curl(1) enters busy loop if header size >= 64KB (HTTP2 only) #659

Closed
kazuho opened this Issue Feb 16, 2016 · 36 comments

Projects

None yet

4 participants

@kazuho
kazuho commented Feb 16, 2016

curl command seems to enter a busy loop if the size of header becomes greater than 65,534 bytes when HTTP/2 is used.

Steps to reproduce:

  1. build h2o 1.7.0
  2. run h2o with following configuration
  3. run curl -k https://127.0.0.1:8081/
listen:
  port: 8081
  ssl:
    key-file: examples/h2o/server.key
    certificate-file: examples/h2o/server.crt
hosts:
  default:
    paths:
      /:
        mruby.handler: |
          Proc.new do |env|
            [200, {"x-foo" => "1" * 65530}, []]
          end

The command runs as expected if the size of the header value is 65,529 bytes.

EDIT: I am using curl 7.47.1 with nghttp2 @ 094168a on OS X 10.9.5.

@kazuho
kazuho commented Feb 16, 2016

Similar issue seems to exist for the handling of request haeder as well.

When I use this configuration file for h2o (note: this one does not send a huge response header) and access the server with: curl -k -v -H foo:$(perl -e 'print "0"x16384') https://127.0.0.1:8081, the command enters an infinite loop.
It is likely a issue within the HTTP/2 implementation of curl, since nghttp command is capable of issuing a similar request (by running nghttp -v -H foo:$(perl -e 'print "0"x16384') https://127.0.0.1:8081/).

@jay
Member
jay commented Feb 16, 2016

It looks like anything over 16300 here. What's your curl -V?

curl 7.47.1 (x86_64-pc-linux-gnu) libcurl/7.47.1 OpenSSL/1.0.2f zlib/1.2.8 libidn/1.28 nghttp2/1.7.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp 
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets 
@kazuho
kazuho commented Feb 16, 2016

@jay Thank you for looking into this.

curl 7.47.1 (x86_64-apple-darwin13.4.0) libcurl/7.47.1 OpenSSL/1.0.2f zlib/1.2.5 nghttp2/1.8.0-DEV
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: IPv6 Largefile NTLM NTLM_WB SSL libz HTTP2 UnixSockets 
@jay jay added the HTTP/2 label Feb 16, 2016
@jay
Member
jay commented Feb 16, 2016

I walked through it but I don't know what's causing it yet. I am looking at the case where a header larger than 16384 is sent by libcurl via http2. The header is broken into pieces if it's over 16384,
https://github.com/curl/curl/blob/curl-7_47_1/lib/http.c#L1148-L1173
Then later on when state perform it goes to send the rest of the header by calling readwrite_upload:
https://github.com/curl/curl/blob/curl-7_47_1/lib/transfer.c#L1080-L1086
which calls Curl_write
https://github.com/curl/curl/blob/curl-7_47_1/lib/sendf.c#L230
which calls http2_send, which does some code expecting that the headers have already been sent
https://github.com/curl/curl/blob/curl-7_47_1/lib/http2.c#L1341-L1370
but they haven't been fully sent. so I take it there shouldn't be a stream id at that point. probably at some earlier point it thinks it's done sending the headers.

the end result of this is it sends the leftover headers thinking it's the body. send keeps returning 0 and it keeps looping (expecting it will eventually return the amount sent). this is my output with a debug build of libcurl:

* nread <= 0, server closed connection, bailing
* http2_send len=62
* http2_send returns 0 for stream 1
* http2_send len=62
* http2_send returns 0 for stream 1
* http2_send len=62
* http2_send returns 0 for stream 1
* http2_send len=62
* http2_send returns 0 for stream 1
* http2_send len=62

62 is the leftover header data size.

@tatsuhiro-t
Contributor

I'll look into the receiver side.

@tatsuhiro-t
Contributor

The original issue @kazuho reported: First I has to mention that the maximum size of one header field (sum of name and value) when receiving header fields in libnghttp2 is limited to 65536 bytes.
The value is hard coded for now (we can make it configurable if it is desirable). h2o sends "x-foo" + "1"*65530, which in total 65535 bytes. libnghttp2 makes name and value NULL-terminated string, so it appends '\0' for each name and value. This exceeds the maximum buffer size, and libnghttp2 is going to fail HTTP/2 session. When libnghttp2 thought the underlying session now can be closed (GOAWAY frame was sent), nghttp2_session_want_read(...) ==0 && nghttp2_session_want_write(...) == 0 gets true. The thing is http2_recv does not check this condition, and always keep checking readability of socket, which enters loop. So I think one way to fix this issue is check the above condition in http2_recv like so:

diff --git a/lib/http2.c b/lib/http2.c
index 91abbf0..9d63cd9 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -1133,6 +1133,13 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex,
   if(stream->memlen == 0 && stream->closed) {
     return http2_handle_stream_close(conn, data, stream, err);
   }
+  if(!nghttp2_session_want_read(httpc->h2) &&
+     !nghttp2_session_want_write(httpc->h2)) {
+    if(stream->error_code == NGHTTP2_NO_ERROR) {
+      stream->error_code = NGHTTP2_INTERNAL_ERROR;
+    }
+    return http2_handle_stream_close(conn, data, stream, err);
+  }

   /* Nullify here because we call nghttp2_session_send() and they
      might refer to the old buffer. */
@tatsuhiro-t
Contributor

The second issue, that is curl hangs when it is instructed to send 16384 header value.
This is because I assumed that whole HTTP/1 header block is passed to http2_send function.
But it turns out that it is not true when TLS is enabled. The relevant portion of the code is https://github.com/curl/curl/blob/71398487e75e47c026d0655d540ade247d18f62c/lib/http.c#L1094

This is required when we are dealing with TLS layer directly. But in HTTP/2, the we don't require this 16KiB limit here, since it is nghttp2 callback that deals with TLS layer. So simple fix for this issue is handle HTTP/2 case specially like so:

diff --git a/lib/http.c b/lib/http.c
index 62952a8..1efdb75 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1091,7 +1091,7 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
   }


-  if(conn->handler->flags & PROTOPT_SSL) {
+  if(conn->httpversion != 20 && conn->handler->flags & PROTOPT_SSL) {
     /* We never send more than CURL_MAX_WRITE_SIZE bytes in one single chunk
        when we speak HTTPS, as if only a fraction of it is sent now, this data
        needs to fit into the normal read-callback buffer later on and that
@tatsuhiro-t
Contributor

While #659 (comment) fixes the original issue, but I'm not sure why returning error from http2_recv triggers HTTP/2 connection closure. This is stream error, and only the relevant stream is affected. It looks like the current implementation treats stream error as connection error.

@jay jay added a commit that referenced this issue Feb 16, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http: Don't break the header into chunks if HTTP/2
nghttp2 callback deals with TLS layer and therefore the header does not
need to be broken into chunks.

Bug: #659
Reported-by: Kazuho Oku
b080a7c
@jay
Member
jay commented Feb 16, 2016

@tatsuhiro-t Thanks, the sending fix landed in b080a7c.

Regarding the receiving fix, I read the API (1.8.0-dev) and it seems to contradict that this is only a stream error:

If both nghttp2_session_want_read() and nghttp2_session_want_write() return 0, the application should drop the connection.

So if libcurl is triggering connection closure, wouldn't that be appropriate for this case?

@tatsuhiro-t
Contributor

@jay Yes, you are correct regarding those APIs. Sorry for the confusion, my point is the case where at least one of APIs returns false, and stream was closed with other than NGHTTP2_NO_ERROR (e.g., NGHTTP2_PROTOCOL_ERROR). This is stream level error and dropping connection is not required. The current implementation returns CURLE_HTTP2 in this case (code). In multi interface, we ended up here, and underlying TCP connection is dropped. This is not desirable, if we imagine that several streams are flowing, and only one stream is closed with stream error. There is no reason to close other streams which they are completely fine.
One possible solution is introduce new error code to tell upper layer that this is stream error, and no need to close TCP connection.

At this point, I've only checked the code path when reading from network. But stream closure can happen on sending side. I'll check what happens in sending side with stream error.

@tatsuhiro-t
Contributor

PR #663 is better version to fix the original issue. It also handles the case where one RST_STREAM kills entire session that I mentioned in the previous post. You might not like additional error code (including its naming). We can discuss that here.

I have not fully understand whether we need similar check (nghttp2_session_want_read() and nghttp2_session_want_write()) in http2_send. Somehow after http2_send, http2_recv is called, so apparently we don't need them. But I'm not sure. Anyway, the PR improves the situation a bit in receiver side.

@jay
Member
jay commented Feb 18, 2016

#663 looks good but:

The new option needs to be tied in a few places (libcurl-errors.3, strerror, etc). I can do that though it's fine.

I'd prefer leaving CURLE_HTTP2 documented as is. Saying it's now a connection only error closes some doors.

I notice you moved the check for nghttp2_session_want_read() and nghttp2_session_want_write() zero farther down in http2_recv. Wouldn't that be better back where it was? If we have a problem like that wouldn't we want to catch it as early in that function as possible? Also as far as http2_send wouldn't it be good there as well as a sanity check? Even if you walk the paths and see recv called (and therefore think it's covered by recv) those paths may change.

cc @bagder who may have some more experienced opinions about these things.

@tatsuhiro-t
Contributor

Thank you for reviewing my PR.

I'd prefer leaving CURLE_HTTP2 documented as is. Saying it's now a connection only error closes some doors.

OK, I will revert that portion of the code.

I notice you moved the check for nghttp2_session_want_read() and nghttp2_session_want_write() zero farther down in http2_recv. Wouldn't that be better back where it was? If we have a problem like that wouldn't we want to catch it as early in that function as possible?

The reason why I moved the check to the current location is to ensure that pending data is processed before closing session. We copy the received response body here. If it fits into per stream buffer, we don't pause the processing of libnghttp2. If we get then DATA+END_STREAM, and then GOAWAY, nghttp2_session_want_read() and nghttp2_session_want_write() will return 0. If we check that in previous position,the copied data may not be notified to the upper layer (see). But even the new position may not work if a stream other than the one which has the pending data is called first with http2_recv. If we can arrange the code so that stream with pending recv data gets called first, then my current code works better.

Also as far as http2_send wouldn't it be good there as well as a sanity check? Even if you walk the paths and see recv called (and therefore think it's covered by recv) those paths may change.

As a precaution, yes, it is good idea. I just worries that it may have the same problem I stated above. That is we might have stream with pending recv data while the nghttp2_session_want_read() and nghttp2_session_want_write() zero.

@jay jay added a commit to jay/curl that referenced this issue Feb 19, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Add handling stream level error
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
by RST_STREAM, underlying TCP connection was dropped.  This is
undesirable since there may be other streams multiplexed and they are
very much fine.  This change introduce new error code
CURLE_HTTP2_STREAM, which indicates stream error that only affects the
relevant stream, and connection should be kept open.  The existing
CURLE_HTTP2 means connection error in general.

Ref: curl#659
Ref: curl#663
1cdf052
@jay
Member
jay commented Feb 19, 2016

I made a few minor changes to the PR, see the amended commit here.

But even the new position may not work if a stream other than the one which has the pending data is called first with http2_recv. If we can arrange the code so that stream with pending recv data gets called first, then my current code works better.

This sounds like an issue that the PR doesn't address is that correct? In other words are you saying that the position it's in now it could cause a bug?

@tatsuhiro-t
Contributor

Looks good.

This sounds like an issue that the PR doesn't address is that correct?

The issue I described is not fixed by PR #663.

In other words are you saying that the position it's in now it could cause a bug?

No, it does not. But because of the issue I described, it does not matter the position for now.
I'll revert the position of the check to where it used to be.

@tatsuhiro-t
Contributor

@jay I updated PR to move checks to the previous position along with your amends.

@tatsuhiro-t
Contributor

I added another commit to PR #663 to fix the issue I mentioned above. It also fixes the bug that sometimes libcurl processing hangs when multiple HTTP/2 streams are multiplexed.

@kazuho
kazuho commented Feb 22, 2016

@tatsuhiro-t Thank you for working on the fix. Please let me know if you want me to verify on my side if the reported issue has been fixed.

@jay
Member
jay commented Feb 22, 2016

@kazuho if you could try his branch and let us know before wednesday that would be great.

@bagder
Member
bagder commented Feb 22, 2016

@jay it is only the feature window that closes on Wednesday. We still have about 30 days for bugfixes until next release...

@jay
Member
jay commented Feb 22, 2016

@bagder Yes, I know :) This will likely add a unique error code CURLE_HTTP2_STREAM to signal HTTP2 bad stream when the HTTP2 connection is otherwise still good, therefore since there is a new define I figured it should be in before the close.

@bagder
Member
bagder commented Feb 22, 2016

Ah, yes. That's good thinking. Way ahead of me! =) But I think we could perhaps allow that a little later too, as a return code is not really a too risky thing to add.

@tatsuhiro-t
Contributor

Let me check one more corner case where multiplexed streams are closed without pending buffered data. It is not directly related to the original issue.

@tatsuhiro-t
Contributor

I added another commit, which resolves the issue that I mentioned in the previous commit.

@kazuho
kazuho commented Feb 24, 2016

@tatsuhiro-t @jay Tried using curl on #663 at 675a203, and got the following results. The former looks strange. The latter seems fine to me. Can you please confirm? Thank you in advance.

1. Receiving Huge Header

When running H2O with configuration found in this comment and running curl -vv -k https://127.0.0.1:8081/, the command seems to wait until the connection is closed by the peer and then emits curl: (56) Unexpected EOF. Full output of curl -vv can be found here.

2. Sending Huge Header

When running H2O with configuration found in this comment, sending request header up to 65349 bytes (name + value without counting \0) succeeds. When the sum exceeds the value, I see curl: (92) HTTP/2 stream 1 was not closed cleanly: error_code = 7 reported.

@jay
Member
jay commented Feb 24, 2016

Thanks for testing @kazuho. I haven't attempted to reproduce receiving yet but here is what I think about sending.

Error 7 is NGHTTP2_REFUSED_STREAM. I get the same error if I use a header with a long value length like 65535:

  struct curl_slist *header_list =
    curl_slist_append(NULL, ("foo:" + string(65535, '0')).c_str());
  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, header_list);

Even with a header that is too long nghttp2_submit_request is creating the stream, but I don't see much in nghttp2d:

[id=14] [3230.961] send SETTINGS frame <length=6, flags=0x00, stream_id=0>
          (niv=1)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
[id=14] [3230.965] recv SETTINGS frame <length=0, flags=0x00, stream_id=0>
          (niv=0)
[id=14] [3230.965] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
          ; ACK
          (niv=0)
[id=14] [3231.220] closed

As Tatsuhiro said libnghttp2 doesn't handle large headers but I don't know if this is correct behavior.

I think we should check for large header lengths instead of casting down like this because if the header is particularly large like 66000 it's going to overflow and become 464. I'd rather we just error there, what if I change those places to do something like if((end - hdbuf) > (uint16_t)-1) err. That still wouldn't address the case where the name + val + nul len exceeds 65535 so that would have to be handled as well. But basically the idea is I add more checking in http2_send.

Another thing I think we should do is put the nghttp2_error_code enums in presentation format for the user. I don't see a strerror type function in libnghttp2 but I see something similar in app-helper. Either I could add something like that to libcurl or libnghttp2 so we can give more information to the user.

(92) HTTP/2 stream 1 was not closed cleanly: error_code = 7

but I'd change it to something like

    failf(data, "HTTP/2 stream %u was not closed cleanly: %s (err %d)",
          stream->stream_id, http2_str_err_code(stream->error_code),
          stream->error_code);

(92) HTTP/2 stream 1 was not closed cleanly: REFUSED_STREAM (err 7).

@tatsuhiro-t what do you think?

@tatsuhiro-t
Contributor

@jay I agree that validating header field length is the way to go. If libnghttp2 failed to send HEADERS, including too large headers, it will call on_frame_not_send callback. We can check that, and fail the request as send error or stream error.

As for nghttp2_error_code, yes, libnghttp2 has no function to stringify the error enum. I'm fine to add this function to nghttp2 library API.

@kazuho Thank you for testing this. I'll check that again.

@tatsuhiro-t
Contributor

@kazuho Fix committed via 75bf5d8

@tatsuhiro-t
Contributor

@jay The discussed function was added as nghttp2_http2_strerror().

@jay jay self-assigned this Mar 1, 2016
@jay
Member
jay commented Mar 2, 2016

Great. I will have some time to look into this again and hopefully wrap it up tomorrow (Wed). I started on a header overflow macro and a http2 strerror in http2.c. The strerror function I wrote is basically the same, based on from the Error Code Registry in the RFC. Since you can add more codes though I will change it to defer to yours when nghttp2 ver > 1.8.0.

@jay jay added a commit to jay/curl that referenced this issue Mar 3, 2016
@jay jay http2: Add Curl_http2_strerror for HTTP/2 error codes b737789
@jay jay added a commit to jay/curl that referenced this issue Mar 3, 2016
@jay jay http2: Check if header is larger than UINT16_MAX 3b6c7ee
@jay
Member
jay commented Mar 3, 2016

I branched off of stream-error, please review my changes here. None of it affects your changes which look fine to me except for:

Is it possible that drain_total (int) can overflow if there are a lot of streams?
Why is nread in h2_process_pending_input a ssize_t instead of a size_t?

I am not satisfied with the header overflow check, I think I misunderstood because it seems that any header frame over ~65535 isn't going to be sent. Right now I'm checking that a header line name+value pair is not longer than UINT16_MAX however this does not stop where there are cumulative headers that go over ~65535, for example:

header_list = curl_slist_append(header_list, ("foo:" + string(40000, '0')).c_str());
header_list = curl_slist_append(header_list, ("bar:" + string(40000, '1')).c_str());

That will cause nghttp2 to call on_frame_not_send with NGHTTP2_ERR_FRAME_SIZE_ERROR. I notice the function returns 0, but why? Isn't that something we want to error on? If I change it to 1 then nghttp2_session_send will error with CURLE_SEND_ERROR, which may not be good either.

@tatsuhiro-t
Contributor

Is it possible that drain_total (int) can overflow if there are a lot of streams?

Theoretically, yes. But the maximum number of concurrent streams are somewhat limited by server under the relatively smaller number (e.g, 100), and if int is 32 bit, then it probably does not overflow. Using 64 bit unsigned integer is safer option.

Why is nread in h2_process_pending_input a ssize_t instead of a size_t?

I could not remember why I choose it, but it saves several casts when comparing rv which is ssize_t.

That will cause nghttp2 to call on_frame_not_send with NGHTTP2_ERR_FRAME_SIZE_ERROR. I notice the function returns 0, but why? Isn't that something we want to error on? If I change it to 1 then nghttp2_session_send will error with CURLE_SEND_ERROR, which may not be good either.

I think casing uint16_t in original curl code is a remnant from earlier nghttp2_nv, where namelen and valuelen are uint16_t. At least since 1.0.0, they are size_t. You might argue that size_t could be 16 bits, and yes, it could happen.

We only check that header field buffer could overflow just before sending frame. So the error detection is deferred. I can remove these check to nghttp2_submit_request(). But in general, application should expect that sending frame could fail. If sending request HEADERS failed, on_stream_close callback will be called with NGHTTP2_REFUSED_STREAM, which will close the stream, and CURLE_HTTP2_STREAM in the end.

If we do the length check in curl code, it may just check it does not really consume lots of memory, not limited to 64KiB. Then let libnghttp2 decide it is acceptable, and if not, underlying stream will be closed, and upper layer gets error.

@tatsuhiro-t
Contributor

I just noticed that it would be better to check overflow when decoding content-length, in http2.c line 1682.

@jay jay added a commit to jay/curl that referenced this issue Apr 7, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Add handling stream level error
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
by RST_STREAM, underlying TCP connection was dropped.  This is
undesirable since there may be other streams multiplexed and they are
very much fine.  This change introduce new error code
CURLE_HTTP2_STREAM, which indicates stream error that only affects the
relevant stream, and connection should be kept open.  The existing
CURLE_HTTP2 means connection error in general.

Ref: curl#659
Ref: curl#663
8590ea4
@jay jay added a commit to jay/curl that referenced this issue Apr 7, 2016
@jay jay http2: Add Curl_http2_strerror for HTTP/2 error codes bd2c66a
@jay jay added a commit to jay/curl that referenced this issue Apr 7, 2016
@jay jay http2: Check if header is larger than UINT16_MAX 25fc5ca
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Add handling stream level error
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
by RST_STREAM, underlying TCP connection was dropped.  This is
undesirable since there may be other streams multiplexed and they are
very much fine.  This change introduce new error code
CURLE_HTTP2_STREAM, which indicates stream error that only affects the
relevant stream, and connection should be kept open.  The existing
CURLE_HTTP2 means connection error in general.

Ref: curl#659
Ref: curl#663
347087d
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Check session closure early in http2_recv
Ref: curl#659
Ref: curl#663
aea290b
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Process paused data first before tear down http2 session
This commit ensures that data from network are processed before HTTP/2
session is terminated.  This is achieved by pausing nghttp2 whenever
different stream than current easy handle receives data.

This commit also fixes the bug that sometimes processing hangs when
multiple HTTP/2 streams are multiplexed.

Ref: curl#659
Ref: curl#663
477e31c
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Ensure that http2_handle_stream_close is called
This commit ensures that streams which was closed in on_stream_close
callback gets passed to http2_handle_stream_close.  Previously, this
might not happen.  To achieve this, we increment drain property to
forcibly call recv function for that stream.

To more accurately check that we have no pending event before shutting
down HTTP/2 session, we sum up drain property into
http_conn.drain_total.  We only shutdown session if that value is 0.

With this commit, when stream was closed before reading response
header fields, error code CURLE_HTTP2_STREAM is returned even if
HTTP/2 level error is NO_ERROR.  This signals the upper layer that
stream was closed by error just like TCP connection close in HTTP/1.

Ref: curl#659
Ref: curl#663
85ac453
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Don't increment drain when one headr field is received
Sicne we write header field in temporary location, not in the memory
that upper layer provides, incrementing drain should not happen.

Ref: curl#659
Ref: curl#663
b1c55e6
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@jay jay http2: Add Curl_http2_strerror for HTTP/2 error codes
Ref: curl#659
Ref: curl#663
04e878c
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@jay jay http2: Check if header is larger than UINT16_MAX
Ref: curl#659
Ref: curl#663
cddac5b
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@jay jay http2: Improve header parsing
- Allow spaces in the path.

- Make sure each header line ends in \r\n. This fixes an out of bounds.

- Disallow header continuation lines until we decide what to do.

Ref: curl#659
Ref: curl#663
ec54d8a
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Don't increment drain when one header field is received
Sicne we write header field in temporary location, not in the memory
that upper layer provides, incrementing drain should not happen.

Ref: curl#659
Ref: curl#663
14b5cba
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@jay jay http2: Add Curl_http2_strerror for HTTP/2 error codes
Ref: curl#659
Ref: curl#663
ec7ffa3
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@jay jay http2: Check if header is larger than UINT16_MAX
Ref: curl#659
Ref: curl#663
2e439ec
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@jay jay http2: Improve header parsing
- Allow spaces in the path.

- Make sure each header line ends in \r\n. This fixes an out of bounds.

- Disallow header continuation lines until we decide what to do.

Ref: curl#659
Ref: curl#663
eb200ac
@jay jay added a commit to jay/curl that referenced this issue Apr 8, 2016
@jay jay http2: Improve header parsing
- Allow spaces in the path.

- Make sure each header line ends in \r\n. This fixes an out of bounds.

- Disallow header continuation lines until we decide what to do.

Ref: curl#659
Ref: curl#663
24ccdcf
@jay jay added a commit to jay/curl that referenced this issue Apr 10, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Add handling stream level error
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
by RST_STREAM, underlying TCP connection was dropped.  This is
undesirable since there may be other streams multiplexed and they are
very much fine.  This change introduce new error code
CURLE_HTTP2_STREAM, which indicates stream error that only affects the
relevant stream, and connection should be kept open.  The existing
CURLE_HTTP2 means connection error in general.

Ref: curl#659
Ref: curl#663
cccf981
@jay jay added a commit to jay/curl that referenced this issue Apr 10, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Check session closure early in http2_recv
Ref: curl#659
Ref: curl#663
0a17a6c
@jay jay added a commit to jay/curl that referenced this issue Apr 10, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Process paused data first before tear down http2 session
This commit ensures that data from network are processed before HTTP/2
session is terminated.  This is achieved by pausing nghttp2 whenever
different stream than current easy handle receives data.

This commit also fixes the bug that sometimes processing hangs when
multiple HTTP/2 streams are multiplexed.

Ref: curl#659
Ref: curl#663
3328038
@jay jay added a commit to jay/curl that referenced this issue Apr 10, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Ensure that http2_handle_stream_close is called
This commit ensures that streams which was closed in on_stream_close
callback gets passed to http2_handle_stream_close.  Previously, this
might not happen.  To achieve this, we increment drain property to
forcibly call recv function for that stream.

To more accurately check that we have no pending event before shutting
down HTTP/2 session, we sum up drain property into
http_conn.drain_total.  We only shutdown session if that value is 0.

With this commit, when stream was closed before reading response
header fields, error code CURLE_HTTP2_STREAM is returned even if
HTTP/2 level error is NO_ERROR.  This signals the upper layer that
stream was closed by error just like TCP connection close in HTTP/1.

Ref: curl#659
Ref: curl#663
90abbc4
@jay jay added a commit to jay/curl that referenced this issue Apr 10, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Don't increment drain when one header field is received
Sicne we write header field in temporary location, not in the memory
that upper layer provides, incrementing drain should not happen.

Ref: curl#659
Ref: curl#663
fb7a01a
@jay jay added a commit to jay/curl that referenced this issue Apr 10, 2016
@jay jay http2: Add Curl_http2_strerror for HTTP/2 error codes
Ref: curl#659
Ref: curl#663
2ff2e37
@jay jay added a commit to jay/curl that referenced this issue Apr 10, 2016
@jay jay http2: Check if header is larger than UINT16_MAX
Ref: curl#659
Ref: curl#663
59ce773
@jay jay added a commit to jay/curl that referenced this issue Apr 10, 2016
@jay jay http2: Improve header parsing
- Allow spaces in the path.

- Make sure each header line ends in \r\n. This fixes an out of bounds.

- Disallow header continuation lines until we decide what to do.

Ref: curl#659
Ref: curl#663
00f9c61
@jay jay added a commit that referenced this issue Apr 12, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Add handling stream level error
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
by RST_STREAM, underlying TCP connection was dropped.  This is
undesirable since there may be other streams multiplexed and they are
very much fine.  This change introduce new error code
CURLE_HTTP2_STREAM, which indicates stream error that only affects the
relevant stream, and connection should be kept open.  The existing
CURLE_HTTP2 means connection error in general.

Ref: #659
Ref: #663
92c2a4c
@jay jay added a commit that referenced this issue Apr 12, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Process paused data first before tear down http2 session
This commit ensures that data from network are processed before HTTP/2
session is terminated.  This is achieved by pausing nghttp2 whenever
different stream than current easy handle receives data.

This commit also fixes the bug that sometimes processing hangs when
multiple HTTP/2 streams are multiplexed.

Ref: #659
Ref: #663
b5f8214
@jay jay added a commit that referenced this issue Apr 12, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Ensure that http2_handle_stream_close is called
This commit ensures that streams which was closed in on_stream_close
callback gets passed to http2_handle_stream_close.  Previously, this
might not happen.  To achieve this, we increment drain property to
forcibly call recv function for that stream.

To more accurately check that we have no pending event before shutting
down HTTP/2 session, we sum up drain property into
http_conn.drain_total.  We only shutdown session if that value is 0.

With this commit, when stream was closed before reading response
header fields, error code CURLE_HTTP2_STREAM is returned even if
HTTP/2 level error is NO_ERROR.  This signals the upper layer that
stream was closed by error just like TCP connection close in HTTP/1.

Ref: #659
Ref: #663
86c633a
@jay jay added a commit that referenced this issue Apr 12, 2016
@tatsuhiro-t @jay tatsuhiro-t + jay http2: Don't increment drain when one header field is received
Sicne we write header field in temporary location, not in the memory
that upper layer provides, incrementing drain should not happen.

Ref: #659
Ref: #663
a89a211
@jay jay added a commit that referenced this issue Apr 12, 2016
@jay jay http2: Add Curl_http2_strerror for HTTP/2 error codes
Ref: #659
Ref: #663
b71bc69
@jay jay added a commit that referenced this issue Apr 12, 2016
@jay jay http2: Improve header parsing
- Error if a header line is larger than supported.

- Warn if cumulative header line length may be larger than supported.

- Allow spaces when parsing the path component.

- Make sure each header line ends in \r\n. This fixes an out of bounds.

- Disallow header continuation lines until we decide what to do.

Ref: #659
Ref: #663
723f901
@jay jay added a commit that referenced this issue Apr 12, 2016
@jay jay http2: Use size_t type for data drain count
Ref: #659
Ref: #663
3f57880
@jay
Member
jay commented Apr 14, 2016

@tatsuhiro-t thanks for all your hard work on this. Landed in b2a0376...3f57880. Though we may know there is a frame size error we don't know why, so I added a warning that appears in verbose mode when the cumulative header length is over 60000 (less than 64KB to account for some overhead) to provide some clue to the user in addition to the individual length checks.

Tested with nghttp2/1.9.2 (w/ OpenSSL 1.0.2g) and h2o 2.0.0-DEV (h2o/h2o@d299f6c 2016-04-12 w/ LibreSSL 2.2.6).

If an individual header to be sent is definitely too large (>64KB) libcurl will return an error:

Error: libcurl: (55) Failed sending HTTP request: Header overflow
Failed sending data to the peer

However as mentioned if the cumulative length to be sent may be too large we don't know for sure until after the fact so the error is more generic, although prefaced with a warning before the attempt:

* http2_send: Warning: The cumulative length of all headers exceeds 60000 bytes
and that could cause the stream to be rejected.

The headers are sent to nghttp2 which rejects them, and then this error:

Error: libcurl: (92) HTTP/2 stream 1 was not closed cleanly: REFUSED_STREAM (err 7)
Stream error in the HTTP/2 framing layer
@tatsuhiro-t
Contributor

The error and warning messages look good to me.

@jay
Member
jay commented Apr 15, 2016

Ok, thanks for the feedback. And thanks to @kazuho for your report and help reproducing.

@jay jay closed this Apr 15, 2016
@MSF-Jarvis MSF-Jarvis pushed a commit to CAF-Mirror/platform_external_curl that referenced this issue Jan 3, 2017
@deymo deymo Update libcurl from 7.43 to 7.49.1
Bug: 29602883

Squashed commit of the following:

commit f3066c00398854c5c6ff5c81a02d1c0429ba42c7
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri May 27 16:58:43 2016 +0200

    RELEASE-NOTES: 7.49.1

commit 3b18f1567d23817736116b1d9aa3e6e5e5ed62f4
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sun May 29 22:57:40 2016 +0200

    loadlibrary: Only load system DLLs from the system directory

    Inspiration provided by: Daniel Stenberg and Ray Satiro

    Bug: https://curl.haxx.se/docs/adv_20160530.html

    Ref: Windows DLL hijacking with curl, CVE-2016-4802

commit 7f9d8d9e7452cc2a5c36fd2e94ee3b0b2844ab28
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 30 08:14:13 2016 +0200

    ssh: fix version number check typo

commit fef1924717aea8146036bac4b341e51b2e10628a
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Sun May 29 16:27:44 2016 -0400

    curl_share_setopt.3: Add min ver needed for ssl session lock

    Bug: https://github.com/curl/curl/issues/826
    Reported-by: Michael Wallner

commit bcd72a98405316a432cf4429d59e90c13275f7cc
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 29 00:20:14 2016 +0200

    ssh: fix build for libssh2 before 1.2.6

    The statvfs functionality was added to libssh2 in that version, so we
    switch off that functionality when built with older libraries.

    Fixes #831

commit 369291218fe75bdc6a8d6fc71ba94ffc1520f03a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 24 12:14:18 2016 +0200

    mbedtls: fix includes so snprintf() works

    Regression from the previous *printf() rearrangements, this file missed to
    include the correct header to make sure snprintf() works universally.

    Reported-by: Moti Avrahami
    Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html

commit 24b8cdcabb84447e4a8491953b873be032c715b0
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Mon May 23 12:13:41 2016 +0100

    checksrc.pl: Added variants of strcat() & strncat() to banned function list

    Added support for checking the tchar, unicode and mbcs variants of
    strcat() and strncat() in the banned function list.

commit 78d99b275946a0ba41dc5b8a44148988892f40e3
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 23 12:59:58 2016 +0200

    smtp: minor ident (white space) fixes

commit 962015081a2b173ae89d71fe574ae6a53d80722c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 23 10:08:34 2016 +0200

    THANKS: updated after script fixes

    Now giving credit properly to github user names, fixed some UTF-8 issues
    and added names discovered when contrithanks was improved.

commit 581695693940ad81c3336844a2f88268a198366b
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 23 10:08:15 2016 +0200

    THANKS-filter: more name cleanups

commit 81ab42b9a6443ce4492c9f6f14cc84177b143922
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 23 10:07:48 2016 +0200

    contrithanks.sh: exclude existing names case insensitively

commit eb62c62aad1e11f318b69a9f66370d50fc986cb2
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 23 09:14:19 2016 +0200

    contrithanks.sh: use same grep pattern and -a flag as contributors.sh

commit 2d05f5d616940a1656cc9f5b50d9ba65c2fb158d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 23 09:13:43 2016 +0200

    contributors.sh: better grep pattern, use grep -a

commit de8a6a6a4d4c8d4e178e1a8bb75c8ce59a0cccff
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 23 09:13:20 2016 +0200

    THANKS-filter: fix more names

commit 4cc626af3dfe15ef67d34781e0c2b3543e7c74d7
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 23 08:50:53 2016 +0200

    contrithanks.sh: do the same github fix as contributors.sh

    from 1577bfa35ba

commit 35d806245513c216863c371ca645a881213ff691
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Mon May 23 02:42:12 2016 -0400

    contributors: Show GitHub username if real name unknown

    Prior to this change if a GitHub contributor's real name was unknown
    they would be omitted from the list.

    Bug: https://github.com/curl/curl/issues/824

commit d1c6da6965a2ac89a410fb8cc182b92dfc370467
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sat May 21 16:05:54 2016 +0200

    RELEASE-NOTES: synced with 3caaeffbe8ded4

commit 85b88c85fd739ab869de26c6bf62c169eaef846d
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Fri May 20 16:44:01 2016 -0400

    openssl: cleanup must free compression methods

    - Free compression methods if OpenSSL 1.0.2 to avoid a memory leak.

    Bug: https://github.com/curl/curl/issues/817
    Reported-by: jveazey@users.noreply.github.com

commit 8e4cca04059718825c99b6a6e05c9d98bc72c3ae
Author: Gisle Vanem <gvanem@yahoo.no>
Date:   Fri May 20 16:50:04 2016 +0200

    curl_multibyte: fix compiler error

    While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was
    getting:

    f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '('
    to follow 'CURL_EXTERN'

    f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085:
    'curl_domalloc': not in formal parameter list

commit 70e55706b7ea2dc66589ecc9f01fec6d7e8d2117
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri May 20 16:44:34 2016 +0200

    THANKS-filter: make Jan-E get proper credit

commit 7cf41326f3c1d9872e3318ce9f74ba8f7e4e39e1
Author: Alexander Traud <pabstraud@compuserve.com>
Date:   Fri May 20 14:57:48 2016 +0200

    libcurl.m4: Avoid obsolete warning

    Closes #821

commit b7a2ba8a4b24a3f8394210a783f63dd5b632cbec
Author: Michael Kaufmann <mail@michael-kaufmann.ch>
Date:   Fri May 20 00:06:40 2016 +0200

    CURLOPT_CONNECT_TO.3: user must not free the list prematurely

    The connect-to list isn't copied so as long as the handle may be used
    for a transfer the list must be valid.

    Bug: https://github.com/curl/curl/pull/819
    Reported-by: Michael Kaufmann

commit f59e45381fd74766cc824dccf94d6fca08a55636
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu May 19 14:01:30 2016 +0200

    RELEASE-NOTES: synced with 48114a8634242c

commit 234359a35e616abed1df03bb136badc4707d8f07
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu May 19 11:39:59 2016 +0200

    openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0

    See OpenSSL commit 21e001747d4a

commit 34072e6b841eb4c6c6b64d8e961df761759a5c14
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu May 19 11:16:30 2016 +0200

    http2: use HTTP/2 in the HTTP/1.1-alike header

    ... when generating them, not "2.0" as the protocol is called just
    HTTP/2 and nothing else.

commit eca9b047ead3f083acc997afb0f487c832a94f87
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Thu May 19 03:13:07 2016 -0400

    dist: include curl_multi_socket_all.3

    Closes https://github.com/curl/curl/pull/816

commit 456a5917b84f83ffa8c2e4147bab3665d2539e86
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Wed May 18 17:47:38 2016 +0100

    bump: Start work on 7.49.1

commit 1a9bd0a56b02f511e052fd435c2ba47d3a078d51
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed May 18 14:10:36 2016 +0200

    curlbuild.h.dist: check __LP64__ as well to fix MIPS build

    The preprocessor check that sets up the 32bit defines for non-configure
    builds didn't work properly for MIPS systems as __mips__ is defined for
    both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit.

    Reported-by: Tomas Jakobsson
    Fixes #813

commit 4aed60b2fcd5530d9f5120dc4267df66d91831f9
Author: Marcel Raad <MarcelRaad@users.noreply.github.com>
Date:   Wed May 18 11:54:58 2016 +0200

    schannel: fix compile break with MSVC XP toolset

    For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK
    7.1 is used. In this case, _USING_V110_SDK71_ is defined.

    Closes #812

commit 7b751afff720c902890e9325d343975976105ce9
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed May 18 10:35:15 2016 +0200

    dist: include CHECKSRC.md

    Reported-by: Paul Howarth
    Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html

commit d04299a3f0dccc0a4f6ce3d66edcf31b543a29dc
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed May 18 09:17:27 2016 +0200

    test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in dist

    Reported-by: Ray Satiro
    Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html

commit 44e3f1b1994cf191fb12b54b34accd3d0d5ef3f3
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 17 14:50:19 2016 +0200

    THANKS: 24 new names from 7.49.0 release notes

commit 75de066af318eb800fcff13908f17e7f8e8c28ba
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 17 14:02:11 2016 +0200

    RELEASE-NOTES: 7.49.0

commit 668279d7886e77b0bdea75ee1f491227cc038334
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Apr 24 17:52:18 2016 +0200

    mbedtls/polarssl: set "hostname" unconditionally

    ...as otherwise the TLS libs will skip the CN/SAN check and just allow
    connection to any server. curl previously skipped this function when SNI
    wasn't used or when connecting to an IP address specified host.

    CVE-2016-3739

    Bug: https://curl.haxx.se/docs/adv_20160518A.html
    Reported-by: Moti Avrahami

commit 655dc6765af2744ac83e7aa35d528ae848997e0b
Author: Frank Gevaerts <frank@gevaerts.be>
Date:   Tue May 17 14:22:56 2016 +0200

    CURLOPT_RESOLVE.3: fix typo

    Closes #811

commit d4ac13e8b1e25804616811596d43b5a19e2808fe
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 17 13:17:07 2016 +0200

    docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVE

commit 687af54a81c551b3d2cf05f18efcf2e00bac59e7
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 17 11:13:48 2016 +0200

    KNOWN_BUGS: GnuTLS backend skips really long certificate fields

    Closes #762

commit 0e2daece7fc985fbd752e45b8a3b6f88f2bd8665
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 17 11:08:10 2016 +0200

    CURLOPT_HTTPPOST.3: the data needs to be around while in use

commit 479ecd7db082e813a050b7013603bb24bdf47ff0
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 17 09:34:33 2016 +0200

    openssl: get_cert_chain: fix NULL dereference

    CID 1361815: Explicit null dereferenced (FORWARD_NULL)

commit b5c90dd535eeafc3132e9279d7d0c6b537d96ac1
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 17 09:14:06 2016 +0200

    openssl: get_cert_chain: avoid NULL dereference

    CID 1361811: Explicit null dereferenced (FORWARD_NULL)

commit ca80fc55f8034ae162de943ec0326559059bbd88
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 17 09:06:32 2016 +0200

    dprintf_formatf: fix (false?) Coverity warning

    CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when
    we run over 'workend' but the condition says <= workend and for all I
    can see it should be safe. Compensating for the warning by adding a byte
    margin in the buffer.

    Also, removed the extra brace level indentation in the code and made it
    so that 'workend' is only assigned once within the function.

commit 442633b6389a8d3cc2f4a0a67861fad4cf7ca76b
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 16 09:05:03 2016 +0200

    RELEASE-NOTES: synced with 2dcb5adc72d6

commit fdf5fa1ec78b6a022291aa52c4b8dbbde0ed8524
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 16 09:04:13 2016 +0200

    THANKS-filter: fixed Jonathan Cardoso

commit f727be5b9168b3b324e95cf4474a00e1703e5828
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Sun May 15 23:48:47 2016 -0400

    ftp: fix incorrect out-of-memory code in Curl_pretransfer

    - Return value type must match function type.

    s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/

    Caught by Travis CI

commit 115c262e43a0414adeb5b267facf65230a8adab5
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 15 00:37:36 2016 +0200

    ftp wildcard: segfault due to init only in multi_perform

    The proper FTP wildcard init is now more properly done in Curl_pretransfer()
    and the corresponding cleanup in Curl_close().

    The previous place of init/cleanup code made the internal pointer to be NULL
    when this feature was used with the multi_socket() API, as it was made within
    the curl_multi_perform() function.

    Reported-by: Jonathan Cardoso Machado
    Fixes #800

commit 2bff329fe002e3ef6c8060a250e9d8141be1af7f
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Fri May 13 16:01:35 2016 -0400

    libcurl-tlibcurl-thread: Update OpenSSL links

    Because the old OpenSSL link now redirects to their master documentation
    (currently 1.1.0), which does not document the required actions for
    OpenSSL <= 1.0.2.

commit 679c0c533feb0db3f6025ef2b2de30f6dc94bc53
Author: Viktor Szakats <vszakats@users.noreply.github.com>
Date:   Fri May 13 09:25:54 2016 +0200

    darwinssl.c: fix OS X codename typo in comment

commit 0d07a7d8236f7b824de5de98267ddf15b9ee9c56
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri May 13 00:18:53 2016 +0200

    RELEASE-NOTES: synced with 68701e51c1f7

    Added 8 bug fixes and 5 more contrbutors

commit 40513b6443a2382788d280fdea582bc5e683e924
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Wed Mar 9 02:59:05 2016 -0500

    mprintf: Fix processing of width and prec args

    Prior to this change a width arg could be erroneously output, and also
    width and precision args could not be used together without crashing.

    "%0*d%s", 2, 9, "foo"

    Before: "092"
    After: "09foo"

    "%*.*s", 5, 2, "foo"

    Before: crash
    After: "   fo"

    Test 557 is updated to verify this and more

commit e98d916b1fb32aa9efcdf5468f314667e7649c16
Author: Michael Kaufmann <mail@michael-kaufmann.ch>
Date:   Fri May 13 00:02:21 2016 +0200

    ConnectionExists: follow-up fix for proxy re-use

    Follow-up commit to 5823179

    Closes #648

commit c0c7f7b3c4a18a328650bfe78a7465b18839a932
Author: Per Malmberg <per.malmberg@snowsoftware.com>
Date:   Thu May 12 12:16:16 2016 +0200

    darwinssl: fix certificate verification disable on OS X 10.8

    The new way of disabling certificate verification doesn't work on
    Mountain Lion (OS X 10.8) so we need to use the old way in that version
    too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2
    and 10.11.

    Closes #802

commit d8dcc863c443467b5ddb0fc04f7882fdd6214957
Author: Cory Benfield <lukasaoz@gmail.com>
Date:   Wed May 11 12:35:05 2016 +0100

    http2: Add space between colon and header value

    curl's representation of HTTP/2 responses involves transforming the
    response to a format that is similar to HTTP/1.1. Prior to this change,
    curl would do this by separating header names and values with only a
    colon, without introducing a space after the colon.

    While this is technically a valid way to represent a HTTP/1.1 header
    block, it is much more common to see a space following the colon. This
    change introduces that space, to ensure that incautious tools are safely
    able to parse the header block.

    This also ensures that the difference between the HTTP/1.1 and HTTP/2
    response layout is as minimal as possible.

    Bug: https://github.com/curl/curl/issues/797

    Closes #798
    Fixes #797

commit 5dfc9472377fba79ae7387ca8abbd5ef09c8557f
Author: Kamil Dudka <kdudka@redhat.com>
Date:   Thu May 12 08:36:21 2016 +0200

    openssl: fix compile-time warning in Curl_ossl_check_cxn()

    ... introduced in curl-7_48_0-293-g2968c83:

    Error: COMPILER_WARNING:
    lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’
    lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’
    may alter its value [-Wconversion]

commit e43046d2acdb834528447ca26bf001890cefcf62
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Wed May 11 21:21:15 2016 -0400

    openssl: stricter connection check function

    - In the case of recv error, limit returning 'connection still in place'
    to EINPROGRESS, EAGAIN and EWOULDBLOCK.

    This is an improvement on the parent commit which changed the openssl
    connection check to use recv MSG_PEEK instead of SSL_peek.

    Ref: https://github.com/curl/curl/commit/856baf5#comments

commit 3015848733b70e73457d6caba257a309e143e1d2
Author: Anders Bakken <agbakken@gmail.com>
Date:   Tue May 10 12:49:33 2016 -0700

    TLS: SSL_peek is not a const operation

    Calling SSL_peek can cause bytes to be read from the raw socket which in
    turn can upset the select machinery that determines whether there's data
    available on the socket.

    Since Curl_ossl_check_cxn only tries to determine whether the socket is
    alive and doesn't actually need to see the bytes SSL_peek seems like
    the wrong function to call.

    We're able to occasionally reproduce a connect timeout due to this
    bug. What happens is that Curl doesn't know to call SSL_connect again
    after the peek happens since data is buffered in the SSL buffer and thus
    select won't fire for this socket.

    Closes #795

commit c255912dfd8fcaa06720bb736dc253434ed42be1
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 9 16:50:11 2016 +0200

    TLS: move the ALPN/NPN enable bits to the connection

    Only protocols that actually have a protocol registered for ALPN and NPN
    should try to get that negotiated in the TLS handshake. That is only
    HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN
    would wrongly be used in all handshakes if libcurl was built with it
    enabled.

    Reported-by: Jay Satiro

    Fixes #789

commit b5354fc1f99756ab9cf8540d5feb67c6e0ecb46d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 8 15:48:26 2016 +0200

    libcurl-thread.3: openssl 1.1.0 is safe, and so is boringssl

commit 5d9516199c4e6c4e26e2c3913fb24d311f3c3e0e
Author: Antonio Larrosa <larrosa@kde.org>
Date:   Thu May 5 19:50:15 2016 +0200

    connect: fix invalid "Network is unreachable" errors

    Sometimes, in systems with both ipv4 and ipv6 addresses but where the
    network doesn't support ipv6, Curl_is_connected returns an error
    (intermittently) even if the ipv4 socket connects successfully.

    This happens because there's a for-loop that iterates on the sockets but
    the error variable is not resetted when the ipv4 is checked and is ok.

    This patch fixes this problem by setting error to 0 when checking the
    second socket and not having a result yet.

    Fixes #794

commit 90fa4d7fff229814c8698a6cb1a43f5af227ce86
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Thu May 5 14:34:27 2016 -0400

    FAQ: refer to thread safety guidelines

commit d02ab0afd3d640d51105f537aa17603ad1c3f2a0
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 2 23:15:05 2016 +0200

    connections: non-HTTP proxies on different ports aren't reused either

    Reported-by: Oleg Pudeyev and fuchaoqun

    Fixes #648

commit 44577c9ad426222f0c49887521fecf1b1e7a3e17
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 2 11:24:11 2016 +0200

    http: make sure a blank header overrides accept_decoding

    Reported-by: rcanavan
    Assisted-by: Isaac Boukris
    Closes #785

commit 2e77fc44fa39ac83ef5a3f54aa1bdbe40b0f04a7
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 2 11:18:59 2016 +0200

    CHECKSRC.md: clarified, explained the whitelist file

commit 80fbb64602d3142da9c8faa34e86bb79ea092062
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 2 09:09:16 2016 +0200

    nroff-scan.pl: verify that references are made with \fI

commit 814abf8a78a4a08e824c6060cb5a9d457076f6ef
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 2 09:09:36 2016 +0200

    docs: unified man page references to use \fI

commit abb9392f47f078f13f43eab1ee9591c39ecd76a5
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 2 08:36:54 2016 +0200

    TODO: 17.14 --fail without --location should treat 3xx as a failure

    Closes #727

commit cfd22fe432a74ba872bc4d3cf32e25a6c9eff9ff
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 1 23:44:02 2016 +0200

    RELEASE-NOTES: synced with 7987f5cb14d

commit 516b948e1cd493f349d8ebd25567ad0c1e1dfe17
Author: Isaac Boukris <iboukris@gmail.com>
Date:   Sat Apr 23 15:52:04 2016 +0300

    CURLOPT_ACCEPT_ENCODING.3: Follow-up clarification

    Mention possible content-length mismatch with sum of bytes reported
    by write callbacks when auto decoding is enabled.

    See #785

commit 4ed86b17332198915d0fcb22b71808782dc838d9
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 1 23:07:35 2016 +0200

    test1140: run nroff-scan to verify man pages

commit ee4eaef37334771515b434bb29c468961fce517d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 1 23:07:06 2016 +0200

    nroff-scan.pl: verify the .BR references as well

commit be8bb56607f76f5a0d130bb12595c73bd7a9c9dd
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 1 23:06:43 2016 +0200

    CURLOPT_CONV_TO_NETWORK_FUNCTION.3: fix bad man page reference

commit 287911ab351da110b56f739a86dd1cee2e2e46c7
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 1 23:06:15 2016 +0200

    CURLOPT_BUFFERSIZE.3: fix reference to CURLOPT_MAX_RECV_SPEED_LARGE

commit 61f2805e3d1b7a71a05a78b87f2e310b55d68d9e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 1 23:05:55 2016 +0200

    curl_easy_pause.3: fix man page reference

commit a4305a67583eeeb52c9473de3d0d449b82d2ed56
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Sun May 1 16:07:04 2016 -0400

    tool_cb_hdr: Fix --remote-header-name with schemeless URL

    - Move the existing scheme check from tool_operate.

    In the case of --remote-header-name we want to parse Content-disposition
    for a filename, but only if the scheme is http or https. A recent
    adjustment 0dc4d8e was made to account for schemeless URLs however it's
    not 100% accurate. To remedy that I've moved the scheme check to the
    header callback, since at that point the library has already determined
    the scheme.

    Bug: https://github.com/curl/curl/issues/760
    Reported-by: Kai Noda

commit bf412cbe0eafc775648fd131a73e4105408402ee
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 1 17:05:38 2016 +0200

    tls: make setting pinnedkey option fail if not supported

    to make it obvious to users trying to use the feature with TLS backends
    not supporting it.

    Discussed in #781
    Reported-by: Travis Burtrum

commit 76c831213e77e0970662d6a224479de27155ebc0
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 1 16:41:35 2016 +0200

    nroff-scan.pl: verifies nroff pages

    ... not used by any test yet but can be used stand-alone.

commit 32dd6a5d71b8ffc7ff5dc3af2d0eaade5ec54683
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 1 16:41:04 2016 +0200

    opts: fix broken/bad references

commit 5259ac9abd43ea647e2fb2510abbf4a60275ecf3
Author: Michael Kaufmann <mail@michael-kaufmann.ch>
Date:   Sun May 1 13:22:16 2016 +0200

    docs: fix bugs in CURLOPT_HTTP_VERSION.3 and CURLOPT_PIPEWAIT.3

    Closes #786

commit 7199a99bf4f8b914e59f9bf689bf51513f2af4ef
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 1 13:29:11 2016 +0200

    CURLOPT_ACCEPT_ENCODING.3: clarified

    As discussed in #785

commit 677c1b453c35daf094ef8e9687cfbcc93844e17c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sat Apr 30 00:15:44 2016 +0200

    curl.1: --mail-rcpt can be used multiple times

    Reported-by: mgendre
    Closes #784

commit 3ef3eed84e0e8d779d7b85f7764a25ff887fee71
Author: Karlson2k <k2k@narod.ru>
Date:   Mon Feb 22 10:06:53 2016 +0300

    tests: Use 'pathhelp' for paths conversions in secureserver.pl

    Closes #675

commit f4f19b838451966761a3e67b79ff08a3e2e3d2cc
Author: Karlson2k <k2k@narod.ru>
Date:   Sun Feb 21 23:17:57 2016 +0300

    tests: Use 'pathhelp' for paths conversions in sshserver.pl

commit 059cad2a994286246386be181a8a4185e8cf32b8
Author: Karlson2k <k2k@narod.ru>
Date:   Wed Mar 16 00:14:47 2016 +0300

    tests: Use 'pathhelp' for current path in runtests.pl

commit 9e1429c09847bd15200ff837c3ed7e6f9988e39c
Author: Karlson2k <k2k@narod.ru>
Date:   Tue Mar 15 23:07:19 2016 +0300

    tests: pathhelp.pm to process paths on Msys/Cygwin

commit 6c4a308a688c6f9bfd218d6c7faced84745d964a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Apr 29 15:46:40 2016 +0200

    lib: include curl_printf.h as one of the last headers

    curl_printf.h defines printf to curl_mprintf, etc. This can cause
    problems with external headers which may use
    __attribute__((format(printf, ...))) markers etc.

    To avoid that they cause problems with system includes, we include
    curl_printf.h after any system headers. That makes the three last
    headers to always be, and we keep them in this order:

     curl_printf.h
     curl_memory.h
     memdebug.h

    None of them include system headers, they all do funny #defines.

    Reported-by: David Benjamin

    Fixes #743

commit c273bf8e8fb146190cfe7974eafc79fe65ae474d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Apr 29 15:33:46 2016 +0200

    memdebug.h: remove inclusion of other headers

    Mostly because they're not needed, because memdebug.h is always included
    last of all headers so the others already included the correct ones.

    But also, starting now we don't want this to accidentally include any
    system headers, as the header included _before_ this header may add
    defines and other fun stuff that we won't want used in system includes.

commit dd865137fafade1ee1ea2d4e8f39e27b915416ff
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Fri Apr 29 15:24:10 2016 +0200

    curl -J: make it work even without http:// scheme on URL

    It does open up a miniscule risk that one of the other protocols that
    libcurl could use would send back a Content-Disposition header and then
    curl would act on it even if not HTTP.

    A future mitigation for this risk would be to allow the callback to ask
    libcurl which protocol is being used.

    Verified with test 1312

    Closes #760

commit ac019c3d473f88553eb15264a138498b6bde6089
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:52:37 2016 +0200

    manpage-scan.pl: also verify the command line option docs

    This script now also scans src/tool_getparam.c, docs/curl.1 and
    src/tool_help.c and will warn if any of them lists a command line option
    not mentioned in one of the other places.

commit a111f803aef53cfa339a924823343fd19a2a1147
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:50:52 2016 +0200

    curl: show the long option version of -q in the -h list

commit f01933f079e72b0bb5c7276dc211ee03cf628c2a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:47:03 2016 +0200

    curl: remove "--socks" as "--socks5" turned 8

    In commit 2e42b0a2524 (Jan 2008) we made the option "--socks" deprecated
    and it has not been documented since. The more explicit socks options
    (like --socks4 or --socks5) should be used.

commit 500177d9de72cec03d85a24423ead24a33ba8a40
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:46:31 2016 +0200

    curl.1: document the deprecated --ftp-ssl option

commit 2bd39a8a16f99a44612937466574c1ead7a5327c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:38:28 2016 +0200

    curl: remove --http-request

    It was mentioned as deprecated already in commit ae1912cb0d4 from
    1999. It has not been documented in this millennium.

commit a925bd58567a44ba47c7aabf2ace8240e81290e5
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:33:27 2016 +0200

    curl: mention --ntlm-wb in -h list

commit ab8392d34a70f514aa9277fe7d2e11165c81605c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:31:53 2016 +0200

    curl: -h output lacked --proxy-header

commit 19c03ca2f367b99aa2ed11aed356eb13c105e737
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:26:52 2016 +0200

    curl.1: document --ntlm-wb

commit 2c6382994de9ae6834b7df86a0fd2e1306b38c14
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:23:44 2016 +0200

    curl.1: document the long format of -q: --disable

commit 48a27255cce7077c54f6e27770c7421689df084c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:23:17 2016 +0200

    curl.1: mention the deprecated --krb4 option

commit 50dcd06fca6d95d0240ec66613d04be93402ca94
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:18:28 2016 +0200

    curl.1: document --ftp-ssl-reqd

    Even if deprecated, document it so that people will find it as old
    scripts may still use it.

commit 5b98227a56c3f383ab9febe06e735816f3419d42
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:13:55 2016 +0200

    curl: use --telnet-option as documented

    The code said "telnet-options" but no documentation ever said so. It
    worked fine since the code is fine with a unique match of the first
    part.

commit daf1a22df81eb90f484240b25d957111a2343418
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 23:08:42 2016 +0200

    getparam: remove support for --ftpport

    It has been deprecated and undocumented since commit ad5ead8bed7 (Dec
    2003). --ftp-port is the proper long option name.

commit bac90204b3a5bc745a716c559dc9bd522fe3ddb6
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 22:32:05 2016 +0200

    curl: make --disable work as long form of -q

    To make the aliases list reflect reality.

commit 862768dcec82e1704c4606d28185d158b6d15e2c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 22:28:37 2016 +0200

    aliases: remove trailing space from capath string

commit d511fd9c19603418e184670063654c3ef0f311ad
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 22:24:10 2016 +0200

    cmdline parse: only single letter options have single-letter strings

    ... moved around options so that parsing the code to find all
    single-letter options easier.

commit 55fa26fb7b7e44c989352ed25d40518abfdf94ae
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Thu Apr 28 16:48:38 2016 -0400

    CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability

    Bug: https://curl.haxx.se/mail/lib-2016-04/0126.html
    Reported-by: Bru Rom

commit a5fe7027b7173015ef72d8477ede65ca573e8747
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 16:31:37 2016 +0200

    curl_easy_getinfo.3: remove superfluous blank lines

commit ca2a93176aedfacaf600ed2e45d1152195f454b4
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 16:27:51 2016 +0200

    test1139: verifies libcurl option man page presence

    - checks that each option has its own man page present

    - checks that each option is mentioned in its corresponding index man
      page

commit 3567c6611567b7afb5170c61b0cad28841b2a522
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 28 16:26:42 2016 +0200

    curl_easy_getinfo.3: added missing mention of CURLINFO_TLS_SESSION

    ... although it is deprecated.

commit c5498c5dae9493021afab86f8311bd850969520a
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Thu Apr 28 02:57:12 2016 -0400

    mbedtls: Fix session resume

    This also fixes PolarSSL session resume.

    Prior to this change the TLS session information wasn't properly
    saved and restored for PolarSSL and mbedTLS.

    Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html
    Reported-by: Thomas Glanzmann

    Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html
    Reported-by: Moti Avrahami

commit 73323130a5d74b81f54f82ff8a8a582d86cc7e99
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Apr 27 15:31:38 2016 +0200

    RELEASE-NOTES: synced with f4298fcc6d2

commit 1a26114061f097a84544c0796d81d5f0885ee1aa
Author: Michael Kaufmann <mail@michael-kaufmann.ch>
Date:   Tue Apr 26 23:51:50 2016 +0200

    opts: Fix some syntax errors in example code fragments

    Fixes #779

commit c6ce372b239d13d143f85080a1c8c503f49a959f
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 26 23:55:31 2016 +0200

    openssl: avoid BN_print a NULL bignum

    OpenSSL 1.1.0-pre seems to return NULL(?) for a whole lot of those
    numbers so make sure the function handles this.

    Reported-by: Linus Nordberg

commit 5abce4f5941db07ede65dec1e5c61d042484fa14
Author: Marcel Raad <raad@teamviewer.com>
Date:   Mon Feb 15 08:58:36 2016 +0100

    CONNECT_ONLY: don't close connection on GSS 401/407 reponses

    Previously, connections were closed immediately before the user had a
    chance to extract the socket when the proxy required Negotiate
    authentication.

    This regression was brought in with the security fix in commit
    79b9d5f1a42578f

    Closes #655

commit 1e6ac00de13959b1d1945d4e024a287efc929c6a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 26 15:17:07 2016 +0200

    CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0

commit 62ffc7de90adfb6f3a882707a82983bbd0c7277e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 26 00:28:40 2016 +0200

    mbedtls.c: silly spellfix of a comment

commit 6aee1e17934fd3dc9604df0a415710f6d1ab249c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 26 00:07:40 2016 +0200

    KNOWN_BUGS: 1.10 Strips trailing dot from host name

    Closes #716

commit 24ae676c66294f0f9051a7c6e6ddb060577d78fc
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 25 23:51:33 2016 +0200

    test1322: verify stripping of trailing dot from host name

    While being debated (in #716) and a violation of RFC 7230 section 5.4,
    this test verifies that the existing functionality works as intended. It
    strips the dot from the host name and uses the host without dot
    throughout the internals.

commit 83e671d225c5cdb982d3a89e9143975dcf532f46
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sat Apr 23 22:46:15 2016 +0200

    multi: accidentally used resolved host name instead of proxy

    Regression introduced in 09b5a998

    Bug: https://curl.haxx.se/mail/lib-2016-04/0084.html
    Reported-by: BoBo

commit d212b90b1a4167bb9aa6b9f20c8f2332f11eb86e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 25 23:15:00 2016 +0200

    symbols-in-versions: added new CURLSSLBACKEND_ symbols

commit 8f2ae61d9e3604c19d5adfcbdfc106ed14d19409
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 25 23:10:13 2016 +0200

    test148: fixed after the --ftp-create-dirs retry change

    follow-up commit to 3c1e84f569 as it made curl try a little harder

commit a668d5bbe33d8c7acdda77af19060bb1716ef03c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 25 11:35:12 2016 +0200

    curl.h: clarify curl_sslbackend for openssl clones and renames

commit cadb702ac30c58522ac60cbf06bf8d11a4394651
Author: Karlson2k <k2k@narod.ru>
Date:   Mon Apr 25 12:12:26 2016 +0300

    url.c: fixed DEBUGASSERT() for WinSock workaround

    If buffer is allocated, but nothing is received during prereceive
    stage, than number of processed bytes must be zero.

    Closes #778

commit c13f42898f81ca023afa67f0db0c82b997f6406c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 25 11:20:23 2016 +0200

    KNOWN_BUGS: --interface for ipv6 binds to unusable IP address

    Closes #686 for now.

commit 5f46d6f694c7b59ae6bec5561a202064bbaf5bcf
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Apr 24 23:51:34 2016 +0200

    TODO: 1.17 Add support for IRIs

    Adding support for IRIs is a mouthful, but is probably interesting at
    least for areas and countries where the use of such "URLs" are growing
    popularity.

    Closes #776

commit 9c6a48fcedf56d54ffdb8a5dee2da660c324d343
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Apr 24 12:46:41 2016 +0200

    THANKS-filter: Travis Burtrum

commit c143ec0ac918d973ec1b718b5e82d4dd90da1534
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Apr 24 12:27:22 2016 +0200

    lib1517: checksrc compliance

commit ec80fa3185eefcd26ed616eaff7aa60effce5702
Author: moparisthebest <admin@moparisthebest.com>
Date:   Thu Apr 21 21:21:45 2016 -0400

    PolarSSL: Implement public key pinning

commit 140f6df1c9f66333dc2d9500f1ec5ac0c56e677b
Author: Patrick Monnerat <patrick.monnerat@dh.com>
Date:   Fri Apr 22 16:50:30 2016 +0200

    os400: upgrade ILE/RPG binding

commit ec429a02e4d6ec0d5328153131e291aa60dbf04b
Author: Patrick Monnerat <patrick.monnerat@dh.com>
Date:   Fri Apr 22 16:49:02 2016 +0200

    curl.h: CURLOPT_CONNECT_TO sets a struct slist *, not a string

commit eaee7dfb7bf7263db19070a5d1c5bf8c329386cf
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Apr 22 15:53:42 2016 +0200

    contributors.sh: make --releasenotes implied

    It got too annoying to type =)

commit 9d415a922c5ae1ee7ce70fa52e1ae0a4e8bca88a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Apr 22 15:46:34 2016 +0200

    RELEASE-NOTES: synced with 3c1e84f5693d8093

commit 93430cb00430e45521bf043694cdfc707c01ba3d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Apr 22 15:25:13 2016 +0200

    curl: make --ftp-create-dirs retry on failure

    The underlying libcurl option used for this feature is
    CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir
    creation, but it was never set to do that by the command line tool.

    Now it does.

    Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html
    Reported-by: John Wanghui
    Help-by: Leif W

commit 521b69dde4bc36b97bc7830824b8d32cf6777db3
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 21 23:14:13 2016 +0200

    KNOWN_BUGS: fixed "5.6 Improper use of Autoconf cache variables"

    As of commit d9f3b365a3

commit 1b1c7b55c63ca4b5b53b9f8faff6cb626d5570ad
Author: Irfan Adilovic <i.adilovic@nfotex.com>
Date:   Sun Apr 17 22:05:15 2016 +0200

    configure: ac_cv_ -> curl_cv_ for write-only vars

    These configure vars are modified in a curl-specific way but never
    evaluated or loaded from cache, even though they are designated as
    _cv_. We could either implement proper AC_CACHE_CHECKs for them, or
    remove them completely.

    Fixes #603 as ac_cv_func_gethostbyname is no longer clobbered, and
    AC_CHECK_FUNC(gethostbyname...) will no longer spuriously succeed after
    the first configure run with caching.

    `ac_cv_func_strcasecmp` is curious, see #770.

    `eval "ac_cv_func_$func=yes"` can still cause problems as it works in
    tandem with AC_CHECK_FUNCS and then potentially modifies its result. It
    would be best to rewrite this test to use a new CURL_CHECK_FUNCS macro,
    which works the same as AC_CHECK_FUNCS but relies on caching the values
    of curl_cv_func_* variables, without modifiying ac_cv_func_*.

commit 4c09479d6298cdd15668d084fb925deab9cd8f05
Author: Irfan Adilovic <i.adilovic@nfotex.com>
Date:   Sun Apr 17 21:58:15 2016 +0200

    configure: ac_cv_ -> curl_cv_ for r/w vars

    These configure vars are modified in a curl-specific way and modified by
    the configure process, but are never loaded from cache, even though they
    are designated as _cv_. We should implement proper AC_CACHE_CHECKs for
    them eventually.

commit 8f363a559b17328934000ae9d0c2b733586b7cb0
Author: Irfan Adilovic <i.adilovic@nfotex.com>
Date:   Sun Apr 17 17:01:13 2016 +0200

    configure: ac_cv_func_clock_gettime -> curl_...

    This variable must not be cached in its current form, as any cached
    information will prevent the next configure run from determining the
    correct LIBS needed for the function. Thus, rename prefix `ac_cv_` to
    just `curl_`.

commit c9db2a9b5a077e1f15ce6ba728a9fcffae34d825
Author: Irfan Adilovic <i.adilovic@nfotex.com>
Date:   Fri Apr 15 16:37:20 2016 +0200

    configure: ac_cv_ -> curl_cv_ for all cached vars

    This was automated by:

    sed -b -i -f <(ack -A1 AC_CACHE_CHECK | \
                   ack -o 'ac_cv_.*?\b' | \
                   sort -u | xargs -n1 bash -c \
                        'echo "s/$0/curl_cv_${0#ac_cv_}/g"') \
        $(git ls-files)

    This only changed the prefix for 16 variables actually checked with
    AC_CACHE_CHECK.

commit 06e5a532303f3d53ea72903964cf2a17c6431ea6
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 21 10:24:23 2016 +0200

    openssl: builds with OpenSSL 1.1.0-pre5

    The RSA, DSA and DH structs are now opaque and require use of new APIs

    Fixes #763

commit 9c4d5c0bc22586f7ad9365f256952b1b862f8b47
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Wed Apr 20 18:07:05 2016 +0100

    url.c: Prefer we don't use explicit NULLs in conditions

    Fixed commit fa5fa65a30 to not use NULLs in if condition.

commit b9be5347b632ee24c93003db39bd9883cdbf6139
Author: Isaac Boukris <iboukris@gmail.com>
Date:   Sat Apr 16 11:49:09 2016 +0300

    NTLM: check for NULL pointer before deferencing

    At ConnectionExists, both check->proxyuser and check->proxypasswd
    could be NULL, so make sure to check first.

    Fixes #765

commit 636970d11edbffae693c47109a500ef9e451624c
Author: Karlson2k <k2k@narod.ru>
Date:   Thu Mar 17 20:04:20 2016 +0300

    tests: added test1517

    ... for checking ability to receive full HTTP response when POST request
    is used with slow read callback function.

    This test checks for bug #657 and verifies the work-around from
    72d5e144fbc6.

    Closes #720

commit 916d86e9ecfd95888a20b4d8315bf8899a1f26c0
Author: Karlson2k <k2k@narod.ru>
Date:   Fri Feb 19 22:38:20 2016 +0300

    sendf.c: added ability to call recv() before send() as workaround

    WinSock destroys recv() buffer if send() is failed. As result - server
    response may be lost if server sent it while curl is still sending
    request. This behavior noticeable on HTTP server short replies if
    libcurl use several send() for request (usually for POST request).
    To workaround this problem, libcurl use recv() before every send() and
    keeps received data in intermediate buffer for further processing.

    Fixes: #657
    Closes: #668

commit 9b8c22af77364dcdbca2f3a75601c20a5c79fa2f
Author: Kamil Dudka <kdudka@redhat.com>
Date:   Tue Apr 19 09:38:44 2016 +0200

    connect: make sure that rc is initialized in singleipconnect()

    This commit fixes a Clang warning introduced in curl-7_48_0-190-g8f72b13:

    Error: CLANG_WARNING:
    lib/connect.c:1120:11: warning: The right operand of '==' is a garbage value
    1118|       }
    1119|
    1120|->     if(-1 == rc)
    1121|         error = SOCKERRNO;
    1122|     }

commit 99200bf300cf34988b0575acbc68bd1c747c3549
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 08:48:36 2016 +0200

    make/checksrc: use $srcdir, not $top_srcdir

commit 8508d3c1ea2127075c22011a6a6d08a2220da536
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 08:43:13 2016 +0200

    src/checksrc.whitelist: removed

commit 7a81cf54eb54ddfd45a756316fd425f8555ed721
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 08:42:55 2016 +0200

    tool_operate: switch to inline checksrc ignore

commit e37d9bee05cd6d292c84ef17aa28921640393f6b
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 08:30:43 2016 +0200

    lib/checksrc.whitelist: not needed anymore

    ... as checksrc now skips comments

commit 5a5e04d4a5bccf33d673b7df572bbbcec4306676
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 08:41:15 2016 +0200

    vtls.h: remove a space before semicolon

    ... that the new checksrc detected

commit 24121339200d7a16d759acf4ce054248cebfa0e8
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 08:32:14 2016 +0200

    darwinssl: removed commented out code

commit 5cf2c12553c10afe900d764de1c2af56f2aea71e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 08:31:33 2016 +0200

    http_chunks: removed checksrc disable

    ... since checksrc now skips comments

commit 2d544104959b8c787c16b79eb818b98c9d59ead9
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 08:31:11 2016 +0200

    imap: inlined checksrc disable instead of whitelist edit

commit ccc4558ce3f409acbb083c81bf508c937a2ad864
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 08:30:13 2016 +0200

    checksrc: taught to skip comments

    ... but output non-stripped version of the line, even if that then can
    make the script identify the wrong position in the line at
    times. Showing the line stripped (ie without comments) is just too
    surprising.

commit e9e42a08e945b75b8750a04652a0f5b1038aed9a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 07:59:35 2016 +0200

    opts/Makefile.am: list all docs file one by one

    ... to make it easier to add lines in patches that won't just break all
    other patches trying to add lines too.

commit b8869ab0336c56e4b1ca104e32743bb65437a197
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 00:48:56 2016 +0200

    curl_easy_setopt.3: mention CURLOPT_TCP_FASTOPEN

commit 69f02834b0a06154b4edfbb3320fd44da4886103
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 19 00:39:27 2016 +0200

    RELEASE-NOTES: synced with 03de4e4b219

    (since we just merged two major features)

commit d48a87f137c51197a8bd00a8b0c5cafe5ee2bcbb
Author: Alessandro Ghedini <alessandro@ghedini.me>
Date:   Sun Apr 3 13:08:28 2016 +0100

    connect: implement TCP Fast Open for Linux

    Closes #660

commit ec2efbbe76a6f2c2c2c7d2152e50d95b051d3cf0
Author: Alessandro Ghedini <alessandro@cloudflare.com>
Date:   Tue Feb 16 12:21:34 2016 +0000

    tool: add --tcp-fastopen option

commit fede41982d60eafc1dd6b5b900af9454d9835039
Author: Alessandro Ghedini <alessandro@cloudflare.com>
Date:   Tue Feb 16 12:21:22 2016 +0000

    connect: implement TCP Fast Open for OS X

commit 7d651b2638ff30c5ba3bd2b3b783baf2fccc68da
Author: Alessandro Ghedini <alessandro@cloudflare.com>
Date:   Tue Feb 16 12:21:03 2016 +0000

    url: add CURLOPT_TCP_FASTOPEN option

commit 2575aa75a1cbabf94755a210fa9cdefccd5656ba
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 18 20:10:52 2016 +0200

    checksrc: pass on -D so the whitelists are found correctly

commit 6ce931dc188a2cd7ad9e13cdf1dbcd6a8f3352ac
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 18 15:53:24 2016 +0200

    configure: remove check for libresolve

    'strncasecmp' was once provided by libresolv (no trailing e) for SunOS,
    but this check is broken and most likely adds nothing useful. Removing
    now.

    Reported-by: Irfan Adilovic

    Discussed in #770

commit 5783715e63d2955a0a4c986630f66e981d79c21a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 18 15:50:57 2016 +0200

    scripts/make: use $(EXEEXT) for executables

    Reported-by: bodop

    Fixes #771

commit f4652556a47a089f9d8d1e6e6567fecadcc41e5c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 18 15:04:17 2016 +0200

    includes: avoid duplicate memory callback typdefs even harder

commit 1beb89235bbf4a2c450c620aef52792ea1aec7ed
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 18 14:58:11 2016 +0200

    checksrc/makefile.am: use $top_srcdir to find source files

    ... to properly support out of source tree builds.

commit d6ab13ee1582c120abcf3ce3b777bad2e37ac10b
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 18 12:38:22 2016 +0200

    RELEASE-NOTES: synced with 26ec93dd6aeba8dfb5

commit 459837a0d01e596436065004cc8bb402bb3c6f68
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 18 00:02:29 2016 +0200

    opts: fix option references missing (section)

commit 91ae08be70964e1e8a167bf11f62744f8bf932a7
Author: Michael Kaufmann <mail@michael-kaufmann.ch>
Date:   Mon Jan 25 14:37:24 2016 +0100

    news: CURLOPT_CONNECT_TO and --connect-to

    Makes curl connect to the given host+port instead of the host+port found
    in the URL.

commit 61e819fa758ff2066657dd86258fbed9e4842648
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Apr 17 17:16:21 2016 +0200

    makefile.vc6: use d suffix on debug object

    To allow both release and debug builds in parallel.

    Reported-by: Rod Widdowson

    Fixes #769

commit 3929ff667f43c84c55941ae2f3cd85ca6aae00c3
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Tue Apr 12 00:37:44 2016 -0400

    http2: Use size_t type for data drain count

    Ref: https://github.com/curl/curl/issues/659
    Ref: https://github.com/curl/curl/pull/663

commit 740224cb8ad57a997335476350edc77e0d0494db
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Thu Mar 3 01:24:27 2016 -0500

    http2: Improve header parsing

    - Error if a header line is larger than supported.

    - Warn if cumulative header line length may be larger than supported.

    - Allow spaces when parsing the path component.

    - Make sure each header line ends in \r\n. This fixes an out of bounds.

    - Disallow header continuation lines until we decide what to do.

    Ref: https://github.com/curl/curl/issues/659
    Ref: https://github.com/curl/curl/pull/663

commit 009f646d0785d5a2664604dcb2d89dcb9aaac285
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Thu Mar 3 00:47:46 2016 -0500

    http2: Add Curl_http2_strerror for HTTP/2 error codes

    Ref: https://github.com/curl/curl/issues/659
    Ref: https://github.com/curl/curl/pull/663

commit 9057183fd10c15a2fea4756ad523bdf2a418e78b
Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date:   Wed Feb 24 22:10:37 2016 +0900

    http2: Don't increment drain when one header field is received

    Sicne we write header field in temporary location, not in the memory
    that upper layer provides, incrementing drain should not happen.

    Ref: https://github.com/curl/curl/issues/659
    Ref: https://github.com/curl/curl/pull/663

commit e37d2d737b1c5d6aab419a1d7e1e264768c33d5b
Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date:   Tue Feb 23 23:33:04 2016 +0900

    http2: Ensure that http2_handle_stream_close is called

    This commit ensures that streams which was closed in on_stream_close
    callback gets passed to http2_handle_stream_close.  Previously, this
    might not happen.  To achieve this, we increment drain property to
    forcibly call recv function for that stream.

    To more accurately check that we have no pending event before shutting
    down HTTP/2 session, we sum up drain property into
    http_conn.drain_total.  We only shutdown session if that value is 0.

    With this commit, when stream was closed before reading response
    header fields, error code CURLE_HTTP2_STREAM is returned even if
    HTTP/2 level error is NO_ERROR.  This signals the upper layer that
    stream was closed by error just like TCP connection close in HTTP/1.

    Ref: https://github.com/curl/curl/issues/659
    Ref: https://github.com/curl/curl/pull/663

commit 5909a12a2cf5437a6b7889d579d9dab9139fb65c
Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date:   Mon Feb 22 21:20:38 2016 +0900

    http2: Process paused data first before tear down http2 session

    This commit ensures that data from network are processed before HTTP/2
    session is terminated.  This is achieved by pausing nghttp2 whenever
    different stream than current easy handle receives data.

    This commit also fixes the bug that sometimes processing hangs when
    multiple HTTP/2 streams are multiplexed.

    Ref: https://github.com/curl/curl/issues/659
    Ref: https://github.com/curl/curl/pull/663

commit 6187c4915af7663e66bd354e9691a75a3f9ee6c6
Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date:   Sat Feb 20 00:05:47 2016 +0900

    http2: Check session closure early in http2_recv

    Ref: https://github.com/curl/curl/issues/659
    Ref: https://github.com/curl/curl/pull/663

commit d1e3a4118c318cda35a1d13d497f9d662fb96683
Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date:   Wed Feb 17 21:36:59 2016 +0900

    http2: Add handling stream level error

    Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
    by RST_STREAM, underlying TCP connection was dropped.  This is
    undesirable since there may be other streams multiplexed and they are
    very much fine.  This change introduce new error code
    CURLE_HTTP2_STREAM, which indicates stream error that only affects the
    relevant stream, and connection should be kept open.  The existing
    CURLE_HTTP2 means connection error in general.

    Ref: https://github.com/curl/curl/issues/659
    Ref: https://github.com/curl/curl/pull/663

commit e54b357afa6392988bfc4a244c8afc098d81d3e1
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 11 16:00:15 2016 +0200

    http2: drain the socket better...

    ... but ignore EAGAIN if the stream has ended so that we don't end up in
    a loop. This is a follow-up to c8ab613 in order to avoid the problem
    d261652 was made to fix.

    Reported-by: Jay Satiro
    Clues-provided-by: Tatsuhiro Tsujikawa

    Discussed in #750

commit c156ddf3bf36e5062a252b0999d9ea7391f79777
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 11 00:06:37 2016 +0200

    KNOWN_BUGS: added info for "Hangs with PolarSSL"

commit f92d85532a32966949d69a022685e069d01560c2
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Apr 10 23:52:40 2016 +0200

    KNOWN_BUGS: 1.9 HTTP/2 frames while in the connection pool kill reuse

    Closes #750

commit 0595e31596ce1d63a22f2cc069a2ad2cc828560a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sat Apr 9 23:44:53 2016 +0200

    build: include scripts/ in the dist

commit 2cf9741af35ed3ab0246999b16ee4eda58c2ad72
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Apr 9 20:47:05 2016 +0100

    CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME

    As these two options provide identical functionality, the former for
    SOCK5 proxies and the latter for HTTP proxies, merged the two options
    together.

    As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
    7.49.0.

commit c7f67a579102ea8b3d448386ca87545063cd0623
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Apr 9 17:19:21 2016 +0100

    urldata: Use bool for socks5_gssapi_nec as it is a flag

    This value is set to TRUE or FALSE so should be a bool and not a long.

commit 5571db99daff8776455e0cd26911a43616888e7c
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Apr 9 17:17:37 2016 +0100

    url: Ternary operator code style changes

commit 82832c3ec23fbe34604715e284515023bdf32bf0
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Apr 9 17:04:46 2016 +0100

    CODE_STYLE: Added ternary operator example to 'Space around operators'

    Following conversation on the libcurl mailing list.

commit 631fd545485701f7579de7f2a62941197a534885
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Apr 9 05:57:10 2016 +0100

    sasl: Fixed compilation errors from commit 9d89a0387

    ...when GSS-API or Windows SSPI are not used.

commit 7bf48a20328fc8ad5bedca0a6b79318fab29b7b8
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Apr 9 05:33:03 2016 +0100

    url: Corrected comments following 9d89a0387

commit 1c5c057b423b464623b460ebdf3acb363c7a237e
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Fri Apr 8 21:45:08 2016 +0100

    docs: Added clarification following commit 9d89a0387

commit cb1a7cb8fc34a211da132d5715d27e65345984fe
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Fri Apr 8 20:36:29 2016 +0100

    Makefile: Fixed echo of checksrc check

commit 22a32b61a4dd6508d841f1d4bd43582aea0d889f
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Fri Apr 8 20:32:40 2016 +0100

    checksrc: Fix issue with the autobuilds not picking up the whitelist

commit 5cb2ad3c61b3d4ea3b77706ff771a18039d595b0
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Fri Apr 8 20:22:14 2016 +0100

    checksrc: Added missing vauth and vtls directories

commit 02fab3975fe035e248ae6cc25ca5c4e46146de61
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Fri Apr 8 18:59:33 2016 +0100

    ftp/imap/pop3/smtp: Allow the service name to be overridden

    Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5
    authentication in FTP, IMAP, POP3 and SMTP.

commit c6274ba9e4f73efa070cc40f98df692130569a4c
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Fri Apr 8 18:41:41 2016 +0100

    http_negotiate: Calculate service name and proxy service name locally

    Calculate the service name and proxy service names locally, rather than
    in url.c which will allow for us to support overriding the service name
    for other protocols such as FTP, IMAP, POP3 and SMTP.

commit 560ac54387370f911dba1a1afec6c8ac6015109c
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Fri Apr 8 17:04:25 2016 +0100

    ROADMAP: Updated following the move of the authentication code

commit 5ece26fcaaf2c64e2e022d1974f1597a3f120711
Author: Patrick Monnerat <patrick.monnerat@dh.com>
Date:   Fri Apr 8 16:49:49 2016 +0200

    KNOWN_BUGS: openldap hangs. TODO: binary SASL.

commit 415187f6323ec367896dcec51047c251d21b3355
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Apr 8 13:25:20 2016 +0200

    KNOWN_BUGS: 5.6 Improper use of Autoconf cache variables

    Closes #603

commit 8baaf9a842502217da32c71b26b82d43858b9f82
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Apr 8 13:23:28 2016 +0200

    KNOWN_BUGS: 11.2 error buffer not set...

    Closes #544

commit 84b0f05496507a95bcea2dda3cd7199b33b57410
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Apr 8 13:21:52 2016 +0200

    KNOWN_BUGS: 11.1 Curl leaks .onion hostnames in DNS

    Closes #543

commit 732b03554d0cefa26263205c4431b8020a73bb43
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Apr 8 13:03:37 2016 +0200

    KNOWN_BUGS: 1.8 DNS timing is wrong for HTTP redirects

    Closes #522

commit fe8be9caf1e40aef0c639f1c3f4f44679f1c16bf
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Apr 8 10:57:25 2016 +0200

    TODO: HTTP/2 "prior knowledge" is implemented!

commit 60f180f4eb4b627330d68c026358c3601a0d3d11
Author: Damien Vielpeau <damien.vielpeau@withings.com>
Date:   Thu Apr 7 15:58:11 2016 +0200

    mbedtls: fix MBEDTLS_DEBUG builds

commit 0243a8d525c4febd8362a11d035eb330d680b9bb
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 7 16:10:10 2016 +0200

    mbedtls: implement and provide *_data_pending()

    ... as otherwise we might get stuck thinking there's no more data to
    handle.

    Reported-by: Damien Vielpeau

    Fixes #737

commit 1dc0fc76b6b8230387edff92e9e0d9cf8bea4e6d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 7 15:32:18 2016 +0200

    mbedtls: follow-up for the previous commit

commit b8d6cf8c0b5229a4f750aa3cfc11294707ede04b
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 7 15:19:35 2016 +0200

    mbedtls.c: name space pollution fix, Use 'Curl_'

commit 3623e75684b0491e9422eaf3d645239bb574b36e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 7 15:16:01 2016 +0200

    mbedtls.c: changed private prefix to mbed_

    mbedtls_ is the prefix used by the mbedTLS library itself so we should
    avoid using that for our private functions.

commit cf4d30bd8b012bf6ca950fe260748f198e53e24d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 7 15:11:05 2016 +0200

    mbedtls.h: fix compiler warnings

commit 4650701918075dfa98d39c2c01b17438e627d954
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Apr 7 08:06:56 2016 +0200

    Revert "winbuild: trying to set some files eol=crlf for git"

    This reverts commit 9c08b4f1e7eced5a4d3782a3e0daa484c9d77d21.

    Didn't help. Caused problems.

    Fixes #756

commit f560997da191921948823607c8ca3b9a8702c1a2
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Apr 6 14:41:38 2016 +0200

    curl.1: use example.com more

    Make (most) example snippets use the example.com domain instead of the
    random ones picked and used before. Some of those were probably
    legitimate sites and some not. example.com is designed for this purpose.

commit d3848fbc3a8c88d9fa638744ecb391155ba84c5a
Author: Michael Kaufmann <mail@michael-kaufmann.ch>
Date:   Wed Apr 6 14:08:15 2016 +0200

    HTTP2: Add a space character after the status code

    The space character after the status code is mandatory, even if the
    reason phrase is empty (see RFC 7230 section 3.1.2)

    Closes #755

commit 078a26aeb91fe168582726d040590ee793578703
Author: Viktor Szakats <vszakats@users.noreply.github.com>
Date:   Wed Apr 6 11:57:48 2016 +0200

    URLs: change http to https in many places

    Closes #754

commit 8f49307ce0d72846b1181155dfe88ec5e6a5f37a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Apr 6 11:29:36 2016 +0200

    winbuild: trying to set some files eol=crlf for git

    Thinking it might help to apply patches etc with git.

commit 8c2a67f18361a425e3c85628860db945a64af500
Author: Theodore Dubois <tbodt@users.noreply.github.com>
Date:   Tue Apr 5 14:14:47 2016 -0700

    curl.1: change example for -F

    It's a bad idea to send your passwords anywhere, especially over HTTP.
    Modified example to send a picture instead.

    Fixes #752

commit be23fc54eb1c95439287a00c18e5cc763a9ab17a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Apr 6 09:20:18 2016 +0200

    KNOWN_BUGS: reorganized and cleaned up

    Now sorted into categories and organized in the same style we do the
    TODO document. It will make each issue linked properly on the
    https://curl.haxx.se/docs/knownbugs.html web page.

    The sections should make it easier to find issues and issues related to
    areas of the reader's specific interest.

commit d561d4ff14dae5dfad74a939ffd066af36f17fba
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Wed Apr 6 02:43:13 2016 -0400

    KNOWN_BUGS: #95 curl in Windows can't handle Unicode arguments

commit 22b5897673867088dc800d3e7860cf4c08a4c627
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Wed Apr 6 01:23:02 2016 +0100

    KNOWN_BUGS: Use https://curl.haxx.se URL for github based issues

commit 95445548034b34adc4e486a0499920c40b1bb080
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Wed Apr 6 01:00:01 2016 +0100

    CHECKSRC.md: Corrected some typos

commit 6c11eca7891aa01793f434cb07da219ec428fff0
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Wed Apr 6 00:26:12 2016 +0100

    RELEASE-NOTES: Corrected last updated

    Included a summary of the checksrc.bat updates and combined two krb5
    changes as they should have been implemented at the same time.

commit d337b55a2e8d9e69158af193aa432a38f88a35d5
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Wed Apr 6 00:21:07 2016 +0100

    vauth: Corrected a number of typos in comments

    Reported-by: Michael Osipov

commit 2e3544e7c310a33a16dbe8313a756c4b8f624266
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Tue Apr 5 18:56:35 2016 -0400

    KNOWN_BUGS: #94 IMAP custom requests use the LIST handler

    Bug: https://github.com/curl/curl/issues/536
    Reported-by: eXeC64@users.noreply.github.com

commit a3949926440ca076bc5ec939f30dd5d12e78b22f
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 5 23:40:37 2016 +0200

    KNOWN_BUGS: remove 68, 70 and 72.

    Due to their age (we don't fully know if they actually remain) and lack
    of detail - very few people will bother to find out what they're about
    or work on them. If people truly still suffer from any of these, I
    assume they will be reported again and then we'll deal with them.

    72. "Pausing pipeline problems."
      https://curl.haxx.se/mail/lib-2009-07/0214.html

    70. Problem re-using easy handle after call to curl_multi_remove_handle
      https://curl.haxx.se/mail/lib-2009-07/0249.html

    68. "More questions about ares behavior".
      https://curl.haxx.se/mail/lib-2009-08/0012.html

commit 688c63928581562b535fc9d985f93456f0a741c5
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 5 23:39:42 2016 +0200

    KNOWN_BUGS: remove 92 and 88, fixed

commit 649411a7f31ae1783ef342127c22698ef300e87c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 5 20:27:38 2016 +0200

    http2: fix connection reuse when PING comes after last DATA

    It turns out the google GFE HTTP/2 servers send a PING frame immediately
    after a stream ends and its last DATA has been received by curl. So if
    we don't drain that from the socket, it makes the socket readable in
    subsequent checks and libcurl then (wrongly) assumes the connection is
    dead when trying to reuse the connection.

    Reported-by: Joonas Kuorilehto

    Discussed in #750

commit 6bb3a0fdde8e67781c11c75ea676ae35eb91963d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Apr 5 16:36:45 2016 +0200

    multi: remove trailing space in debug output

commit 9bffcc4b477a4d6e258e1804273238782359f139
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 4 09:01:27 2016 +0200

    RELEASE-NOTES: synced with 86e97b642fb

commit 2b006f818bcc36891eda5b6220e3147eeea87bd7
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 4 08:36:21 2016 +0200

    CHECKSRC.md: mention cmdline options, fix the bullet list

commit 949afeb32a2d09aecde8d2b1230fd6ba3c297a2e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Apr 4 00:11:32 2016 +0200

    docs/CHECKSRC.md: initial version

commit 1206a7d4d4fd67ee864af766288aa0295f3268bc
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sun Apr 3 22:09:07 2016 +0100

    checksrc.bat: Added support for the examples

commit ab98ca73281e13e84bf7ca4e9e99cbe7e414029e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Apr 3 23:06:44 2016 +0200

    lib/src: fix the checksrc invoke

    ... now works correctly when invoke from the root makefile

commit 842ea278f4ecee6886ec5aa545ac30eb22b02ff5
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Apr 3 23:06:23 2016 +0200

    nw: please the stric…
d15eaac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment