diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/CMakeLists.txt curl_h5/CMakeLists.txt *** curl/CMakeLists.txt 2022-08-26 11:21:23.032000000 +0800 --- curl_h5/CMakeLists.txt 2022-08-26 11:21:58.876000000 +0800 *************** *** 991,996 **** --- 991,997 ---- set(CMAKE_REQUIRED_LIBRARIES socket) endif() + check_symbol_exists(fchmod "${CURL_INCLUDES}" HAVE_FCHMOD) check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME) check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) check_symbol_exists(select "${CURL_INCLUDES}" HAVE_SELECT) diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/configure.ac curl_h5/configure.ac *** curl/configure.ac 2022-08-26 11:21:23.032000000 +0800 --- curl_h5/configure.ac 2022-08-26 11:21:58.876000000 +0800 *************** *** 3272,3277 **** --- 3272,3278 ---- AC_CHECK_FUNCS([fnmatch \ + fchmod \ geteuid \ getpass_r \ getppid \ diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/docs/cmdline-opts/cookie.d curl_h5/docs/cmdline-opts/cookie.d *** curl/docs/cmdline-opts/cookie.d 2022-08-26 11:21:23.040000000 +0800 --- curl_h5/docs/cmdline-opts/cookie.d 2022-08-26 11:21:58.884000000 +0800 *************** *** 5,13 **** Help: Send cookies from string/file Category: http --- ! Pass the data to the HTTP server in the Cookie header. It is supposedly ! the data previously received from the server in a "Set-Cookie:" line. The ! data should be in the format "NAME1=VALUE1; NAME2=VALUE2". If no '=' symbol is used in the argument, it is instead treated as a filename to read previously stored cookie from. This option also activates the cookie --- 5,16 ---- Help: Send cookies from string/file Category: http --- ! Pass the data to the HTTP server in the Cookie header. It is supposedly the ! data previously received from the server in a "Set-Cookie:" line. The data ! should be in the format "NAME1=VALUE1; NAME2=VALUE2". This makes curl use the ! cookie header with this content explicitly in all outgoing request(s). If ! multiple requests are done due to authentication, followed redirects or ! similar, they will all get this cookie passed on. If no '=' symbol is used in the argument, it is instead treated as a filename to read previously stored cookie from. This option also activates the cookie diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/HUAWEI-RELEASE curl_h5/HUAWEI-RELEASE *** curl/HUAWEI-RELEASE 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/HUAWEI-RELEASE 2022-08-26 11:21:58.876000000 +0800 *************** *** 0 **** --- 1 ---- + RELEASE: h12 diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/altsvc.c curl_h5/lib/altsvc.c *** curl/lib/altsvc.c 2022-08-26 11:21:23.092000000 +0800 --- curl_h5/lib/altsvc.c 2022-08-26 11:21:58.940000000 +0800 *************** *** 34,40 **** #include "parsedate.h" #include "sendf.h" #include "warnless.h" ! #include "rand.h" #include "rename.h" /* The last 3 #include files should be in this order */ --- 34,40 ---- #include "parsedate.h" #include "sendf.h" #include "warnless.h" ! #include "fopen.h" #include "rename.h" /* The last 3 #include files should be in this order */ *************** *** 329,336 **** struct Curl_llist_element *n; CURLcode result = CURLE_OK; FILE *out; ! char *tempstore; ! unsigned char randsuffix[9]; if(!altsvc) /* no cache activated */ --- 329,335 ---- struct Curl_llist_element *n; CURLcode result = CURLE_OK; FILE *out; ! char *tempstore = NULL; if(!altsvc) /* no cache activated */ *************** *** 344,360 **** /* marked as read-only, no file or zero length file name */ return CURLE_OK; ! if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) ! return CURLE_FAILED_INIT; ! ! tempstore = aprintf("%s.%s.tmp", file, randsuffix); ! if(!tempstore) ! return CURLE_OUT_OF_MEMORY; ! ! out = fopen(tempstore, FOPEN_WRITETEXT); ! if(!out) ! result = CURLE_WRITE_ERROR; ! else { fputs("# Your alt-svc cache. https://curl.se/docs/alt-svc.html\n" "# This file was generated by libcurl! Edit at your own risk.\n", out); --- 343,350 ---- /* marked as read-only, no file or zero length file name */ return CURLE_OK; ! result = Curl_fopen(data, file, &out, &tempstore); ! if(!result) { fputs("# Your alt-svc cache. https://curl.se/docs/alt-svc.html\n" "# This file was generated by libcurl! Edit at your own risk.\n", out); *************** *** 366,375 **** break; } fclose(out); ! if(!result && Curl_rename(tempstore, file)) result = CURLE_WRITE_ERROR; ! if(result) unlink(tempstore); } free(tempstore); --- 356,365 ---- break; } fclose(out); ! if(!result && tempstore && Curl_rename(tempstore, file)) result = CURLE_WRITE_ERROR; ! if(result && tempstore) unlink(tempstore); } free(tempstore); diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/conncache.c curl_h5/lib/conncache.c *** curl/lib/conncache.c 2022-08-26 11:21:23.096000000 +0800 --- curl_h5/lib/conncache.c 2022-08-26 11:21:58.944000000 +0800 *************** *** 160,167 **** /* report back which name we used */ *hostp = hostname; ! /* put the number first so that the hostname gets cut off if too long */ ! msnprintf(buf, len, "%ld%s", port, hostname); Curl_strntolower(buf, buf, len); } --- 160,171 ---- /* report back which name we used */ *hostp = hostname; ! /* put the numbers first so that the hostname gets cut off if too long */ ! #ifdef ENABLE_IPV6 ! msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname); ! #else ! msnprintf(buf, len, "%ld/%s", port, hostname); ! #endif Curl_strntolower(buf, buf, len); } diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/connect.c curl_h5/lib/connect.c *** curl/lib/connect.c 2022-08-26 11:21:23.096000000 +0800 --- curl_h5/lib/connect.c 2022-08-26 11:21:58.944000000 +0800 *************** *** 619,624 **** --- 619,625 ---- data->info.conn_scheme = conn->handler->scheme; data->info.conn_protocol = conn->handler->protocol; data->info.conn_primary_port = conn->port; + data->info.conn_remote_port = conn->remote_port; data->info.conn_local_port = local_port; } diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/content_encoding.c curl_h5/lib/content_encoding.c *** curl/lib/content_encoding.c 2022-08-26 11:21:23.096000000 +0800 --- curl_h5/lib/content_encoding.c 2022-08-26 11:21:58.944000000 +0800 *************** *** 1025,1036 **** --- 1025,1040 ---- return NULL; } + /* allow no more than 5 "chained" compression steps */ + #define MAX_ENCODE_STACK 5 + /* Set-up the unencoding stack from the Content-Encoding header value. * See RFC 7231 section 3.1.2.2. */ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, const char *enclist, int maybechunked) { struct SingleRequest *k = &data->req; + int counter = 0; do { const char *name; *************** *** 1065,1070 **** --- 1069,1079 ---- if(!encoding) encoding = &error_encoding; /* Defer error at stack use. */ + if(++counter >= MAX_ENCODE_STACK) { + failf(data, "Reject response due to %u content encodings", + counter); + return CURLE_BAD_CONTENT_ENCODING; + } /* Stack the unencoding stage. */ writer = new_unencoding_writer(data, encoding, k->writer_stack); if(!writer) diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/cookie.c curl_h5/lib/cookie.c *** curl/lib/cookie.c 2022-08-26 11:21:23.096000000 +0800 --- curl_h5/lib/cookie.c 2022-08-26 11:21:58.944000000 +0800 *************** *** 96,103 **** #include "curl_get_line.h" #include "curl_memrchr.h" #include "parsedate.h" - #include "rand.h" #include "rename.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" --- 96,103 ---- #include "curl_get_line.h" #include "curl_memrchr.h" #include "parsedate.h" #include "rename.h" + #include "fopen.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" *************** *** 469,474 **** --- 469,478 ---- (void)data; #endif + DEBUGASSERT(MAX_SET_COOKIE_AMOUNT <= 255); /* counter is an unsigned char */ + if(data->req.setcookies >= MAX_SET_COOKIE_AMOUNT) + return NULL; + /* First, alloc and init a new struct for it */ co = calloc(1, sizeof(struct Cookie)); if(!co) *************** *** 808,814 **** freecookie(co); return NULL; } ! } else { /* --- 812,818 ---- freecookie(co); return NULL; } ! data->req.setcookies++; } else { /* *************** *** 1346,1352 **** * * It shall only return cookies that haven't expired. */ ! struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, const char *host, const char *path, bool secure) { --- 1350,1357 ---- * * It shall only return cookies that haven't expired. */ ! struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, ! struct CookieInfo *c, const char *host, const char *path, bool secure) { *************** *** 1401,1406 **** --- 1406,1416 ---- mainco = newco; matches++; + if(matches >= MAX_COOKIE_SEND_AMOUNT) { + infof(data, "Included max number of cookies (%u) in request!", + matches); + break; + } } else goto fail; *************** *** 1602,1621 **** use_stdout = TRUE; } else { ! unsigned char randsuffix[9]; ! ! if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) ! return 2; ! ! tempstore = aprintf("%s.%s.tmp", filename, randsuffix); ! if(!tempstore) ! return CURLE_OUT_OF_MEMORY; ! ! out = fopen(tempstore, FOPEN_WRITETEXT); ! if(!out) { ! error = CURLE_WRITE_ERROR; goto error; - } } fputs("# Netscape HTTP Cookie File\n" --- 1612,1620 ---- use_stdout = TRUE; } else { ! error = Curl_fopen(data, filename, &out, &tempstore); ! if(error) goto error; } fputs("# Netscape HTTP Cookie File\n" *************** *** 1662,1668 **** if(!use_stdout) { fclose(out); out = NULL; ! if(Curl_rename(tempstore, filename)) { unlink(tempstore); error = CURLE_WRITE_ERROR; goto error; --- 1661,1667 ---- if(!use_stdout) { fclose(out); out = NULL; ! if(tempstore && Curl_rename(tempstore, filename)) { unlink(tempstore); error = CURLE_WRITE_ERROR; goto error; diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/cookie.h curl_h5/lib/cookie.h *** curl/lib/cookie.h 2022-08-26 11:21:23.096000000 +0800 --- curl_h5/lib/cookie.h 2022-08-26 11:21:58.944000000 +0800 *************** *** 81,90 **** */ #define MAX_COOKIE_LINE 5000 ! /* This is the maximum length of a cookie name or content we deal with: */ #define MAX_NAME 4096 #define MAX_NAME_TXT "4095" struct Curl_easy; /* * Add a cookie to the internal list of cookies. The domain and path arguments --- 81,106 ---- */ #define MAX_COOKIE_LINE 5000 ! /* Maximum length of an incoming cookie name or content we deal with. Longer ! cookies are ignored. */ #define MAX_NAME 4096 #define MAX_NAME_TXT "4095" + /* Maximum size for an outgoing cookie line libcurl will use in an http + request. This is the default maximum length used in some versions of Apache + httpd. */ + #define MAX_COOKIE_HEADER_LEN 8190 + + /* Maximum number of cookies libcurl will send in a single request, even if + there might be more cookies that match. One reason to cap the number is to + keep the maximum HTTP request within the maximum allowed size. */ + #define MAX_COOKIE_SEND_AMOUNT 150 + + /* Maximum number of Set-Cookie: lines accepted in a single response. If more + such header lines are received, they are ignored. This value must be less + than 256 since an unsigned char is used to count. */ + #define MAX_SET_COOKIE_AMOUNT 50 + struct Curl_easy; /* * Add a cookie to the internal list of cookies. The domain and path arguments *************** *** 97,103 **** const char *domain, const char *path, bool secure); ! struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, const char *host, const char *path, bool secure); void Curl_cookie_freelist(struct Cookie *cookies); void Curl_cookie_clearall(struct CookieInfo *cookies); --- 113,120 ---- const char *domain, const char *path, bool secure); ! struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, ! struct CookieInfo *c, const char *host, const char *path, bool secure); void Curl_cookie_freelist(struct Cookie *cookies); void Curl_cookie_clearall(struct CookieInfo *cookies); diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/curl_config.h.cmake curl_h5/lib/curl_config.h.cmake *** curl/lib/curl_config.h.cmake 2022-08-26 11:21:23.096000000 +0800 --- curl_h5/lib/curl_config.h.cmake 2022-08-26 11:21:58.944000000 +0800 *************** *** 127,132 **** --- 127,135 ---- /* Define to 1 if you have the header file. */ #cmakedefine HAVE_ASSERT_H 1 + /* Define to 1 if you have the `fchmod' function. */ + #cmakedefine HAVE_FCHMOD 1 + /* Define to 1 if you have the `basename' function. */ #cmakedefine HAVE_BASENAME 1 diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/fopen.c curl_h5/lib/fopen.c *** curl/lib/fopen.c 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/lib/fopen.c 2022-08-26 11:21:58.952000000 +0800 *************** *** 0 **** --- 1,113 ---- + /*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + + #include "curl_setup.h" + + #if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \ + !defined(CURL_DISABLE_HSTS) + + #ifdef HAVE_FCNTL_H + #include + #endif + + #include "urldata.h" + #include "rand.h" + #include "fopen.h" + /* The last 3 #include files should be in this order */ + #include "curl_printf.h" + #include "curl_memory.h" + #include "memdebug.h" + + /* + * Curl_fopen() opens a file for writing with a temp name, to be renamed + * to the final name when completed. If there is an existing file using this + * name at the time of the open, this function will clone the mode from that + * file. if 'tempname' is non-NULL, it needs a rename after the file is + * written. + */ + CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + FILE **fh, char **tempname) + { + CURLcode result = CURLE_WRITE_ERROR; + unsigned char randsuffix[9]; + char *tempstore = NULL; + struct_stat sb; + int fd = -1; + *tempname = NULL; + + if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { + /* a non-regular file, fallback to direct fopen() */ + *fh = fopen(filename, FOPEN_WRITETEXT); + if(*fh) + return CURLE_OK; + goto fail; + } + + result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); + if(result) + goto fail; + + tempstore = aprintf("%s.%s.tmp", filename, randsuffix); + if(!tempstore) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } + + result = CURLE_WRITE_ERROR; + fd = open(tempstore, O_WRONLY | O_CREAT | O_EXCL, 0600); + if(fd == -1) + goto fail; + + #ifdef HAVE_FCHMOD + { + struct_stat nsb; + if((fstat(fd, &nsb) != -1) && + (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) { + /* if the user and group are the same, clone the original mode */ + if(fchmod(fd, sb.st_mode) == -1) + goto fail; + } + } + #endif + + *fh = fdopen(fd, FOPEN_WRITETEXT); + if(!*fh) + goto fail; + + *tempname = tempstore; + return CURLE_OK; + + fail: + if(fd != -1) { + close(fd); + unlink(tempstore); + } + + free(tempstore); + + *tempname = NULL; + return result; + } + + #endif /* ! disabled */ diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/fopen.h curl_h5/lib/fopen.h *** curl/lib/fopen.h 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/lib/fopen.h 2022-08-26 11:21:58.952000000 +0800 *************** *** 0 **** --- 1,30 ---- + #ifndef HEADER_CURL_FOPEN_H + #define HEADER_CURL_FOPEN_H + /*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + + CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + FILE **fh, char **tempname); + + #endif diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/ftp.c curl_h5/lib/ftp.c *** curl/lib/ftp.c 2022-08-26 11:21:23.104000000 +0800 --- curl_h5/lib/ftp.c 2022-08-26 11:21:58.952000000 +0800 *************** *** 2681,2689 **** /* we have now received a full FTP server response */ switch(ftpc->state) { case FTP_WAIT220: ! if(ftpcode == 230) ! /* 230 User logged in - already! */ ! return ftp_state_user_resp(data, ftpcode, ftpc->state); else if(ftpcode != 220) { failf(data, "Got a %03d ftp-server response when 220 was expected", ftpcode); --- 2681,2692 ---- /* we have now received a full FTP server response */ switch(ftpc->state) { case FTP_WAIT220: ! if(ftpcode == 230) { ! /* 230 User logged in - already! Take as 220 if TLS required. */ ! if(data->set.use_ssl <= CURLUSESSL_TRY || ! conn->bits.ftp_use_control_ssl) ! return ftp_state_user_resp(data, ftpcode, ftpc->state); ! } else if(ftpcode != 220) { failf(data, "Got a %03d ftp-server response when 220 was expected", ftpcode); *************** *** 2740,2745 **** --- 2743,2751 ---- case FTP_AUTH: /* we have gotten the response to a previous AUTH command */ + if(pp->cache_size) + return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ + /* RFC2228 (page 5) says: * * If the server is willing to accept the named security mechanism, diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/hsts.c curl_h5/lib/hsts.c *** curl/lib/hsts.c 2022-08-26 11:21:23.104000000 +0800 --- curl_h5/lib/hsts.c 2022-08-26 11:21:58.956000000 +0800 *************** *** 35,41 **** #include "sendf.h" #include "strtoofft.h" #include "parsedate.h" ! #include "rand.h" #include "rename.h" #include "strtoofft.h" --- 35,41 ---- #include "sendf.h" #include "strtoofft.h" #include "parsedate.h" ! #include "fopen.h" #include "rename.h" #include "strtoofft.h" *************** *** 325,332 **** struct Curl_llist_element *n; CURLcode result = CURLE_OK; FILE *out; ! char *tempstore; ! unsigned char randsuffix[9]; if(!h) /* no cache activated */ --- 325,331 ---- struct Curl_llist_element *n; CURLcode result = CURLE_OK; FILE *out; ! char *tempstore = NULL; if(!h) /* no cache activated */ *************** *** 340,356 **** /* marked as read-only, no file or zero length file name */ goto skipsave; ! if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) ! return CURLE_FAILED_INIT; ! ! tempstore = aprintf("%s.%s.tmp", file, randsuffix); ! if(!tempstore) ! return CURLE_OUT_OF_MEMORY; ! ! out = fopen(tempstore, FOPEN_WRITETEXT); ! if(!out) ! result = CURLE_WRITE_ERROR; ! else { fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n" "# This file was generated by libcurl! Edit at your own risk.\n", out); --- 339,346 ---- /* marked as read-only, no file or zero length file name */ goto skipsave; ! result = Curl_fopen(data, file, &out, &tempstore); ! if(!result) { fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n" "# This file was generated by libcurl! Edit at your own risk.\n", out); *************** *** 362,371 **** break; } fclose(out); ! if(!result && Curl_rename(tempstore, file)) result = CURLE_WRITE_ERROR; ! if(result) unlink(tempstore); } free(tempstore); --- 352,361 ---- break; } fclose(out); ! if(!result && tempstore && Curl_rename(tempstore, file)) result = CURLE_WRITE_ERROR; ! if(result && tempstore) unlink(tempstore); } free(tempstore); diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/http.c curl_h5/lib/http.c *** curl/lib/http.c 2022-08-26 11:21:23.104000000 +0800 --- curl_h5/lib/http.c 2022-08-26 11:21:58.956000000 +0800 *************** *** 775,780 **** --- 775,795 ---- return CURLE_OK; } + /* + * Curl_allow_auth_to_host() tells if authentication, cookies or other + * "sensitive data" can (still) be sent to this host. + */ + bool Curl_allow_auth_to_host(struct Curl_easy *data) + { + struct connectdata *conn = data->conn; + return (!data->state.this_is_a_follow || + data->set.allow_auth_to_other_hosts || + (data->state.first_host && + strcasecompare(data->state.first_host, conn->host.name) && + (data->state.first_remote_port == conn->remote_port) && + (data->state.first_remote_protocol == conn->handler->protocol))); + } + /** * Curl_http_output_auth() setups the authentication headers for the * host/proxy and the correct authentication *************** *** 847,863 **** with it */ authproxy->done = TRUE; ! /* To prevent the user+password to get sent to other than the original ! host due to a location-follow, we do some weirdo checks here */ ! if(!data->state.this_is_a_follow || #ifndef CURL_DISABLE_NETRC ! conn->bits.netrc || #endif ! !data->state.first_host || ! data->set.allow_auth_to_other_hosts || ! strcasecompare(data->state.first_host, conn->host.name)) { result = output_auth_headers(data, conn, authhost, request, path, FALSE); - } else authhost->done = TRUE; --- 862,875 ---- with it */ authproxy->done = TRUE; ! /* To prevent the user+password to get sent to other than the original host ! due to a location-follow */ ! if(Curl_allow_auth_to_host(data) #ifndef CURL_DISABLE_NETRC ! || conn->bits.netrc #endif ! ) result = output_auth_headers(data, conn, authhost, request, path, FALSE); else authhost->done = TRUE; *************** *** 1913,1922 **** checkprefix("Cookie:", compare)) && /* be careful of sending this potentially sensitive header to other hosts */ ! (data->state.this_is_a_follow && ! data->state.first_host && ! !data->set.allow_auth_to_other_hosts && ! !strcasecompare(data->state.first_host, conn->host.name))) ; else { #ifdef USE_HYPER --- 1925,1931 ---- checkprefix("Cookie:", compare)) && /* be careful of sending this potentially sensitive header to other hosts */ ! !Curl_allow_auth_to_host(data)) ; else { #ifdef USE_HYPER *************** *** 2088,2093 **** --- 2097,2103 ---- return CURLE_OUT_OF_MEMORY; data->state.first_remote_port = conn->remote_port; + data->state.first_remote_protocol = conn->handler->protocol; } Curl_safefree(data->state.aptr.host); *************** *** 2697,2708 **** --- 2707,2720 ---- } #if !defined(CURL_DISABLE_COOKIES) + CURLcode Curl_http_cookies(struct Curl_easy *data, struct connectdata *conn, struct dynbuf *r) { CURLcode result = CURLE_OK; char *addcookies = NULL; + bool linecap = FALSE; if(data->set.str[STRING_COOKIE] && !Curl_checkheaders(data, "Cookie")) addcookies = data->set.str[STRING_COOKIE]; *************** *** 2712,2718 **** if(data->cookies && data->state.cookie_engine) { Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); ! co = Curl_cookie_getlist(data->cookies, data->state.aptr.cookiehost? data->state.aptr.cookiehost: conn->host.name, --- 2724,2730 ---- if(data->cookies && data->state.cookie_engine) { Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); ! co = Curl_cookie_getlist(data, data->cookies, data->state.aptr.cookiehost? data->state.aptr.cookiehost: conn->host.name, *************** *** 2731,2736 **** --- 2743,2755 ---- if(result) break; } + if((Curl_dyn_len(r) + strlen(co->name) + strlen(co->value) + 1) >= + MAX_COOKIE_HEADER_LEN) { + infof(data, "Restricted outgoing cookies due to header size, " + "'%s' not sent", co->name); + linecap = TRUE; + break; + } result = Curl_dyn_addf(r, "%s%s=%s", count?"; ":"", co->name, co->value); if(result) *************** *** 2741,2747 **** } Curl_cookie_freelist(store); } ! if(addcookies && !result) { if(!count) result = Curl_dyn_add(r, "Cookie: "); if(!result) { --- 2760,2766 ---- } Curl_cookie_freelist(store); } ! if(addcookies && !result && !linecap) { if(!count) result = Curl_dyn_add(r, "Cookie: "); if(!result) { diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/http.h curl_h5/lib/http.h *** curl/lib/http.h 2022-08-26 11:21:23.104000000 +0800 --- curl_h5/lib/http.h 2022-08-26 11:21:58.956000000 +0800 *************** *** 317,320 **** --- 317,326 ---- bool proxytunnel); /* TRUE if this is the request setting up the proxy tunnel */ + /* + * Curl_allow_auth_to_host() tells if authentication, cookies or other + * "sensitive data" can (still) be sent to this host. + */ + bool Curl_allow_auth_to_host(struct Curl_easy *data); + #endif /* HEADER_CURL_HTTP_H */ diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/imap.c curl_h5/lib/imap.c *** curl/lib/imap.c 2022-08-26 11:21:23.108000000 +0800 --- curl_h5/lib/imap.c 2022-08-26 11:21:58.960000000 +0800 *************** *** 935,956 **** line += wordlen; } } ! else if(imapcode == IMAP_RESP_OK) { ! if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { ! /* We don't have a SSL/TLS connection yet, but SSL is requested */ ! if(imapc->tls_supported) ! /* Switch to TLS connection now */ ! result = imap_perform_starttls(data, conn); ! else if(data->set.use_ssl == CURLUSESSL_TRY) ! /* Fallback and carry on with authentication */ ! result = imap_perform_authentication(data, conn); ! else { ! failf(data, "STARTTLS not supported."); ! result = CURLE_USE_SSL_FAILED; ! } } ! else result = imap_perform_authentication(data, conn); } else result = imap_perform_authentication(data, conn); --- 935,952 ---- line += wordlen; } } ! else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { ! /* PREAUTH is not compatible with STARTTLS. */ ! if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { ! /* Switch to TLS connection now */ ! result = imap_perform_starttls(data, conn); } ! else if(data->set.use_ssl <= CURLUSESSL_TRY) result = imap_perform_authentication(data, conn); + else { + failf(data, "STARTTLS not available."); + result = CURLE_USE_SSL_FAILED; + } } else result = imap_perform_authentication(data, conn); *************** *** 968,973 **** --- 964,973 ---- (void)instate; /* no use for this yet */ + /* Pipelining in response is forbidden. */ + if(data->conn->proto.imapc.pp.cache_size) + return CURLE_WEIRD_SERVER_REPLY; + if(imapcode != IMAP_RESP_OK) { if(data->set.use_ssl != CURLUSESSL_TRY) { failf(data, "STARTTLS denied"); diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/krb5.c curl_h5/lib/krb5.c *** curl/lib/krb5.c 2022-08-26 11:21:23.108000000 +0800 --- curl_h5/lib/krb5.c 2022-08-26 11:21:58.960000000 +0800 *************** *** 146,156 **** enc.value = buf; enc.length = len; maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL); ! if(maj != GSS_S_COMPLETE) { ! if(len >= 4) ! strcpy(buf, "599 "); return -1; - } memcpy(buf, dec.value, dec.length); len = curlx_uztosi(dec.length); --- 146,153 ---- enc.value = buf; enc.length = len; maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL); ! if(maj != GSS_S_COMPLETE) return -1; memcpy(buf, dec.value, dec.length); len = curlx_uztosi(dec.length); *************** *** 512,517 **** --- 509,515 ---- { int len; CURLcode result; + int nread; result = socket_read(fd, &len, sizeof(len)); if(result) *************** *** 520,526 **** if(len) { /* only realloc if there was a length */ len = ntohl(len); ! buf->data = Curl_saferealloc(buf->data, len); } if(!len || !buf->data) return CURLE_OUT_OF_MEMORY; --- 518,527 ---- if(len) { /* only realloc if there was a length */ len = ntohl(len); ! if(len > CURL_MAX_INPUT_LENGTH) ! len = 0; ! else ! buf->data = Curl_saferealloc(buf->data, len); } if(!len || !buf->data) return CURLE_OUT_OF_MEMORY; *************** *** 528,535 **** result = socket_read(fd, buf->data, len); if(result) return result; ! buf->size = conn->mech->decode(conn->app_data, buf->data, len, ! conn->data_prot, conn); buf->index = 0; return CURLE_OK; } --- 529,539 ---- result = socket_read(fd, buf->data, len); if(result) return result; ! nread = conn->mech->decode(conn->app_data, buf->data, len, ! conn->data_prot, conn); ! if(nread < 0) ! return CURLE_RECV_ERROR; ! buf->size = (size_t)nread; buf->index = 0; return CURLE_OK; } diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/Makefile.inc curl_h5/lib/Makefile.inc *** curl/lib/Makefile.inc 2022-08-26 11:21:23.092000000 +0800 --- curl_h5/lib/Makefile.inc 2022-08-26 11:21:58.940000000 +0800 *************** *** 131,136 **** --- 131,137 ---- escape.c \ file.c \ fileinfo.c \ + fopen.c \ formdata.c \ ftp.c \ ftplistparser.c \ *************** *** 263,268 **** --- 264,270 ---- escape.h \ file.h \ fileinfo.h \ + fopen.h \ formdata.h \ ftp.h \ ftplistparser.h \ diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/mqtt.c curl_h5/lib/mqtt.c *** curl/lib/mqtt.c 2022-08-26 11:21:23.112000000 +0800 --- curl_h5/lib/mqtt.c 2022-08-26 11:21:58.960000000 +0800 *************** *** 128,133 **** --- 128,137 ---- mq->sendleftovers = sendleftovers; mq->nsend = nsend; } + else { + mq->sendleftovers = NULL; + mq->nsend = 0; + } return result; } diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/pop3.c curl_h5/lib/pop3.c *** curl/lib/pop3.c 2022-08-26 11:21:23.112000000 +0800 --- curl_h5/lib/pop3.c 2022-08-26 11:21:58.964000000 +0800 *************** *** 741,768 **** } } } - else if(pop3code == '+') { - if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { - /* We don't have a SSL/TLS connection yet, but SSL is requested */ - if(pop3c->tls_supported) - /* Switch to TLS connection now */ - result = pop3_perform_starttls(data, conn); - else if(data->set.use_ssl == CURLUSESSL_TRY) - /* Fallback and carry on with authentication */ - result = pop3_perform_authentication(data, conn); - else { - failf(data, "STLS not supported."); - result = CURLE_USE_SSL_FAILED; - } - } - else - result = pop3_perform_authentication(data, conn); - } else { /* Clear text is supported when CAPA isn't recognised */ ! pop3c->authtypes |= POP3_TYPE_CLEARTEXT; ! result = pop3_perform_authentication(data, conn); } return result; --- 741,763 ---- } } } else { /* Clear text is supported when CAPA isn't recognised */ ! if(pop3code != '+') ! pop3c->authtypes |= POP3_TYPE_CLEARTEXT; ! if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) ! result = pop3_perform_authentication(data, conn); ! else if(pop3code == '+' && pop3c->tls_supported) ! /* Switch to TLS connection now */ ! result = pop3_perform_starttls(data, conn); ! else if(data->set.use_ssl <= CURLUSESSL_TRY) ! /* Fallback and carry on with authentication */ ! result = pop3_perform_authentication(data, conn); ! else { ! failf(data, "STLS not supported."); ! result = CURLE_USE_SSL_FAILED; ! } } return result; *************** *** 777,782 **** --- 772,781 ---- CURLcode result = CURLE_OK; (void)instate; /* no use for this yet */ + /* Pipelining in response is forbidden. */ + if(data->conn->proto.pop3c.pp.cache_size) + return CURLE_WEIRD_SERVER_REPLY; + if(pop3code != '+') { if(data->set.use_ssl != CURLUSESSL_TRY) { failf(data, "STARTTLS denied"); diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/setopt.c curl_h5/lib/setopt.c *** curl/lib/setopt.c 2022-08-26 11:21:23.116000000 +0800 --- curl_h5/lib/setopt.c 2022-08-26 11:21:58.968000000 +0800 *************** *** 2311,2316 **** --- 2311,2317 ---- case CURLOPT_SSL_OPTIONS: arg = va_arg(param, long); + data->set.ssl.primary.ssl_options = (unsigned char)(arg & 0xff); data->set.ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST); data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN); *************** *** 2324,2329 **** --- 2325,2331 ---- #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_SSL_OPTIONS: arg = va_arg(param, long); + data->set.proxy_ssl.primary.ssl_options = (unsigned char)(arg & 0xff); data->set.proxy_ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST); data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); data->set.proxy_ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN); *************** *** 2744,2792 **** case CURLOPT_TLSAUTH_USERNAME: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME], va_arg(param, char *)); ! if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype) ! data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ break; case CURLOPT_PROXY_TLSAUTH_USERNAME: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], va_arg(param, char *)); #ifndef CURL_DISABLE_PROXY ! if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && ! !data->set.proxy_ssl.authtype) ! data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ #endif break; case CURLOPT_TLSAUTH_PASSWORD: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD], va_arg(param, char *)); ! if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype) ! data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ break; case CURLOPT_PROXY_TLSAUTH_PASSWORD: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], va_arg(param, char *)); #ifndef CURL_DISABLE_PROXY if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && ! !data->set.proxy_ssl.authtype) ! data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ #endif break; case CURLOPT_TLSAUTH_TYPE: argptr = va_arg(param, char *); if(!argptr || strncasecompare(argptr, "SRP", strlen("SRP"))) ! data->set.ssl.authtype = CURL_TLSAUTH_SRP; else ! data->set.ssl.authtype = CURL_TLSAUTH_NONE; break; #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_TYPE: argptr = va_arg(param, char *); if(!argptr || strncasecompare(argptr, "SRP", strlen("SRP"))) ! data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; else ! data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE; break; #endif #endif --- 2746,2796 ---- case CURLOPT_TLSAUTH_USERNAME: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME], va_arg(param, char *)); ! if(data->set.str[STRING_TLSAUTH_USERNAME] && ! !data->set.ssl.primary.authtype) ! data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ break; case CURLOPT_PROXY_TLSAUTH_USERNAME: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], va_arg(param, char *)); #ifndef CURL_DISABLE_PROXY ! if(data->set.str[STRING_TLSAUTH_USERNAME] && ! !data->set.ssl.primary.authtype) ! data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ #endif break; case CURLOPT_TLSAUTH_PASSWORD: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD], va_arg(param, char *)); ! if(data->set.str[STRING_TLSAUTH_USERNAME] && ! !data->set.ssl.primary.authtype) ! data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */ break; case CURLOPT_PROXY_TLSAUTH_PASSWORD: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], va_arg(param, char *)); #ifndef CURL_DISABLE_PROXY if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && ! !data->set.proxy_ssl.primary.authtype) ! data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */ #endif break; case CURLOPT_TLSAUTH_TYPE: argptr = va_arg(param, char *); if(!argptr || strncasecompare(argptr, "SRP", strlen("SRP"))) ! data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; else ! data->set.ssl.primary.authtype = CURL_TLSAUTH_NONE; break; #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_TYPE: argptr = va_arg(param, char *); if(!argptr || strncasecompare(argptr, "SRP", strlen("SRP"))) ! data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; else ! data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_NONE; break; #endif #endif diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/smtp.c curl_h5/lib/smtp.c *** curl/lib/smtp.c 2022-08-26 11:21:23.116000000 +0800 --- curl_h5/lib/smtp.c 2022-08-26 11:21:58.968000000 +0800 *************** *** 835,840 **** --- 835,844 ---- CURLcode result = CURLE_OK; (void)instate; /* no use for this yet */ + /* Pipelining in response is forbidden. */ + if(data->conn->proto.smtpc.pp.cache_size) + return CURLE_WEIRD_SERVER_REPLY; + if(smtpcode != 220) { if(data->set.use_ssl != CURLUSESSL_TRY) { failf(data, "STARTTLS denied, code %d", smtpcode); diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/strcase.c curl_h5/lib/strcase.c *** curl/lib/strcase.c 2022-08-26 11:21:23.116000000 +0800 --- curl_h5/lib/strcase.c 2022-08-26 11:21:58.968000000 +0800 *************** *** 251,256 **** --- 251,266 ---- } while(*src++ && --n); } + /* Compare case-sensitive NUL-terminated strings, taking care of possible + * null pointers. Return true if arguments match. + */ + bool Curl_safecmp(char *a, char *b) + { + if(a && b) + return !strcmp(a, b); + return !a && !b; + } + /* --- public functions --- */ int curl_strequal(const char *first, const char *second) diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/strcase.h curl_h5/lib/strcase.h *** curl/lib/strcase.h 2022-08-26 11:21:23.116000000 +0800 --- curl_h5/lib/strcase.h 2022-08-26 11:21:58.968000000 +0800 *************** *** 48,51 **** --- 48,53 ---- void Curl_strntoupper(char *dest, const char *src, size_t n); void Curl_strntolower(char *dest, const char *src, size_t n); + bool Curl_safecmp(char *a, char *b); + #endif /* HEADER_CURL_STRCASE_H */ diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/transfer.c curl_h5/lib/transfer.c *** curl/lib/transfer.c 2022-08-26 11:21:23.120000000 +0800 --- curl_h5/lib/transfer.c 2022-08-26 11:21:58.972000000 +0800 *************** *** 1652,1661 **** return CURLE_OUT_OF_MEMORY; } else { - uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0); if(uc) return Curl_uc_to_curlcode(uc); } if(type == FOLLOW_FAKE) { --- 1652,1708 ---- return CURLE_OUT_OF_MEMORY; } else { uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0); if(uc) return Curl_uc_to_curlcode(uc); + + /* Clear auth if this redirects to a different port number or protocol, + unless permitted */ + if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) { + char *portnum; + int port; + bool clear = FALSE; + + if(data->set.use_port && data->state.allow_port) + /* a custom port is used */ + port = (int)data->set.use_port; + else { + uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum, + CURLU_DEFAULT_PORT); + if(uc) { + free(newurl); + return Curl_uc_to_curlcode(uc); + } + port = atoi(portnum); + free(portnum); + } + if(port != data->info.conn_remote_port) { + infof(data, "Clear auth, redirects to port from %u to %u", + data->info.conn_remote_port, port); + clear = TRUE; + } + else { + char *scheme; + const struct Curl_handler *p; + uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0); + if(uc) { + free(newurl); + return Curl_uc_to_curlcode(uc); + } + + p = Curl_builtin_scheme(scheme); + if(p && (p->protocol != data->info.conn_protocol)) { + infof(data, "Clear auth, redirects scheme from %s to %s", + data->info.conn_scheme, scheme); + clear = TRUE; + } + free(scheme); + } + if(clear) { + Curl_safefree(data->state.aptr.user); + Curl_safefree(data->state.aptr.passwd); + } + } } if(type == FOLLOW_FAKE) { diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/url.c curl_h5/lib/url.c *** curl/lib/url.c 2022-08-26 11:21:23.120000000 +0800 --- curl_h5/lib/url.c 2022-08-26 11:21:58.972000000 +0800 *************** *** 547,553 **** set->ssl.primary.verifypeer = TRUE; set->ssl.primary.verifyhost = TRUE; #ifdef USE_TLS_SRP ! set->ssl.authtype = CURL_TLSAUTH_NONE; #endif set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth type */ --- 547,553 ---- set->ssl.primary.verifypeer = TRUE; set->ssl.primary.verifyhost = TRUE; #ifdef USE_TLS_SRP ! set->ssl.primary.authtype = CURL_TLSAUTH_NONE; #endif set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth type */ *************** *** 784,789 **** --- 784,790 ---- Curl_safefree(conn->passwd); Curl_safefree(conn->sasl_authzid); Curl_safefree(conn->options); + Curl_safefree(conn->oauth_bearer); Curl_dyn_free(&conn->trailer); Curl_safefree(conn->host.rawalloc); /* host name buffer */ Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */ *************** *** 1088,1093 **** --- 1089,1100 ---- } } + static bool ssh_config_matches(struct connectdata *one, + struct connectdata *two) + { + return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) && + Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub)); + } /* * Given one filled in connection struct (named needle), this function should * detect if there already is one that has all the significant details *************** *** 1332,1338 **** /* This protocol requires credentials per connection, so verify that we're using the same name and password as well */ if(strcmp(needle->user, check->user) || ! strcmp(needle->passwd, check->passwd)) { /* one of them was different */ continue; } --- 1339,1347 ---- /* This protocol requires credentials per connection, so verify that we're using the same name and password as well */ if(strcmp(needle->user, check->user) || ! strcmp(needle->passwd, check->passwd) || ! !Curl_safecmp(needle->sasl_authzid, check->sasl_authzid) || ! !Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) { /* one of them was different */ continue; } *************** *** 1345,1350 **** --- 1354,1364 ---- (data->state.httpwant < CURL_HTTP_VERSION_2_0)) continue; + if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) { + if(!ssh_config_matches(needle, check)) + continue; + } + if((needle->handler->flags&PROTOPT_SSL) #ifndef CURL_DISABLE_PROXY || !needle->bits.httpproxy || needle->bits.tunnel_proxy *************** *** 1745,1755 **** --- 1759,1775 ---- conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus; conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer; conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost; + conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options; + #ifdef USE_TLS_SRP + #endif #ifndef CURL_DISABLE_PROXY conn->proxy_ssl_config.verifystatus = data->set.proxy_ssl.primary.verifystatus; conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer; conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost; + conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options; + #ifdef USE_TLS_SRP + #endif #endif conn->ip_version = data->set.ipver; conn->bits.connect_only = data->set.connect_only; *************** *** 3592,3597 **** --- 3612,3625 ---- } } + if(data->set.str[STRING_BEARER]) { + conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]); + if(!conn->oauth_bearer) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + } + #ifdef USE_UNIX_SOCKETS if(data->set.str[STRING_UNIX_SOCKET_PATH]) { conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]); *************** *** 3794,3800 **** data->set.str[STRING_SSL_ISSUERCERT_PROXY]; data->set.proxy_ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY]; ! data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY]; data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY]; data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY]; data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY]; --- 3822,3829 ---- data->set.str[STRING_SSL_ISSUERCERT_PROXY]; data->set.proxy_ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY]; ! data->set.proxy_ssl.primary.CRLfile = ! data->set.str[STRING_SSL_CRLFILE_PROXY]; data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY]; data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY]; data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY]; *************** *** 3802,3819 **** data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY]; data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY]; #endif ! data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE]; data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE]; data->set.ssl.key = data->set.str[STRING_KEY]; data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE]; data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD]; data->set.ssl.primary.clientcert = data->set.str[STRING_CERT]; #ifdef USE_TLS_SRP ! data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME]; ! data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD]; #ifndef CURL_DISABLE_PROXY ! data->set.proxy_ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_PROXY]; ! data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY]; #endif #endif data->set.ssl.key_blob = data->set.blobs[BLOB_KEY]; --- 3831,3850 ---- data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY]; data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY]; #endif ! data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE]; data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE]; data->set.ssl.key = data->set.str[STRING_KEY]; data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE]; data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD]; data->set.ssl.primary.clientcert = data->set.str[STRING_CERT]; #ifdef USE_TLS_SRP ! data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME]; ! data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD]; #ifndef CURL_DISABLE_PROXY ! data->set.proxy_ssl.primary.username = ! data->set.str[STRING_TLSAUTH_USERNAME_PROXY]; ! data->set.proxy_ssl.primary.password = ! data->set.str[STRING_TLSAUTH_PASSWORD_PROXY]; #endif #endif data->set.ssl.key_blob = data->set.blobs[BLOB_KEY]; diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/urldata.h curl_h5/lib/urldata.h *** curl/lib/urldata.h 2022-08-26 11:21:23.120000000 +0800 --- curl_h5/lib/urldata.h 2022-08-26 11:21:58.976000000 +0800 *************** *** 253,262 **** --- 253,269 ---- char *cipher_list; /* list of ciphers to use */ char *cipher_list13; /* list of TLS 1.3 cipher suites to use */ char *pinned_key; + char *CRLfile; /* CRL to check certificate revocation */ struct curl_blob *cert_blob; struct curl_blob *ca_info_blob; struct curl_blob *issuercert_blob; + #ifdef USE_TLS_SRP + char *username; /* TLS username (for, e.g., SRP) */ + char *password; /* TLS password (for, e.g., SRP) */ + enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */ + #endif char *curves; /* list of curves to use */ + unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */ BIT(verifypeer); /* set TRUE if this is desired */ BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */ BIT(verifystatus); /* set TRUE if certificate status must be checked */ *************** *** 266,272 **** struct ssl_config_data { struct ssl_primary_config primary; long certverifyresult; /* result from the certificate verification */ - char *CRLfile; /* CRL to check certificate revocation */ curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */ void *fsslctxp; /* parameter for call back */ char *cert_type; /* format for certificate (default: PEM)*/ --- 273,278 ---- *************** *** 274,284 **** struct curl_blob *key_blob; char *key_type; /* format for private key (default: PEM) */ char *key_passwd; /* plain text private key password */ - #ifdef USE_TLS_SRP - char *username; /* TLS username (for, e.g., SRP) */ - char *password; /* TLS password (for, e.g., SRP) */ - enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */ - #endif BIT(certinfo); /* gather lots of certificate info */ BIT(falsestart); BIT(enable_beast); /* allow this flaw for interoperability's sake*/ --- 280,285 ---- *************** *** 704,709 **** --- 705,711 ---- #ifndef CURL_DISABLE_DOH struct dohdata *doh; /* DoH specific data for this request */ #endif + unsigned char setcookies; BIT(header); /* incoming data has HTTP header */ BIT(content_range); /* set TRUE if Content-Range: was found */ BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding *************** *** 979,984 **** --- 981,987 ---- char *passwd; /* password string, allocated */ char *options; /* options string, allocated */ char *sasl_authzid; /* authorisation identity string, allocated */ + char *oauth_bearer; /* OAUTH2 bearer, allocated */ unsigned char httpversion; /* the HTTP version*10 reported by the server */ struct curltime now; /* "current" time */ struct curltime created; /* creation time */ *************** *** 1154,1160 **** reused, in the connection cache. */ char conn_primary_ip[MAX_IPADR_LEN]; ! int conn_primary_port; char conn_local_ip[MAX_IPADR_LEN]; int conn_local_port; const char *conn_scheme; --- 1157,1167 ---- reused, in the connection cache. */ char conn_primary_ip[MAX_IPADR_LEN]; ! int conn_primary_port; /* this is the destination port to the connection, ! which might have been a proxy */ ! int conn_remote_port; /* this is the "remote port", which is the port ! number of the used URL, independent of proxy or ! not */ char conn_local_ip[MAX_IPADR_LEN]; int conn_local_port; const char *conn_scheme; *************** *** 1323,1336 **** char *ulbuf; /* allocated upload buffer or NULL */ curl_off_t current_speed; /* the ProgressShow() function sets this, bytes / second */ ! char *first_host; /* host name of the first (not followed) request. ! if set, this should be the host name that we will ! sent authorization to, no else. Used to make Location: ! following not keep sending user+password... This is ! strdup() data. ! */ int retrycount; /* number of retries on a new connection */ - int first_remote_port; /* remote port of the first (not followed) request */ struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */ long sessionage; /* number of the most recent session */ struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */ --- 1330,1345 ---- char *ulbuf; /* allocated upload buffer or NULL */ curl_off_t current_speed; /* the ProgressShow() function sets this, bytes / second */ ! ! /* host name, port number and protocol of the first (not followed) request. ! if set, this should be the host name that we will sent authorization to, ! no else. Used to make Location: following not keep sending user+password. ! This is strdup()ed data. */ ! char *first_host; ! int first_remote_port; ! unsigned int first_remote_protocol; ! int retrycount; /* number of retries on a new connection */ struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */ long sessionage; /* number of the most recent session */ struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */ diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vssh/ssh.h curl_h5/lib/vssh/ssh.h *** curl/lib/vssh/ssh.h 2022-08-26 11:21:23.124000000 +0800 --- curl_h5/lib/vssh/ssh.h 2022-08-26 11:21:58.976000000 +0800 *************** *** 7,13 **** * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * ! * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms --- 7,13 ---- * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * ! * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms *************** *** 131,138 **** /* common */ const char *passphrase; /* pass-phrase to use */ ! char *rsa_pub; /* path name */ ! char *rsa; /* path name */ bool authed; /* the connection has been authenticated fine */ bool acceptfail; /* used by the SFTP_QUOTE (continue if quote command fails) */ --- 131,138 ---- /* common */ const char *passphrase; /* pass-phrase to use */ ! char *rsa_pub; /* strdup'ed public key file */ ! char *rsa; /* strdup'ed private key file */ bool authed; /* the connection has been authenticated fine */ bool acceptfail; /* used by the SFTP_QUOTE (continue if quote command fails) */ diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vtls/gtls.c curl_h5/lib/vtls/gtls.c *** curl/lib/vtls/gtls.c 2022-08-26 11:21:23.128000000 +0800 --- curl_h5/lib/vtls/gtls.c 2022-08-26 11:21:58.980000000 +0800 *************** *** 431,438 **** } #ifdef HAVE_GNUTLS_SRP ! if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { ! infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username)); rc = gnutls_srp_allocate_client_credentials( &backend->srp_client_cred); --- 431,439 ---- } #ifdef HAVE_GNUTLS_SRP ! if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) { ! infof(data, "Using TLS-SRP username: %s", ! SSL_SET_OPTION(primary.username)); rc = gnutls_srp_allocate_client_credentials( &backend->srp_client_cred); *************** *** 443,450 **** } rc = gnutls_srp_set_client_credentials(backend->srp_client_cred, ! SSL_SET_OPTION(username), ! SSL_SET_OPTION(password)); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_srp_set_client_cred() failed: %s", gnutls_strerror(rc)); --- 444,451 ---- } rc = gnutls_srp_set_client_credentials(backend->srp_client_cred, ! SSL_SET_OPTION(primary.username), ! SSL_SET_OPTION(primary.password)); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_srp_set_client_cred() failed: %s", gnutls_strerror(rc)); *************** *** 500,518 **** } #endif ! if(SSL_SET_OPTION(CRLfile)) { /* set the CRL list file */ rc = gnutls_certificate_set_x509_crl_file(backend->cred, ! SSL_SET_OPTION(CRLfile), GNUTLS_X509_FMT_PEM); if(rc < 0) { failf(data, "error reading crl file %s (%s)", ! SSL_SET_OPTION(CRLfile), gnutls_strerror(rc)); return CURLE_SSL_CRL_BADFILE; } else infof(data, "found %d CRL in %s", ! rc, SSL_SET_OPTION(CRLfile)); } /* Initialize TLS session as a client */ --- 501,519 ---- } #endif ! if(SSL_SET_OPTION(primary.CRLfile)) { /* set the CRL list file */ rc = gnutls_certificate_set_x509_crl_file(backend->cred, ! SSL_SET_OPTION(primary.CRLfile), GNUTLS_X509_FMT_PEM); if(rc < 0) { failf(data, "error reading crl file %s (%s)", ! SSL_SET_OPTION(primary.CRLfile), gnutls_strerror(rc)); return CURLE_SSL_CRL_BADFILE; } else infof(data, "found %d CRL in %s", ! rc, SSL_SET_OPTION(primary.CRLfile)); } /* Initialize TLS session as a client */ *************** *** 585,591 **** #ifdef HAVE_GNUTLS_SRP /* Only add SRP to the cipher list if SRP is requested. Otherwise * GnuTLS will disable TLS 1.3 support. */ ! if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { size_t len = strlen(prioritylist); char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1); --- 586,592 ---- #ifdef HAVE_GNUTLS_SRP /* Only add SRP to the cipher list if SRP is requested. Otherwise * GnuTLS will disable TLS 1.3 support. */ ! if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) { size_t len = strlen(prioritylist); char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1); *************** *** 677,683 **** #ifdef HAVE_GNUTLS_SRP /* put the credentials to the current session */ ! if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP, backend->srp_client_cred); if(rc != GNUTLS_E_SUCCESS) { --- 678,684 ---- #ifdef HAVE_GNUTLS_SRP /* put the credentials to the current session */ ! if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) { rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP, backend->srp_client_cred); if(rc != GNUTLS_E_SUCCESS) { *************** *** 858,865 **** SSL_CONN_CONFIG(verifyhost) || SSL_CONN_CONFIG(issuercert)) { #ifdef HAVE_GNUTLS_SRP ! if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP ! && SSL_SET_OPTION(username) != NULL && !SSL_CONN_CONFIG(verifypeer) && gnutls_cipher_get(session)) { /* no peer cert, but auth is ok if we have SRP user and cipher and no --- 859,866 ---- SSL_CONN_CONFIG(verifyhost) || SSL_CONN_CONFIG(issuercert)) { #ifdef HAVE_GNUTLS_SRP ! if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP ! && SSL_SET_OPTION(primary.username) && !SSL_CONN_CONFIG(verifypeer) && gnutls_cipher_get(session)) { /* no peer cert, but auth is ok if we have SRP user and cipher and no *************** *** 917,923 **** failf(data, "server certificate verification failed. CAfile: %s " "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "none", ! SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none"); return CURLE_PEER_FAILED_VERIFICATION; } else --- 918,925 ---- failf(data, "server certificate verification failed. CAfile: %s " "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "none", ! SSL_SET_OPTION(primary.CRLfile) ? ! SSL_SET_OPTION(primary.CRLfile) : "none"); return CURLE_PEER_FAILED_VERIFICATION; } else *************** *** 1530,1537 **** gnutls_certificate_free_credentials(backend->cred); #ifdef HAVE_GNUTLS_SRP ! if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP ! && SSL_SET_OPTION(username) != NULL) gnutls_srp_free_client_credentials(backend->srp_client_cred); #endif --- 1532,1539 ---- gnutls_certificate_free_credentials(backend->cred); #ifdef HAVE_GNUTLS_SRP ! if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP ! && SSL_SET_OPTION(primary.username) != NULL) gnutls_srp_free_client_credentials(backend->srp_client_cred); #endif diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vtls/mbedtls.c curl_h5/lib/vtls/mbedtls.c *** curl/lib/vtls/mbedtls.c 2022-08-26 11:21:23.128000000 +0800 --- curl_h5/lib/vtls/mbedtls.c 2022-08-26 11:21:58.980000000 +0800 *************** *** 255,261 **** const char * const ssl_capath = SSL_CONN_CONFIG(CApath); char * const ssl_cert = SSL_SET_OPTION(primary.clientcert); const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); ! const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile); const char * const hostname = SSL_HOST_NAME(); const long int port = SSL_HOST_PORT(); int ret = -1; --- 255,261 ---- const char * const ssl_capath = SSL_CONN_CONFIG(CApath); char * const ssl_cert = SSL_SET_OPTION(primary.clientcert); const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); ! const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile); const char * const hostname = SSL_HOST_NAME(); const long int port = SSL_HOST_PORT(); int ret = -1; diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vtls/nss.c curl_h5/lib/vtls/nss.c *** curl/lib/vtls/nss.c 2022-08-26 11:21:23.128000000 +0800 --- curl_h5/lib/vtls/nss.c 2022-08-26 11:21:58.980000000 +0800 *************** *** 972,977 **** --- 972,980 ---- PR_Free(common_name); } + /* A number of certs that will never occur in a real server handshake */ + #define TOO_MANY_CERTS 300 + static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock) { CURLcode result = CURLE_OK; *************** *** 1007,1012 **** --- 1010,1020 ---- cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); while(cert2) { i++; + if(i >= TOO_MANY_CERTS) { + CERT_DestroyCertificate(cert2); + failf(data, "certificate loop"); + return CURLE_SSL_CERTPROBLEM; + } if(cert2->isRoot) { CERT_DestroyCertificate(cert2); break; *************** *** 1986,1998 **** } } ! if(SSL_SET_OPTION(CRLfile)) { ! const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile)); if(rv) { result = rv; goto error; } ! infof(data, " CRLfile: %s", SSL_SET_OPTION(CRLfile)); } if(SSL_SET_OPTION(primary.clientcert)) { --- 1994,2006 ---- } } ! if(SSL_SET_OPTION(primary.CRLfile)) { ! const CURLcode rv = nss_load_crl(SSL_SET_OPTION(primary.CRLfile)); if(rv) { result = rv; goto error; } ! infof(data, " CRLfile: %s", SSL_SET_OPTION(primary.CRLfile)); } if(SSL_SET_OPTION(primary.clientcert)) { diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vtls/openssl.c curl_h5/lib/vtls/openssl.c *** curl/lib/vtls/openssl.c 2022-08-26 11:21:23.128000000 +0800 --- curl_h5/lib/vtls/openssl.c 2022-08-26 11:21:58.980000000 +0800 *************** *** 2605,2611 **** #endif const long int ssl_version = SSL_CONN_CONFIG(version); #ifdef USE_OPENSSL_SRP ! const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype); #endif char * const ssl_cert = SSL_SET_OPTION(primary.clientcert); const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); --- 2605,2611 ---- #endif const long int ssl_version = SSL_CONN_CONFIG(version); #ifdef USE_OPENSSL_SRP ! const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(primary.authtype); #endif char * const ssl_cert = SSL_SET_OPTION(primary.clientcert); const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); *************** *** 2616,2622 **** (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile)); const char * const ssl_capath = SSL_CONN_CONFIG(CApath); const bool verifypeer = SSL_CONN_CONFIG(verifypeer); ! const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile); char error_buffer[256]; struct ssl_backend_data *backend = connssl->backend; bool imported_native_ca = false; --- 2616,2622 ---- (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile)); const char * const ssl_capath = SSL_CONN_CONFIG(CApath); const bool verifypeer = SSL_CONN_CONFIG(verifypeer); ! const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile); char error_buffer[256]; struct ssl_backend_data *backend = connssl->backend; bool imported_native_ca = false; *************** *** 2866,2881 **** #endif #ifdef USE_OPENSSL_SRP ! if(ssl_authtype == CURL_TLSAUTH_SRP) { ! char * const ssl_username = SSL_SET_OPTION(username); ! infof(data, "Using TLS-SRP username: %s", ssl_username); if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) { failf(data, "Unable to set SRP user name"); return CURLE_BAD_FUNCTION_ARGUMENT; } ! if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) { failf(data, "failed setting SRP password"); return CURLE_BAD_FUNCTION_ARGUMENT; } --- 2866,2882 ---- #endif #ifdef USE_OPENSSL_SRP ! if((ssl_authtype == CURL_TLSAUTH_SRP) && ! Curl_allow_auth_to_host(data)) { ! char * const ssl_username = SSL_SET_OPTION(primary.username); ! char * const ssl_password = SSL_SET_OPTION(primary.password); infof(data, "Using TLS-SRP username: %s", ssl_username); if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) { failf(data, "Unable to set SRP user name"); return CURLE_BAD_FUNCTION_ARGUMENT; } ! if(!SSL_CTX_set_srp_password(backend->ctx, ssl_password)) { failf(data, "failed setting SRP password"); return CURLE_BAD_FUNCTION_ARGUMENT; } diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vtls/vtls.c curl_h5/lib/vtls/vtls.c *** curl/lib/vtls/vtls.c 2022-08-26 11:21:23.132000000 +0800 --- curl_h5/lib/vtls/vtls.c 2022-08-26 11:21:58.984000000 +0800 *************** *** 125,139 **** return !memcmp(first->data, second->data, first->len); /* same data */ } - static bool safecmp(char *a, char *b) - { - if(a && b) - return !strcmp(a, b); - else if(!a && !b) - return TRUE; /* match */ - return FALSE; /* no match */ - } - bool Curl_ssl_config_matches(struct ssl_primary_config *data, --- 125,130 ---- *************** *** 141,161 **** { if((data->version == needle->version) && (data->version_max == needle->version_max) && (data->verifypeer == needle->verifypeer) && (data->verifyhost == needle->verifyhost) && (data->verifystatus == needle->verifystatus) && blobcmp(data->cert_blob, needle->cert_blob) && blobcmp(data->ca_info_blob, needle->ca_info_blob) && blobcmp(data->issuercert_blob, needle->issuercert_blob) && ! safecmp(data->CApath, needle->CApath) && ! safecmp(data->CAfile, needle->CAfile) && ! safecmp(data->issuercert, needle->issuercert) && ! safecmp(data->clientcert, needle->clientcert) && ! safecmp(data->random_file, needle->random_file) && ! safecmp(data->egdsocket, needle->egdsocket) && Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && Curl_safe_strcasecompare(data->curves, needle->curves) && Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key)) return TRUE; --- 132,159 ---- { if((data->version == needle->version) && (data->version_max == needle->version_max) && + (data->ssl_options == needle->ssl_options) && (data->verifypeer == needle->verifypeer) && (data->verifyhost == needle->verifyhost) && (data->verifystatus == needle->verifystatus) && blobcmp(data->cert_blob, needle->cert_blob) && blobcmp(data->ca_info_blob, needle->ca_info_blob) && blobcmp(data->issuercert_blob, needle->issuercert_blob) && ! Curl_safecmp(data->CApath, needle->CApath) && ! Curl_safecmp(data->CAfile, needle->CAfile) && ! Curl_safecmp(data->issuercert, needle->issuercert) && ! Curl_safecmp(data->clientcert, needle->clientcert) && ! Curl_safecmp(data->random_file, needle->random_file) && ! Curl_safecmp(data->egdsocket, needle->egdsocket) && ! #ifdef USE_TLS_SRP ! Curl_safecmp(data->username, needle->username) && ! Curl_safecmp(data->password, needle->password) && ! (data->authtype == needle->authtype) && ! #endif Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && Curl_safe_strcasecompare(data->curves, needle->curves) && + Curl_safe_strcasecompare(data->CRLfile, needle->CRLfile) && Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key)) return TRUE; *************** *** 172,177 **** --- 170,179 ---- dest->verifyhost = source->verifyhost; dest->verifystatus = source->verifystatus; dest->sessionid = source->sessionid; + dest->ssl_options = source->ssl_options; + #ifdef USE_TLS_SRP + dest->authtype = source->authtype; + #endif CLONE_BLOB(cert_blob); CLONE_BLOB(ca_info_blob); *************** *** 186,191 **** --- 188,198 ---- CLONE_STRING(cipher_list13); CLONE_STRING(pinned_key); CLONE_STRING(curves); + CLONE_STRING(CRLfile); + #ifdef USE_TLS_SRP + CLONE_STRING(username); + CLONE_STRING(password); + #endif return TRUE; } *************** *** 205,210 **** --- 212,222 ---- Curl_safefree(sslc->ca_info_blob); Curl_safefree(sslc->issuercert_blob); Curl_safefree(sslc->curves); + Curl_safefree(sslc->CRLfile); + #ifdef USE_TLS_SRP + Curl_safefree(sslc->username); + Curl_safefree(sslc->password); + #endif } #ifdef USE_SSL diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/Makefile.inc curl_h5/tests/data/Makefile.inc *** curl/tests/data/Makefile.inc 2022-08-26 11:21:23.164000000 +0800 --- curl_h5/tests/data/Makefile.inc 2022-08-26 11:21:59.016000000 +0800 *************** *** 61,67 **** test343 test344 test345 test346 test347 test348 test349 test350 test351 \ test352 test353 test354 test355 test356 test357 test358 test359 test360 \ test361 test362 test363 test364 \ ! \ test393 test394 test395 test396 test397 \ \ test400 test401 test402 test403 test404 test405 test406 test407 test408 \ --- 61,67 ---- test343 test344 test345 test346 test347 test348 test349 test350 test351 \ test352 test353 test354 test355 test356 test357 test358 test359 test360 \ test361 test362 test363 test364 \ ! test387 \ test393 test394 test395 test396 test397 \ \ test400 test401 test402 test403 test404 test405 test406 test407 test408 \ *************** *** 69,74 **** --- 69,76 ---- \ test430 test431 test432 test433 test434 \ \ + test442 test443 test444 \ + \ test490 test491 test492 test493 test494 \ \ test500 test501 test502 test503 test504 test505 test506 test507 test508 \ *************** *** 106,112 **** test863 test864 test865 test866 test867 test868 test869 test870 test871 \ test872 test873 test874 test875 test876 test877 test878 test879 test880 \ test881 test882 test883 test884 test885 test886 test887 test888 test889 \ ! test890 test891 test892 test893 test894 test895 test896 \ \ test900 test901 test902 test903 test904 test905 test906 test907 test908 \ test909 test910 test911 test912 test913 test914 test915 test916 test917 \ --- 108,114 ---- test863 test864 test865 test866 test867 test868 test869 test870 test871 \ test872 test873 test874 test875 test876 test877 test878 test879 test880 \ test881 test882 test883 test884 test885 test886 test887 test888 test889 \ ! test890 test891 test892 test893 test894 test895 test896 test898 \ \ test900 test901 test902 test903 test904 test905 test906 test907 test908 \ test909 test910 test911 test912 test913 test914 test915 test916 test917 \ *************** *** 116,122 **** test945 test946 test947 test948 test949 test950 test951 test952 test953 \ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ test963 test964 test965 test966 test967 test968 test969 test970 test971 \ ! test972 \ \ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ --- 118,126 ---- test945 test946 test947 test948 test949 test950 test951 test952 test953 \ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ test963 test964 test965 test966 test967 test968 test969 test970 test971 \ ! test972 test973 test974 test975 test976 \ ! \ ! test980 test981 test982 test983 test984 test985 test986 \ \ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test387 curl_h5/tests/data/test387 *** curl/tests/data/test387 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test387 2022-08-26 11:21:59.064000000 +0800 *************** *** 0 **** --- 1,53 ---- + + + + HTTP + gzip + + + + # + # Server-side + + + HTTP/1.1 200 OK + Transfer-Encoding: gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip + + -foo- + + + + # + # Client-side + + + http + + + Response with overly long compression chain + + + http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS + + + + # + # Verify data after the test has been "shot" + + + GET /%TESTNUMBER HTTP/1.1 + Host: %HOSTIP:%HTTPPORT + User-Agent: curl/%VERSION + Accept: */* + + + + # CURLE_BAD_CONTENT_ENCODING is 61 + + 61 + + + curl: (61) Reject response due to 5 content encodings + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test442 curl_h5/tests/data/test442 *** curl/tests/data/test442 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test442 2022-08-26 11:21:59.064000000 +0800 *************** *** 0 **** --- 1,209 ---- + # perl: + # + # for(1 .. 151) { + # print join("\t", + # "attack.invalid", "TRUE", "/", "FALSE", "0", + # "name$_", "could-be-large-$_")."\n"; + # } + # + + + + HTTP + cookies + + + + # + # Server-side + + + HTTP/1.1 200 OK + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 6 + + -foo- + + + + # + # Client-side + + + http + + + Send capped huge number of matching cookies + + + http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -b log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP -L + + + attack.invalid TRUE / FALSE 0 name1 could-be-large-1 + attack.invalid TRUE / FALSE 0 name2 could-be-large-2 + attack.invalid TRUE / FALSE 0 name3 could-be-large-3 + attack.invalid TRUE / FALSE 0 name4 could-be-large-4 + attack.invalid TRUE / FALSE 0 name5 could-be-large-5 + attack.invalid TRUE / FALSE 0 name6 could-be-large-6 + attack.invalid TRUE / FALSE 0 name7 could-be-large-7 + attack.invalid TRUE / FALSE 0 name8 could-be-large-8 + attack.invalid TRUE / FALSE 0 name9 could-be-large-9 + attack.invalid TRUE / FALSE 0 name10 could-be-large-10 + attack.invalid TRUE / FALSE 0 name11 could-be-large-11 + attack.invalid TRUE / FALSE 0 name12 could-be-large-12 + attack.invalid TRUE / FALSE 0 name13 could-be-large-13 + attack.invalid TRUE / FALSE 0 name14 could-be-large-14 + attack.invalid TRUE / FALSE 0 name15 could-be-large-15 + attack.invalid TRUE / FALSE 0 name16 could-be-large-16 + attack.invalid TRUE / FALSE 0 name17 could-be-large-17 + attack.invalid TRUE / FALSE 0 name18 could-be-large-18 + attack.invalid TRUE / FALSE 0 name19 could-be-large-19 + attack.invalid TRUE / FALSE 0 name20 could-be-large-20 + attack.invalid TRUE / FALSE 0 name21 could-be-large-21 + attack.invalid TRUE / FALSE 0 name22 could-be-large-22 + attack.invalid TRUE / FALSE 0 name23 could-be-large-23 + attack.invalid TRUE / FALSE 0 name24 could-be-large-24 + attack.invalid TRUE / FALSE 0 name25 could-be-large-25 + attack.invalid TRUE / FALSE 0 name26 could-be-large-26 + attack.invalid TRUE / FALSE 0 name27 could-be-large-27 + attack.invalid TRUE / FALSE 0 name28 could-be-large-28 + attack.invalid TRUE / FALSE 0 name29 could-be-large-29 + attack.invalid TRUE / FALSE 0 name30 could-be-large-30 + attack.invalid TRUE / FALSE 0 name31 could-be-large-31 + attack.invalid TRUE / FALSE 0 name32 could-be-large-32 + attack.invalid TRUE / FALSE 0 name33 could-be-large-33 + attack.invalid TRUE / FALSE 0 name34 could-be-large-34 + attack.invalid TRUE / FALSE 0 name35 could-be-large-35 + attack.invalid TRUE / FALSE 0 name36 could-be-large-36 + attack.invalid TRUE / FALSE 0 name37 could-be-large-37 + attack.invalid TRUE / FALSE 0 name38 could-be-large-38 + attack.invalid TRUE / FALSE 0 name39 could-be-large-39 + attack.invalid TRUE / FALSE 0 name40 could-be-large-40 + attack.invalid TRUE / FALSE 0 name41 could-be-large-41 + attack.invalid TRUE / FALSE 0 name42 could-be-large-42 + attack.invalid TRUE / FALSE 0 name43 could-be-large-43 + attack.invalid TRUE / FALSE 0 name44 could-be-large-44 + attack.invalid TRUE / FALSE 0 name45 could-be-large-45 + attack.invalid TRUE / FALSE 0 name46 could-be-large-46 + attack.invalid TRUE / FALSE 0 name47 could-be-large-47 + attack.invalid TRUE / FALSE 0 name48 could-be-large-48 + attack.invalid TRUE / FALSE 0 name49 could-be-large-49 + attack.invalid TRUE / FALSE 0 name50 could-be-large-50 + attack.invalid TRUE / FALSE 0 name51 could-be-large-51 + attack.invalid TRUE / FALSE 0 name52 could-be-large-52 + attack.invalid TRUE / FALSE 0 name53 could-be-large-53 + attack.invalid TRUE / FALSE 0 name54 could-be-large-54 + attack.invalid TRUE / FALSE 0 name55 could-be-large-55 + attack.invalid TRUE / FALSE 0 name56 could-be-large-56 + attack.invalid TRUE / FALSE 0 name57 could-be-large-57 + attack.invalid TRUE / FALSE 0 name58 could-be-large-58 + attack.invalid TRUE / FALSE 0 name59 could-be-large-59 + attack.invalid TRUE / FALSE 0 name60 could-be-large-60 + attack.invalid TRUE / FALSE 0 name61 could-be-large-61 + attack.invalid TRUE / FALSE 0 name62 could-be-large-62 + attack.invalid TRUE / FALSE 0 name63 could-be-large-63 + attack.invalid TRUE / FALSE 0 name64 could-be-large-64 + attack.invalid TRUE / FALSE 0 name65 could-be-large-65 + attack.invalid TRUE / FALSE 0 name66 could-be-large-66 + attack.invalid TRUE / FALSE 0 name67 could-be-large-67 + attack.invalid TRUE / FALSE 0 name68 could-be-large-68 + attack.invalid TRUE / FALSE 0 name69 could-be-large-69 + attack.invalid TRUE / FALSE 0 name70 could-be-large-70 + attack.invalid TRUE / FALSE 0 name71 could-be-large-71 + attack.invalid TRUE / FALSE 0 name72 could-be-large-72 + attack.invalid TRUE / FALSE 0 name73 could-be-large-73 + attack.invalid TRUE / FALSE 0 name74 could-be-large-74 + attack.invalid TRUE / FALSE 0 name75 could-be-large-75 + attack.invalid TRUE / FALSE 0 name76 could-be-large-76 + attack.invalid TRUE / FALSE 0 name77 could-be-large-77 + attack.invalid TRUE / FALSE 0 name78 could-be-large-78 + attack.invalid TRUE / FALSE 0 name79 could-be-large-79 + attack.invalid TRUE / FALSE 0 name80 could-be-large-80 + attack.invalid TRUE / FALSE 0 name81 could-be-large-81 + attack.invalid TRUE / FALSE 0 name82 could-be-large-82 + attack.invalid TRUE / FALSE 0 name83 could-be-large-83 + attack.invalid TRUE / FALSE 0 name84 could-be-large-84 + attack.invalid TRUE / FALSE 0 name85 could-be-large-85 + attack.invalid TRUE / FALSE 0 name86 could-be-large-86 + attack.invalid TRUE / FALSE 0 name87 could-be-large-87 + attack.invalid TRUE / FALSE 0 name88 could-be-large-88 + attack.invalid TRUE / FALSE 0 name89 could-be-large-89 + attack.invalid TRUE / FALSE 0 name90 could-be-large-90 + attack.invalid TRUE / FALSE 0 name91 could-be-large-91 + attack.invalid TRUE / FALSE 0 name92 could-be-large-92 + attack.invalid TRUE / FALSE 0 name93 could-be-large-93 + attack.invalid TRUE / FALSE 0 name94 could-be-large-94 + attack.invalid TRUE / FALSE 0 name95 could-be-large-95 + attack.invalid TRUE / FALSE 0 name96 could-be-large-96 + attack.invalid TRUE / FALSE 0 name97 could-be-large-97 + attack.invalid TRUE / FALSE 0 name98 could-be-large-98 + attack.invalid TRUE / FALSE 0 name99 could-be-large-99 + attack.invalid TRUE / FALSE 0 name100 could-be-large-100 + attack.invalid TRUE / FALSE 0 name101 could-be-large-101 + attack.invalid TRUE / FALSE 0 name102 could-be-large-102 + attack.invalid TRUE / FALSE 0 name103 could-be-large-103 + attack.invalid TRUE / FALSE 0 name104 could-be-large-104 + attack.invalid TRUE / FALSE 0 name105 could-be-large-105 + attack.invalid TRUE / FALSE 0 name106 could-be-large-106 + attack.invalid TRUE / FALSE 0 name107 could-be-large-107 + attack.invalid TRUE / FALSE 0 name108 could-be-large-108 + attack.invalid TRUE / FALSE 0 name109 could-be-large-109 + attack.invalid TRUE / FALSE 0 name110 could-be-large-110 + attack.invalid TRUE / FALSE 0 name111 could-be-large-111 + attack.invalid TRUE / FALSE 0 name112 could-be-large-112 + attack.invalid TRUE / FALSE 0 name113 could-be-large-113 + attack.invalid TRUE / FALSE 0 name114 could-be-large-114 + attack.invalid TRUE / FALSE 0 name115 could-be-large-115 + attack.invalid TRUE / FALSE 0 name116 could-be-large-116 + attack.invalid TRUE / FALSE 0 name117 could-be-large-117 + attack.invalid TRUE / FALSE 0 name118 could-be-large-118 + attack.invalid TRUE / FALSE 0 name119 could-be-large-119 + attack.invalid TRUE / FALSE 0 name120 could-be-large-120 + attack.invalid TRUE / FALSE 0 name121 could-be-large-121 + attack.invalid TRUE / FALSE 0 name122 could-be-large-122 + attack.invalid TRUE / FALSE 0 name123 could-be-large-123 + attack.invalid TRUE / FALSE 0 name124 could-be-large-124 + attack.invalid TRUE / FALSE 0 name125 could-be-large-125 + attack.invalid TRUE / FALSE 0 name126 could-be-large-126 + attack.invalid TRUE / FALSE 0 name127 could-be-large-127 + attack.invalid TRUE / FALSE 0 name128 could-be-large-128 + attack.invalid TRUE / FALSE 0 name129 could-be-large-129 + attack.invalid TRUE / FALSE 0 name130 could-be-large-130 + attack.invalid TRUE / FALSE 0 name131 could-be-large-131 + attack.invalid TRUE / FALSE 0 name132 could-be-large-132 + attack.invalid TRUE / FALSE 0 name133 could-be-large-133 + attack.invalid TRUE / FALSE 0 name134 could-be-large-134 + attack.invalid TRUE / FALSE 0 name135 could-be-large-135 + attack.invalid TRUE / FALSE 0 name136 could-be-large-136 + attack.invalid TRUE / FALSE 0 name137 could-be-large-137 + attack.invalid TRUE / FALSE 0 name138 could-be-large-138 + attack.invalid TRUE / FALSE 0 name139 could-be-large-139 + attack.invalid TRUE / FALSE 0 name140 could-be-large-140 + attack.invalid TRUE / FALSE 0 name141 could-be-large-141 + attack.invalid TRUE / FALSE 0 name142 could-be-large-142 + attack.invalid TRUE / FALSE 0 name143 could-be-large-143 + attack.invalid TRUE / FALSE 0 name144 could-be-large-144 + attack.invalid TRUE / FALSE 0 name145 could-be-large-145 + attack.invalid TRUE / FALSE 0 name146 could-be-large-146 + attack.invalid TRUE / FALSE 0 name147 could-be-large-147 + attack.invalid TRUE / FALSE 0 name148 could-be-large-148 + attack.invalid TRUE / FALSE 0 name149 could-be-large-149 + attack.invalid TRUE / FALSE 0 name150 could-be-large-150 + attack.invalid TRUE / FALSE 0 name151 could-be-large-151 + + + + # + # Verify data after the test has been "shot" + + + GET /a/b/%TESTNUMBER HTTP/1.1 + Host: attack.invalid:%HTTPPORT + User-Agent: curl/%VERSION + Accept: */* + Cookie: name150=could-be-large-150; name149=could-be-large-149; name148=could-be-large-148; name147=could-be-large-147; name146=could-be-large-146; name145=could-be-large-145; name144=could-be-large-144; name143=could-be-large-143; name142=could-be-large-142; name141=could-be-large-141; name140=could-be-large-140; name139=could-be-large-139; name138=could-be-large-138; name137=could-be-large-137; name136=could-be-large-136; name135=could-be-large-135; name134=could-be-large-134; name133=could-be-large-133; name132=could-be-large-132; name131=could-be-large-131; name130=could-be-large-130; name129=could-be-large-129; name128=could-be-large-128; name127=could-be-large-127; name126=could-be-large-126; name125=could-be-large-125; name124=could-be-large-124; name123=could-be-large-123; name122=could-be-large-122; name121=could-be-large-121; name120=could-be-large-120; name119=could-be-large-119; name118=could-be-large-118; name117=could-be-large-117; name116=could-be-large-116; name115=could-be-large-115; name114=could-be-large-114; name113=could-be-large-113; name112=could-be-large-112; name111=could-be-large-111; name110=could-be-large-110; name109=could-be-large-109; name108=could-be-large-108; name107=could-be-large-107; name106=could-be-large-106; name105=could-be-large-105; name104=could-be-large-104; name103=could-be-large-103; name102=could-be-large-102; name101=could-be-large-101; name100=could-be-large-100; name99=could-be-large-99; name98=could-be-large-98; name97=could-be-large-97; name96=could-be-large-96; name95=could-be-large-95; name94=could-be-large-94; name93=could-be-large-93; name92=could-be-large-92; name91=could-be-large-91; name90=could-be-large-90; name89=could-be-large-89; name88=could-be-large-88; name87=could-be-large-87; name86=could-be-large-86; name85=could-be-large-85; name84=could-be-large-84; name83=could-be-large-83; name82=could-be-large-82; name81=could-be-large-81; name80=could-be-large-80; name79=could-be-large-79; name78=could-be-large-78; name77=could-be-large-77; name76=could-be-large-76; name75=could-be-large-75; name74=could-be-large-74; name73=could-be-large-73; name72=could-be-large-72; name71=could-be-large-71; name70=could-be-large-70; name69=could-be-large-69; name68=could-be-large-68; name67=could-be-large-67; name66=could-be-large-66; name65=could-be-large-65; name64=could-be-large-64; name63=could-be-large-63; name62=could-be-large-62; name61=could-be-large-61; name60=could-be-large-60; name59=could-be-large-59; name58=could-be-large-58; name57=could-be-large-57; name56=could-be-large-56; name55=could-be-large-55; name54=could-be-large-54; name53=could-be-large-53; name52=could-be-large-52; name51=could-be-large-51; name50=could-be-large-50; name49=could-be-large-49; name48=could-be-large-48; name47=could-be-large-47; name46=could-be-large-46; name45=could-be-large-45; name44=could-be-large-44; name43=could-be-large-43; name42=could-be-large-42; name41=could-be-large-41; name40=could-be-large-40; name39=could-be-large-39; name38=could-be-large-38; name37=could-be-large-37; name36=could-be-large-36; name35=could-be-large-35; name34=could-be-large-34; name33=could-be-large-33; name32=could-be-large-32; name31=could-be-large-31; name30=could-be-large-30; name29=could-be-large-29; name28=could-be-large-28; name27=could-be-large-27; name26=could-be-large-26; name25=could-be-large-25; name24=could-be-large-24; name23=could-be-large-23; name22=could-be-large-22; name21=could-be-large-21; name20=could-be-large-20; name19=could-be-large-19; name18=could-be-large-18; name17=could-be-large-17; name16=could-be-large-16; name15=could-be-large-15; name14=could-be-large-14; name13=could-be-large-13; name12=could-be-large-12; name11=could-be-large-11; name10=could-be-large-10; name9=could-be-large-9; name8=could-be-large-8; name7=could-be-large-7; name6=could-be-large-6; name5=could-be-large-5; name4=could-be-large-4; name3=could-be-large-3; name2=could-be-large-2; name1=could-be-large-1 + + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test443 curl_h5/tests/data/test443 *** curl/tests/data/test443 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test443 2022-08-26 11:21:59.064000000 +0800 *************** *** 0 **** --- 1,78 ---- + # perl: + # + #for(1 .. 20) { + # print join("\t", + # "attack.invalid", "TRUE", "/", "FALSE", "0", + # "huge-$_", ('a' x 500)."-$_")."\n"; + #} + # + + + + HTTP + cookies + + + + # + # Server-side + + + HTTP/1.1 200 OK + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 6 + + -foo- + + + + # + # Client-side + + + http + + + Cookie header in request no longer than 8K + + + http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -b log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP -L + + + attack.invalid TRUE / FALSE 0 huge-1 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-1 + attack.invalid TRUE / FALSE 0 huge-2 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-2 + attack.invalid TRUE / FALSE 0 huge-3 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-3 + attack.invalid TRUE / FALSE 0 huge-4 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-4 + attack.invalid TRUE / FALSE 0 huge-5 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-5 + attack.invalid TRUE / FALSE 0 huge-6 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-6 + attack.invalid TRUE / FALSE 0 huge-7 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-7 + attack.invalid TRUE / FALSE 0 huge-8 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-8 + attack.invalid TRUE / FALSE 0 huge-9 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-9 + attack.invalid TRUE / FALSE 0 huge-10 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-10 + attack.invalid TRUE / FALSE 0 huge-11 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-11 + attack.invalid TRUE / FALSE 0 huge-12 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-12 + attack.invalid TRUE / FALSE 0 huge-13 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-13 + attack.invalid TRUE / FALSE 0 huge-14 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-14 + attack.invalid TRUE / FALSE 0 huge-15 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-15 + attack.invalid TRUE / FALSE 0 huge-16 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-16 + attack.invalid TRUE / FALSE 0 huge-17 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-17 + attack.invalid TRUE / FALSE 0 huge-18 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-18 + attack.invalid TRUE / FALSE 0 huge-19 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-19 + attack.invalid TRUE / FALSE 0 huge-20 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-20 + + + + # + # Verify data after the test has been "shot" + + + GET /a/b/%TESTNUMBER HTTP/1.1 + Host: attack.invalid:%HTTPPORT + User-Agent: curl/%VERSION + Accept: */* + Cookie: huge-20=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-20; huge-19=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-19; huge-18=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-18; huge-17=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-17; huge-16=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-16; huge-15=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-15; huge-14=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-14; huge-13=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-13; huge-12=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-12; huge-11=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-11; huge-10=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-10; huge-9=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-9; huge-8=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-8; huge-7=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-7; huge-6=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-6 + + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test444 curl_h5/tests/data/test444 *** curl/tests/data/test444 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test444 2022-08-26 11:21:59.064000000 +0800 *************** *** 0 **** --- 1,189 ---- + # perl: + # + #for(1 .. 200) { + # + #} + # + + + + HTTP + cookies + + + + # + # Server-side + + + HTTP/1.1 200 OK + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 6 + Set-Cookie: cookie-1=yes; + Set-Cookie: cookie-2=yes; + Set-Cookie: cookie-3=yes; + Set-Cookie: cookie-4=yes; + Set-Cookie: cookie-5=yes; + Set-Cookie: cookie-6=yes; + Set-Cookie: cookie-7=yes; + Set-Cookie: cookie-8=yes; + Set-Cookie: cookie-9=yes; + Set-Cookie: cookie-10=yes; + Set-Cookie: cookie-11=yes; + Set-Cookie: cookie-12=yes; + Set-Cookie: cookie-13=yes; + Set-Cookie: cookie-14=yes; + Set-Cookie: cookie-15=yes; + Set-Cookie: cookie-16=yes; + Set-Cookie: cookie-17=yes; + Set-Cookie: cookie-18=yes; + Set-Cookie: cookie-19=yes; + Set-Cookie: cookie-20=yes; + Set-Cookie: cookie-21=yes; + Set-Cookie: cookie-22=yes; + Set-Cookie: cookie-23=yes; + Set-Cookie: cookie-24=yes; + Set-Cookie: cookie-25=yes; + Set-Cookie: cookie-26=yes; + Set-Cookie: cookie-27=yes; + Set-Cookie: cookie-28=yes; + Set-Cookie: cookie-29=yes; + Set-Cookie: cookie-30=yes; + Set-Cookie: cookie-31=yes; + Set-Cookie: cookie-32=yes; + Set-Cookie: cookie-33=yes; + Set-Cookie: cookie-34=yes; + Set-Cookie: cookie-35=yes; + Set-Cookie: cookie-36=yes; + Set-Cookie: cookie-37=yes; + Set-Cookie: cookie-38=yes; + Set-Cookie: cookie-39=yes; + Set-Cookie: cookie-40=yes; + Set-Cookie: cookie-41=yes; + Set-Cookie: cookie-42=yes; + Set-Cookie: cookie-43=yes; + Set-Cookie: cookie-44=yes; + Set-Cookie: cookie-45=yes; + Set-Cookie: cookie-46=yes; + Set-Cookie: cookie-47=yes; + Set-Cookie: cookie-48=yes; + Set-Cookie: cookie-49=yes; + Set-Cookie: cookie-50=yes; + Set-Cookie: cookie-51=yes; + Set-Cookie: cookie-52=yes; + Set-Cookie: cookie-53=yes; + Set-Cookie: cookie-54=yes; + Set-Cookie: cookie-55=yes; + Set-Cookie: cookie-56=yes; + Set-Cookie: cookie-57=yes; + Set-Cookie: cookie-58=yes; + Set-Cookie: cookie-59=yes; + Set-Cookie: cookie-60=yes; + Set-Cookie: cookie-61=yes; + Set-Cookie: cookie-62=yes; + Set-Cookie: cookie-63=yes; + Set-Cookie: cookie-64=yes; + Set-Cookie: cookie-65=yes; + Set-Cookie: cookie-66=yes; + Set-Cookie: cookie-67=yes; + Set-Cookie: cookie-68=yes; + Set-Cookie: cookie-69=yes; + Set-Cookie: cookie-70=yes; + Set-Cookie: cookie-71=yes; + Set-Cookie: cookie-72=yes; + Set-Cookie: cookie-73=yes; + Set-Cookie: cookie-74=yes; + Set-Cookie: cookie-75=yes; + Set-Cookie: cookie-76=yes; + Set-Cookie: cookie-77=yes; + Set-Cookie: cookie-78=yes; + Set-Cookie: cookie-79=yes; + Set-Cookie: cookie-80=yes; + + -foo- + + + + # + # Client-side + + + http + + + Many Set-Cookie response headers + + + http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -c log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP + + + + # + # Verify data after the test has been "shot" + + + GET /a/b/%TESTNUMBER HTTP/1.1 + Host: attack.invalid:%HTTPPORT + User-Agent: curl/%VERSION + Accept: */* + + + + # Netscape HTTP Cookie File + # https://curl.se/docs/http-cookies.html + # This file was generated by libcurl! Edit at your own risk. + + attack.invalid FALSE /a/b/ FALSE 0 cookie-50 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-49 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-48 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-47 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-46 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-45 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-44 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-43 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-42 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-41 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-40 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-39 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-38 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-37 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-36 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-35 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-34 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-33 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-32 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-31 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-30 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-29 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-28 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-27 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-26 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-25 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-24 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-23 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-22 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-21 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-20 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-19 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-18 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-17 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-16 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-15 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-14 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-13 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-12 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-11 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-10 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-9 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-8 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-7 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-6 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-5 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-4 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-3 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-2 yes + attack.invalid FALSE /a/b/ FALSE 0 cookie-1 yes + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test898 curl_h5/tests/data/test898 *** curl/tests/data/test898 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test898 2022-08-26 11:21:59.080000000 +0800 *************** *** 0 **** --- 1,90 ---- + + + + HTTP + --location + Authorization + Cookie + + + + # + # Server-side + + + HTTP/1.1 301 redirect + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 0 + Connection: close + Content-Type: text/html + Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 + + + + HTTP/1.1 200 OK + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 4 + Connection: close + Content-Type: text/html + + hey + + + + HTTP/1.1 301 redirect + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 0 + Connection: close + Content-Type: text/html + Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 + + HTTP/1.1 200 OK + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 4 + Connection: close + Content-Type: text/html + + hey + + + + + # + # Client-side + + + http + + + HTTP with custom auth and cookies redirected to HTTP on a diff port + + + -x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -H "Authorization: Basic am9lOnNlY3JldA==" -H "Cookie: userpwd=am9lOnNlY3JldA==" + + + + # + # Verify data after the test has been "shot" + + + GET http://firsthost.com/ HTTP/1.1 + Host: firsthost.com + User-Agent: curl/%VERSION + Accept: */* + Proxy-Connection: Keep-Alive + Authorization: Basic am9lOnNlY3JldA== + Cookie: userpwd=am9lOnNlY3JldA== + + GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1 + Host: firsthost.com:9999 + User-Agent: curl/%VERSION + Accept: */* + Proxy-Connection: Keep-Alive + + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test973 curl_h5/tests/data/test973 *** curl/tests/data/test973 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test973 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,88 ---- + + + + HTTP + FTP + --location + + + + # + # Server-side + + + HTTP/1.1 301 redirect + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 0 + Connection: close + Content-Type: text/html + Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 + + + + data + to + see + that FTP + works + so does it? + + + + HTTP/1.1 301 redirect + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 0 + Connection: close + Content-Type: text/html + Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 + + data + to + see + that FTP + works + so does it? + + + + + # + # Client-side + + + http + ftp + + + HTTP with auth redirected to FTP w/o auth + + + http://%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u joe:secret + + + + # + # Verify data after the test has been "shot" + + + GET /%TESTNUMBER HTTP/1.1 + Host: %HOSTIP:%HTTPPORT + Authorization: Basic am9lOnNlY3JldA== + User-Agent: curl/%VERSION + Accept: */* + + USER anonymous + PASS ftp@example.com + PWD + CWD a + CWD path + EPSV + TYPE I + SIZE %TESTNUMBER0002 + RETR %TESTNUMBER0002 + QUIT + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test974 curl_h5/tests/data/test974 *** curl/tests/data/test974 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test974 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,87 ---- + + + + HTTP + --location + + + + # + # Server-side + + + HTTP/1.1 301 redirect + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 0 + Connection: close + Content-Type: text/html + Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 + + + + HTTP/1.1 200 OK + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 4 + Connection: close + Content-Type: text/html + + hey + + + + HTTP/1.1 301 redirect + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 0 + Connection: close + Content-Type: text/html + Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 + + HTTP/1.1 200 OK + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 4 + Connection: close + Content-Type: text/html + + hey + + + + + # + # Client-side + + + http + + + HTTP with auth redirected to HTTP on a diff port w/o auth + + + -x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret + + + + # + # Verify data after the test has been "shot" + + + GET http://firsthost.com/ HTTP/1.1 + Host: firsthost.com + Authorization: Basic am9lOnNlY3JldA== + User-Agent: curl/%VERSION + Accept: */* + Proxy-Connection: Keep-Alive + + GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1 + Host: firsthost.com:9999 + User-Agent: curl/%VERSION + Accept: */* + Proxy-Connection: Keep-Alive + + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test975 curl_h5/tests/data/test975 *** curl/tests/data/test975 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test975 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,88 ---- + + + + HTTP + FTP + --location-trusted + + + + # + # Server-side + + + HTTP/1.1 301 redirect + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 0 + Connection: close + Content-Type: text/html + Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 + + + + data + to + see + that FTP + works + so does it? + + + + HTTP/1.1 301 redirect + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 0 + Connection: close + Content-Type: text/html + Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 + + data + to + see + that FTP + works + so does it? + + + + + # + # Client-side + + + http + ftp + + + HTTP with auth redirected to FTP allowing auth to continue + + + http://%HOSTIP:%HTTPPORT/%TESTNUMBER --location-trusted -u joe:secret + + + + # + # Verify data after the test has been "shot" + + + GET /%TESTNUMBER HTTP/1.1 + Host: %HOSTIP:%HTTPPORT + Authorization: Basic am9lOnNlY3JldA== + User-Agent: curl/%VERSION + Accept: */* + + USER joe + PASS secret + PWD + CWD a + CWD path + EPSV + TYPE I + SIZE %TESTNUMBER0002 + RETR %TESTNUMBER0002 + QUIT + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test976 curl_h5/tests/data/test976 *** curl/tests/data/test976 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test976 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,88 ---- + + + + HTTP + --location-trusted + + + + # + # Server-side + + + HTTP/1.1 301 redirect + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 0 + Connection: close + Content-Type: text/html + Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 + + + + HTTP/1.1 200 OK + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 4 + Connection: close + Content-Type: text/html + + hey + + + + HTTP/1.1 301 redirect + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 0 + Connection: close + Content-Type: text/html + Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 + + HTTP/1.1 200 OK + Date: Tue, 09 Nov 2010 14:49:00 GMT + Server: test-server/fake + Content-Length: 4 + Connection: close + Content-Type: text/html + + hey + + + + + # + # Client-side + + + http + + + HTTP with auth redirected to HTTP on a diff port --location-trusted + + + -x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret + + + + # + # Verify data after the test has been "shot" + + + GET http://firsthost.com/ HTTP/1.1 + Host: firsthost.com + Authorization: Basic am9lOnNlY3JldA== + User-Agent: curl/%VERSION + Accept: */* + Proxy-Connection: Keep-Alive + + GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1 + Host: firsthost.com:9999 + Authorization: Basic am9lOnNlY3JldA== + User-Agent: curl/%VERSION + Accept: */* + Proxy-Connection: Keep-Alive + + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test980 curl_h5/tests/data/test980 *** curl/tests/data/test980 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test980 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,52 ---- + + + + SMTP + STARTTLS + + + + # + # Server-side + + + CAPA STARTTLS + AUTH PLAIN + REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted + REPLY AUTH 535 5.7.8 Authentication credentials invalid + + + + # + # Client-side + + + SSL + + + smtp + + + SMTP STARTTLS pipelined server response + + + mail body + + + smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - + + + + # + # Verify data after the test has been "shot" + + # 8 is CURLE_WEIRD_SERVER_REPLY + + 8 + + + EHLO %TESTNUMBER + STARTTLS + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test981 curl_h5/tests/data/test981 *** curl/tests/data/test981 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test981 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,59 ---- + + + + IMAP + STARTTLS + + + + # + # Server-side + + + CAPA STARTTLS + REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted + REPLY LOGIN A003 BAD Authentication credentials invalid + + + + # + # Client-side + + + SSL + + + imap + + + IMAP STARTTLS pipelined server response + + + imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl + + + Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) + From: Fred Foobar + Subject: afternoon meeting + To: joe@example.com + Message-Id: + MIME-Version: 1.0 + Content-Type: TEXT/PLAIN; CHARSET=US-ASCII + + Hello Joe, do you think we can meet at 3:30 tomorrow? + + + + # + # Verify data after the test has been "shot" + + # 8 is CURLE_WEIRD_SERVER_REPLY + + 8 + + + A001 CAPABILITY + A002 STARTTLS + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test982 curl_h5/tests/data/test982 *** curl/tests/data/test982 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test982 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,57 ---- + + + + POP3 + STARTTLS + + + + # + # Server-side + + + CAPA STLS USER + REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated + REPLY PASS -ERR Authentication credentials invalid + + + From: me@somewhere + To: fake@nowhere + + body + + -- + yours sincerely + + + + # + # Client-side + + + SSL + + + pop3 + + + POP3 STARTTLS pipelined server response + + + pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl + + + + # + # Verify data after the test has been "shot" + + # 8 is CURLE_WEIRD_SERVER_REPLY + + 8 + + + CAPA + STLS + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test983 curl_h5/tests/data/test983 *** curl/tests/data/test983 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test983 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,52 ---- + + + + FTP + STARTTLS + + + + # + # Server-side + + + REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete + REPLY PASS 530 Login incorrect + + + + # Client-side + + + SSL + + + ftp + + + FTP STARTTLS pipelined server response + + + data + to + see + that FTPS + works + so does it? + + + --ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP + + + + # Verify data after the test has been "shot" + + # 8 is CURLE_WEIRD_SERVER_REPLY + + 8 + + + AUTH SSL + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test984 curl_h5/tests/data/test984 *** curl/tests/data/test984 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test984 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,56 ---- + + + + IMAP + STARTTLS + + + + # + # Server-side + + + REPLY CAPABILITY A001 BAD Not implemented + + + + # + # Client-side + + + SSL + + + imap + + + IMAP require STARTTLS with failing capabilities + + + imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd + + + Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) + From: Fred Foobar + Subject: afternoon meeting + To: joe@example.com + Message-Id: + MIME-Version: 1.0 + Content-Type: TEXT/PLAIN; CHARSET=US-ASCII + + Hello Joe, do you think we can meet at 3:30 tomorrow? + + + + # + # Verify data after the test has been "shot" + + # 64 is CURLE_USE_SSL_FAILED + + 64 + + + A001 CAPABILITY + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test985 curl_h5/tests/data/test985 *** curl/tests/data/test985 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test985 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,54 ---- + + + + POP3 + STARTTLS + + + + # + # Server-side + + + REPLY CAPA -ERR Not implemented + + + From: me@somewhere + To: fake@nowhere + + body + + -- + yours sincerely + + + + # + # Client-side + + + SSL + + + pop3 + + + POP3 require STARTTLS with failing capabilities + + + pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd + + + + # + # Verify data after the test has been "shot" + + # 64 is CURLE_USE_SSL_FAILED + + 64 + + + CAPA + + + diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test986 curl_h5/tests/data/test986 *** curl/tests/data/test986 1970-01-01 08:00:00.000000000 +0800 --- curl_h5/tests/data/test986 2022-08-26 11:21:59.084000000 +0800 *************** *** 0 **** --- 1,53 ---- + + + + FTP + STARTTLS + + + + # + # Server-side + + + REPLY welcome 230 Welcome + REPLY AUTH 500 unknown command + + + + # Client-side + + + SSL + + + ftp + + + FTP require STARTTLS while preauthenticated + + + data + to + see + that FTPS + works + so does it? + + + --ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret + + + + # Verify data after the test has been "shot" + + # 64 is CURLE_USE_SSL_FAILED + + 64 + + + AUTH SSL + AUTH TLS + + +