Prior to this change OpenSSL_version was only detected in configure
builds. For other builds the old version parsing code was used which
would result in incorrect versioning for OpenSSL 3:
Before:
curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.0a zlib/1.2.11
WinIDN libssh2/1.9.0
After:
curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.1 zlib/1.2.11
WinIDN libssh2/1.9.0
Reported-by: lllaffer@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/8154
Closes https://github.com/curl/curl/pull/8155
The new CURLOPT_PREREQFUNCTION callback is another way to sanitize
addresses.
Using the curl_url API is a way to mitigate against attacks relying on
URL parsing differences.
- Early check proper LDAP URL syntax. Reject URLs with a userinfo part.
- Use dynamic memory for ldap_init_fd() URL rather than a
stack-allocated buffer.
- Never chase referrals: supporting it would require additional parallel
connections and alternate authentication credentials.
- Do not wait 1 microsecond while polling/reading query response data.
- Store last received server code for retrieval with CURLINFO_RESPONSE_CODE.
Closes#8140
7.61.0 is over three years old now, remove all #ifdefs for handling
ancient libcurl versions so that the example gets easier to read and
understand
Closes#8137
Upon receiving large result sets, this reduces memory consumption and
allows starting to output results while the transfer is still in
progress.
Closes#8101
Since each socket hash entry may themselves have a hash table in them,
the destroying of the socket hash needs to make sure all the subhashes
are also correctly destroyed to avoid leaking memory.
Fixes#8129Closes#8131
Minor rephrasing for some explanations.
Put the format strings in stand-alone lines with .nf/.fi to be easier to spot.
Move "added in" to AVAILABILITY
Closed#8110
This is the exact same limitation already documented for
CURLOPT_WRITEDATA but should be clarified here. It also has a different
work-around.
Reported-by: Stephane Pellegrino
Bug: https://github.com/curl/curl/issues/8102Closes#8103
The callbacks were partially documented to support this. Now the
behavior is documented and returning error from either of these
callbacks will effectively kill all currently ongoing transfers.
Added test 530 to verify
Reported-by: Marcelo Juchem
Fixes#8083Closes#8089
If curl_url() returns NULL this should return early to avoid mistakes -
even if right now the subsequent function invokes are all OK.
Coverity (wrongly) pointed out this as a NULL deref.
Closes#8100
