Re: How to get more information about error code 7

Leo Song via curl-library wrote: Thanks for the reply. I've already enabled CURLOPT_VERBOSE, and still getting Curl error 7. I've tried with CURLINFO_OS_ERRNO, and am getting errno 101, which maps to "Network is unreachable". Is there any other way to get more debugging info from openssl or

Init option?: libcurl version coded for

"When you come to a fork in the road, take it." - Yogi Berra [1] Several times I've watch the project struggle with a desired libcurl behavioral change due to concerns about backward compatibility. Currently, there is a discussion about SSL host verification [2] which has this feel. I

Re: libcurl leaks information in freed memory

Daniel Stenberg via curl-library wrote: On Mon, 22 Oct 2018, Gabriel Zachmann via curl-library wrote: Actually would be possible to allow an application to supply an allocator and deallocator callbacks to libcurl via an option? Sure. I don't know why I forgot about that option. I like that

Re: DEPRECATE.md

Daniel Stenberg wrote: On Mon, 2 Jul 2018, Rich Gray wrote:    https://curl.haxx.se/dev/deprecate.html I wonder if for depreciation of build options like axTLS, you should arrange a big warning message should anyone try to build it.  This may get someone's attention when they might

Re: DEPRECATE.md

Daniel Stenberg wrote: FYI, I just added docs/DEPRECATE.md to the git repo, outlining the deprecation plans for axTLS and pipelining. This document is now available on the site here:   https://curl.haxx.se/dev/deprecate.html When these features have been deprecated, I think they should

Re: Question about CURLOPT_ERRORBUFFER

Martin Galvan wrote: Hi all, The CURLOPT_ERRORBUFFER docs say: "You must keep the associated buffer available until libcurl no longer needs it. Failing to do so will cause very odd behavior or even crashes. libcurl will need it until you call curl_easy_cleanup or you set the same option again

Re: The life of a curl security bug

Daniel Stenberg wrote: I wrote a blog post on exactly what we do when we receive and deal with a security problem in curl. From report to release. https://daniel.haxx.se/blog/2017/10/05/the-life-of-a-curl-security-bug/ [I tried to post this as a comment to your article, but it failed with:

Re: Enabled multiple SSL backends

Daniel Stenberg wrote: Hi friends! As of minutes ago, libcurl has the ability to change SSL backend dynamically at run-time - if built with the support enabled. That means that the choice does no longer only have to happen at build-time. curl_global_sslset() is the new function for selecting

Re: Regarding CVE-2016-9594 (uninitialized random)

Kamil Dudka wrote: On Friday, February 17, 2017 17:14:37 Andreas Mohr wrote: 0. The code used an old-style BREAK-CAST *) in order to work around (not: treat!) a transition issue caused by mismatch of API signatures (ROOT CAUSE) I do not understand what you mean by BREAK-CAST. Assuming I am

Re: stricter host name requirements for file:// URLs (was Re: [SECURITY ADVISORY] curl invalid URL parsing with '#')

FYI, this Last Call notice for an update to the file:// URI specification, RFC 1738, came across another of my lists and might be relevant to this thread. Admittedly, I have not followed the thread closely or read the draft. Happy Thanksgiving to those in the US. Cheers! Rich --

Re: CURL and CULM data structure

Ramachandran, Agalya (Contractor) wrote: Hi team, I have a query with respect to CURL and CURLM data structure. For debugging purpose, I want to print the actual value in the following handles. ·CURL *handle; ·CURLM *multi_handle; Can you please guide me what is the data structure for CURL,

Re: curl/libcurl SNMP protocol support

Sergei Nikulov wrote: 9 авг. 2016 г. 7:33 PM пользователь "Rich Gray" <rg...@plustechnologies.com <mailto:rg...@plustechnologies.com>> написал: > > Sergei Nikulov wrote: >> >> Hello All! >> >> Is anybody interest in RFC 4088 "Un

Re: curl/libcurl SNMP protocol support

Sergei Nikulov wrote: Hello All! Is anybody interest in RFC 4088 "Uniform Resource Identifier (URI) Scheme for the Simple Network Management Protocol (SNMP)" implementation in curl utility? Maybe someone already thinking about adopting Net-SNMP library as engine for curl SNMP GET requests?

Re: CURLINFO_TLS_SESSION with OPENSSL returns SSL_CTX instead of SSL

Ray Satiro via curl-library wrote: On 10/7/2015 9:10 AM, Daniel Stenberg wrote: On Wed, 7 Oct 2015, Rich Gray wrote: For what it's worth, CURLINFO_TLS_SSL_PTR seems more meaningful to me than CURLINFO_TLS_SESSION_V2. For maximum clarity, maybe CURLINFO_TLS_CTX_PTR could be added as an alias

Re: CURLINFO_TLS_SESSION with OPENSSL returns SSL_CTX instead of SSL

Ray Satiro via curl-library wrote: I plan to put in the CURLINFO_TLS_SESSION_V2 implementation (credit to Michael Kaufmann for suggesting that) instead of the CURLINFO_TLS_SSL_PTR. For what it's worth, CURLINFO_TLS_SSL_PTR seems more meaningful to me than CURLINFO_TLS_SESSION_V2. For maximum

Re: CURLINFO_TLS_SESSION with OPENSSL returns SSL_CTX instead of SSL

Michael Kaufmann wrote: Should we consider providing another pointer for the OpenSSL backend? Sure, I'm open for discussions and solutions! Yes, please consider this. I propose to add a new CURLINFO constant, because the existing API must not be changed (backwards compatibility). We could

Re: [curl-library] please auto-adjust mailinglist subject

Bastian Bittorf wrote: * Daniel Stenberg [17.09.2015 08:32]: There are arguments for both ways. I personally dislike how prefixes remove subject space and makes it harder to read/find in a list with other mails. Subject prefixes would be a reasonable Mailman list subscriber

Re: Adding different file descriptors to curls before select()

Bo Mellberg wrote: Hi list, I'm building an embedded application that talks serial, bluetooth via openobex and http. For the first ones I have file descriptors as they are returned by "open" and "OBEX_GetFD". Now, trying to combine these together with the curl file descriptor sets, I can't get

Re: why does curl silently discard expired cookies and can this be disabled?

guenter.pu...@loewe.de wrote: Receivers shall support the use of cookies via the Cookie request header and Set Cookie response header as defined by RFC 6265. All cookies shall be stored transiently, regardless of any specified expiration date or age. [...] When it says 'transiently' is it

Re: Connecting to multiple hosts that have the same hostname

Daniel Stenberg wrote: On Tue, 2 Jun 2015, Michael Kaufmann wrote: A callback function for the name resolution would be a powerful mechanism. Similar to CURLOPT_OPENSOCKETFUNCTION, but a bit on a higher level. This new callback function should be able to either return an address, or to tell

Re: making github a curl citizen, or curl a better githubber

moparisthebest wrote: Would it possibly be worth subscribing curl-library@cool.haxx.se to the github issues/pull requests so the list could still be notified of and discuss things? I'm not sure exactly how noisy it would be, Please don't. Those who want it can subscribe. but I'm sure

Yahoo posters - seen at last!

Nice to see that the Yahoo users are no longer being dropped into the Junk folder when received via G-mail. :) Good to see you, Ray! Thanks for the fix, Daniel! Rich --- List admin: http://cool.haxx.se/list/listinfo/curl-library

Re: Is there a counterpart of curl_multi_fdset to UNset fd's?

Daniel Stenberg wrote: On Tue, 8 Jul 2014, Federico Vitali wrote: Ok perhaps I've understood, I apologize for my request. It the select function itself that unsets filedescriptors... Is it correct? Please don't top-post and I'm not convinced this is the best place to ask about how select()

Re: the survey summary

Daniel Stenberg wrote: On Fri, 13 Jun 2014, Daniel Stenberg wrote: http://curl.haxx.se/docs/survey/survey2014.html Haven't had a chance to look at this and in fact didn't get to the survey, in part because too many of the questions were phrased in a manner which made them hard to answer.

Re: excessive bounces? / list messages marked as spam

Ray Satiro wrote: I got an e-mail this evening that my subscription to this mailing list was disabled due to excessive bounces. I reactivated it. I wonder if anyone else is experiencing the same thing (esp yahoo users). Here is the message I received: Your membership in the mailing list

Re: Yeah, Heartbleed

Daniel Stenberg wrote: Heartbleed is a flaw in OpenSSL in a certain version span. Clients are *also* vulnerable to this flaw, which means that if you run curl or libcurl with a vulnerable OpenSSL version a rogue server can read client memory. Again, this is an OpenSSL flaw but since OpenSSL is

Re: Let the user specify the download buffer

Daniel Stenberg wrote: Since libcurl may download an infintely large amount of data, just pointing out a single buffer is not enough. It would have to be the first in a series of buffers. The question is then how libcurl spends the buffer(s) and how you give it new/more buffers to fill.

Re: HTTP POST: fail early if unknown data size (read function)

Daniel Stenberg wrote: On Sat, 11 Jan 2014, Cédric Deltheil wrote: When performing a standard HTTP POST (w/o chunked encoding) with a custom read function, a common mistake is to forget to explicitly set the POST size via `CURLOPT_POSTFIELDSIZE`. This results in libcurl sending a negative

Re: A Question On Libcurl Performance

Daniel Stenberg wrote: On Sat, 31 Aug 2013, Thomas Dineen wrote: Now when I perform the exact same access on Fedora 14 the read performance is very slow. When the read access is executed by sending the URL I don't understand this part. The read access is executed? there seems to be a

Re: [PATCH] A CURLINFO_XFER_STATE perhaps?

Daniel Stenberg wrote: Without considering the code for the moment, let's play with a modified imaginary setup (adopting some of Rich's ideas too): #define CURLXFER_INIT 0x00 /* nothing really happened yet */ #define CURLXFER_NAMERES 0x10 /* name resolving */ #define

Re: [PATCH] A CURLINFO_XFER_STATE perhaps?

Daniel Stenberg wrote: On Tue, 6 Aug 2013, Patrick Monnerat wrote: I've made a first go at that Good job. May be one more state for SSL handshake ?... Hm, that's not a bad idea. I also thought about exposing the sub-state of FTP or SFTP somehow. A CURLXFER_SECURITY would be a nice

Re: Proposed changes to SSL comparison documentation

Nick Zitzmann wrote: On May 4, 2013, at 4:56 PM, Steve Holme steve_ho...@hotmail.com wrote: Generally speaking, I like what you've done here Nick... The comparison is a lot more informative and information more useful. However I have a few comments: * Would it be better to state *nix rather

Re: 15 years

Daniel Stenberg wrote: Hi friends, At this day, 15 years ago, I uploaded the first release of curl to the world. What an incredible millstone, err, milestone! ;P (Did you ever think that curl would grow to become such an amazingly powerful, widely used tool?) We started using the command

Re: [bagder/curl] 0e66d5: vc: remove explicit MSVC6 IDE project file and doc...

Daniel Stenberg wrote: On Thu, 7 Feb 2013, Yang Tse wrote: vc: remove explicit MSVC6 IDE project file and documentation VC6 is _very_ old and we provide working makefiles even for that compiler. Users who build with the IDE never use that method and project file anyway and it was just

Re: pthread_cancel while in curl_easy_perform

Daniel Stenberg wrote: On Tue, 29 Jan 2013, Andrew Strohman wrote: http://curl.haxx.se/docs/faq.html#How_do_I_stop_an_ongoing_transfe Thanks for the reply. Does your statement also apply to the multi interface? The way the faq is worded gives me hope that I can safely do pthread_cancel if

Re: Is every Mac has cURL pre-installed?

Igor Korot wrote: Hi, ALL, Well, subject says it all. If it hasn't always been provided in OS X, it goes back a long ways... On OS X 10.6.8 (Snow Leopard) Apple installed: curl 7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8r zlib/1.2.3 Protocols: tftp ftp telnet dict ldap

Re: SMTP recipient issues

Dan wrote: Did we come to any sort of consensus about what the implementation should look like? I must apologize for my lack of activity on this thread. I've simply been hammered by work and domestic issues and will be for some time yet to come. I have been trying to follow it though and

Re: SMTP recipient issues

William Betts wrote: HI Steve, If libcurl will ditch the entire message because of a failed RCPT TO command it should be listed as a bug. If the SMTP session has at least 1 valid recipient the transaction should finish. I'll check it out in a bit and see if that's the case on my end. Best

Re: Avoid copying data in CURLOPT_WRITEFUNCTION callback

Konstantin Miller wrote: Hi! Is there any way to avoid copying data between the buffer that is passed to the callback function, which is set with CURLOPT_WRITEFUNCTION, and my own buffer? Can I tell libcurl that I would like to reuse its buffer and that I will free it myself later on? Or, even

Re: POP3 returns line data and CRLF separately, drops final CRLF

Steve Holme wrote: Hi Rich, 1. Libcurl is returning message data line-by-line, with two callbacks per line - one for the line data and the other for the CRLF. This seems like strange behavior. I'd coded as if I were getting the data off a TCP connection - might get one byte, might get the

Re: [PATCH] SMTP: Fixed error when using CURLOPT_CONNECT_ONLY

Steve Holme wrote: Dear all, Firstly I must apologise for being quiet over the last couple of weeks. but unfortunately I joined the Four Zero club so have been away from my PC drowning my sorrows ;-) Hi Steve, Welcome back from your... uh... mid-life crisis? :-O I'm now back and if anyone

Re: SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS commit

Daniel Stenberg wrote: On Wed, 8 Feb 2012, Yang Tse wrote: CURLSSLOPT_ALLOW_BEAST --ssl-allow-beast +1 'enable' could be interpreted as if lib/curl itself initiated the BEAST atack. Yes, I agree that allow sounds better than enable. I'll rename the option and if no other objections pop up

POP3 returns line data and CRLF separately, drops final CRLF

As noted in a previous e-mail (Jan 31, State of POP3 in curl?), I'm working on a prototype POP3 download program utilizing libcurl. I've got my part of that prototype pretty much completed, but have noticed a couple of anomalies: 1. Libcurl is returning message data line-by-line, with two

State of POP3 in curl?

I've done something foolish. After doing an amazingly clean implementation of some HTTP scrapping using libcurl, I mentioned to my boss that libcurl also does pop3. Now we have a requirement for it and I got charged with getting a prototype going. (Or directing a co-worker to do so.) For a

Re: Enhancing POP3 to support extra commands

Dan Fandrich wrote: On Thu, Dec 01, 2011 at 05:17:04PM +, Steve Holme wrote: I have done a little research and couldn't really find anything... except RFC2384: http://tools.ietf.org/html/rfc2384 This specifies a format for URL based connection strings (including authentication) for pop3

Re: [Bulk] Re: [Bulk] RE: SMTP, data corruption and dot stuffing

operax...@yahoo.ca wrote: Le 19/10/2011 16:27, operax...@yahoo.ca a écrit : I've been able to step into debugger to analyze Curl_smtp_escape_eob (smtp.c) but I've been unable to spot a dot insertion in the buffer. Will continue to look into it. The dot is inserted via the dump function for

Re: What are consequences of late curl_multi_perform call

Marcin Adamski wrote: I'm wondering what are consequences of late curl_multi_perform call. I guess that it may cause some timeouts to occur later than it should i.e. we set CURLOPT_TIMEOUT for 60s, but whole operation lasted 62s. But are there any significant consequences for ongoing

Re: What are consequences of late curl_multi_perform call

Daniel Stenberg wrote: On Mon, 3 Oct 2011, Rich Gray wrote: Before version 7.20.0: If you receive CURLM_CALL_MULTI_PERFORM, this basically means that you should call curl_multi_perform again, before you select() on more actions. I'm trying to figure out what this really means. If you use