Re: missing mutual exclusion of header files for gss
2009/11/11, Marco Maggi wrote: Daniel Stenberg wrote: On Mon, 9 Nov 2009, Marco Maggi wrote: The code being as it is, it seems to me that just removing the block: But lib/krb5.c also includes gssapi/gssapi_krb5.h which urldata.h doesn't (when HAVE_GSSMIT is defined). Won't that be needed? So more cleanup is needed? Can you verify if attached patch works for you? -- -=[Yang]=- Index: krb5.c === RCS file: /cvsroot/curl/curl/lib/krb5.c,v retrieving revision 1.11 diff -u -r1.11 krb5.c --- krb5.c 2 May 2009 02:37:34 - 1.11 +++ krb5.c 11 Nov 2009 08:40:02 - @@ -46,7 +46,10 @@ #include netdb.h #endif #include string.h -#ifdef HAVE_GSSMIT + +#ifdef HAVE_GSSGNU +#include gss.h +#elif defined HAVE_GSSMIT /* MIT style */ #include gssapi/gssapi.h #include gssapi/gssapi_generic.h --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
RE: response to quoted pwd command in libcurl
-Original Message- From: curl-library-boun...@cool.haxx.se [mailto:curl-library-boun...@cool.haxx.se] On Behalf Of Daniel Stenberg Sent: Wednesday, November 11, 2009 3:10 AM To: libcurl development Subject: Re: response to quoted pwd command in libcurl On Tue, 10 Nov 2009, Xu, Qiang (FXSGSC) wrote: The command seems to be successful, but I can only see the destination directory's content listing. How can I retrieve the result of the quoted command pwd, both by curl command and by libcurl? It is sent as a header, so use the header callback for that. From http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTQUOTE and http://curl.haxx.se/libcurl/c/libcurl-tutorial.html, I guess the code should be somewhat wrtten like the following: CURL *handle = NULL; struct curl_slist *headers; ... handle = curl_easy_init(); ... curl_easy_setopt(CURLOPT_URL, sftp://13.198.98.190/;); ... headers = curl_slist_append(headers, pwd); curl_easy_setopt(handle, CURLOPT_QUOTE, headers); curl_easy_setopt(handle, CURLOPT_HEADER, 1); /* A parameter set to 1 tells the library to include the header in the body output */ ... curl_easy_perform(handle); ... curl_slist_free_all(headers); curl_easy_cleanup(handle); Does the above code look good? If there is anything wrong in it, pls point it out to me. By the way, what is the command-line option to use to have the same effect as curl_easy_setopt(handle, CURLOPT_HEADER, 1)? Thanks, Xu Qiang --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Can multi_perform block ??
Hi, I have an application running on linux. I have done export http_proxy= and I run the application and provide a url http://shoutcast.3wk.com:7575 I have a time out of 1 second on select call just before multi_perform. What I observed is that, sessionData-curlMultiStatusCode is -1 just before calling multi perform and then sessionData-curlMultiStatusCode = curl_multi_perform(sessionData-curlMultiHandle, runningHandles); this call blocks for a long time.. Please let me know if multi_perform can hang any time. Best Regards Shivanand --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
RE: response to quoted pwd command in libcurl
-Original Message- From: curl-library-boun...@cool.haxx.se [mailto:curl-library-boun...@cool.haxx.se] On Behalf Of Xu, Qiang (FXSGSC) Sent: Wednesday, November 11, 2009 5:00 PM To: libcurl development Subject: RE: response to quoted pwd command in libcurl By the way, what is the command-line option to use to have the same effect as curl_easy_setopt(handle, CURLOPT_HEADER, 1)? From man page, I found to achieve the purpose, the option to use is -i/--include. However, this still doesn't add the command feedback into the output body: = q...@durian(pts/1):~/opensrc/curl-7.19.6/src[128]$ ./curl -u qxu:fair123 sftp://13.198.98.190/~/scan/ -i --quote pwd --libcurl sftp_pwd_test.c drwxrwxr-x3 qxu XOG_cc 9216 Nov 6 18:30 . drwxrwxr-x 20 qxu XOG_cc 3072 Nov 11 18:37 .. drwxrwxr-x2 qxu XOG_cc 7168 Nov 5 16:14 sxc -rwxr-xr-x1 qxu XOG_cc560 Nov 5 16:13 ren3.pl -rwxr-xr-x1 qxu XOG_cc131 Nov 2 11:56 ren1.sh -rw-r--r--1 qxu XOG_cc 2106 Nov 6 18:29 test.txt -rwxr-xr-x1 qxu XOG_cc 88 Nov 5 16:15 ren2.sh -rw-r--r--1 qxu XOG_cc 2106 Nov 6 18:30 test1.txt = To get the response to the command pwd, what shall I do? Looking forward to help, Xu Qiang/* Sample code generated by the curl command line tool ** * Lines with [REMARK] below might need to be modified to make this code * usable. Add error code checking where appropriate. * Compile this with a suitable header include path. Then link with * libcurl. * If you use any *_LARGE options, make sure your compiler figure * out the correct size for the curl_off_t variable. * Read the details for all curl_easy_setopt() options online on: * http://curlm.haxx.se/libcurl/c/curl_easy_setopt.html / #define _FILE_OFFSET_BITS 64 /* for pre libcurl 7.19.0 curl_off_t magic */ #include curl/curl.h int main(int argc, char *argv[]) { CURLcode ret; CURL *hnd = curl_easy_init(); /* curl_easy_setopt(hnd, CURLOPT_WRITEDATA, 0xbf915898); [REMARK] */ /* curl_easy_setopt(hnd, CURLOPT_WRITEFUNCTION, 0x80501b0); [REMARK] */ /* curl_easy_setopt(hnd, CURLOPT_READDATA, 0xbf9158d8); [REMARK] */ /* curl_easy_setopt(hnd, CURLOPT_READFUNCTION, 0x8050140); [REMARK] */ /* curl_easy_setopt(hnd, CURLOPT_SEEKDATA, 0xbf9158d8); [REMARK] */ /* curl_easy_setopt(hnd, CURLOPT_SEEKFUNCTION, 0x8050100); [REMARK] */ curl_easy_setopt(hnd, CURLOPT_INFILESIZE_LARGE, (curl_off_t)-1); curl_easy_setopt(hnd, CURLOPT_URL, sftp://13.198.98.190/~/scan/;); curl_easy_setopt(hnd, CURLOPT_PROXY, NULL); curl_easy_setopt(hnd, CURLOPT_NOPROGRESS, 1); curl_easy_setopt(hnd, CURLOPT_HEADER, 1); curl_easy_setopt(hnd, CURLOPT_FAILONERROR, 0); curl_easy_setopt(hnd, CURLOPT_UPLOAD, 0); curl_easy_setopt(hnd, CURLOPT_DIRLISTONLY, 0); curl_easy_setopt(hnd, CURLOPT_APPEND, 0); curl_easy_setopt(hnd, CURLOPT_NETRC, 0); curl_easy_setopt(hnd, CURLOPT_FOLLOWLOCATION, 0); curl_easy_setopt(hnd, CURLOPT_UNRESTRICTED_AUTH, 0); curl_easy_setopt(hnd, CURLOPT_TRANSFERTEXT, 0); curl_easy_setopt(hnd, CURLOPT_USERPWD, qxu:fair123); curl_easy_setopt(hnd, CURLOPT_PROXYUSERPWD, NULL); curl_easy_setopt(hnd, CURLOPT_NOPROXY, NULL); curl_easy_setopt(hnd, CURLOPT_RANGE, NULL); /* curl_easy_setopt(hnd, CURLOPT_ERRORBUFFER, 0xbf91571c); [REMARK] */ curl_easy_setopt(hnd, CURLOPT_TIMEOUT, 0); curl_easy_setopt(hnd, CURLOPT_REFERER, NULL); curl_easy_setopt(hnd, CURLOPT_AUTOREFERER, 0); curl_easy_setopt(hnd, CURLOPT_USERAGENT, curl/7.19.6 (i686-pc-linux-gnu) libcurl/7.19.6 OpenSSL/0.9.8b zlib/1.2.3 libssh2/1.2); curl_easy_setopt(hnd, CURLOPT_FTPPORT, NULL); curl_easy_setopt(hnd, CURLOPT_LOW_SPEED_LIMIT, 0); curl_easy_setopt(hnd, CURLOPT_LOW_SPEED_TIME, 0); curl_easy_setopt(hnd, CURLOPT_MAX_SEND_SPEED_LARGE, (curl_off_t)0); curl_easy_setopt(hnd, CURLOPT_MAX_RECV_SPEED_LARGE, (curl_off_t)0); curl_easy_setopt(hnd, CURLOPT_RESUME_FROM_LARGE, (curl_off_t)0); curl_easy_setopt(hnd, CURLOPT_COOKIE, NULL); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, NULL); curl_easy_setopt(hnd, CURLOPT_SSLCERT, NULL); curl_easy_setopt(hnd, CURLOPT_SSLCERTTYPE, NULL); curl_easy_setopt(hnd, CURLOPT_SSLKEY, NULL); curl_easy_setopt(hnd, CURLOPT_SSLKEYTYPE, NULL); curl_easy_setopt(hnd, CURLOPT_KEYPASSWD, NULL); curl_easy_setopt(hnd, CURLOPT_SSH_PRIVATE_KEYFILE, NULL); curl_easy_setopt(hnd, CURLOPT_SSH_PUBLIC_KEYFILE, NULL); curl_easy_setopt(hnd, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, NULL); curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 2); curl_easy_setopt(hnd, CURLOPT_SSH_KNOWNHOSTS, /home/qxu/.ssh/known_hosts); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50); curl_easy_setopt(hnd, CURLOPT_CRLF, 0); /* curl_easy_setopt(hnd, CURLOPT_QUOTE,
RE: response to quoted pwd command in libcurl
-Original Message- From: curl-library-boun...@cool.haxx.se [mailto:curl-library-boun...@cool.haxx.se] On Behalf Of Xu, Qiang (FXSGSC) Sent: Wednesday, November 11, 2009 6:45 PM To: libcurl development Subject: RE: response to quoted pwd command in libcurl To get the response to the command pwd, what shall I do? From http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTWRITEHEADER and http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTHEADERFUNCTION, it is clear that to get the feedback to the quoted cmd like pwd, at least CURLOPT_WRITEHEADER must be pointed to a File pointer: /* from http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTWRITEHEADER */ CURLOPT_WRITEHEADER (This option is also known as CURLOPT_HEADERDATA) Pass a pointer to be used to write the header part of the received data to. If you don't use your own callback to take care of the writing, this must be a valid FILE *. See also the CURLOPT_HEADERFUNCTION option above on how to set a custom get-all-headers callback. /* from http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTHEADERFUNCTION */ CURLOPT_HEADERFUNCTION Function pointer that should match the following prototype: size_t function( void *ptr, size_t size, size_t nmemb, void *stream);. This function gets called by libcurl as soon as it has received header data. The header callback will be called once for each header and only complete header lines are passed on to the callback. Parsing headers should be easy enough using this. The size of the data pointed to by ptr is size multiplied with nmemb. Do not assume that the header line is zero terminated! The pointer named stream is the one you set with the CURLOPT_WRITEHEADER option. The callback function must return the number of bytes actually taken care of, or return -1 to signal error to the library (it will cause it to abort the transfer with a CURLE_WRITE_ERROR return code). If this option is not set, or if it is set to NULL, but CURLOPT_HEADERDATA (CURLOPT_WRITEHEADER) is set to anything but NULL, the function used to accept response data will be used instead. That is, it will be the function specified with CURLOPT_WRITEFUNCTION, or if it is not specified or NULL - the default, stream-writing function. It's important to note that the callback will be invoked for the headers of all responses received after initiating a request and not just the final response. This includes all responses which occur during authentication negotiation. If you need to operate on only the headers from the final response, you will need to collect headers in the callback yourself and use HTTP status lines, for example, to delimit response boundaries. So, it looks that I should fopen() a file to retrieve the command feedback. The code is changed as follows: File *fHeader = NULL; CURL *handle = NULL; struct curl_slist *headers; ... handle = curl_easy_init(); ... curl_easy_setopt(CURLOPT_URL, sftp://13.198.98.190/;); ... headers = curl_slist_append(headers, pwd); curl_easy_setopt(handle, CURLOPT_QUOTE, headers); curl_easy_setopt(handle, CURLOPT_HEADER, 1); /* Is it necessary? I don't know. */ curl_easy_setopt(handle, CURLOPT_WRITEHEADER, fHeader); ... curl_easy_perform(handle); ... curl_slist_free_all(headers); curl_easy_cleanup(handle); Is it OK now? Still, I am not sure how to do this in command-line to see the command feedback. Any idea? Thanks, Xu Qiang --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Can multi_perform block ??
On Wed, 11 Nov 2009, cent...@gmail.com wrote: curl_multi_perform(sessionData-curlMultiHandle, runningHandles); this call blocks for a long time.. http://curl.haxx.se/libcurl/c/libcurl-multi.html#BLOCKING -- / daniel.haxx.se --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Can multi_perform block ??
On Wednesday 11 of November 2009 14:36:29 Daniel Stenberg wrote: On Wed, 11 Nov 2009, cent...@gmail.com wrote: curl_multi_perform(sessionData-curlMultiHandle, runningHandles); this call blocks for a long time.. http://curl.haxx.se/libcurl/c/libcurl-multi.html#BLOCKING I can't see NSS SSL connections on the list, though it does not implement the corresponding function. Moreover the current blocking implementation of SSL connecting is probably incorrect anyway since it may fail completely on PR_ERROR_WOULD_BLOCK: http://permalink.gmane.org/gmane.comp.web.curl.library/25773 Kamil --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Can multi_perform block ??
On Wed, 11 Nov 2009, Kamil Dudka wrote: http://curl.haxx.se/libcurl/c/libcurl-multi.html#BLOCKING I can't see NSS SSL connections on the list, though it does not implement the corresponding function. Right, we should add it to that list! Moreover the current blocking implementation of SSL connecting is probably incorrect anyway since it may fail completely on PR_ERROR_WOULD_BLOCK: Right, but that's a plain old bug ;-) -- / daniel.haxx.se --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Can multi_perform block ??
On Wednesday 11 of November 2009 15:00:58 Daniel Stenberg wrote: Right, we should add it to that list! Please do. Moreover the current blocking implementation of SSL connecting is probably incorrect anyway since it may fail completely on PR_ERROR_WOULD_BLOCK: Right, but that's a plain old bug ;-) I wonder why the failure haven't happend to anyone yet. I spotted the comment for SSL_ForceHandshake() yesterday by accident while I was investigating something else within NSS. Kamil --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
RE: undefined reference to `dlsym'
On Sunday, November 8, 2009, Kamil Dudka wrote: I think we can remove the cross_compiling condition and always try to use pkg-config. If we force the PKG_CONFIG_LIBDIR, there is no chance to break the cross-compilation by taking system libs accidentally. I agree. Done. + export PKG_CONFIG_LIBDIR=$OPT_SSL/lib/pkgconfig Please split the exports into two lines. Done. I can see yet another (hopefully last :-) ) possible problem. If we have working pkg-config, but the build of OpenSSL does not contain pkgconfig files, it fails with the following message: configure: error: OpenSSL libs and/or directories were not found where specified Yes, I can duplicate this error by renaming openssl.pc to something else or making it so the specific the PKG_CONFIG_LIBDIR doesn't exist. We should check whether at least the directory $OPT_SSL/lib/pkgconfig (or maybe better the openssl.pc inside) exists and eventually fall back to fixed paths approach (PKGTEST=no). This should keep working what used to work before. Just to be clear, you don't want to find the system openssl, but you want configure to keep going with it's guess of what to use for SSL_LIBS, SSL_LDFLAGS and SSL_CPPFLAGS as though pkg-config wasn't installed at all? Doesn't the script do that already when it can't find openssl via pkg-config? My configure output looks like this: configure: set PKG_CONFIG_LIBDIR to /home/dbyron/src/ams/trunk/install/openssl/lib/pkgconfig checking for pkg-config... /usr/bin/pkg-config checking for openssl options with pkg-config... no checking for CRYPTO_lock in -lcrypto... yes checking for SSL_connect in -lssl... no checking for ssl with RSAglue/rsaref libs in use... checking for SSL_connect in -lssl... (cached) no no configure: error: OpenSSL libs and/or directories were not found where specified! If pkg-config found openssl, we'd see the output from these three lines in configure.ac: AC_MSG_NOTICE([pkg-config: SSL_LIBS: $SSL_LIBS]) AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: $SSL_LDFLAGS]) AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: $SSL_CPPFLAGS]) which we don't see there. Maybe I should change the output so it's clear what SSL_LDFLAGS and SSL_CPPFLAGS are even when pkg-config isn't used? I could see improving the error message since in case the pkgconfig info is missing, the trouble isn't that openssl wasn't found, it's that we don't know how to compile/link against it properly. Is that what you're asking for? Here's an updated patch with the two easy changes done. -DB --- /home/dbyron/src/curl/curl/configure.ac 2009-11-05 13:49:58.0 -0800 +++ configure.ac2009-11-11 11:26:15.0 -0800 @@ -1141,6 +1141,7 @@ CLEANLDFLAGS=$LDFLAGS CLEANCPPFLAGS=$CPPFLAGS CLEANLIBS=$LIBS + SAVE_PKG_CONFIG_LIBDIR=$PKG_CONFIG_LIBDIR case $OPT_SSL in yes) @@ -1162,14 +1163,24 @@ ;; *) dnl check the given --with-ssl spot -PKGTEST=no PREFIX_OPENSSL=$OPT_SSL + +dnl Try pkg-config even when cross-compiling. Since we +dnl specify PKG_CONFIG_LIBDIR we're only looking where +dnl the user told us to look +PKGTEST=yes +PKG_CONFIG_LIBDIR=$OPT_SSL/lib/pkgconfig +export PKG_CONFIG_LIBDIR +AC_MSG_NOTICE([set PKG_CONFIG_LIBDIR to $PKG_CONFIG_LIBDIR]) + +dnl in case pkg-config comes up empty, use what we got +dnl via --with-ssl LIB_OPENSSL=$PREFIX_OPENSSL/lib$libsuff if test $PREFIX_OPENSSL != /usr ; then - LDFLAGS=$LDFLAGS -L$LIB_OPENSSL - CPPFLAGS=$CPPFLAGS -I$PREFIX_OPENSSL/include + SSL_LDFLAGS=-L$LIB_OPENSSL + SSL_CPPFLAGS=-I$PREFIX_OPENSSL/include fi -CPPFLAGS=$CPPFLAGS -I$PREFIX_OPENSSL/include/openssl +SSL_CPPFLAGS=$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl ;; esac @@ -1182,15 +1193,29 @@ SSL_LDFLAGS=`$PKGCONFIG --libs-only-L openssl 2/dev/null` SSL_CPPFLAGS=`$PKGCONFIG --cflags-only-I openssl 2/dev/null` + AC_MSG_NOTICE([pkg-config: SSL_LIBS: $SSL_LIBS]) + AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: $SSL_LDFLAGS]) + AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: $SSL_CPPFLAGS]) + LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/-L//g'` - dnl use the values pkg-config reported + dnl use the values pkg-config reported. This is here + dnl instead of below with CPPFLAGS and LDFLAGS because we only + dnl learn about this via pkg-config. If we only have + dnl the argument to --with-ssl we don't know what + dnl additional libs may be necessary. Hope that we + dnl don't need any. LIBS=$LIBS $SSL_LIBS - CPPFLAGS=$CPPFLAGS $SSL_CPPFLAGS - LDFLAGS=$LDFLAGS $SSL_LDFLAGS + + dnl we're done using pkg-config for openssl + export PKG_CONFIG_LIBDIR=$SAVE_PKG_CONFIG_LIBDIR fi fi + dnl finally, set flags to use SSL + CPPFLAGS=$CPPFLAGS $SSL_CPPFLAGS + LDFLAGS=$LDFLAGS $SSL_LDFLAGS + dnl This is for Msys/Mingw case $host in *-*-msys* | *-*-mingw*)
Re: missing mutual exclusion of header files for gss
Yang Tse wrote: 2009/11/11, Marco Maggi wrote: Daniel Stenberg wrote: But lib/krb5.c also includes gssapi/gssapi_krb5.h which urldata.h doesn't (when HAVE_GSSMIT is defined). Won't that be needed? So more cleanup is needed? Can you verify if attached patch works for you? Yes, it works. -- Marco Maggi --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
select() returned with errno = 9 (EBADF), msg = Bad file descriptor
Hello friends of libCurl, for the first time, I observed the following trace with an select() error: 15045:259About to connect() to proxy XXX.XXX.XXX.XXX port (#0) 15045:260Trying XXX.XXX.XXX.XXX... 15045:277curlSelect(): errno = 9, msg = Bad file descriptor curlSelect(): errno = 9, msg = Bad file descriptor [repeated 300 times] 15046:125curlSelect(): errno = 9, msg = Bad file descriptor 15046:136Connected to XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) port (#0) 15046:136Proxy auth using Basic with user 'XXX' 15046:144GET http://XYZ HTTP/1.1 15046:144Proxy-Authorization: Basic XYZ 15046:144Host: X.Y.Z 15046:144Accept: */* 15046:144Proxy-Connection: Keep-Alive 15046:144Accept-Encodig: gzip 15046:145Content-Range: bytes 0-10239/* 15049:015HTTP/1.1 206 Partial Content 15049:016Date: Tue, 10 Nov 2009 18:58:35 GMT 15049:016Server: XYZ 15049:017Accept-Ranges: bytes 15049:017Content-MD5: t1NQPaP/cLh3J/zL48iteA== 15049:017Content-Range: bytes 0-4433/4434 15049:021Content-length: 4434 15049:021Proxy-Connection: Keep-Alive 15049:031Connection: Keep-Alive 15049:032Content-Encoding: gzip OS was QNX 6.3.2. libCurl version=7.19.3. The select error occured during an endurance test. The timestamps left are of format seconds:milliseconds. select() returned -1 and the errno was 9 / EBADF / Bad file descriptor 15045:277curlSelect(): errno = 9, msg = Bad file descriptor curlSelect(): errno = 9, msg = Bad file descriptor [repeated 300 times] 15046:125curlSelect(): errno = 9, msg = Bad file descriptor For ~0,85 seconds the select() call returned that error. select() was called ~300 times during that time. After that, the HTTP 206 response has been received. So, at first sight, the transfer has not been disturbed by the select() error. I have not checked whether the data has not been corrupted in some way. What might be the reason for that error ? Maybe it is a problem of the OS and has nothing to do with libCurl ? Does anybody has also observed that kind of problem ? How severe is that problem in general? Can it destabilize the whole system (-crash) ? Kind regards, Stefan --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: missing mutual exclusion of header files for gss
2009/11/11, Marco Maggi wrote: Can you verify if attached patch works for you? Yes, it works. This is now fixed in CVS. Thanks, -- -=[Yang]=- --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
IP address support for no proxy feature
Hello, I would like to submit a patch to allow IP addresses to be included in the list of no proxy hosts. Currently the no proxy logic allows for domain names to be specified. For instance, specifying hp.com will prevent the proxy from being used for accessing all hosts that end in hp.com. However, if I want to prevent the proxy from being used for a range of IP addresses I don't have any way to do this, since the logic in check_noproxy only compares the end of the requested host against the entry in the no proxy list. With this change, it is possible to specify a no proxy list like 192.168.*, which would prevent the proxy from being used to access any host that begins with 192.168., for instance http://192.168.0.1/ would not go through the proxy server with this change. I created a short list of hosts and a no proxy list with this change and could not see any ill side effects from this change. I used Tortoise SVN to create my patch, against a repository where I have libcurl code checked in (version 7.19.7). Thanks, Mark Salisbury Hewlett-Packard Company noproxy.patch Description: noproxy.patch --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: IP address support for no proxy feature
2009/11/11, Salisbury, Mark wrote: I would like to submit a patch to allow IP addresses to be included in the list of no proxy hosts. At least CURLOPT_NOPROXY section in curl_easy_setopt.3 should be updated accordingly to reflect and document the new capability this would introduce. Cheers, -- -=[Yang]=- --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
RE: IP address support for no proxy feature
curl_easy_setopt.3 (docs\libcurl\curl_easy_setopt.3) is the man page, right? I also see curl_easy_setopt.html and curl_easy_setopt.pdf. Are these automatically generated based off the man page? Here's the current entry in curl_easy_setopt.3: .IP CURLOPT_NOPROXY Pass a pointer to a zero terminated string. The should be a comma- separated list of hosts which do not use a proxy, if one is specified. The only wildcard is a single * character, which matches all hosts, and effectively disables the proxy. Each name in this list is matched as either a domain which contains the hostname, or the hostname itself. For example, local.com would match local.com, local.com:80, and www.local.com, but not www.notlocal.com. (Added in 7.19.4) Here's how I'd propose updating it: .IP CURLOPT_NOPROXY Pass a pointer to a zero terminated string. This should be a comma-separated list of hosts which do not use a proxy, if one is specified. To disable the proxy, set a single * character. Each name in this list is matched as either a domain which contains the hostname, the hostname itself, or an IP address range. For example, local.com would match local.com, local.com:80, and www.local.com, but not www.notlocal.com. 192.* will match all hosts beginning with 192, like 192.168.1.100. It will not match 10.10.10.192. (Added in 7.19.4, updated to support IP address ranges in 7.19.8) Thanks, Mark -Original Message- From: curl-library-boun...@cool.haxx.se [mailto:curl-library-boun...@cool.haxx.se] On Behalf Of Yang Tse Sent: Wednesday, November 11, 2009 3:45 PM To: libcurl development Subject: Re: IP address support for no proxy feature 2009/11/11, Salisbury, Mark wrote: I would like to submit a patch to allow IP addresses to be included in the list of no proxy hosts. At least CURLOPT_NOPROXY section in curl_easy_setopt.3 should be updated accordingly to reflect and document the new capability this would introduce. Cheers, -- -=[Yang]=- --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
statically link in libssh2
Hello, Is it possible to create both static and shared Curl libraries and and libssh2 statically linked into those libraries? If so, can I do this through the configure script? If so, what are the arguments to the configure script I need to have libssh2 statically linked in? Thanks, Steven --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: [PATCH, RFC] Make hostthre.c work on POSIX
Latest diff: * No more preprocessor before setup.h * Passes tests (previous version had uninitialized var) * Get rid of check for errormutex support - not needed * Add thunk to pthread wrapper to account for different function types ./configure --disable-ares --enable-threaded-resolve -Costa threading-v6.diff.gz Description: GNU Zip compressed data --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Fix for SSL_ForceHandshake core dump
Hi All, I spent some time debugging the curl code while Kamil and I were debugging this issue and I think I found out what is going on. Someplace in the code it looks like a data structure was released twice. So I looked in curl_nss_connect and saw that the model structure will be freed twice if the handshake fails. At line 939: PRFileDesc *model = NULL; At line 1201: PR_Close(model); /* We don't need this any more */ Then at line 1214 if SSL_ForceHandshakeWithTimeout fails, goto error is called and at line 1267: if(model) PR_Close(model); I created a patch that sets model to NULL around line 1201 and that seems to fix my crash. See below: *** curl-7.19.6/lib/nss.c Fri Jul 31 20:15:35 2009 --- /tmp/nss.c Wed Nov 11 17:52:27 2009 *** *** 1184,1190 --- 1184,1192 connssl-handle = SSL_ImportFD(model, connssl-handle); if(!connssl-handle) goto error; + PR_Close(model); /* We don't need this any more */ + model = NULL; /* This is the password associated with the cert that we're using */ if (data-set.str[STRING_KEY_PASSWD]) { It looks at some point the handshake failed and between the first and the second close was called someone else was using the NSS socket stucture and the fd element was released. Patch it attached. Thanks, Kevin From: Kamil Dudka kdu...@redhat.com To: Daniel Stenberg dan...@haxx.se Cc: curl-library@cool.haxx.se Sent: Tue, November 10, 2009 4:58:23 PM Subject: SSL_ForceHandshake may return PR_ERROR_WOULD_BLOCK [was Re: Seg fault...] On Tuesday 10 of November 2009 21:34:13 Kamil Dudka wrote: We've figured out with Kevin there are actually two bugs taking place: https://bugzilla.redhat.com/534115 https://bugzilla.redhat.com/534176 Both of them are assigned to nss for now... While investigating the issue I spotted another interesting comment before SSL_ForceHandshake(): /* Try to make progress on an SSL handshake by attempting to read the ** next handshake from the peer, and sending any responses. ** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK if it cannot ** read the next handshake from the underlying socket. ** For SSLv2, returns when handshake is complete or fatal error occurs. ** For SSLv3, returns when handshake is complete, or application data has ** arrived that must be taken by application before handshake can continue, ** or a fatal error occurs. ** Application should use handshake completion callback to tell which. */ This means we should check the return value for PR_ERROR_WOULD_BLOCK and eventually block when doing connection in the blocking mode, or am I missing anyting? Kamil --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html curl-7.19.6-modelfree.patch Description: Binary data --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: IP address support for no proxy feature
On Wed, Nov 11, 2009 at 10:12:13PM +, Salisbury, Mark wrote: With this change, it is possible to specify a no proxy list like 192.168.*, which would prevent the proxy from being used to access any host that begins with 192.168., for instance http://192.168.0.1/ would not go through the proxy server with this change. I think you should use a different syntax for specifying IP addresses that are going to be included with the NOPROXY option. A few concerns: 1. RFC 952 allows hostnames with numbers, it's just that the hostname can't start with a number. What happens if the user sets something like this, A-1.* ? http://tools.ietf.org/html/rfc952 2. What's your approach for dealing with IPv6 addresses? 3. How do you cope with subnets? 192.168.0.0/25 and 192.168.0.0/23 both generate a range of addresses that can't be expressed in a single entry. I would suggest you switch to CIDR notation. Perhaps someone else on the list can provide more detailed comments about IPv6. -j --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html