From: David Strauss
---
docs/libcurl/libcurl-share.3 | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/docs/libcurl/libcurl-share.3 b/docs/libcurl/libcurl-share.3
index 5839021..1e6c139 100644
--- a/docs/libcurl/libcurl-share.3
+++ b/docs/libcurl/libcurl-share.3
@@ -34,8
On Sat, Aug 31, 2013 at 11:57 AM, Thomas Dineen wrote:
> For both Solaris 10 and Fedora 14
Fedora 14 hasn't been supported since 2011, and many of its libraries
are very old now.
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827
-parse the XML is also a bundled libcurl
example [2].
[1] https://github.com/pantheon-systems/fusedav
[2] http://curl.haxx.se/libcurl/c/xmlstream.html
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [mobile]
---
List
n with
non-blocking sockets? If not, could there be a flag to force blocking
behavior to allow fail-over to occur?
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [mobile]
---
List admin: http://cool.haxx.se/list/lis
>From the project web page:
> In practice, only the OpenSSL and GnuTLS variants seem to see widespread
> deployment.
Except for *every installation of Fedora, RHEL, CentOS, and Scientific Linux*.
---
List admin: http://cool.haxx.se/l
mating the original failure.
The attached patch is against the current git (at the time of
writing).
Regards,
David Warman.
From 88fccd50a4e3f972200c81347bd28685ed2cdae1 Mon Sep 17 00:00:00 2001
From: David Warman
Date: Fri, 11 Apr 2014 15:19:34 +0100
Subject: [PATCH] Avoid early upload termination
On Mon, Apr 14, 2014, at 10:54 PM, Daniel Stenberg wrote:
> On Fri, 11 Apr 2014, David Warman wrote:
>
> > I ran into an issue where SSL based uploads were failing sometimes. I
> > eventually traced this to a problem with EAGAIN near the start of the
> > transfer,
Hi to everyone
MSVC 2010 error message:
http://pastebin.com/TKY8eu41
I used this command: nmake /f Makefile.vc mode=dll
OS: Windows 8.1
What could be wrong?
thanks in advance.
cheers
david
---
List admin: http://cool.haxx.se
From: Daniel Stenberg
To: libcurl development
Date: Thursday, 8. May 2014 22:32:24
On Thu, 8 May 2014, David Tran wrote:
http://pastebin.com/TKY8eu41
I used this command: nmake /f Makefile.vc mode=dll
OS: Windows 8.1
Wh
do this (or otherwise coerce -DSTATIC_LIB during
compilation), then the libraries will be built for dynamic linking and
your code will not run unless it can find the dynamic libraries.
And yes, I should formally log this as a bug but I've been busy...
--
David Chapman dcchap...@acm.or
On 7/3/2014 7:57 PM, gkghkh...@aol.com wrote:
David,
Thanks for the help but I still need more help. I downloaded
TortoiseSVN so I could use the svn diff command on the command prompt.
and went to the directory labeled c:\
Lib\curl-7.34.0-devel-mingw64\samples and I then typed svn diff -r 41
On Fri, 2014-05-30 at 10:21 +0200, Michael-O wrote:
>
> Providing ':' will only work with SSPI, on Linux/Unix, there is not
> NTLM password cache. ':' works only with a Kerberos credential cache.
That isn't strictly true. Samba/winbind has an NTLM password cache, and
it works fine via the /usr/bi
fefree(encoded);
- Curl_cleanup_negotiate(conn->data);
+ // Curl_cleanup_negotiate(conn->data);
return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
}
--
David WoodhouseOpen Source Technology Centre
david.woodho...@intel.com Intel Co
nit_sec_context()
is for. And then it should all Just Work™.
That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
--
David Woodhouse
On Fri, 2014-07-11 at 11:24 +0200, Michael Osipov wrote:
> Am 2014-07-10 17:17, schrieb David Woodhouse:
> > On Fri, 2014-05-30 at 10:21 +0200, Michael-O wrote:
> >>
> >> Providing ':' will only work with SSPI, on Linux/Unix, there is not
> >> NTLM
On Fri, 2014-07-11 at 12:01 +0200, Michael Osipov wrote:
> Am 2014-07-11 11:47, schrieb David Woodhouse:
> > On Fri, 2014-07-11 at 11:24 +0200, Michael Osipov wrote:
> >> Am 2014-07-10 17:17, schrieb David Woodhouse:
> >>> On Fri, 2014-05-30 at 10:21 +0200, Michael-O
From: David Woodhouse
200 bytes is not enough; I currently see 516 bytes for an NTLMv2 session
auth with target_info included. I can't bring myself just to take the easy
option and increase the buffer size. Instead, make it reallocate as needed
instead of having a hard limit.
---
From: David Woodhouse
---
lib/curl_ntlm_wb.c | 15 +++
1 file changed, 15 insertions(+)
diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c
index 52d1323..ac05fbb 100644
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@@ -124,6 +124,21 @@ static CURLcode ntlm_wb_init(struct
t I'm not quite sure what the best
fix is. Should we patch http.c to always try ntlm_wb *before* ntlm auth?
Or patch the native NTLM auth method to bail out if the username and
password are empty? Or both?
--
David WoodhouseOpen Source Technology Centre
da
On Fri, 2014-07-11 at 12:21 +0200, Michael Osipov wrote:
> Your patch looks good but not complete, right?
Right. If you look at the top of my tree at
http://git.infradead.org/users/dwmw2/curl.git you'll see it's somewhat
more complete now — on a system with sane GSSAPI I can watch it
authenticate
low people to specify the user on the command line
with a slash instead of a backslash?
--
David WoodhouseOpen Source Technology Centre
david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cr
From: David Woodhouse
This is the correct way to do SPNEGO. Just ask for it
Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket
isn't available. Of course, we bail out when the server responds with the
challenge packet, since we don't expect that. But I'
From: David Woodhouse
GSSAPI doesn't work very well if we forget everything ever time.
XX: Is Curl_http_done() the right place to do the final cleanup?
---
lib/http.c| 4
lib/http_negotiate.c | 1 -
lib/http_negotiate_sspi.c | 1 -
3 files changed, 4 insertions(
From: David Woodhouse
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters
On Fri, 2014-07-11 at 13:28 +0200, Michael Osipov wrote:
> Am 2014-07-11 13:19, schrieb David Woodhouse:
> > On Fri, 2014-07-11 at 13:04 +0200, Michael Osipov wrote:
> >> Why do you provide a slash as a breaking char too? Backslash is the
> >> only used char to separate
From: David Woodhouse
It's wrong to assume that we can send a single SPNEGO packet which will
complete the authentication. It's a *negotiation* — the clue is in the
name. So make sure we handle responses from the server.
Curl_input_negotiate() will already handle bailing out if it
From: David Woodhouse
---
lib/http.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/lib/http.c b/lib/http.c
index fe9ae3e..0b7c79b 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -737,6 +739,10 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
bool proxy
On Fri, 2014-07-11 at 19:17 +0200, Michael Osipov wrote:
> I would implement a fallback but provide two options where one should be
> picked sticked to it:
>
> 1. Discover SPNEGO capability at compile time with autoconf. GSS-API
> provides this option:
>
> OM_uint32 major, minor;
> gs
On Fri, 2014-07-11 at 20:09 +0200, Michael Osipov wrote:
> Am 2014-07-11 19:41, schrieb David Woodhouse:
> > On Fri, 2014-07-11 at 19:17 +0200, Michael Osipov wrote:
> >> I would implement a fallback but provide two options where one should be
> >> picked sticked t
200 bytes is not enough; I currently see 516 bytes for an NTLMv2 session
auth with target_info included. I can't bring myself just to take the easy
option and increase the buffer size. Instead, make it reallocate as needed
instead of having a hard limit.
---
v2:
- Use NTLM_BUFSIZE from curl_ntlm_m
On Fri, 2014-07-11 at 20:15 +0200, Michael Osipov wrote:
> Am 2014-07-11 13:28, schrieb David Woodhouse:
> > From: David Woodhouse
> >
>
> You can safely remove this from http_negotiate.c because the caller
> already checks that:
>
> if(checkprefix("GSS-Neg
From: David Woodhouse
---
v2: Add getpwuid_r() and $USER as potential sources of username.
On Sat, 2014-07-12 at 02:49 +0200, Dan Fandrich wrote:
> If the intent is to get the current user name, getpwuid(geteuid())->pw_name
> seems to me like the best way to get it (but actually
On Fri, 2014-07-11 at 22:47 +0200, Michael Osipov wrote:
> Am 2014-07-11 20:41, schrieb David Woodhouse:
> > On Fri, 2014-07-11 at 20:09 +0200, Michael Osipov wrote:
> >> Am 2014-07-11 19:41, schrieb David Woodhouse:
> >>> On Fri, 2014-07-11 at 19:17 +0200, Michae
On Fri, 2014-07-11 at 15:50 +0200, Michael Osipov wrote:
>
> I my opinion, we can refer to the HTTP standard which mandates to use
> strongest to weakest auth. So curl would actually need to priorize
> authentication and try in that order:
>
> Kerberos > Negotiate > Digest > NTLM_WB > NTLM > Ba
It looks like curl needs the same workaround for GnuTLS failing to check
IP addresses in gnutls_x509_crt_check_hostname(), as implemented at
http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/gnutls.c#l1795
I couldn't get as far as validating that though; having configured the
git tre
From: David Woodhouse
Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function
didn't actually check IP addresses in SubjectAltName, even though it was
explicitly documented as doing so. So do it ourselves...
---
The cipher list problem was because Fedora's GnuTLS doesn&
On Sun, 2014-07-13 at 01:09 +0200, Dan Fandrich wrote:
> On Sat, Jul 12, 2014 at 05:59:56PM +0100, David Woodhouse wrote:
> > The cipher list problem was because Fedora's GnuTLS doesn't have SRP
> > support. Given that gnutls_set_priority_direct() actually *gives* us a
&
On Sun, 2014-07-13 at 11:31 +0200, Michael Osipov wrote:
> Am 2014-07-12 17:58, schrieb David Woodhouse:
> > [...]
> >>> So what *do* we want to do on top of the patch set I posted? Just add
> >>> support for '{Proxy,WWW}-Authenticate: Kerberos'?
> &
s that in, and then you use it to
select the appropriate OID within curl_gssapi.c. And in the SSPI
version, which we want to be called identically, that same enum actually
translates into an appropriate *string* argument to
AcquireCredentalsHandle().
--
David Woodhouse
On Tue, 2014-07-15 at 13:18 +0200, Michael Osipov wrote:
> Am 2014-07-13 22:22, schrieb David Woodhouse:
> > On Sun, 2014-07-13 at 11:31 +0200, Michael Osipov wrote:
> >>
> >> Please have a look:
> >> https://github.com/michael-o/curl/commit/b78ad621d45f537dfde
7;WWW-Authenticate: Kerberos' but I've tested the
non-SPNEGO path in both cases and it works correctly, using *only*
Kerberos and thus failing to authenticate to hosts where NTLM fallback
is required.
From 5109cf90206eb26c69d48d205a4689fbd404e9c2 Mon Sep 17 00:00:00 2001
From: David W
erged into git://, http://git.infradead.org/users/dwmw2/curl.git which
now looks like this:
David Woodhouse (8):
ntlm_wb: Fix hard-coded limit on NTLM auth packet size
ntlm_wb: Avoid invoking ntlm_auth helper with empty username
Remove all traces of FBOpenSSL SPNEGO support
Use SP
ough every easy_handle?
Thanks!
David
/* mock_http_server
*
* Creates a mock high-concurrency webserver, which
* simulates time-consuming requests.
*
* Every request pauses for between 0 and 20 seconds (average 10 seconds),
* before returning 200 OK.
*
*/
#include
#include
#include
On Fri, 2014-05-09 at 13:46 +0200, Kamil Dudka wrote:
> On Friday 09 May 2014 13:25:21 Daniel Stenberg wrote:
> > On Fri, 9 May 2014, Kamil Dudka wrote:
> > > ... 'WWW-Authenticate: Negotiate' received from server
> >
> > Seems reasonable to me!
>
> Thanks for review! I have pushed the patch:
>
On Thu, 2014-07-17 at 15:47 +0200, Michael Osipov wrote:
>
> Servers:
> - Apache 2.2.27 on FreeBSD with mod_spnego (MIT Kerberos 1.12.1)
Was that the one offering the duplicate 'WWW-Authenticate: Negotiate'
headers? I think you fixed it to stop doing that... but could you break
it again, and te
> Am 2014-07-15 21:17, schrieb Daniel Stenberg:
>> On Tue, 15 Jul 2014, David Woodhouse wrote:
>>
>>> Merged into git://, http://git.infradead.org/users/dwmw2/curl.git
>>> which now looks like this:
>>
>> Thanks for working on this, David - I believe M
>> David Woodhouse (8):
>>ntlm_wb: Fix hard-coded limit on NTLM auth packet size
>>ntlm_wb: Avoid invoking ntlm_auth helper with empty username
>
> I do not think that this belongs in this patchset because it is
> completely unrelated.
It all falls
On Thu, 2014-07-17 at 15:47 +0200, Michael Osipov wrote:
> This patched is made on top of the recent work of David Woodhouse.
> It consequently fixed macros, options and switches, as well as
> names.
Looks good to me; thanks for doing this.
--
David Woodhouse
On Tue, 2014-07-15 at 10:30 +0200, Tor Arntsen wrote:
> On 15 July 2014 00:00, Dan Fandrich wrote:
>
> > I missed your message before I committed the change, but curl isn't using
> > any
> > of those functions outside getpwuid_r, which confirms that that was the
> > right
> > approach. And if w
On Tue, 2014-07-15 at 21:55 +, David Woodhouse wrote:
>
> FWIW I'm fairly happy with my testing of SPNEGO inder Windows and Linux,
> watching it use IAKERB, KRB5 and NTLMSSP mechanisms as appropriate. I may
> run some more tests on the farm of random *BSD/Solaris VM
.
Any thoughts? Again, the intent here is to use the NSS CAs and ignore the
ca-bundle.crt file.
David
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
On Jul 28, 2014, at 10:24 AM, Kamil Dudka wrote:
> On Thursday, July 24, 2014 17:18:25 David Shaw wrote:
>> Hello,
>>
>> A good while back I had some code that needed to use the NSS CAs only (and
>> not the PEM ca-bundle file). I did this by symlinking libnssckbi.
On Jul 28, 2014, at 5:05 PM, Kamil Dudka wrote:
> On Monday, July 28, 2014 11:56:46 David Shaw wrote:
>> On Jul 28, 2014, at 10:24 AM, Kamil Dudka wrote:
>>> On Thursday, July 24, 2014 17:18:25 David Shaw wrote:
>>>> Hello,
>>>>
>>>> A good
y time just so that
the buffer can be freed.
Thanks,
--
David Siebörger
Information & Technology Services, Rhodes University
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
ta->data);
}
fprintf(stderr, "Failed to allocate memory.\n");
return 0;
}
memcpy((data->data + index), ptr, n);
data->data[data->size] = '\0';
return size * nmemb;
}
-----
#x27;t ask for it, and so
I got gdb). In theory, asking for the Cygwin C compiler tool chain
package should be enough, but it is possible that some additional
packages may be necessary (which would be a mistake in Cygwin; it
shouldn't be possible to get gcc but not ar).
--
David Chap
not compatible with the
shipped versions. I just have to live with that.
I don't have a better answer for you. I've been fighting this problem
for years. This is the way Microsoft has chosen to do things. I could
send you the makefiles I use for curl, zlib and ssh as examples
o lag
(especially for any project that uses configure scripts).
--
David Chapman dcchap...@acm.org
Chapman Consulting -- San Jose, CA
Software Development Done Right.
www.chapman-consulting-sj.com
---
List admin:
On 11/25/2014 10:40 AM, Jon wrote:
Hi David,
I downloaded the code from the curllib site which I believe included
the project, and compiled it in VC 11. I set error checking to L2 and
it built completely clean. I then tried to build a .dll and I received
a whole bunch of errors which I
executing within a short
duration I’d like to make this call asynch. Is this possible and if so
can someone please advise on how to do it?
Look at the section titled "The multi Interface" in
http://curl.haxx.se/libcurl/c/libcurl-tutorial.html.
--
David Chapman dcchap.
ogether
(perhaps via the pkcs11.txt config file?)
Thanks,
David
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
While validating a new Clang diagnostic (-Wnon-literal-null-conversion
- yes, the name isn't quite correct in this case, but it suffices) I
found a few violations of it in Curl.
Attached is a patch to fix these.
- David
curl.diff
Description: Binary
On Thu, Sep 6, 2012 at 12:01 PM, Daniel Stenberg wrote:
> On Fri, 24 Aug 2012, David Blaikie wrote:
>
>> While validating a new Clang diagnostic (-Wnon-literal-null-conversion -
>> yes, the name isn't quite correct in this case, but it suffices) I found a
>>
licas, and connections to our distributed internal API from PHP,
Python, node.js, and Ruby.
David
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
The share interface documentation [1] specifies that DNS lookups and
cookie data get shared, but is there an exhaustive list of what gets
shared? Specifically, do persistent connections get shared?
[1] http://curl.haxx.se/libcurl/c/libcurl-share.html
--
David Strauss
| da...@davidstrauss.net
I've sent in a patch to the docs.
On Wed, Apr 10, 2013 at 10:31 PM, Nick Zitzmann wrote:
>
> On Apr 10, 2013, at 6:32 PM, David Strauss wrote:
>
>> The share interface documentation [1] specifies that DNS lookups and
>> cookie data get shared, but is there an ex
What is the output of curl -V? The SSL/TLS library cURL is linked to
has a major impact on how it performs system-level validation.
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/eti
ace to remove access to any system-level trusted certificates.
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [mobile]
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl
On Thu, Apr 11, 2013 at 1:39 PM, Daniel Stenberg wrote:
> Apple has added some magic for certificate verification in their OpenSSL
> version.
Apple OS X has a certificate management system that might even be
accessible within a chroot.
-
simply returns the number of
bytes sent in, and (3) CURLOPT_PROGRESSFUNCTION (with
CURLOPT_NOPROGRESS set to zero) to cancel after the body starts. Part
#3 is optional.
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [
On Thu, Apr 11, 2013 at 1:40 PM, David Strauss wrote:
> (3) CURLOPT_PROGRESSFUNCTION (with
> CURLOPT_NOPROGRESS set to zero) to cancel after the body starts.
Here's a good write-up on how to do that:
http://curl.haxx.se/mail/lib-2009-04/0296.html
--
David Strauss
| da...@david
Oh, actually it looks like you can make the transfer "fail" right from
the CURLOPT_WRITEFUNCTION, which means you could just have it return
zero. You would have to expect libcurl to consider the request failed,
though.
On Thu, Apr 11, 2013 at 1:46 PM, David Strauss wrote:
> On Thu,
y using weights.
If this were implemented, we would also use it for our PHP and Python
API clients, which also connect through load balancers but don't run
into as many saturation issues.
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [mobile]
--
On Sat, Apr 13, 2013 at 3:12 AM, Steve Holme wrote:
> Whilst I have 20 odd years' experience as a C/C++ developer would someone
> be so kind to check the four uses of sscanf() in url.c between lines 4381
> and 4402 to see if this is the best / most optimal way of extracting the
> user, password an
m sure it's also possible programmatically using the OpenSSL API.
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [mobile]
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: htt
lly easier to prove correctness of a full fledged lexer/parser or
> separate library? I can't see how that can be...
A quality lexer/parser guarantees that a specified grammar lacks
ambiguity and that crazy/malicious input patterns get handled safely.
--
David Strauss
| da...@davidstrau
s
stream parser:
https://github.com/pantheon-systems/fusedav/blob/curl/src/props.c
Is there interest in ls-style output for WebDAV, provided the path
ends in a slash and an option gets set?
--
David Strauss
| da...@davidstrauss.net
| +1 512 5
like
the header write callback, which provides the called function with a
more coherent unit of data rather than a buffer of incoming bytes.
>From a layering perspective, though, this could all live in a new
library that provides libcurl-compatible write callbacks for directory
listings that abstract
onsistent listing support to extend to
IMAP, DICT, and other cURL protocols, too.
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [mobile]
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
libssh2_strerror(err));
> state(conn, SSH_SFTP_CLOSE);
> sshc->nextstate = SSH_NO_STATE;
> -sshc->actualcode = CURLE_QUOTE_ERROR;
> +sshc->actualcode = sftp_libssh2_error_to_CURLE(err);
> break;
>}
>state(conn, SSH_SFTP_NEXT_QUOTE);
>
> They allow to get better error codes
o become
>>> sftp_libssh2_error_to_CURLE()
>>> is not really related to the new callback and I would ask you to submit
>>> that
>>> as a separate patch (which we could merge at once)
>>
>> I'm not entirely sure about this one. This would make it impossible to
>> tell
>> when an error was due to a quote command or when it was due to a
>> subse
Along the mailing list etiquette lines, sorry for my top-post. That's
not cool, either.
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
good home in the documentation for what the split in
responsibilities is between libcurl and a user of the library? Is
there interest in adding optional Content-MD5 support?
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [m
Does the counter for CURLOPT_LOW_SPEED_TIME start as soon as the
connection establishes, or does it wait until the response starts
coming back? I'm curious about the case of a server that takes, say,
60 seconds to prepare the response but sends it back in one burst.
--
David Strauss
implement this for our own server/client communication
and our communication with S3, so the set of implementations needing
to interoperate is pretty limited. The goal is to checksum, not to
avoid attacks. MD5 is quite adequate for that. I would like to use a
standard rather than rolling our own m
er.c:1029
#15 0x0033fe82937d in Transfer (conn=0x7fb8c386b600) at transfer.c:1396
#16 Curl_do_perform (data=0x7fb8c387c000) at transfer.c:2108
#17 0x0033fe82982b in Curl_perform
(data=data@entry=0x7fb8c387c000) at transfer.c:2232
#18 0x0033fe829d0c in curl_easy_perform
(curl=curl@entry=0x7fb8
On Wed, May 1, 2013 at 12:28 PM, David Strauss wrote:
> What timeouts should we be configuring to give up faster when
> it's in this state?
Based on empirical data, it looks like CURLOPT_TIMEOUT is taking
effect, but I'm curious is there's a more precise way to time out
he
S SRP?
> * You're missing a full stop at the end of the QSOSSL details line -
> "OS/400" should be "OS/400." for consistency ;-)
>
> I hope my feedback helps
>
> Steve
> ---
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http
MEOUT, 60 * 3);
Is this an NSS bug, or is it an issue with how libcurl uses NSS? I'm
on Fedora 17 with libcurl 7.24.0 and NSS 3.14.3.
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [mobile]
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
On Tue, May 7, 2013 at 1:46 PM, David Strauss wrote:
> NSS seems stuck in poll loop, which has been going on for hours
Actually, I'm not sure it's NSS stuck there. The loop could be higher
up. I just see an unending series of polls from strace.
--
David Strauss
| da...@dav
This -1 timeout is also in the current master:
https://github.com/bagder/curl/blob/master/lib/nss.c#L1518
On Tue, May 7, 2013 at 2:11 PM, David Strauss wrote:
> It looks like PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0,
> -1) in nss_recv() (nss.c) may be the problem. That
It looks like PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0,
-1) in nss_recv() (nss.c) may be the problem. That sets the timeout
for NSS to 4294967295.
On Tue, May 7, 2013 at 1:57 PM, David Strauss wrote:
> On Tue, May 7, 2013 at 1:46 PM, David Strauss wrote:
>> NSS seems s
://developer.mozilla.org/en-US/docs/PRIntervalTime
On Tue, May 7, 2013 at 2:14 PM, David Strauss wrote:
> This -1 timeout is also in the current master:
> https://github.com/bagder/curl/blob/master/lib/nss.c#L1518
>
> On Tue, May 7, 2013 at 2:11 PM, David Strauss wrote:
>> It looks like PR_Recv(con
late the remaining
timeout allowable for the request (considering how DNS, etc, have
already contributed to request time) and sending that in.
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [mobile]
---
List admin: h
On Tue, May 7, 2013 at 2:44 PM, Daniel Stenberg wrote:
> That's already done before the function is called in the first place. The
> the GnuTLS and OpenSSL versions of that function for example are completely
> non-blocking.
Well, then that sounds perfect!
--
David S
a backport of
the fix once it's in:
https://bugzilla.redhat.com/show_bug.cgi?id=960765
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827 [mobile]
---
List admin: http://cool.haxx.se/list/listinfo/curl-librar
On Tue, May 7, 2013 at 3:10 PM, Mel Smith wrote:
> I don't know *how* to revert to an earlier commit :((
git revert 8ec2cb5544
That will do a sort of reverse cherry-pick of that single change.
--
David Strauss
| da...@davidstrauss.net
| +1 512 577 5827
ay 7, 2013 at 2:59 PM, David Strauss wrote:
> On Tue, May 7, 2013 at 2:49 PM, Daniel Stenberg wrote:
>> Assuming it actually makes any difference for your case at least! ;-)
>
> If it means that it respects the timeouts we give, it's absolutely a
> fix for the problem we see
error immediately if the actual socket is non-blocking, polling it
returns EWOULDBLOCK, and the NSS non-blocking property is false.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=960765#c2
--
David Strauss
| da...@davidstrauss.net
| +1
On Wed, May 8, 2013 at 11:29 AM, David Strauss wrote:
> which I think it is now
I'm referring to very recent releases here, not "now" as in current
Fedora packages.
--
David Strauss
| da...@davidstrauss.net
| +1 51
1 - 100 of 266 matches
Mail list logo
