifdef USE_HTTP2
if(len == ALPN_H2_LENGTH && 0 == memcmp(ALPN_H2, protocol, len)) {
- infof(data, "ALPN, negotiated h2");
+ infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, ALPN_H2);
conn->negnpn = CURL_HTTP_VERSION_2;
}
else
#endif
if(len == ALPN_HTTP_1_1_LENGTH &&
0 == memcmp(ALPN_HTTP_1_1, protocol, len)) {
- infof(data, "ALPN, negotiated http/1.1");
+ infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, ALPN_HTTP_1_1);
conn->negnpn = CURL_HTTP_VERSION_1_1;
}
else {
diff --git a/contrib/libs/curl/lib/vtls/schannel.c b/contrib/libs/curl/lib/vtls/schannel.c
index 04c8f3b6cf..dfec66d51f 100644
--- a/contrib/libs/curl/lib/vtls/schannel.c
+++ b/contrib/libs/curl/lib/vtls/schannel.c
@@ -908,14 +908,14 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
alpn_buffer[cur++] = ALPN_H2_LENGTH;
memcpy(&alpn_buffer[cur], ALPN_H2, ALPN_H2_LENGTH);
cur += ALPN_H2_LENGTH;
- infof(data, "schannel: ALPN, offering %s", ALPN_H2);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif
alpn_buffer[cur++] = ALPN_HTTP_1_1_LENGTH;
memcpy(&alpn_buffer[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
cur += ALPN_HTTP_1_1_LENGTH;
- infof(data, "schannel: ALPN, offering %s", ALPN_HTTP_1_1);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
*list_len = curlx_uitous(cur - list_start_index);
*extension_len = *list_len + sizeof(unsigned int) + sizeof(unsigned short);
@@ -1286,7 +1286,7 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn,
if(pubkey_ptr) {
result = pkp_pin_peer_pubkey(data, conn, sockindex, pubkey_ptr);
if(result) {
- failf(data, "SSL: public key does not match pinned public key!");
+ failf(data, "SSL: public key does not match pinned public key");
return result;
}
}
@@ -1416,7 +1416,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
if(alpn_result.ProtoNegoStatus ==
SecApplicationProtocolNegotiationStatus_Success) {
- infof(data, "schannel: ALPN, server accepted to use %.*s",
+ infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR,
alpn_result.ProtocolIdSize, alpn_result.ProtocolId);
#ifdef USE_HTTP2
@@ -1433,7 +1433,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
}
}
else
- infof(data, "ALPN, server did not agree to a protocol");
+ infof(data, VTLS_INFOF_NO_ALPN);
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
@@ -2371,7 +2371,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
(const unsigned char *)pubkey->header,
(size_t)(pubkey->end - pubkey->header));
if(result) {
- failf(data, "SSL: public key does not match pinned public key!");
+ failf(data, "SSL: public key does not match pinned public key");
}
} while(0);
diff --git a/contrib/libs/curl/lib/vtls/schannel_verify.c b/contrib/libs/curl/lib/vtls/schannel_verify.c
index 202a814cd9..4dc2d14e56 100644
--- a/contrib/libs/curl/lib/vtls/schannel_verify.c
+++ b/contrib/libs/curl/lib/vtls/schannel_verify.c
@@ -286,7 +286,6 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store,
goto cleanup;
}
- result = CURLE_OK;
while(total_bytes_read < ca_file_bufsize) {
DWORD bytes_to_read = (DWORD)(ca_file_bufsize - total_bytes_read);
DWORD bytes_read = 0;
@@ -313,9 +312,6 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store,
/* Null terminate the buffer */
ca_file_buffer[ca_file_bufsize] = '\0';
- if(result != CURLE_OK) {
- goto cleanup;
- }
result = add_certs_data_to_store(trust_store,
ca_file_buffer, ca_file_bufsize,
ca_file,
diff --git a/contrib/libs/curl/lib/vtls/sectransp.c b/contrib/libs/curl/lib/vtls/sectransp.c
index b2e1727278..8ee8fe997f 100644
--- a/contrib/libs/curl/lib/vtls/sectransp.c
+++ b/contrib/libs/curl/lib/vtls/sectransp.c
@@ -938,9 +938,9 @@ static OSStatus SocketWrite(SSLConnectionRef connection,
#ifndef CURL_DISABLE_VERBOSE_STRINGS
CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher)
{
- /* The first ciphers in the ciphertable are continuos. Here we do small
+ /* The first ciphers in the ciphertable are continuous. Here we do small
optimization and instead of loop directly get SSL name by cipher number.
- */
+ */
if(cipher <= SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA) {
return ciphertable[cipher].name;
}
@@ -1701,7 +1701,7 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
CFRelease(backend->ssl_ctx);
backend->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
if(!backend->ssl_ctx) {
- failf(data, "SSL: couldn't create a context!");
+ failf(data, "SSL: couldn't create a context");
return CURLE_OUT_OF_MEMORY;
}
}
@@ -1851,12 +1851,12 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
#endif
) {
CFArrayAppendValue(alpnArr, CFSTR(ALPN_H2));
- infof(data, "ALPN, offering %s", ALPN_H2);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif
CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_1));
- infof(data, "ALPN, offering %s", ALPN_HTTP_1_1);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
/* expects length prefixed preference ordered list of protocols in wire
* format
@@ -2788,7 +2788,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
pkp_pin_peer_pubkey(data, backend->ssl_ctx,
data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
if(result) {
- failf(data, "SSL: public key does not match pinned public key!");
+ failf(data, "SSL: public key does not match pinned public key");
return result;
}
}
@@ -2853,7 +2853,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
conn->negnpn = CURL_HTTP_VERSION_1_1;
}
else
- infof(data, "ALPN, server did not agree to a protocol");
+ infof(data, VTLS_INFOF_NO_ALPN);
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
diff --git a/contrib/libs/curl/lib/vtls/vtls.c b/contrib/libs/curl/lib/vtls/vtls.c
index 03b85ba065..a40ac06f68 100644
--- a/contrib/libs/curl/lib/vtls/vtls.c
+++ b/contrib/libs/curl/lib/vtls/vtls.c
@@ -125,15 +125,6 @@ static bool blobcmp(struct curl_blob *first, struct curl_blob *second)
return !memcmp(first->data, second->data, first->len); /* same data */
}
-static bool safecmp(char *a, char *b)
-{
- if(a && b)
- return !strcmp(a, b);
- else if(!a && !b)
- return TRUE; /* match */
- return FALSE; /* no match */
-}
-
bool
Curl_ssl_config_matches(struct ssl_primary_config *data,
@@ -147,12 +138,12 @@ Curl_ssl_config_matches(struct ssl_primary_config *data,
blobcmp(data->cert_blob, needle->cert_blob) &&
blobcmp(data->ca_info_blob, needle->ca_info_blob) &&
blobcmp(data->issuercert_blob, needle->issuercert_blob) &&
- safecmp(data->CApath, needle->CApath) &&
- safecmp(data->CAfile, needle->CAfile) &&
- safecmp(data->issuercert, needle->issuercert) &&
- safecmp(data->clientcert, needle->clientcert) &&
- safecmp(data->random_file, needle->random_file) &&
- safecmp(data->egdsocket, needle->egdsocket) &&
+ Curl_safecmp(data->CApath, needle->CApath) &&
+ Curl_safecmp(data->CAfile, needle->CAfile) &&
+ Curl_safecmp(data->issuercert, needle->issuercert) &&
+ Curl_safecmp(data->clientcert, needle->clientcert) &&
+ Curl_safecmp(data->random_file, needle->random_file) &&
+ Curl_safecmp(data->egdsocket, needle->egdsocket) &&
Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) &&
Curl_safe_strcasecompare(data->curves, needle->curves) &&
diff --git a/contrib/libs/curl/lib/vtls/vtls.h b/contrib/libs/curl/lib/vtls/vtls.h
index af3b8d3c94..6bd1e0dcd3 100644
--- a/contrib/libs/curl/lib/vtls/vtls.h
+++ b/contrib/libs/curl/lib/vtls/vtls.h
@@ -34,6 +34,17 @@ struct ssl_connect_data;
#define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */
#define SSLSUPP_CAINFO_BLOB (1<<6)
+#define ALPN_ACCEPTED "ALPN: server accepted "
+
+#define VTLS_INFOF_NO_ALPN \
+ "ALPN: server did not agree on a protocol. Uses default."
+#define VTLS_INFOF_ALPN_OFFER_1STR \
+ "ALPN: offers %s"
+#define VTLS_INFOF_ALPN_ACCEPTED_1STR \
+ ALPN_ACCEPTED "%s"
+#define VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR \
+ ALPN_ACCEPTED "%.*s"
+
struct Curl_ssl {
/*
* This *must* be the first entry to allow returning the list of available
diff --git a/contrib/libs/curl/lib/vtls/wolfssl.c b/contrib/libs/curl/lib/vtls/wolfssl.c
index f1f786ffb6..72692b6075 100644
--- a/contrib/libs/curl/lib/vtls/wolfssl.c
+++ b/contrib/libs/curl/lib/vtls/wolfssl.c
@@ -324,7 +324,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
}
if(!req_method) {
- failf(data, "SSL: couldn't create a method!");
+ failf(data, "SSL: couldn't create a method");
return CURLE_OUT_OF_MEMORY;
}
@@ -333,7 +333,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
backend->ctx = SSL_CTX_new(req_method);
if(!backend->ctx) {
- failf(data, "SSL: couldn't create a context!");
+ failf(data, "SSL: couldn't create a context");
return CURLE_OUT_OF_MEMORY;
}
@@ -462,9 +462,9 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
const char * const hostname = SSL_HOST_NAME();
size_t hostname_len = strlen(hostname);
if((hostname_len < USHRT_MAX) &&
- (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) &&
+ !Curl_inet_pton(AF_INET, hostname, &addr4)
#ifdef ENABLE_IPV6
- (0 == Curl_inet_pton(AF_INET6, hostname, &addr6))
+ && !Curl_inet_pton(AF_INET6, hostname, &addr6)
#endif
) {
size_t snilen;
@@ -503,7 +503,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
SSL_free(backend->handle);
backend->handle = SSL_new(backend->ctx);
if(!backend->handle) {
- failf(data, "SSL: couldn't create a context (handle)!");
+ failf(data, "SSL: couldn't create a context");
return CURLE_OUT_OF_MEMORY;
}
@@ -526,12 +526,12 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
strcpy(protocols + strlen(protocols), ALPN_H2 ",");
- infof(data, "ALPN, offering %s", ALPN_H2);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif
strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1);
- infof(data, "ALPN, offering %s", ALPN_HTTP_1_1);
+ infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
if(wolfSSL_UseALPN(backend->handle, protocols,
(unsigned)strlen(protocols),
@@ -739,7 +739,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
(const unsigned char *)pubkey->header,
(size_t)(pubkey->end - pubkey->header));
if(result) {
- failf(data, "SSL: public key does not match pinned public key!");
+ failf(data, "SSL: public key does not match pinned public key");
return result;
}
#else
@@ -757,8 +757,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
rc = wolfSSL_ALPN_GetProtocol(backend->handle, &protocol, &protocol_len);
if(rc == SSL_SUCCESS) {
- infof(data, "ALPN, server accepted to use %.*s", protocol_len,
- protocol);
+ infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, protocol_len, protocol);
if(protocol_len == ALPN_HTTP_1_1_LENGTH &&
!memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
@@ -776,7 +775,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
else if(rc == SSL_ALPN_NOT_FOUND)
- infof(data, "ALPN, server did not agree to a protocol");
+ infof(data, VTLS_INFOF_NO_ALPN);
else {
failf(data, "ALPN, failure getting protocol, error %d", rc);
return CURLE_SSL_CONNECT_ERROR;
diff --git a/contrib/libs/curl/lib/warnless.c b/contrib/libs/curl/lib/warnless.c
index 15c8156d1c..0336a41d80 100644
--- a/contrib/libs/curl/lib/warnless.c
+++ b/contrib/libs/curl/lib/warnless.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -360,7 +360,7 @@ curl_socket_t curlx_sitosk(int i)
#endif /* USE_WINSOCK */
-#if defined(WIN32) || defined(_WIN32)
+#if defined(WIN32)
ssize_t curlx_read(int fd, void *buf, size_t count)
{
@@ -372,7 +372,7 @@ ssize_t curlx_write(int fd, const void *buf, size_t count)
return (ssize_t)write(fd, buf, curlx_uztoui(count));
}
-#endif /* WIN32 || _WIN32 */
+#endif /* WIN32 */
#if defined(__INTEL_COMPILER) && defined(__unix__)
diff --git a/contrib/libs/curl/lib/warnless.h b/contrib/libs/curl/lib/warnless.h
index 2c619bf819..37ac5ba19f 100644
--- a/contrib/libs/curl/lib/warnless.h
+++ b/contrib/libs/curl/lib/warnless.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -22,6 +22,8 @@
*
***************************************************************************/
+#include "curl_setup.h"
+
#ifdef USE_WINSOCK
#include <curl/curl.h> /* for curl_socket_t */
#endif
@@ -65,7 +67,7 @@ curl_socket_t curlx_sitosk(int i);
#endif /* USE_WINSOCK */
-#if defined(WIN32) || defined(_WIN32)
+#if defined(WIN32)
ssize_t curlx_read(int fd, void *buf, size_t count);
@@ -78,7 +80,7 @@ ssize_t curlx_write(int fd, const void *buf, size_t count);
# define write(fd, buf, count) curlx_write(fd, buf, count)
#endif
-#endif /* WIN32 || _WIN32 */
+#endif /* WIN32 */
#if defined(__INTEL_COMPILER) && defined(__unix__)