gmane.comp.web.curl.library

libcurl-7.25.0 doesn't support SSL??

Devon Yoo — 2012-05-25T23:19:24

Hi guys,

I downloaded libcurl-7.25.0 a few weeks ago and complied and god it work
properly. But the problem I have right now is that it can download texts
from http protocol but https. So I checked curl_version_info_data and
figured out data->ssl_version is "null" which means the library I am using
does not support SSL. What was wrong? Did I build the library in wrong way?
or the zipped library file in the very top of the download page does not
basically contain SSL supports in it? Please give me some advices!
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

[PATCH] nss: use human-readable error messages provided by NSS

Kamil Dudka — 2012-05-25T12:27:43

Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html
---
 RELEASE-NOTES |    3 +-
 lib/nss.c     |  128 +++++++++++++++++++++++++-------------------------------
 2 files changed, 59 insertions(+), 72 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index c41ebb9..3352e8f 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
< at >< at > -9,6 +9,7 < at >< at > Curl and libcurl 7.26.1
 
 This release includes the following changes:
 
+ o nss: use human-readable error messages provided by NSS
  o 
 
 This release includes the following bugfixes:
< at >< at > -28,4 +29,4 < at >< at > advice from friends like these:
 
 References to bug reports and discussions on issues:
 
- 
\ No newline at end of file
+ 
diff --git a/lib/nss.c b/lib/nss.c
index 885a120..d60b184 100644
--- a/lib/nss.c
+++ b/lib/nss.c
< at >< at > -186,6 +186,11 < at >< at > static const char* nss_error_to_name(PRErrorCode code)
   return "unknown error";
 }
 
+static void nss_print_error_message(struct SessionHandle *data, PRUint32 err)
+{
+  failf(data, "%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT));
+}
+
 static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
                              char *cipher_list)
 {
< at >< at > -612,61 +617,6 < at >< at > static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
   return SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer);
 }
 
-static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
-{
-  SECStatus result = SECFailure;
-  struct connectdata *conn = (struct connectdata *)arg;
-  PRErrorCode err = PR_GetError();
-  CERTCertificate *cert = NULL;
-  char *subject, *subject_cn, *issuer;
-
-  conn->data->set.ssl.certverifyresult=err;
-  cert = SSL_PeerCertificate(sock);
-  subject = CERT_NameToAscii(&cert->subject);
-  subject_cn = CERT_GetCommonName(&cert->subject);
-  issuer = CERT_NameToAscii(&cert->issuer);
-  CERT_DestroyCertificate(cert);
-
-  switch(err) {
-  case SEC_ERROR_CA_CERT_INVALID:
-    infof(conn->data, "Issuer certificate is invalid: '%s'\n", issuer);
-    break;
-  case SEC_ERROR_UNTRUSTED_ISSUER:
-    infof(conn->data, "Certificate is signed by an untrusted issuer: '%s'\n",
-          issuer);
-    break;
-  case SSL_ERROR_BAD_CERT_DOMAIN:
-    if(conn->data->set.ssl.verifyhost) {
-      failf(conn->data, "SSL: certificate subject name '%s' does not match "
-            "target host name '%s'", subject_cn, conn->host.dispname);
-    }
-    else {
-      result = SECSuccess;
-      infof(conn->data, "warning: SSL: certificate subject name '%s' does not "
-            "match target host name '%s'\n", subject_cn, conn->host.dispname);
-    }
-    break;
-  case SEC_ERROR_EXPIRED_CERTIFICATE:
-    infof(conn->data, "Remote Certificate has expired.\n");
-    break;
-  case SEC_ERROR_UNKNOWN_ISSUER:
-    infof(conn->data, "Peer's certificate issuer is not recognized: '%s'\n",
-          issuer);
-    break;
-  default:
-    infof(conn->data, "Bad certificate received. Subject = '%s', "
-          "Issuer = '%s'\n", subject, issuer);
-    break;
-  }
-  if(result == SECSuccess)
-    infof(conn->data, "SSL certificate verify ok.\n");
-  PR_Free(subject);
-  PR_Free(subject_cn);
-  PR_Free(issuer);
-
-  return result;
-}
-
 /**
  * Inform the application that the handshake is complete.
  */
< at >< at > -728,6 +678,31 < at >< at > static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
   return;
 }
 
+static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
+{
+  struct connectdata *conn = (struct connectdata *)arg;
+  struct SessionHandle *data = conn->data;
+  PRErrorCode err = PR_GetError();
+  CERTCertificate *cert;
+
+  /* remember the cert verification result */
+  data->set.ssl.certverifyresult = err;
+
+  if(err == SSL_ERROR_BAD_CERT_DOMAIN && !data->set.ssl.verifyhost)
+    /* we are asked not to verify the host name */
+    return SECSuccess;
+
+  /* print only info about the cert, the error is printed off the callback */
+  cert = SSL_PeerCertificate(sock);
+  if(cert) {
+    infof(data, "Server certificate:\n");
+    display_cert_info(data, cert);
+    CERT_DestroyCertificate(cert);
+  }
+
+  return SECFailure;
+}
+
 /**
  *
  * Check that the Peer certificate's issuer certificate matches the one found
< at >< at > -1108,20 +1083,17 < at >< at > int Curl_nss_close_all(struct SessionHandle *data)
   return 0;
 }
 
-/* handle client certificate related errors if any; return false otherwise */
-static bool handle_cc_error(PRInt32 err, struct SessionHandle *data)
+/* return true if the given error code is related to a client certificate */
+static bool is_cc_error(PRInt32 err)
 {
   switch(err) {
   case SSL_ERROR_BAD_CERT_ALERT:
-    failf(data, "SSL error: SSL_ERROR_BAD_CERT_ALERT");
     return true;
 
   case SSL_ERROR_REVOKED_CERT_ALERT:
-    failf(data, "SSL error: SSL_ERROR_REVOKED_CERT_ALERT");
     return true;
 
   case SSL_ERROR_EXPIRED_CERT_ALERT:
-    failf(data, "SSL error: SSL_ERROR_EXPIRED_CERT_ALERT");
     return true;
 
   default:
< at >< at > -1460,10 +1432,14 < at >< at > CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
   data->state.ssl_connect_retry = FALSE;
 
   err = PR_GetError();
-  if(handle_cc_error(err, data))
+  if(is_cc_error(err))
     curlerr = CURLE_SSL_CERTPROBLEM;
-  else
-    infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
+
+  /* print the error number and error string */
+  infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
+
+  /* print a human-readable message describing the error if available */
+  nss_print_error_message(data, err);
 
   if(model)
     PR_Close(model);
< at >< at > -1496,12 +1472,17 < at >< at > static ssize_t nss_send(struct connectdata *conn,  /* connection data */
     PRInt32 err = PR_GetError();
     if(err == PR_WOULD_BLOCK_ERROR)
       *curlcode = CURLE_AGAIN;
-    else if(handle_cc_error(err, conn->data))
-      *curlcode = CURLE_SSL_CERTPROBLEM;
     else {
+      /* print the error number and error string */
       const char *err_name = nss_error_to_name(err);
-      failf(conn->data, "SSL write: error %d (%s)", err, err_name);
-      *curlcode = CURLE_SEND_ERROR;
+      infof(conn->data, "SSL write: error %d (%s)\n", err, err_name);
+
+      /* print a human-readable message describing the error if available */
+      nss_print_error_message(conn->data, err);
+
+      *curlcode = (is_cc_error(err))
+        ? CURLE_SSL_CERTPROBLEM
+        : CURLE_SEND_ERROR;
     }
     return -1;
   }
< at >< at > -1523,12 +1504,17 < at >< at > static ssize_t nss_recv(struct connectdata * conn, /* connection data */
 
     if(err == PR_WOULD_BLOCK_ERROR)
       *curlcode = CURLE_AGAIN;
-    else if(handle_cc_error(err, conn->data))
-      *curlcode = CURLE_SSL_CERTPROBLEM;
     else {
+      /* print the error number and error string */
       const char *err_name = nss_error_to_name(err);
-      failf(conn->data, "SSL read: errno %d (%s)", err, err_name);
-      *curlcode = CURLE_RECV_ERROR;
+      infof(conn->data, "SSL read: errno %d (%s)\n", err, err_name);
+
+      /* print a human-readable message describing the error if available */
+      nss_print_error_message(conn->data, err);
+
+      *curlcode = (is_cc_error(err))
+        ? CURLE_SSL_CERTPROBLEM
+        : CURLE_RECV_ERROR;
     }
     return -1;
   }

Question about processing response headers.

Yaşar Arabacı — 2012-05-25T12:02:50

Hi,

I am kind of new to using libcurl, and I couldn't figure out how to do
something. I want to process response headers before moving into
writing response body to a file. I want to do it because if
content-type is attachment, I want to use filename from that header,
otherwise, I want to come up with my own filename to write to. I can
first make a head request with NOBODY option, and than make another
request for actual response body. However, this makes two requests for
each link I want to process, and I want to avoid that if possible.
Thanks in advance.

defining CURL_STATICLIB in libcurl.pc

Mark Brand — 2012-05-24T19:12:39

Hi,

Very nice that building static libcurl works out of the box now with 
curl-7_26_0.

However, naively linking Windows applications to static libcurl does not 
work due to  CURL_EXTERN introducing the dreaded _imp prefix in the 
public headers.

It seems like a reasonable measure to me to add -DCURL_STATICLIB to 
Cflags in libcurl.pc. This defines away CURL_EXTERN and linking works as 
expected. Or is there a better way?

regards,

Mark

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

ANNOUNCE: curl and libcurl 7.26.0

Daniel Stenberg — 2012-05-24T16:19:16

Hello team!

I'm happy to announce that we once again managed to produce a release. curl 
and libcurl 7.26.0 have just been uploaded to our good old site at

 http://curl.haxx.se/

The release notes for this episode of our never-ending saga follows here:

Curl and libcurl 7.26.0

  Public curl releases:         127
  Command line options:         151
  curl_easy_setopt() options:   199
  Public functions in libcurl:  58
  Known libcurl bindings:       39
  Contributors:                 929

This release includes the following changes:

  o nss: the minimal supported version of NSS bumped to 3.12.x
  o nss: human-readable names are now provided for NSS errors if available
  o add a manual page for mk-ca-bundle
  o added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR
  o smtp: Add support for DIGEST-MD5 authentication
  o pop3: Added support for additional pop3 commands

This release includes the following bugfixes:

  o nss: libcurl now uses NSS_InitContext() to prevent collisions if available
    [1]
  o URL parse: reject numerical IPv6 addresses outside brackets [4]
  o MD5: fix OOM memory leak [5]
  o OpenSSL cert: provide more details when cert check fails
  o HTTP: empty chunked POST ended up in two zero size chunks [6]
  o fixed a regression when curl resolved to multiple addresses and the first
    isn't supported [7]
  o -# progress meter: avoid superfluous updates and duplicate lines [8]
  o headers: surround GCC attribute names with double underscores [9]
  o PolarSSL: correct return code for CRL matches
  o PolarSSL: include version number in version string
  o PolarSSL: add support for asynchronous connect
  o mk-ca-bundle: revert the LWP usage [12]
  o IPv6 cookie domain: get rid of the first bracket before the second
  o connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
  o OpenSSL: Made cert hostname check conform to RFC 6125 [10]
  o HTTP: reset expected DL/UL sizes on redirects [11]
  o CMake: fix Windows LDAP/LDAPS option handling [2]
  o CMake: fix MS Visual Studio x64 unsigned long long literal suffix [3]
  o configure: update detection logic of getaddrinfo() thread-safeness
  o configure: check for gethostbyname in the watt lib
  o curl-config.1: fix curl-config usage in example [13]
  o smtp: Fixed non-escaping of dot character at beginning of line
  o MakefileBuild.vc: use the correct IDN variable
  o autoconf: improve handling of versioned symbols
  o curl.1: clarify -x usage
  o curl: shorten user-agent
  o smtp: issue with the multi-interface always sending postdata [14]
  o compile error with GnuTLS+Nettle fixed
  o winbuild: fix IPv6 enabled build

This release includes the following known bugs:

  o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Andrei Cipu, Armel Asselin, Benjamin Johnson, Dag Ekengren, Dave Reisner,
  Gokhan Sengun, Guenter Knauf, Jan Schaumann, Jonathan Nieder, Kamil Dudka,
  Lijo Antony, Olaf Flebbe, Rodrigo Silva, Steve Holme, Tatsuhiro Tsujikawa,
  Tim Heckman, Yang Tse, Arnaud Compan, Blaise Potard, Daniel Theron,
  Michael Mueller, Michael Wallner, Tim Heckman, Roman Mamedov, Julian Taylor,
  Claes Jakobsson, Pierre Chapuis, Jan Ehrhardt

         Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

  [1] = https://bugzilla.redhat.com/738456
  [2] = http://curl.haxx.se/mail/lib-2012-03/0278.html
  [3] = http://curl.haxx.se/mail/lib-2012-03/0255.html
  [4] = http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126
  [5] = http://curl.haxx.se/mail/lib-2012-04/0246.html
  [6] = http://curl.haxx.se/mail/archive-2012-04/0060.html
  [7] = http://curl.haxx.se/bug/view.cgi?id=3516508
  [8] = http://curl.haxx.se/bug/view.cgi?id=3517418
  [9] = http://curl.haxx.se/mail/lib-2012-04/0127.html
  [10] = http://tools.ietf.org/html/rfc6125#section-6.4.3
  [11] = http://curl.haxx.se/bug/view.cgi?id=3510057
  [12] = http://curl.haxx.se/mail/lib-2012-03/0238.html
  [13] = http://curl.haxx.se/bug/view.cgi?id=3528241
  [14] = http://curl.haxx.se/mail/lib-2012-05/0108.html

Not able to compile curl with ssl support in a diferent than default folder

Guiu Rocafort — 2012-05-24T16:09:22

Hello curl !

I'm trying to install curl with ssl support in a different folder than the
default one. I'm having troubles because i'm not able to make the
./configure script recognise the openssl installation ( which again is in
not the default folder ).

So these are the steps I'm doing.

First I compile and install opensll in the folder:

export PREFIX= #some empty folder where I want to install openssl and curl
cd openssl-1.0.1c
./configure --prefix=$PREFIX
make
make test
make install

Then I set the environment variables:

export PATH=$PREFIX/bin:$PATH
export PKG_CONFIG_PATH=$PREFIX/lib/pkconfig/:$PKG_CONFIG_PATH
export LD_LIBRARY_PATH=$PREFIX/lib:$LD_LIBRARY_PATH

Ok, now I guess I should be ready to try to compile curl.

cd curl-7.25.0

Attempt 1:
./configure --prefix=$PREFIX --with-ssl

It didn't detect openssl from environment variables, so I then tryed:
./configure --prefix=$PREFIX --with-ssl=$PREFIX
and also:
./configure --prefix=$PREFIX --with-ssl=$PREFIX/openssl
and:
./configure --prefix=$PREFIX --with-ssl=$PREFIX/include/openssl
also:
./configure --prefix=$PREFIX --with-ssl=$PREFIX/lib/

None of them worked neither, and then a different aproach:
CPPFLAGS="-I/path/to/prefix/include"
LDFLAFS="-L /path/to/prefix/lib"
./configure --prefix=$PREFIX --with-ssl

And the last try, the last ones with CPPFLAGS and LDFLAGS:
./configure --prefix=$PREFIX --with-ssl=$PREFIX
./configure --prefix=$PREFIX --with-ssl=$PREFIX/openssl
./configure --prefix=$PREFIX --with-ssl=$PREFIX/include/openssl
./configure --prefix=$PREFIX --with-ssl=$PREFIX/lib/

I have not pkg-config installed and I guess I wouldn't be able to use that
since I made an openssl install in a different than default folder.

I've followed this page and I seem to have exhausted all the ways.
http://curl.haxx.se/docs/install.html

What I am doing wrong ? I am missing something ? I would be very pleased if
someone helps me out.

Thanks in advance
Guiu Rocafort
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

compile curlgtk

Rudra Banerjee — 2012-05-23T21:09:34

I am very new to curl (and gtk as well).
I was trying to compile and run curlgtk.c code.
As given in README file, I first tried:
$ `curl-config --cc --cflags --libs` -o curlgtk curlgtk.c
which gives error:
 curlgtk.c:13:21: fatal error: gtk/gtk.h: No such file or directory
compilation terminated.

After googling, I found a post in arch forum
(https://bbs.archlinux.org/viewtopic.php?id=106212) 
which adviced to run the code like
gcc curlgtk.c $(pkg-config --libs --cflags gtk+-2.0 libcurl)
which is giving error like
/usr/bin/ld: /tmp/ccItZyWi.o: undefined reference to symbol
'g_thread_init'
/usr/bin/ld: note: 'g_thread_init' is defined in
DSO /lib64/libgthread-2.0.so.0 so try adding it to the linker command
line
/lib64/libgthread-2.0.so.0: could not read symbols: Invalid operation
collect2: error: ld returned 1 exit status

I have installed glib and glib-devel.
But no success.
I am running fedora 17 beta and the curl, libcurl and gtk-devel from
there repo.
Please guide me.
Regards,

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

DELELE occurence error later

M. Shinkaze — 2012-05-23T11:29:02

Hi,

I am using libCurl for an applicatin which have to upload and download some
files and delete others. I use one unique easy handle (but using
curl_easy_reset and reconnect between each curl_easy_perform - persistent
handle)

a part of my code

curl_easy_setopt(Curl, CURLOPT_ERRORBUFFER, CurlErrorBuff);
headers = curl_slist_append(headers, "CWD /Temp");
headers = curl_slist_append(headers, "DELE FILE.txt");
m_CurlErrorCode = curl_easy_setopt(Curl, CURLOPT_POSTQUOTE, headers);
m_CurlErrorCode = curl_easy_perform(Curl);


the result of CURLOPT_ERRORBUFFER is
Curl error: 21 (QUOT string not accepted: DELE FILE.txt)
that fine I can handle it cause in some case the file doesnot exist

then : curl_easy_reset(Curl)

but just after on my source code, I trying to "reconnect":
CurlErrorCode = curl_easy_setopt(pCurl, CURLOPT_USERNAME, user);
CurlErrorCode = curl_easy_setopt(pCurl, CURLOPT_PASSWORD, passwd);
m_CurlErrorCode = curl_easy_perform(pCurl);
then here I got this error of CURLOPT_ERRORBUFFER is
Curl error: 23 (Failed writing body (299 != 1004)
I dont understand why, It seems I was deconencted by the server after the
DELETE error ?
or did I miss something osbvious ?

I am using  libcurl/7.22.0 compiled with OpenSSL/0.9.8r & zlib/1.2.5 &
libssh2/1.3.0
on winXP

Thanks in advance
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

[PATCH] Fixed compile error with GNUTLS+NETTLE

Tatsuhiro Tsujikawa — 2012-05-22T13:58:21

This patch fixes the compile error with GNUTLS+NETTLE.
I use following configure options:

./configure --enable-debug --enable-warings --enable-werror
--with-gnutls --without-ssl

In nettle/md5.h, md5_init and md5_update are defined as macros to
nettle_md5_init and nettle_md5_update respectively.  This causes
error when using MD5_params.md5_init and md5_update.  This patch
renames these members as md5_init_func and md5_update_func to
avoid name conflict. For completeness, MD5_params.md5_final was
also renamed as md5_final_func.

The changes in curl_ntlm_core.c is conversion error and fixed by
casting to proper type.

Best regards,

Tatsuhiro Tsujikawa
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Configure curl for build with Mozilla LDAP SDK and my version of openssl: LDAPS support became disabled

slon v sobstvennom palto — 2012-05-22T13:32:56

Hi,
I need to build curl with Mozilla LDAP SDK and openssl 0.9.8r with my
additions to let them all work in the same project. I run the following
configuration commands:

MY_DIR=<my project directory>
export LDFLAGS="-L$MY_DIR/lib -lcrypto -lssl"
export LD_LIBRARY_PATH=$MY_DIR/lib
export CPPFLAGS="-I$MY_DIR/include -I$MY_DIR/include/ldap"
configure --enable-ldap --enable-ldaps --with-ldap-lib=ldap50

All specified libraries are present in the specified directory. However
curl configurator reports that LDAPS support is turned off.
....
  LDAP support:     enabled
  LDAPS support:   no      (--enable-ldaps)


When I run configuration with no parameters then it reports that LDAPS is
supported.

Please help to resolve this issue and enable LDAPS for my case.

Thanks
Oleg
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

SMTP: multi interface produce wrong error code for unknown recipient

Gokhan Sengun — 2012-05-21T20:17:41

Hello Steve and folks,

I just noticed a small flaw in SMTP when it is used with multi interface.
If the recipient is unknown by the SMTP server, libcurl ends up with error
code CURLE_RECV_ERROR instead of a more meaningful one like
CURLE_LOGIN_DENIED (which is provided with easy interface currently). I am
not saying CURLE_LOGIN_DENIED is the best error here but it is the closest
to imply the error. I am doing my tests with the git master branch.

Can you see the problem at a glance? If not, I am going to dig this
tomorrow.

Test code (smtp-multi.c).
Test code's output (multi-out.txt)
Curl command line's output (easy-out.txt)

are all attached.

Thanks

CURLOPT_URL always lists

Anders Havn — 2012-05-21T16:47:55

Hi,

I'm just wondering if I'm doing something wrong or this is just how it
works. I always set CURLOPT_URL to my base url, but then it also
always lists the files and folders in the base url.
This is how my codes looks when I delete a file:

NSString username = < at >"username";
NSString password = < at >"password";
NSString* filePath = < at >"rm /UserFolder/Test.txt";
NSString* baseUrl = < at >"sftp://myftpserver.org";

struct curl_slist* headerlist = curl_slist_append(NULL, [filePath
cStringUsingEncoding:encoding]);
curl_global_init(CURL_GLOBAL_DEFAULT);
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, [baseUrl cStringUsingEncoding:encoding]);
curl_easy_setopt(curl, CURLOPT_USERNAME, [username
cStringUsingEncoding:encoding]);
curl_easy_setopt(curl, CURLOPT_PASSWORD, [password
cStringUsingEncoding:encoding]);
curl_easy_setopt(curl, CURLOPT_POSTQUOTE, headerList);
CURLcode result = curl_easy_perform(curl);
curl_slist_free_all (headerList);
curl_easy_cleanup(curl);

With this code I can see in the output windows (when debugging) that
it lists the folder in the base url.

If I leave out the call to CURLOPT_URL and specify the whole path in
the headerlist then it doesn't work:

NSString username = < at >"username";
NSString password = < at >"password";
NSString* filePath = < at >"rm sftp://myftpserver.org/UserFolder/Test.txt";

struct curl_slist* headerlist = curl_slist_append(NULL, [filePath
cStringUsingEncoding:encoding]);
curl_global_init(CURL_GLOBAL_DEFAULT);
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_USERNAME, [username
cStringUsingEncoding:encoding]);
curl_easy_setopt(curl, CURLOPT_PASSWORD, [password
cStringUsingEncoding:encoding]);
curl_easy_setopt(curl, CURLOPT_POSTQUOTE, headerList);
CURLcode result = curl_easy_perform(curl);
curl_slist_free_all (headerList);
curl_easy_cleanup(curl);


Thank you for you help.

Best Regards,
Anders Havn
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Winbuild IPv6 support always disabled in libcurl 7.25.0

Jan Ehrhardt — 2012-05-21T10:00:09

I tried to update php_curl.dll to libcurl 7.25.0, but discovered that 
IPv6 support was enabled (no matter what options I chose). At last, I 
discovered why.

This patch was incomplete:
https://github.com/bagder/curl/commit/575f3c30ed60aafddbaeeb26745cca942fb9ee2f

I commented the patch, but do not know how well these comments are 
monitored, so I am posting the same comment over here.

The change from 'yes' to 'true' in line 152 of 
winbuild/MakefileBuild.vc must be applied to line 166 as well.

Line 166:
  !IF "$(USE_IPV6)"=="yes"

Should be
  !IF "$(USE_IPV6)"=="true"

Otherwise IPv6 support will be disabled on Windows at all times.

LibCurlNet problem reusing easy handle

Lukasz Buczkowski — 2012-05-21T07:38:37

Hi,

Thanks for great library!

I'm having some trouble reusing easy handle. What I do.

1) setup connection to use ssl
2) start first transfer it returns ok
3) next transfer returns CURLE_FTP_WRITE_ERROR

Additional info. When I read debug information I find following message:

"522 SSL connection failed; session reuse required: see require_ssl_reuse option
in vsftpd.conf man page

server did not report OK, got 522"

I double checked that my vsftpd has require_ssl_reuse set to YES

I include my code below. What I'm I missing or doing wrong?


using System;
using System.Collections;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;

using SeasideResearch.LibCurlNet;
using System.Threading;


namespace Exnui
{
    static class Global
    {
        public static void Init()
        {
            Curl.GlobalInit((int)CURLinitFlag.CURL_GLOBAL_ALL);
        }


        public static void CleanUp()
        {
            Curl.GlobalCleanup();
        }
    }


    public enum OpStatus
    {
        Waiting,
        Cancelled,
        Success,
        Error
    }


    static class FtpsManager
    {
        private static Queue<FtpsOp> ops;
        private static Easy conn;
        private static bool cancelCurrentOpValue;
        private static bool runningValue;

        private static readonly object cancelSyncRoot  = new object();
        private static readonly object stopSyncRoot    = new object();
        private static readonly object runningSyncRoot = new object();

        static FtpsManager()
        {
            ops     = new Queue<FtpsOp>(200); // initial size 200
            conn    = new Easy();

            cancelCurrentOpValue = false;
            runningValue = false;

            // setup credential
            conn.SetOpt(CURLoption.CURLOPT_USERPWD, Config.FtpsLogin +
":" + Config.FtpsPassword);

            // short dir list, names only
            conn.SetOpt(CURLoption.CURLOPT_FTPLISTONLY, true);

            // enable ssl
            conn.SetOpt(CURLoption.CURLOPT_FTP_SSL, CURLftpSSL.CURLFTPSSL_TRY);

            // fuck server certificate
            conn.SetOpt(CURLoption.CURLOPT_SSL_VERIFYPEER, false);
            conn.SetOpt(CURLoption.CURLOPT_SSL_VERIFYHOST, 1); // 1
means - check cert existence, screw content

            // make curl more talkative
            conn.SetOpt(CURLoption.CURLOPT_VERBOSE, true);

            // enable progress callback
            conn.SetOpt(CURLoption.CURLOPT_NOPROGRESS, 0);
            Easy.ProgressFunction delegProgress = new
Easy.ProgressFunction(Progress);
            conn.SetOpt(CURLoption.CURLOPT_PROGRESSFUNCTION, delegProgress);

            // debug
            Easy.DebugFunction delegDebug = new Easy.DebugFunction(Debug);
            conn.SetOpt(CURLoption.CURLOPT_DEBUGFUNCTION, delegDebug);
            conn.SetOpt(CURLoption.CURLOPT_VERBOSE, true);

            // test
            // conn.SetOpt(CURLoption.CURLOPT_SSL_SESSIONID_CACHE,
        }


        public static void Entry()
        {
            while (Running)
            {
                try
                {
                    FtpsOp currentOp;

                    object opsSyncRoot = (ops as ICollection).SyncRoot;

                    lock (opsSyncRoot)
                    {
                        if (ops.Count == 0)
                        {
                            Monitor.Wait(opsSyncRoot);
                        }
                        currentOp = ops.First();
                    }

                    bool res = currentOp.Execute(conn);

                    if (CancelCurrent)
                    {
                        Console.WriteLine("Manager cancelled op");
                        CancelCurrent = false;
                    }

                    if (res)
                    {
                        // remove op from queue
                        lock (opsSyncRoot)
                        {
                            ops.Dequeue();
                        }
                    }
                    else
                    {
                        // for now just act like everything was allright
                        lock (opsSyncRoot)
                        {
                            ops.Dequeue();
                        }

                        // todo
                        // retry x time
                        // check internet connection
                        // - some .net connection state
                        // - ping always on servies google, etc.
                    }
                }
                catch (ThreadAbortException abort)
                {
                    // nasty error - tis shouldn't happen
                    Running       = false;
                    CancelCurrent = true;

                    Log.Error("FtpsManager thread aborted");
                    Log.Exception(abort);

                    // todo
                    // dump queue to file or restore it from
"commands" database
                    // "commands" database are json structs I get from exnui
                }
                catch (ThreadInterruptedException)
                {
                    // nasty but we eat this exception
                }
                finally
                {
                    // clean up
                }
            }
        }


        public static void Start()
        {
            // Only one thread can work on Ops Queue
            if (Running == false)
            {
                Running = true;

                Thread managerThread = new Thread(new ThreadStart(Entry));
                managerThread.Start();
            }
        }


        // Cancels current op
        public static void Cancel()
        {
            CancelCurrent = true;
        }


        public static void Stop()
        {
            Running = false;
        }


        private static bool Running
        {
            get
            {
                lock (runningSyncRoot)
                {
                    return runningValue;
                }
            }

            set
            {
                lock (runningSyncRoot)
                {
                    runningValue = value;
                }
            }
        }


        public static bool CancelCurrent
        {
            get
            {
                lock (cancelSyncRoot)
                {
                    return cancelCurrentOpValue;
                }
            }

            set
            {
                lock (cancelSyncRoot)
                {
                    cancelCurrentOpValue = value;
                }
            }
        }


        public static void EnqueOp(FtpsOp op)
        {
            Object syncRoot = (ops as ICollection).SyncRoot;
            lock (syncRoot)
            {
                if (op != null)
                {
                    ops.Enqueue(op);
                }
                Monitor.Pulse(syncRoot);
            }
        }


        public static void Debug(CURLINFOTYPE infoType, String msg,
Object userData)
        {
            //Console.WriteLine(msg);
        }


        public static Int32 Progress(Object extraData, Double dlTotal,
            Double dlNow, Double ulTotal, Double ulNow)
        {
            // 0 - ok
            // 1 - abort
            Console.WriteLine("Progress");
            int res = CancelCurrent ? 1 : 0;
            return res;
        }


        public static void Close()
        {
            conn.Cleanup();
        }
    }


    abstract class FtpsOp
    {
        protected string   localPath;
        protected string   remotePath;
        protected OpStatus opStatus;


        public FtpsOp(string localPath, string remotePath)
        {
            this.localPath  = localPath;
            this.remotePath = remotePath;
            this.opStatus   = OpStatus.Waiting;
        }


        public abstract bool Execute(Easy conn);
    }


    class FtpsUploadFile : FtpsOp
    {
        static int elapsedTime  = 0;
        static int totalWritten = 0;


        public FtpsUploadFile(string localPath, string remotePath)
            : base(localPath, remotePath)
        {
        }


        public override bool Execute(Easy conn)
        {
            FileStream ifs = null;

            try
            {
                // Debug
                Console.WriteLine("Uploading file: {0}", localPath);

                ifs = File.OpenRead(localPath);

                // setup url
                string url = Config.FtpsUrl + remotePath.Replace(< at >"\", < at >"/");
                conn.SetOpt(CURLoption.CURLOPT_URL, url);

                // setup upload info
                conn.SetOpt(CURLoption.CURLOPT_UPLOAD, true);
                conn.SetOpt(CURLoption.CURLOPT_INFILESIZE_LARGE, ifs.Length);

                // setup delegate for reading binary data
                Easy.ReadFunction delegReadBinary = new
Easy.ReadFunction(ReadBinary);
                conn.SetOpt(CURLoption.CURLOPT_READFUNCTION, delegReadBinary);
                conn.SetOpt(CURLoption.CURLOPT_READDATA, ifs);

                // do transfer
                CURLcode curlStatus = conn.Perform();

                bool succ = false;

                if (curlStatus == CURLcode.CURLE_OK)
                {
                    succ = true;
                    opStatus = OpStatus.Success;
                }

                // Debug
                Console.WriteLine("CurlStatus: {0} OpStatus: {1}",
curlStatus, opStatus);

                return succ;
            }
            catch (Exception e)
            {
                Log.Exception(e);
                throw;
            }
            finally
            {
                if (ifs != null)
                {
                    ifs.Close();

                    //conn.SetOpt(CURLoption.CURLOPT_UPLOAD, false);
                    //conn.SetOpt(CURLoption.CURLOPT_INFILESIZE_LARGE, 0L);
                }
            }
        }


        private Int32 ReadBinary(Byte[] buf, Int32 size, Int32 count,
Object userData)
        {
            // Debug
            //Console.WriteLine("Size: {0} Count: {1}", size, count);
            /*
            if (FtpsManager.CancelCurrent)
            {
                opStatus = OpStatus.Cancelled;

                // Debug
                Console.WriteLine("Transfer cancelled");

                // Return value CURL_READFUNC_ABORT abort transfer -
libcurl doc, don't return 0
                // Curl.net you should return 0 to abort
                return 0;
            }
            */
            FileStream fs = (FileStream)userData;
            int total = size * count;

            // Debug
            // Console.WriteLine("Just before stream.Read");
            int res = 0;
            try
            {
                res = fs.Read(buf, 0, total);
            }
            catch(Exception)
            {
                Console.WriteLine("Exception in ReadBinary");
            }

            return res;
        }
    }
}



/*
 *
 * MAIN
 *
 */

using System;
using System.Collections;
using System.Threading;

namespace Exnui
{
    class App
    {
        static void Main(string[] args)
        {
            Global.Init();

            string[] files =
            {
                < at >"\prayer.mp3",
                < at >"\tekst.txt",
                < at >"\tekst.txt"
            };

            FtpsManager.Start();

            foreach (var file in files)
            {
                FtpsUploadFile op = new
FtpsUploadFile(Config.CachePath + file, file);
                FtpsManager.EnqueOp(op);
            }

            int second = 1000;
            int minute = 60000;

            Thread.Sleep(200 * minute);

            FtpsManager.Stop();

            Global.CleanUp();
        }
    }
}


Any help would be welcomed!

Best regards,
Lukasz
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

libcurl 7.25 / multi / win32

adam smith — 2012-05-20T17:39:54

Hi,

I've been trying to get to grips with the multi interface (everything works
fine with easy)

I initially tried to get fopen.c example working to no avail and so wrote a
simpler test program (see below)

This code runs fine but just loops as every loop curl_multi_fdset returns
with maxfd == -1

Neither my write or debug are ever called.


Tracing into curl_mult_fdset I see this line...

bitmap = multi_getsock(easy, sockbunch, MAX_SOCKSPEREASYHANDLE);

this always returns bitmap==0


Tracing into multi_getsock....

easy->state==CURLM_STATE_WAITRESOLVE

which leads to the following getting called...

int Curl_resolver_getsock(struct connectdata *conn,
                          curl_socket_t *socks,
                          int numsocks)
{
  (void)conn;
  (void)socks;
  (void)numsocks;
  return 0;
}

This is 0 is what is bitmap is set to.

What am I doing wrong? My enviroment is :

libcurl 7.25 (static library built from project file)
win32
msvc10


Thanks in advance,

Adam


//****************************************
// multi curl test
//****************************************

void adamTest()
{
        curl_global_init(CURL_GLOBAL_ALL);

CURLM *mh=curl_multi_init();
 if (mh)
{
CURL * eh=curl_easy_init();
 if (eh)
{
int runningHandles=0;
 curl_easy_setopt(eh, CURLOPT_URL,"http://www.c-burn.com");
 curl_easy_setopt(eh, CURLOPT_WRITEDATA, 0L);
curl_easy_setopt(eh, CURLOPT_VERBOSE, 1L);
 curl_easy_setopt(eh, CURLOPT_WRITEFUNCTION, adam_write_callback);
curl_easy_setopt(eh, CURLOPT_DEBUGFUNCTION, adam_debug_callback);
 curl_easy_setopt(eh, CURLOPT_DEBUGDATA, 0L);

//nb. uncommenting out this to use easy interface works
 //curl_easy_perform(eh);

curl_multi_add_handle(mh, eh);

/* lets start the fetch */
curl_multi_perform(mh, &runningHandles);
 while(runningHandles>0)
{
 struct timeval timeout;
int rc; /* select() return code */

 fd_set fdread;
fd_set fdwrite;
fd_set fdexcep;
 int maxfd = -1;

long curl_timeo = -1;

FD_ZERO(&fdread);
FD_ZERO(&fdwrite);
 FD_ZERO(&fdexcep);

/* set a suitable timeout to play around with */
 timeout.tv_sec = 1;
timeout.tv_usec = 0;

 curl_multi_timeout(mh, &curl_timeo);
if(curl_timeo >= 0)
{
 timeout.tv_sec = curl_timeo / 1000;
if(timeout.tv_sec > 1)
timeout.tv_sec = 1;
 else
timeout.tv_usec = (curl_timeo % 1000) * 1000;
}

/* get file descriptors from the transfers */
curl_multi_fdset(mh, &fdread, &fdwrite, &fdexcep, &maxfd);
 if (maxfd>-1)
{
/* In a real-world program you OF COURSE check the return code of the
   function calls.  On success, the value of maxfd is guaranteed to be
   greater or equal than -1.  We call select(maxfd + 1, ...), specially in
   case of (maxfd == -1), we call select(0, ...), which is basically equal
   to sleep. */

rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);

switch(rc)
{
 case -1:
/* select error */
break;
 case 0: /* timeout */
default: /* action */
curl_multi_perform(mh, &runningHandles);
 break;
}
}
 else
Sleep(100);
}
 /* make sure the easy handle is not in the multi handle anymore */
curl_multi_remove_handle(mh,eh);

/* cleanup */
curl_easy_cleanup(eh);
 }
 curl_multi_cleanup(mh);
 }
}
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

POP3 Authentication

Steve Holme — 2012-05-18T12:04:17

Hi all,

 

I took the opportunity last night to add support to POP3 for more secure
authentication mechanisms in a local branch. This was a relatively easy
process, borrowing a few bits of code from SMTP.

 

Rather than define a new bunch of authentication mechanisms equivalent to
the SMTP_AUTH_* I moved these into a new header file (curl_sasl.h) and
renamed the #defines accordingly (as we discussed sometime last year). As
this introduces a new header file, will any of the makefiles / other build
files require the inclusion of this header? I will fix up the VC6 project
file accordingly but I was wondering what else may require knowledge of this
file.

 

The code is still very much work in progress but I would hope to start
committing bits after the release next week.

 

So far I have added support for NTLM and PLAIN as Exchange only supports
GSSAPI, NTLM and PLAIN in the 2010 version. Does anyone have access to a
POP3 server that supports LOGIN, CRAM-MD5 or DIGEST-MD5 that we could use to
test the other mechanisms from SMTP with? Once we have that working I can
then look at extracting responses and creating some test harnesses.

 

I have also coded it so that if the server doesn't support the AUTH command
and it fails it will fallback to clear text USER / PASS combination which is
how authentication is currently implemented in curl.

 

I would also like to add APOP support as well, which like clear text, works
outside of the SASL mechanism with the AUTH command. From what I have read,
APOP is supported when the server includes a timestamp at the end of the
server greeting. Again does anyone have or use a server that supports this?

 

Any additional thoughts would be welcome.

 

Kind Regards

 

Steve

 

 

 

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

SFTP delete file with space

Anders Havn — 2012-05-17T13:24:25

Hi,

I have a problem when deleting/renaming/chmod a file if the file or
the file path includes a space:
Ex: "sftp://myftpserver.org/UserFolder/Test xyz.txt"  <-- space in filename
Ex: "sftp://myftpserver.org/User Folder/Test.txt"       <-- space in filepath

It works fine if the path have no spaces:
Ex: "sftp://myftpserver.org/UserFolder/Test.txt"

This is how my codes looks:

NSString username = < at >"username";
NSString password = < at >"password";
NSString* fullFilePath = < at >"sftp://myftpserver.org/UserFolder/Test xyz.txt"

NSString* filePath = < at >"rm /UserFolder/Test xyz.txt"
 struct curl_slist* headerlist = curl_slist_append(NULL, [filePath
cStringUsingEncoding:encoding]);

curl_global_init(CURL_GLOBAL_DEFAULT);
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, [fullFilePath
cStringUsingEncoding:encoding]);
curl_easy_setopt(curl, CURLOPT_USERNAME, [username
cStringUsingEncoding:encoding]);
curl_easy_setopt(curl, CURLOPT_PASSWORD, [password
cStringUsingEncoding:encoding]);
curl_easy_setopt(curl, CURLOPT_VERBOSE, (long)1);
curl_easy_setopt(curl, CURLOPT_POSTQUOTE, headerList);
CURLcode result = curl_easy_perform(curl);
curl_slist_free_all (headerList);
curl_easy_cleanup(curl);


Just want to repeat again that the code works fine when there are no
spaces involved in the filename or the full file path.

Thank you for you help.

Best Regards,
Anders Havn
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Dot character as first character in smtp email

Steve Holme — 2012-05-15T14:19:39

Hi Guys,

I noticed a small bug in the smtp module over the last 24 hours, which I'm
surprised I've not spotted before!

It seems that if a line starts with a full stop / period / dot character
then the character is stripped away by the server (Microsoft Exchange in
this instance).

The EOB checking function looks for CRLF.CRLF and replaces it with CRLF..
before checking for the next instance of CRLF.CRLF beginning with the last
two characters of the previous match.

The following is an extract from Section 4.5.2 of RFC2821:

Before sending a line of mail text, the SMTP client checks the
first character of the line.  If it is a period, one additional
period is inserted at the beginning of the line.

Interesting the next paragraph goes on to say:

When a line of mail text is received by the SMTP server, it checks
the line.  If the line is composed of a single period, it is
treated as the end of mail indicator.  If the first character is a
period and there are other characters on the line, the first
character is deleted.

I have prepared a fix but just quickly wanted to ask if there is a specific
reason we are checking for CRLF.CRLF before I push the fix. I appreciate
I've done a fair bit of work in this area but I can't think why it is being
done like this and not as per the RFC.

Interestingly it seems that pop3 is doing the correct thing when a line
starts with .. replacing the two characters with one - which I believe we
fixed up towards the end of last year ;-)

Kind Regards

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Public key extraction of a self signed cert

Cavendish, Dirceu — 2012-05-15T01:01:01

Hi Cool Curl people.

I am trying to extract the public key of a self signed cert...Here is how I am doing, and what the problem is:

I set a verify call back function, in which I do:

  X509 *cert = X509_STORE_CTX_get_current_cert(x509_ctx);
  int depth = X509_STORE_CTX_get_error_depth(x509_ctx);
  int err = X509_STORE_CTX_get_error(x509_ctx);

I check cert pointer, non NULL;
I check depth, which is ZERO;
I check err, which is 18 (X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
All good.

  EVP_PKEY *pubKey = X509_get_pubkey(cert);

I check pubKey, which is non NULL;
As I dereference pubKey as pubKey->pkey.rsa, the pointer turns out to be NULL :(.

Am I doing something wrong? When there is an error, does OPENSSL still expose the cert public key?
How would I retrieve a public key of the certificate the peer is presenting to me?

Thanks for any hints...
Dirceu
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

cURL 7.25.0 WINBUILD

Daniel Stenberg — 2012-05-14T21:39:34

Hi friends

I got this remark privately from Stefan Paetow and since I don't do windows 
development myself I want to get your feedback on this comment:

-----

In line 329-330, you have this:

LIB_OBJS= $(LIBCURL_OBJS)
EXE_OBJS= $(CURL_OBJS)

It should be this:

LIB_OBJS= $(LIBCURL_OBJS) $(RESOURCE)
EXE_OBJS= $(CURL_OBJS) $(CURL_DIROBJ)\curl.res

The reason why this change is required is because the Makefile.vc8 file in
the lib directory contains $(RESOURCE) at the end of the list of the X_OBJS
define (see lines 498 to 588), and the same file in the src directory has a
similar entry at the end of the RELEASE_OBJS (line 176) and DEBUG_OBJS
defines (line 219).

Thought you might want to fix that for the next version.

----

  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Curl Multi perform without waiting for read

Suraj Narkhede — 2012-05-13T17:08:33

Hi All,

We have a requirement where we wish to call curl_multi_perform without
waiting for reads. Can we do this?If yes, how?
I am using curl 7.21.1. .

Thanks.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html