diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/CMakeLists.txt curl_h5/CMakeLists.txt
*** 991,996 ****
--- 991,997 ----
set(CMAKE_REQUIRED_LIBRARIES socket)
endif()
+ check_symbol_exists(fchmod "${CURL_INCLUDES}" HAVE_FCHMOD)
check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME)
check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET)
check_symbol_exists(select "${CURL_INCLUDES}" HAVE_SELECT)
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/configure.ac curl_h5/configure.ac
*** 3272,3277 ****
--- 3272,3278 ----
AC_CHECK_FUNCS([fnmatch \
+ fchmod \
geteuid \
getpass_r \
getppid \
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/docs/cmdline-opts/cookie.d curl_h5/docs/cmdline-opts/cookie.d
*** 5,13 ****
Help: Send cookies from string/file
Category: http
---
! Pass the data to the HTTP server in the Cookie header. It is supposedly
! the data previously received from the server in a "Set-Cookie:" line. The
! data should be in the format "NAME1=VALUE1; NAME2=VALUE2".
If no '=' symbol is used in the argument, it is instead treated as a filename
to read previously stored cookie from. This option also activates the cookie
--- 5,16 ----
Help: Send cookies from string/file
Category: http
---
! Pass the data to the HTTP server in the Cookie header. It is supposedly the
! data previously received from the server in a "Set-Cookie:" line. The data
! should be in the format "NAME1=VALUE1; NAME2=VALUE2". This makes curl use the
! cookie header with this content explicitly in all outgoing request(s). If
! multiple requests are done due to authentication, followed redirects or
! similar, they will all get this cookie passed on.
If no '=' symbol is used in the argument, it is instead treated as a filename
to read previously stored cookie from. This option also activates the cookie
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/HUAWEI-RELEASE curl_h5/HUAWEI-RELEASE
+ RELEASE: h12
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/altsvc.c curl_h5/lib/altsvc.c
*** 34,40 ****
#include "parsedate.h"
#include "sendf.h"
#include "warnless.h"
! #include "rand.h"
#include "rename.h"
/* The last 3 #include files should be in this order */
--- 34,40 ----
#include "parsedate.h"
#include "sendf.h"
#include "warnless.h"
! #include "fopen.h"
#include "rename.h"
/* The last 3 #include files should be in this order */
*** 329,336 ****
struct Curl_llist_element *n;
CURLcode result = CURLE_OK;
FILE *out;
! char *tempstore;
! unsigned char randsuffix[9];
if(!altsvc)
/* no cache activated */
--- 329,335 ----
struct Curl_llist_element *n;
CURLcode result = CURLE_OK;
FILE *out;
! char *tempstore = NULL;
if(!altsvc)
/* no cache activated */
*** 344,360 ****
/* marked as read-only, no file or zero length file name */
return CURLE_OK;
! if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix)))
! return CURLE_FAILED_INIT;
!
! tempstore = aprintf("%s.%s.tmp", file, randsuffix);
! if(!tempstore)
! return CURLE_OUT_OF_MEMORY;
!
! out = fopen(tempstore, FOPEN_WRITETEXT);
! if(!out)
! result = CURLE_WRITE_ERROR;
! else {
fputs("# Your alt-svc cache. https://curl.se/docs/alt-svc.html\n"
"# This file was generated by libcurl! Edit at your own risk.\n",
out);
--- 343,350 ----
/* marked as read-only, no file or zero length file name */
return CURLE_OK;
! result = Curl_fopen(data, file, &out, &tempstore);
! if(!result) {
fputs("# Your alt-svc cache. https://curl.se/docs/alt-svc.html\n"
"# This file was generated by libcurl! Edit at your own risk.\n",
out);
*** 366,375 ****
break;
}
fclose(out);
! if(!result && Curl_rename(tempstore, file))
result = CURLE_WRITE_ERROR;
! if(result)
unlink(tempstore);
}
free(tempstore);
--- 356,365 ----
break;
}
fclose(out);
! if(!result && tempstore && Curl_rename(tempstore, file))
result = CURLE_WRITE_ERROR;
! if(result && tempstore)
unlink(tempstore);
}
free(tempstore);
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/conncache.c curl_h5/lib/conncache.c
*** 160,167 ****
/* report back which name we used */
*hostp = hostname;
! /* put the number first so that the hostname gets cut off if too long */
! msnprintf(buf, len, "%ld%s", port, hostname);
Curl_strntolower(buf, buf, len);
}
--- 160,171 ----
/* report back which name we used */
*hostp = hostname;
! /* put the numbers first so that the hostname gets cut off if too long */
! #ifdef ENABLE_IPV6
! msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname);
! #else
! msnprintf(buf, len, "%ld/%s", port, hostname);
! #endif
Curl_strntolower(buf, buf, len);
}
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/connect.c curl_h5/lib/connect.c
*** 619,624 ****
--- 619,625 ----
data->info.conn_scheme = conn->handler->scheme;
data->info.conn_protocol = conn->handler->protocol;
data->info.conn_primary_port = conn->port;
+ data->info.conn_remote_port = conn->remote_port;
data->info.conn_local_port = local_port;
}
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/content_encoding.c curl_h5/lib/content_encoding.c
*** 1025,1036 ****
--- 1025,1040 ----
return NULL;
}
+ /* allow no more than 5 "chained" compression steps */
+ #define MAX_ENCODE_STACK 5
+
/* Set-up the unencoding stack from the Content-Encoding header value.
* See RFC 7231 section 3.1.2.2. */
CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
const char *enclist, int maybechunked)
{
struct SingleRequest *k = &data->req;
+ int counter = 0;
do {
const char *name;
*** 1065,1070 ****
--- 1069,1079 ----
if(!encoding)
encoding = &error_encoding; /* Defer error at stack use. */
+ if(++counter >= MAX_ENCODE_STACK) {
+ failf(data, "Reject response due to %u content encodings",
+ counter);
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
/* Stack the unencoding stage. */
writer = new_unencoding_writer(data, encoding, k->writer_stack);
if(!writer)
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/cookie.c curl_h5/lib/cookie.c
*** 96,103 ****
#include "curl_get_line.h"
#include "curl_memrchr.h"
#include "parsedate.h"
- #include "rand.h"
#include "rename.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
--- 96,103 ----
#include "curl_get_line.h"
#include "curl_memrchr.h"
#include "parsedate.h"
#include "rename.h"
+ #include "fopen.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
*** 469,474 ****
--- 469,478 ----
(void)data;
#endif
+ DEBUGASSERT(MAX_SET_COOKIE_AMOUNT <= 255); /* counter is an unsigned char */
+ if(data->req.setcookies >= MAX_SET_COOKIE_AMOUNT)
+ return NULL;
+
/* First, alloc and init a new struct for it */
co = calloc(1, sizeof(struct Cookie));
if(!co)
*** 808,814 ****
freecookie(co);
return NULL;
}
!
}
else {
/*
--- 812,818 ----
freecookie(co);
return NULL;
}
! data->req.setcookies++;
}
else {
/*
*** 1346,1352 ****
*
* It shall only return cookies that haven't expired.
*/
! struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
const char *host, const char *path,
bool secure)
{
--- 1350,1357 ----
*
* It shall only return cookies that haven't expired.
*/
! struct Cookie *Curl_cookie_getlist(struct Curl_easy *data,
! struct CookieInfo *c,
const char *host, const char *path,
bool secure)
{
*** 1401,1406 ****
--- 1406,1416 ----
mainco = newco;
matches++;
+ if(matches >= MAX_COOKIE_SEND_AMOUNT) {
+ infof(data, "Included max number of cookies (%u) in request!",
+ matches);
+ break;
+ }
}
else
goto fail;
*** 1602,1621 ****
use_stdout = TRUE;
}
else {
! unsigned char randsuffix[9];
!
! if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix)))
! return 2;
!
! tempstore = aprintf("%s.%s.tmp", filename, randsuffix);
! if(!tempstore)
! return CURLE_OUT_OF_MEMORY;
!
! out = fopen(tempstore, FOPEN_WRITETEXT);
! if(!out) {
! error = CURLE_WRITE_ERROR;
goto error;
- }
}
fputs("# Netscape HTTP Cookie File\n"
--- 1612,1620 ----
use_stdout = TRUE;
}
else {
! error = Curl_fopen(data, filename, &out, &tempstore);
! if(error)
goto error;
}
fputs("# Netscape HTTP Cookie File\n"
*** 1662,1668 ****
if(!use_stdout) {
fclose(out);
out = NULL;
! if(Curl_rename(tempstore, filename)) {
unlink(tempstore);
error = CURLE_WRITE_ERROR;
goto error;
--- 1661,1667 ----
if(!use_stdout) {
fclose(out);
out = NULL;
! if(tempstore && Curl_rename(tempstore, filename)) {
unlink(tempstore);
error = CURLE_WRITE_ERROR;
goto error;
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/cookie.h curl_h5/lib/cookie.h
*** 81,90 ****
*/
#define MAX_COOKIE_LINE 5000
! /* This is the maximum length of a cookie name or content we deal with: */
#define MAX_NAME 4096
#define MAX_NAME_TXT "4095"
struct Curl_easy;
/*
* Add a cookie to the internal list of cookies. The domain and path arguments
--- 81,106 ----
*/
#define MAX_COOKIE_LINE 5000
! /* Maximum length of an incoming cookie name or content we deal with. Longer
! cookies are ignored. */
#define MAX_NAME 4096
#define MAX_NAME_TXT "4095"
+ /* Maximum size for an outgoing cookie line libcurl will use in an http
+ request. This is the default maximum length used in some versions of Apache
+ httpd. */
+ #define MAX_COOKIE_HEADER_LEN 8190
+
+ /* Maximum number of cookies libcurl will send in a single request, even if
+ there might be more cookies that match. One reason to cap the number is to
+ keep the maximum HTTP request within the maximum allowed size. */
+ #define MAX_COOKIE_SEND_AMOUNT 150
+
+ /* Maximum number of Set-Cookie: lines accepted in a single response. If more
+ such header lines are received, they are ignored. This value must be less
+ than 256 since an unsigned char is used to count. */
+ #define MAX_SET_COOKIE_AMOUNT 50
+
struct Curl_easy;
/*
* Add a cookie to the internal list of cookies. The domain and path arguments
*** 97,103 ****
const char *domain, const char *path,
bool secure);
! struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, const char *host,
const char *path, bool secure);
void Curl_cookie_freelist(struct Cookie *cookies);
void Curl_cookie_clearall(struct CookieInfo *cookies);
--- 113,120 ----
const char *domain, const char *path,
bool secure);
! struct Cookie *Curl_cookie_getlist(struct Curl_easy *data,
! struct CookieInfo *c, const char *host,
const char *path, bool secure);
void Curl_cookie_freelist(struct Cookie *cookies);
void Curl_cookie_clearall(struct CookieInfo *cookies);
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/curl_config.h.cmake curl_h5/lib/curl_config.h.cmake
*** 127,132 ****
--- 127,135 ----
/* Define to 1 if you have the <assert.h> header file. */
#cmakedefine HAVE_ASSERT_H 1
+ /* Define to 1 if you have the `fchmod' function. */
+ #cmakedefine HAVE_FCHMOD 1
+
/* Define to 1 if you have the `basename' function. */
#cmakedefine HAVE_BASENAME 1
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/fopen.c curl_h5/lib/fopen.c
--- 1,113 ----
+ /***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+ #include "curl_setup.h"
+
+ #if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \
+ !defined(CURL_DISABLE_HSTS)
+
+ #ifdef HAVE_FCNTL_H
+ #include <fcntl.h>
+ #endif
+
+ #include "urldata.h"
+ #include "rand.h"
+ #include "fopen.h"
+ /* The last 3 #include files should be in this order */
+ #include "curl_printf.h"
+ #include "curl_memory.h"
+ #include "memdebug.h"
+
+ /*
+ * Curl_fopen() opens a file for writing with a temp name, to be renamed
+ * to the final name when completed. If there is an existing file using this
+ * name at the time of the open, this function will clone the mode from that
+ * file. if 'tempname' is non-NULL, it needs a rename after the file is
+ * written.
+ */
+ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+ FILE **fh, char **tempname)
+ {
+ CURLcode result = CURLE_WRITE_ERROR;
+ unsigned char randsuffix[9];
+ char *tempstore = NULL;
+ struct_stat sb;
+ int fd = -1;
+ *tempname = NULL;
+
+ if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
+ /* a non-regular file, fallback to direct fopen() */
+ *fh = fopen(filename, FOPEN_WRITETEXT);
+ if(*fh)
+ return CURLE_OK;
+ goto fail;
+ }
+
+ result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
+ if(result)
+ goto fail;
+
+ tempstore = aprintf("%s.%s.tmp", filename, randsuffix);
+ if(!tempstore) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto fail;
+ }
+
+ result = CURLE_WRITE_ERROR;
+ fd = open(tempstore, O_WRONLY | O_CREAT | O_EXCL, 0600);
+ if(fd == -1)
+ goto fail;
+
+ #ifdef HAVE_FCHMOD
+ {
+ struct_stat nsb;
+ if((fstat(fd, &nsb) != -1) &&
+ (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) {
+ /* if the user and group are the same, clone the original mode */
+ if(fchmod(fd, sb.st_mode) == -1)
+ goto fail;
+ }
+ }
+ #endif
+
+ *fh = fdopen(fd, FOPEN_WRITETEXT);
+ if(!*fh)
+ goto fail;
+
+ *tempname = tempstore;
+ return CURLE_OK;
+
+ fail:
+ if(fd != -1) {
+ close(fd);
+ unlink(tempstore);
+ }
+
+ free(tempstore);
+
+ *tempname = NULL;
+ return result;
+ }
+
+ #endif /* ! disabled */
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/fopen.h curl_h5/lib/fopen.h
--- 1,30 ----
+ #ifndef HEADER_CURL_FOPEN_H
+ #define HEADER_CURL_FOPEN_H
+ /***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+ FILE **fh, char **tempname);
+
+ #endif
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/ftp.c curl_h5/lib/ftp.c
*** 2681,2689 ****
/* we have now received a full FTP server response */
switch(ftpc->state) {
case FTP_WAIT220:
! if(ftpcode == 230)
! /* 230 User logged in - already! */
! return ftp_state_user_resp(data, ftpcode, ftpc->state);
else if(ftpcode != 220) {
failf(data, "Got a %03d ftp-server response when 220 was expected",
ftpcode);
--- 2681,2692 ----
/* we have now received a full FTP server response */
switch(ftpc->state) {
case FTP_WAIT220:
! if(ftpcode == 230) {
! /* 230 User logged in - already! Take as 220 if TLS required. */
! if(data->set.use_ssl <= CURLUSESSL_TRY ||
! conn->bits.ftp_use_control_ssl)
! return ftp_state_user_resp(data, ftpcode, ftpc->state);
! }
else if(ftpcode != 220) {
failf(data, "Got a %03d ftp-server response when 220 was expected",
ftpcode);
*** 2740,2745 ****
--- 2743,2751 ----
case FTP_AUTH:
/* we have gotten the response to a previous AUTH command */
+ if(pp->cache_size)
+ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */
+
/* RFC2228 (page 5) says:
*
* If the server is willing to accept the named security mechanism,
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/hsts.c curl_h5/lib/hsts.c
*** 35,41 ****
#include "sendf.h"
#include "strtoofft.h"
#include "parsedate.h"
! #include "rand.h"
#include "rename.h"
#include "strtoofft.h"
--- 35,41 ----
#include "sendf.h"
#include "strtoofft.h"
#include "parsedate.h"
! #include "fopen.h"
#include "rename.h"
#include "strtoofft.h"
*** 325,332 ****
struct Curl_llist_element *n;
CURLcode result = CURLE_OK;
FILE *out;
! char *tempstore;
! unsigned char randsuffix[9];
if(!h)
/* no cache activated */
--- 325,331 ----
struct Curl_llist_element *n;
CURLcode result = CURLE_OK;
FILE *out;
! char *tempstore = NULL;
if(!h)
/* no cache activated */
*** 340,356 ****
/* marked as read-only, no file or zero length file name */
goto skipsave;
! if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix)))
! return CURLE_FAILED_INIT;
!
! tempstore = aprintf("%s.%s.tmp", file, randsuffix);
! if(!tempstore)
! return CURLE_OUT_OF_MEMORY;
!
! out = fopen(tempstore, FOPEN_WRITETEXT);
! if(!out)
! result = CURLE_WRITE_ERROR;
! else {
fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
"# This file was generated by libcurl! Edit at your own risk.\n",
out);
--- 339,346 ----
/* marked as read-only, no file or zero length file name */
goto skipsave;
! result = Curl_fopen(data, file, &out, &tempstore);
! if(!result) {
fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
"# This file was generated by libcurl! Edit at your own risk.\n",
out);
*** 362,371 ****
break;
}
fclose(out);
! if(!result && Curl_rename(tempstore, file))
result = CURLE_WRITE_ERROR;
! if(result)
unlink(tempstore);
}
free(tempstore);
--- 352,361 ----
break;
}
fclose(out);
! if(!result && tempstore && Curl_rename(tempstore, file))
result = CURLE_WRITE_ERROR;
! if(result && tempstore)
unlink(tempstore);
}
free(tempstore);
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/http.c curl_h5/lib/http.c
*** 775,780 ****
--- 775,795 ----
return CURLE_OK;
}
+ /*
+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
+ * "sensitive data" can (still) be sent to this host.
+ */
+ bool Curl_allow_auth_to_host(struct Curl_easy *data)
+ {
+ struct connectdata *conn = data->conn;
+ return (!data->state.this_is_a_follow ||
+ data->set.allow_auth_to_other_hosts ||
+ (data->state.first_host &&
+ strcasecompare(data->state.first_host, conn->host.name) &&
+ (data->state.first_remote_port == conn->remote_port) &&
+ (data->state.first_remote_protocol == conn->handler->protocol)));
+ }
+
/**
* Curl_http_output_auth() setups the authentication headers for the
* host/proxy and the correct authentication
*** 847,863 ****
with it */
authproxy->done = TRUE;
! /* To prevent the user+password to get sent to other than the original
! host due to a location-follow, we do some weirdo checks here */
! if(!data->state.this_is_a_follow ||
#ifndef CURL_DISABLE_NETRC
! conn->bits.netrc ||
#endif
! !data->state.first_host ||
! data->set.allow_auth_to_other_hosts ||
! strcasecompare(data->state.first_host, conn->host.name)) {
result = output_auth_headers(data, conn, authhost, request, path, FALSE);
- }
else
authhost->done = TRUE;
--- 862,875 ----
with it */
authproxy->done = TRUE;
! /* To prevent the user+password to get sent to other than the original host
! due to a location-follow */
! if(Curl_allow_auth_to_host(data)
#ifndef CURL_DISABLE_NETRC
! || conn->bits.netrc
#endif
! )
result = output_auth_headers(data, conn, authhost, request, path, FALSE);
else
authhost->done = TRUE;
*** 1913,1922 ****
checkprefix("Cookie:", compare)) &&
/* be careful of sending this potentially sensitive header to
other hosts */
! (data->state.this_is_a_follow &&
! data->state.first_host &&
! !data->set.allow_auth_to_other_hosts &&
! !strcasecompare(data->state.first_host, conn->host.name)))
;
else {
#ifdef USE_HYPER
--- 1925,1931 ----
checkprefix("Cookie:", compare)) &&
/* be careful of sending this potentially sensitive header to
other hosts */
! !Curl_allow_auth_to_host(data))
;
else {
#ifdef USE_HYPER
*** 2088,2093 ****
--- 2097,2103 ----
return CURLE_OUT_OF_MEMORY;
data->state.first_remote_port = conn->remote_port;
+ data->state.first_remote_protocol = conn->handler->protocol;
}
Curl_safefree(data->state.aptr.host);
*** 2697,2708 ****
--- 2707,2720 ----
}
#if !defined(CURL_DISABLE_COOKIES)
+
CURLcode Curl_http_cookies(struct Curl_easy *data,
struct connectdata *conn,
struct dynbuf *r)
{
CURLcode result = CURLE_OK;
char *addcookies = NULL;
+ bool linecap = FALSE;
if(data->set.str[STRING_COOKIE] && !Curl_checkheaders(data, "Cookie"))
addcookies = data->set.str[STRING_COOKIE];
*** 2712,2718 ****
if(data->cookies && data->state.cookie_engine) {
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
! co = Curl_cookie_getlist(data->cookies,
data->state.aptr.cookiehost?
data->state.aptr.cookiehost:
conn->host.name,
--- 2724,2730 ----
if(data->cookies && data->state.cookie_engine) {
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
! co = Curl_cookie_getlist(data, data->cookies,
data->state.aptr.cookiehost?
data->state.aptr.cookiehost:
conn->host.name,
*** 2731,2736 ****
--- 2743,2755 ----
if(result)
break;
}
+ if((Curl_dyn_len(r) + strlen(co->name) + strlen(co->value) + 1) >=
+ MAX_COOKIE_HEADER_LEN) {
+ infof(data, "Restricted outgoing cookies due to header size, "
+ "'%s' not sent", co->name);
+ linecap = TRUE;
+ break;
+ }
result = Curl_dyn_addf(r, "%s%s=%s", count?"; ":"",
co->name, co->value);
if(result)
*** 2741,2747 ****
}
Curl_cookie_freelist(store);
}
! if(addcookies && !result) {
if(!count)
result = Curl_dyn_add(r, "Cookie: ");
if(!result) {
--- 2760,2766 ----
}
Curl_cookie_freelist(store);
}
! if(addcookies && !result && !linecap) {
if(!count)
result = Curl_dyn_add(r, "Cookie: ");
if(!result) {
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/http.h curl_h5/lib/http.h
*** 317,320 ****
--- 317,326 ----
bool proxytunnel); /* TRUE if this is the request setting
up the proxy tunnel */
+ /*
+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
+ * "sensitive data" can (still) be sent to this host.
+ */
+ bool Curl_allow_auth_to_host(struct Curl_easy *data);
+
#endif /* HEADER_CURL_HTTP_H */
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/imap.c curl_h5/lib/imap.c
*** 935,956 ****
line += wordlen;
}
}
! else if(imapcode == IMAP_RESP_OK) {
! if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
! /* We don't have a SSL/TLS connection yet, but SSL is requested */
! if(imapc->tls_supported)
! /* Switch to TLS connection now */
! result = imap_perform_starttls(data, conn);
! else if(data->set.use_ssl == CURLUSESSL_TRY)
! /* Fallback and carry on with authentication */
! result = imap_perform_authentication(data, conn);
! else {
! failf(data, "STARTTLS not supported.");
! result = CURLE_USE_SSL_FAILED;
! }
}
! else
result = imap_perform_authentication(data, conn);
}
else
result = imap_perform_authentication(data, conn);
--- 935,952 ----
line += wordlen;
}
}
! else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
! /* PREAUTH is not compatible with STARTTLS. */
! if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) {
! /* Switch to TLS connection now */
! result = imap_perform_starttls(data, conn);
}
! else if(data->set.use_ssl <= CURLUSESSL_TRY)
result = imap_perform_authentication(data, conn);
+ else {
+ failf(data, "STARTTLS not available.");
+ result = CURLE_USE_SSL_FAILED;
+ }
}
else
result = imap_perform_authentication(data, conn);
*** 968,973 ****
--- 964,973 ----
(void)instate; /* no use for this yet */
+ /* Pipelining in response is forbidden. */
+ if(data->conn->proto.imapc.pp.cache_size)
+ return CURLE_WEIRD_SERVER_REPLY;
+
if(imapcode != IMAP_RESP_OK) {
if(data->set.use_ssl != CURLUSESSL_TRY) {
failf(data, "STARTTLS denied");
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/krb5.c curl_h5/lib/krb5.c
*** 146,156 ****
enc.value = buf;
enc.length = len;
maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL);
! if(maj != GSS_S_COMPLETE) {
! if(len >= 4)
! strcpy(buf, "599 ");
return -1;
- }
memcpy(buf, dec.value, dec.length);
len = curlx_uztosi(dec.length);
--- 146,153 ----
enc.value = buf;
enc.length = len;
maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL);
! if(maj != GSS_S_COMPLETE)
return -1;
memcpy(buf, dec.value, dec.length);
len = curlx_uztosi(dec.length);
*** 512,517 ****
--- 509,515 ----
{
int len;
CURLcode result;
+ int nread;
result = socket_read(fd, &len, sizeof(len));
if(result)
*** 520,526 ****
if(len) {
/* only realloc if there was a length */
len = ntohl(len);
! buf->data = Curl_saferealloc(buf->data, len);
}
if(!len || !buf->data)
return CURLE_OUT_OF_MEMORY;
--- 518,527 ----
if(len) {
/* only realloc if there was a length */
len = ntohl(len);
! if(len > CURL_MAX_INPUT_LENGTH)
! len = 0;
! else
! buf->data = Curl_saferealloc(buf->data, len);
}
if(!len || !buf->data)
return CURLE_OUT_OF_MEMORY;
*** 528,535 ****
result = socket_read(fd, buf->data, len);
if(result)
return result;
! buf->size = conn->mech->decode(conn->app_data, buf->data, len,
! conn->data_prot, conn);
buf->index = 0;
return CURLE_OK;
}
--- 529,539 ----
result = socket_read(fd, buf->data, len);
if(result)
return result;
! nread = conn->mech->decode(conn->app_data, buf->data, len,
! conn->data_prot, conn);
! if(nread < 0)
! return CURLE_RECV_ERROR;
! buf->size = (size_t)nread;
buf->index = 0;
return CURLE_OK;
}
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/Makefile.inc curl_h5/lib/Makefile.inc
*** 131,136 ****
--- 131,137 ----
escape.c \
file.c \
fileinfo.c \
+ fopen.c \
formdata.c \
ftp.c \
ftplistparser.c \
*** 263,268 ****
--- 264,270 ----
escape.h \
file.h \
fileinfo.h \
+ fopen.h \
formdata.h \
ftp.h \
ftplistparser.h \
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/mqtt.c curl_h5/lib/mqtt.c
*** 128,133 ****
--- 128,137 ----
mq->sendleftovers = sendleftovers;
mq->nsend = nsend;
}
+ else {
+ mq->sendleftovers = NULL;
+ mq->nsend = 0;
+ }
return result;
}
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/pop3.c curl_h5/lib/pop3.c
*** 741,768 ****
}
}
}
- else if(pop3code == '+') {
- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
- /* We don't have a SSL/TLS connection yet, but SSL is requested */
- if(pop3c->tls_supported)
- /* Switch to TLS connection now */
- result = pop3_perform_starttls(data, conn);
- else if(data->set.use_ssl == CURLUSESSL_TRY)
- /* Fallback and carry on with authentication */
- result = pop3_perform_authentication(data, conn);
- else {
- failf(data, "STLS not supported.");
- result = CURLE_USE_SSL_FAILED;
- }
- }
- else
- result = pop3_perform_authentication(data, conn);
- }
else {
/* Clear text is supported when CAPA isn't recognised */
! pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
! result = pop3_perform_authentication(data, conn);
}
return result;
--- 741,763 ----
}
}
}
else {
/* Clear text is supported when CAPA isn't recognised */
! if(pop3code != '+')
! pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
! if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use)
! result = pop3_perform_authentication(data, conn);
! else if(pop3code == '+' && pop3c->tls_supported)
! /* Switch to TLS connection now */
! result = pop3_perform_starttls(data, conn);
! else if(data->set.use_ssl <= CURLUSESSL_TRY)
! /* Fallback and carry on with authentication */
! result = pop3_perform_authentication(data, conn);
! else {
! failf(data, "STLS not supported.");
! result = CURLE_USE_SSL_FAILED;
! }
}
return result;
*** 777,782 ****
--- 772,781 ----
CURLcode result = CURLE_OK;
(void)instate; /* no use for this yet */
+ /* Pipelining in response is forbidden. */
+ if(data->conn->proto.pop3c.pp.cache_size)
+ return CURLE_WEIRD_SERVER_REPLY;
+
if(pop3code != '+') {
if(data->set.use_ssl != CURLUSESSL_TRY) {
failf(data, "STARTTLS denied");
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/setopt.c curl_h5/lib/setopt.c
*** 2311,2316 ****
--- 2311,2317 ----
case CURLOPT_SSL_OPTIONS:
arg = va_arg(param, long);
+ data->set.ssl.primary.ssl_options = (unsigned char)(arg & 0xff);
data->set.ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST);
data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN);
*** 2324,2329 ****
--- 2325,2331 ----
#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSL_OPTIONS:
arg = va_arg(param, long);
+ data->set.proxy_ssl.primary.ssl_options = (unsigned char)(arg & 0xff);
data->set.proxy_ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST);
data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
data->set.proxy_ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN);
*** 2744,2792 ****
case CURLOPT_TLSAUTH_USERNAME:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME],
va_arg(param, char *));
! if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
! data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
break;
case CURLOPT_PROXY_TLSAUTH_USERNAME:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY],
va_arg(param, char *));
#ifndef CURL_DISABLE_PROXY
! if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
! !data->set.proxy_ssl.authtype)
! data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
#endif
break;
case CURLOPT_TLSAUTH_PASSWORD:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD],
va_arg(param, char *));
! if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
! data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
break;
case CURLOPT_PROXY_TLSAUTH_PASSWORD:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY],
va_arg(param, char *));
#ifndef CURL_DISABLE_PROXY
if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
! !data->set.proxy_ssl.authtype)
! data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
#endif
break;
case CURLOPT_TLSAUTH_TYPE:
argptr = va_arg(param, char *);
if(!argptr ||
strncasecompare(argptr, "SRP", strlen("SRP")))
! data->set.ssl.authtype = CURL_TLSAUTH_SRP;
else
! data->set.ssl.authtype = CURL_TLSAUTH_NONE;
break;
#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_TLSAUTH_TYPE:
argptr = va_arg(param, char *);
if(!argptr ||
strncasecompare(argptr, "SRP", strlen("SRP")))
! data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP;
else
! data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE;
break;
#endif
#endif
--- 2746,2796 ----
case CURLOPT_TLSAUTH_USERNAME:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME],
va_arg(param, char *));
! if(data->set.str[STRING_TLSAUTH_USERNAME] &&
! !data->set.ssl.primary.authtype)
! data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
break;
case CURLOPT_PROXY_TLSAUTH_USERNAME:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY],
va_arg(param, char *));
#ifndef CURL_DISABLE_PROXY
! if(data->set.str[STRING_TLSAUTH_USERNAME] &&
! !data->set.ssl.primary.authtype)
! data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
#endif
break;
case CURLOPT_TLSAUTH_PASSWORD:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD],
va_arg(param, char *));
! if(data->set.str[STRING_TLSAUTH_USERNAME] &&
! !data->set.ssl.primary.authtype)
! data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
break;
case CURLOPT_PROXY_TLSAUTH_PASSWORD:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY],
va_arg(param, char *));
#ifndef CURL_DISABLE_PROXY
if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
! !data->set.proxy_ssl.primary.authtype)
! data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
#endif
break;
case CURLOPT_TLSAUTH_TYPE:
argptr = va_arg(param, char *);
if(!argptr ||
strncasecompare(argptr, "SRP", strlen("SRP")))
! data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP;
else
! data->set.ssl.primary.authtype = CURL_TLSAUTH_NONE;
break;
#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_TLSAUTH_TYPE:
argptr = va_arg(param, char *);
if(!argptr ||
strncasecompare(argptr, "SRP", strlen("SRP")))
! data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP;
else
! data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_NONE;
break;
#endif
#endif
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/smtp.c curl_h5/lib/smtp.c
*** 835,840 ****
--- 835,844 ----
CURLcode result = CURLE_OK;
(void)instate; /* no use for this yet */
+ /* Pipelining in response is forbidden. */
+ if(data->conn->proto.smtpc.pp.cache_size)
+ return CURLE_WEIRD_SERVER_REPLY;
+
if(smtpcode != 220) {
if(data->set.use_ssl != CURLUSESSL_TRY) {
failf(data, "STARTTLS denied, code %d", smtpcode);
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/strcase.c curl_h5/lib/strcase.c
*** 251,256 ****
--- 251,266 ----
} while(*src++ && --n);
}
+ /* Compare case-sensitive NUL-terminated strings, taking care of possible
+ * null pointers. Return true if arguments match.
+ */
+ bool Curl_safecmp(char *a, char *b)
+ {
+ if(a && b)
+ return !strcmp(a, b);
+ return !a && !b;
+ }
+
/* --- public functions --- */
int curl_strequal(const char *first, const char *second)
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/strcase.h curl_h5/lib/strcase.h
*** 48,51 ****
--- 48,53 ----
void Curl_strntoupper(char *dest, const char *src, size_t n);
void Curl_strntolower(char *dest, const char *src, size_t n);
+ bool Curl_safecmp(char *a, char *b);
+
#endif /* HEADER_CURL_STRCASE_H */
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/transfer.c curl_h5/lib/transfer.c
*** 1652,1661 ****
return CURLE_OUT_OF_MEMORY;
}
else {
-
uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0);
if(uc)
return Curl_uc_to_curlcode(uc);
}
if(type == FOLLOW_FAKE) {
--- 1652,1708 ----
return CURLE_OUT_OF_MEMORY;
}
else {
uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0);
if(uc)
return Curl_uc_to_curlcode(uc);
+
+ /* Clear auth if this redirects to a different port number or protocol,
+ unless permitted */
+ if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) {
+ char *portnum;
+ int port;
+ bool clear = FALSE;
+
+ if(data->set.use_port && data->state.allow_port)
+ /* a custom port is used */
+ port = (int)data->set.use_port;
+ else {
+ uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum,
+ CURLU_DEFAULT_PORT);
+ if(uc) {
+ free(newurl);
+ return Curl_uc_to_curlcode(uc);
+ }
+ port = atoi(portnum);
+ free(portnum);
+ }
+ if(port != data->info.conn_remote_port) {
+ infof(data, "Clear auth, redirects to port from %u to %u",
+ data->info.conn_remote_port, port);
+ clear = TRUE;
+ }
+ else {
+ char *scheme;
+ const struct Curl_handler *p;
+ uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0);
+ if(uc) {
+ free(newurl);
+ return Curl_uc_to_curlcode(uc);
+ }
+
+ p = Curl_builtin_scheme(scheme);
+ if(p && (p->protocol != data->info.conn_protocol)) {
+ infof(data, "Clear auth, redirects scheme from %s to %s",
+ data->info.conn_scheme, scheme);
+ clear = TRUE;
+ }
+ free(scheme);
+ }
+ if(clear) {
+ Curl_safefree(data->state.aptr.user);
+ Curl_safefree(data->state.aptr.passwd);
+ }
+ }
}
if(type == FOLLOW_FAKE) {
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/url.c curl_h5/lib/url.c
*** 547,553 ****
set->ssl.primary.verifypeer = TRUE;
set->ssl.primary.verifyhost = TRUE;
#ifdef USE_TLS_SRP
! set->ssl.authtype = CURL_TLSAUTH_NONE;
#endif
set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
type */
--- 547,553 ----
set->ssl.primary.verifypeer = TRUE;
set->ssl.primary.verifyhost = TRUE;
#ifdef USE_TLS_SRP
! set->ssl.primary.authtype = CURL_TLSAUTH_NONE;
#endif
set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
type */
*** 784,789 ****
--- 784,790 ----
Curl_safefree(conn->passwd);
Curl_safefree(conn->sasl_authzid);
Curl_safefree(conn->options);
+ Curl_safefree(conn->oauth_bearer);
Curl_dyn_free(&conn->trailer);
Curl_safefree(conn->host.rawalloc); /* host name buffer */
Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */
*** 1088,1093 ****
--- 1089,1100 ----
}
}
+ static bool ssh_config_matches(struct connectdata *one,
+ struct connectdata *two)
+ {
+ return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) &&
+ Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub));
+ }
/*
* Given one filled in connection struct (named needle), this function should
* detect if there already is one that has all the significant details
*** 1332,1338 ****
/* This protocol requires credentials per connection,
so verify that we're using the same name and password as well */
if(strcmp(needle->user, check->user) ||
! strcmp(needle->passwd, check->passwd)) {
/* one of them was different */
continue;
}
--- 1339,1347 ----
/* This protocol requires credentials per connection,
so verify that we're using the same name and password as well */
if(strcmp(needle->user, check->user) ||
! strcmp(needle->passwd, check->passwd) ||
! !Curl_safecmp(needle->sasl_authzid, check->sasl_authzid) ||
! !Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) {
/* one of them was different */
continue;
}
*** 1345,1350 ****
--- 1354,1364 ----
(data->state.httpwant < CURL_HTTP_VERSION_2_0))
continue;
+ if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+ if(!ssh_config_matches(needle, check))
+ continue;
+ }
+
if((needle->handler->flags&PROTOPT_SSL)
#ifndef CURL_DISABLE_PROXY
|| !needle->bits.httpproxy || needle->bits.tunnel_proxy
*** 1745,1755 ****
--- 1759,1775 ----
conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
+ conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options;
+ #ifdef USE_TLS_SRP
+ #endif
#ifndef CURL_DISABLE_PROXY
conn->proxy_ssl_config.verifystatus =
data->set.proxy_ssl.primary.verifystatus;
conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
+ conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options;
+ #ifdef USE_TLS_SRP
+ #endif
#endif
conn->ip_version = data->set.ipver;
conn->bits.connect_only = data->set.connect_only;
*** 3592,3597 ****
--- 3612,3625 ----
}
}
+ if(data->set.str[STRING_BEARER]) {
+ conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]);
+ if(!conn->oauth_bearer) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto out;
+ }
+ }
+
#ifdef USE_UNIX_SOCKETS
if(data->set.str[STRING_UNIX_SOCKET_PATH]) {
conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]);
*** 3794,3800 ****
data->set.str[STRING_SSL_ISSUERCERT_PROXY];
data->set.proxy_ssl.primary.issuercert_blob =
data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY];
! data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY];
data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY];
data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY];
--- 3822,3829 ----
data->set.str[STRING_SSL_ISSUERCERT_PROXY];
data->set.proxy_ssl.primary.issuercert_blob =
data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY];
! data->set.proxy_ssl.primary.CRLfile =
! data->set.str[STRING_SSL_CRLFILE_PROXY];
data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY];
data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY];
data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY];
*** 3802,3819 ****
data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY];
#endif
! data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE];
data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE];
data->set.ssl.key = data->set.str[STRING_KEY];
data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE];
data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD];
data->set.ssl.primary.clientcert = data->set.str[STRING_CERT];
#ifdef USE_TLS_SRP
! data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME];
! data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD];
#ifndef CURL_DISABLE_PROXY
! data->set.proxy_ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
! data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
#endif
#endif
data->set.ssl.key_blob = data->set.blobs[BLOB_KEY];
--- 3831,3850 ----
data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY];
#endif
! data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE];
data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE];
data->set.ssl.key = data->set.str[STRING_KEY];
data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE];
data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD];
data->set.ssl.primary.clientcert = data->set.str[STRING_CERT];
#ifdef USE_TLS_SRP
! data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME];
! data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD];
#ifndef CURL_DISABLE_PROXY
! data->set.proxy_ssl.primary.username =
! data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
! data->set.proxy_ssl.primary.password =
! data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
#endif
#endif
data->set.ssl.key_blob = data->set.blobs[BLOB_KEY];
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/urldata.h curl_h5/lib/urldata.h
*** 253,262 ****
--- 253,269 ----
char *cipher_list; /* list of ciphers to use */
char *cipher_list13; /* list of TLS 1.3 cipher suites to use */
char *pinned_key;
+ char *CRLfile; /* CRL to check certificate revocation */
struct curl_blob *cert_blob;
struct curl_blob *ca_info_blob;
struct curl_blob *issuercert_blob;
+ #ifdef USE_TLS_SRP
+ char *username; /* TLS username (for, e.g., SRP) */
+ char *password; /* TLS password (for, e.g., SRP) */
+ enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
+ #endif
char *curves; /* list of curves to use */
+ unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */
BIT(verifypeer); /* set TRUE if this is desired */
BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */
BIT(verifystatus); /* set TRUE if certificate status must be checked */
*** 266,272 ****
struct ssl_config_data {
struct ssl_primary_config primary;
long certverifyresult; /* result from the certificate verification */
- char *CRLfile; /* CRL to check certificate revocation */
curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
void *fsslctxp; /* parameter for call back */
char *cert_type; /* format for certificate (default: PEM)*/
--- 273,278 ----
*** 274,284 ****
struct curl_blob *key_blob;
char *key_type; /* format for private key (default: PEM) */
char *key_passwd; /* plain text private key password */
- #ifdef USE_TLS_SRP
- char *username; /* TLS username (for, e.g., SRP) */
- char *password; /* TLS password (for, e.g., SRP) */
- enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
- #endif
BIT(certinfo); /* gather lots of certificate info */
BIT(falsestart);
BIT(enable_beast); /* allow this flaw for interoperability's sake*/
--- 280,285 ----
*** 704,709 ****
--- 705,711 ----
#ifndef CURL_DISABLE_DOH
struct dohdata *doh; /* DoH specific data for this request */
#endif
+ unsigned char setcookies;
BIT(header); /* incoming data has HTTP header */
BIT(content_range); /* set TRUE if Content-Range: was found */
BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding
*** 979,984 ****
--- 981,987 ----
char *passwd; /* password string, allocated */
char *options; /* options string, allocated */
char *sasl_authzid; /* authorisation identity string, allocated */
+ char *oauth_bearer; /* OAUTH2 bearer, allocated */
unsigned char httpversion; /* the HTTP version*10 reported by the server */
struct curltime now; /* "current" time */
struct curltime created; /* creation time */
*** 1154,1160 ****
reused, in the connection cache. */
char conn_primary_ip[MAX_IPADR_LEN];
! int conn_primary_port;
char conn_local_ip[MAX_IPADR_LEN];
int conn_local_port;
const char *conn_scheme;
--- 1157,1167 ----
reused, in the connection cache. */
char conn_primary_ip[MAX_IPADR_LEN];
! int conn_primary_port; /* this is the destination port to the connection,
! which might have been a proxy */
! int conn_remote_port; /* this is the "remote port", which is the port
! number of the used URL, independent of proxy or
! not */
char conn_local_ip[MAX_IPADR_LEN];
int conn_local_port;
const char *conn_scheme;
*** 1323,1336 ****
char *ulbuf; /* allocated upload buffer or NULL */
curl_off_t current_speed; /* the ProgressShow() function sets this,
bytes / second */
! char *first_host; /* host name of the first (not followed) request.
! if set, this should be the host name that we will
! sent authorization to, no else. Used to make Location:
! following not keep sending user+password... This is
! strdup() data.
! */
int retrycount; /* number of retries on a new connection */
- int first_remote_port; /* remote port of the first (not followed) request */
struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */
long sessionage; /* number of the most recent session */
struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */
--- 1330,1345 ----
char *ulbuf; /* allocated upload buffer or NULL */
curl_off_t current_speed; /* the ProgressShow() function sets this,
bytes / second */
!
! /* host name, port number and protocol of the first (not followed) request.
! if set, this should be the host name that we will sent authorization to,
! no else. Used to make Location: following not keep sending user+password.
! This is strdup()ed data. */
! char *first_host;
! int first_remote_port;
! unsigned int first_remote_protocol;
!
int retrycount; /* number of retries on a new connection */
struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */
long sessionage; /* number of the most recent session */
struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vssh/ssh.h curl_h5/lib/vssh/ssh.h
*** 7,13 ****
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
! * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
--- 7,13 ----
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
! * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
*** 131,138 ****
/* common */
const char *passphrase; /* pass-phrase to use */
! char *rsa_pub; /* path name */
! char *rsa; /* path name */
bool authed; /* the connection has been authenticated fine */
bool acceptfail; /* used by the SFTP_QUOTE (continue if
quote command fails) */
--- 131,138 ----
/* common */
const char *passphrase; /* pass-phrase to use */
! char *rsa_pub; /* strdup'ed public key file */
! char *rsa; /* strdup'ed private key file */
bool authed; /* the connection has been authenticated fine */
bool acceptfail; /* used by the SFTP_QUOTE (continue if
quote command fails) */
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vtls/gtls.c curl_h5/lib/vtls/gtls.c
*** 431,438 ****
}
#ifdef HAVE_GNUTLS_SRP
! if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
! infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username));
rc = gnutls_srp_allocate_client_credentials(
&backend->srp_client_cred);
--- 431,439 ----
}
#ifdef HAVE_GNUTLS_SRP
! if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) {
! infof(data, "Using TLS-SRP username: %s",
! SSL_SET_OPTION(primary.username));
rc = gnutls_srp_allocate_client_credentials(
&backend->srp_client_cred);
*** 443,450 ****
}
rc = gnutls_srp_set_client_credentials(backend->srp_client_cred,
! SSL_SET_OPTION(username),
! SSL_SET_OPTION(password));
if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_srp_set_client_cred() failed: %s",
gnutls_strerror(rc));
--- 444,451 ----
}
rc = gnutls_srp_set_client_credentials(backend->srp_client_cred,
! SSL_SET_OPTION(primary.username),
! SSL_SET_OPTION(primary.password));
if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_srp_set_client_cred() failed: %s",
gnutls_strerror(rc));
*** 500,518 ****
}
#endif
! if(SSL_SET_OPTION(CRLfile)) {
/* set the CRL list file */
rc = gnutls_certificate_set_x509_crl_file(backend->cred,
! SSL_SET_OPTION(CRLfile),
GNUTLS_X509_FMT_PEM);
if(rc < 0) {
failf(data, "error reading crl file %s (%s)",
! SSL_SET_OPTION(CRLfile), gnutls_strerror(rc));
return CURLE_SSL_CRL_BADFILE;
}
else
infof(data, "found %d CRL in %s",
! rc, SSL_SET_OPTION(CRLfile));
}
/* Initialize TLS session as a client */
--- 501,519 ----
}
#endif
! if(SSL_SET_OPTION(primary.CRLfile)) {
/* set the CRL list file */
rc = gnutls_certificate_set_x509_crl_file(backend->cred,
! SSL_SET_OPTION(primary.CRLfile),
GNUTLS_X509_FMT_PEM);
if(rc < 0) {
failf(data, "error reading crl file %s (%s)",
! SSL_SET_OPTION(primary.CRLfile), gnutls_strerror(rc));
return CURLE_SSL_CRL_BADFILE;
}
else
infof(data, "found %d CRL in %s",
! rc, SSL_SET_OPTION(primary.CRLfile));
}
/* Initialize TLS session as a client */
*** 585,591 ****
#ifdef HAVE_GNUTLS_SRP
/* Only add SRP to the cipher list if SRP is requested. Otherwise
* GnuTLS will disable TLS 1.3 support. */
! if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
size_t len = strlen(prioritylist);
char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1);
--- 586,592 ----
#ifdef HAVE_GNUTLS_SRP
/* Only add SRP to the cipher list if SRP is requested. Otherwise
* GnuTLS will disable TLS 1.3 support. */
! if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) {
size_t len = strlen(prioritylist);
char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1);
*** 677,683 ****
#ifdef HAVE_GNUTLS_SRP
/* put the credentials to the current session */
! if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
backend->srp_client_cred);
if(rc != GNUTLS_E_SUCCESS) {
--- 678,684 ----
#ifdef HAVE_GNUTLS_SRP
/* put the credentials to the current session */
! if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) {
rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
backend->srp_client_cred);
if(rc != GNUTLS_E_SUCCESS) {
*** 858,865 ****
SSL_CONN_CONFIG(verifyhost) ||
SSL_CONN_CONFIG(issuercert)) {
#ifdef HAVE_GNUTLS_SRP
! if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
! && SSL_SET_OPTION(username) != NULL
&& !SSL_CONN_CONFIG(verifypeer)
&& gnutls_cipher_get(session)) {
/* no peer cert, but auth is ok if we have SRP user and cipher and no
--- 859,866 ----
SSL_CONN_CONFIG(verifyhost) ||
SSL_CONN_CONFIG(issuercert)) {
#ifdef HAVE_GNUTLS_SRP
! if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP
! && SSL_SET_OPTION(primary.username)
&& !SSL_CONN_CONFIG(verifypeer)
&& gnutls_cipher_get(session)) {
/* no peer cert, but auth is ok if we have SRP user and cipher and no
*** 917,923 ****
failf(data, "server certificate verification failed. CAfile: %s "
"CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
"none",
! SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none");
return CURLE_PEER_FAILED_VERIFICATION;
}
else
--- 918,925 ----
failf(data, "server certificate verification failed. CAfile: %s "
"CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
"none",
! SSL_SET_OPTION(primary.CRLfile) ?
! SSL_SET_OPTION(primary.CRLfile) : "none");
return CURLE_PEER_FAILED_VERIFICATION;
}
else
*** 1530,1537 ****
gnutls_certificate_free_credentials(backend->cred);
#ifdef HAVE_GNUTLS_SRP
! if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
! && SSL_SET_OPTION(username) != NULL)
gnutls_srp_free_client_credentials(backend->srp_client_cred);
#endif
--- 1532,1539 ----
gnutls_certificate_free_credentials(backend->cred);
#ifdef HAVE_GNUTLS_SRP
! if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP
! && SSL_SET_OPTION(primary.username) != NULL)
gnutls_srp_free_client_credentials(backend->srp_client_cred);
#endif
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vtls/mbedtls.c curl_h5/lib/vtls/mbedtls.c
*** 255,261 ****
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
! const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
const char * const hostname = SSL_HOST_NAME();
const long int port = SSL_HOST_PORT();
int ret = -1;
--- 255,261 ----
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
! const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile);
const char * const hostname = SSL_HOST_NAME();
const long int port = SSL_HOST_PORT();
int ret = -1;
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vtls/nss.c curl_h5/lib/vtls/nss.c
*** 972,977 ****
--- 972,980 ----
PR_Free(common_name);
}
+ /* A number of certs that will never occur in a real server handshake */
+ #define TOO_MANY_CERTS 300
+
static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
{
CURLcode result = CURLE_OK;
*** 1007,1012 ****
--- 1010,1020 ----
cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
while(cert2) {
i++;
+ if(i >= TOO_MANY_CERTS) {
+ CERT_DestroyCertificate(cert2);
+ failf(data, "certificate loop");
+ return CURLE_SSL_CERTPROBLEM;
+ }
if(cert2->isRoot) {
CERT_DestroyCertificate(cert2);
break;
*** 1986,1998 ****
}
}
! if(SSL_SET_OPTION(CRLfile)) {
! const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile));
if(rv) {
result = rv;
goto error;
}
! infof(data, " CRLfile: %s", SSL_SET_OPTION(CRLfile));
}
if(SSL_SET_OPTION(primary.clientcert)) {
--- 1994,2006 ----
}
}
! if(SSL_SET_OPTION(primary.CRLfile)) {
! const CURLcode rv = nss_load_crl(SSL_SET_OPTION(primary.CRLfile));
if(rv) {
result = rv;
goto error;
}
! infof(data, " CRLfile: %s", SSL_SET_OPTION(primary.CRLfile));
}
if(SSL_SET_OPTION(primary.clientcert)) {
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vtls/openssl.c curl_h5/lib/vtls/openssl.c
*** 2605,2611 ****
#endif
const long int ssl_version = SSL_CONN_CONFIG(version);
#ifdef USE_OPENSSL_SRP
! const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
#endif
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
--- 2605,2611 ----
#endif
const long int ssl_version = SSL_CONN_CONFIG(version);
#ifdef USE_OPENSSL_SRP
! const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(primary.authtype);
#endif
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
*** 2616,2622 ****
(ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile));
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
! const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
char error_buffer[256];
struct ssl_backend_data *backend = connssl->backend;
bool imported_native_ca = false;
--- 2616,2622 ----
(ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile));
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
! const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile);
char error_buffer[256];
struct ssl_backend_data *backend = connssl->backend;
bool imported_native_ca = false;
*** 2866,2881 ****
#endif
#ifdef USE_OPENSSL_SRP
! if(ssl_authtype == CURL_TLSAUTH_SRP) {
! char * const ssl_username = SSL_SET_OPTION(username);
!
infof(data, "Using TLS-SRP username: %s", ssl_username);
if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) {
failf(data, "Unable to set SRP user name");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
! if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) {
failf(data, "failed setting SRP password");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
--- 2866,2882 ----
#endif
#ifdef USE_OPENSSL_SRP
! if((ssl_authtype == CURL_TLSAUTH_SRP) &&
! Curl_allow_auth_to_host(data)) {
! char * const ssl_username = SSL_SET_OPTION(primary.username);
! char * const ssl_password = SSL_SET_OPTION(primary.password);
infof(data, "Using TLS-SRP username: %s", ssl_username);
if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) {
failf(data, "Unable to set SRP user name");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
! if(!SSL_CTX_set_srp_password(backend->ctx, ssl_password)) {
failf(data, "failed setting SRP password");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/lib/vtls/vtls.c curl_h5/lib/vtls/vtls.c
*** 125,139 ****
return !memcmp(first->data, second->data, first->len); /* same data */
}
- static bool safecmp(char *a, char *b)
- {
- if(a && b)
- return !strcmp(a, b);
- else if(!a && !b)
- return TRUE; /* match */
- return FALSE; /* no match */
- }
-
bool
Curl_ssl_config_matches(struct ssl_primary_config *data,
--- 125,130 ----
*** 141,161 ****
{
if((data->version == needle->version) &&
(data->version_max == needle->version_max) &&
(data->verifypeer == needle->verifypeer) &&
(data->verifyhost == needle->verifyhost) &&
(data->verifystatus == needle->verifystatus) &&
blobcmp(data->cert_blob, needle->cert_blob) &&
blobcmp(data->ca_info_blob, needle->ca_info_blob) &&
blobcmp(data->issuercert_blob, needle->issuercert_blob) &&
! safecmp(data->CApath, needle->CApath) &&
! safecmp(data->CAfile, needle->CAfile) &&
! safecmp(data->issuercert, needle->issuercert) &&
! safecmp(data->clientcert, needle->clientcert) &&
! safecmp(data->random_file, needle->random_file) &&
! safecmp(data->egdsocket, needle->egdsocket) &&
Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) &&
Curl_safe_strcasecompare(data->curves, needle->curves) &&
Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key))
return TRUE;
--- 132,159 ----
{
if((data->version == needle->version) &&
(data->version_max == needle->version_max) &&
+ (data->ssl_options == needle->ssl_options) &&
(data->verifypeer == needle->verifypeer) &&
(data->verifyhost == needle->verifyhost) &&
(data->verifystatus == needle->verifystatus) &&
blobcmp(data->cert_blob, needle->cert_blob) &&
blobcmp(data->ca_info_blob, needle->ca_info_blob) &&
blobcmp(data->issuercert_blob, needle->issuercert_blob) &&
! Curl_safecmp(data->CApath, needle->CApath) &&
! Curl_safecmp(data->CAfile, needle->CAfile) &&
! Curl_safecmp(data->issuercert, needle->issuercert) &&
! Curl_safecmp(data->clientcert, needle->clientcert) &&
! Curl_safecmp(data->random_file, needle->random_file) &&
! Curl_safecmp(data->egdsocket, needle->egdsocket) &&
! #ifdef USE_TLS_SRP
! Curl_safecmp(data->username, needle->username) &&
! Curl_safecmp(data->password, needle->password) &&
! (data->authtype == needle->authtype) &&
! #endif
Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) &&
Curl_safe_strcasecompare(data->curves, needle->curves) &&
+ Curl_safe_strcasecompare(data->CRLfile, needle->CRLfile) &&
Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key))
return TRUE;
*** 172,177 ****
--- 170,179 ----
dest->verifyhost = source->verifyhost;
dest->verifystatus = source->verifystatus;
dest->sessionid = source->sessionid;
+ dest->ssl_options = source->ssl_options;
+ #ifdef USE_TLS_SRP
+ dest->authtype = source->authtype;
+ #endif
CLONE_BLOB(cert_blob);
CLONE_BLOB(ca_info_blob);
*** 186,191 ****
--- 188,198 ----
CLONE_STRING(cipher_list13);
CLONE_STRING(pinned_key);
CLONE_STRING(curves);
+ CLONE_STRING(CRLfile);
+ #ifdef USE_TLS_SRP
+ CLONE_STRING(username);
+ CLONE_STRING(password);
+ #endif
return TRUE;
}
*** 205,210 ****
--- 212,222 ----
Curl_safefree(sslc->ca_info_blob);
Curl_safefree(sslc->issuercert_blob);
Curl_safefree(sslc->curves);
+ Curl_safefree(sslc->CRLfile);
+ #ifdef USE_TLS_SRP
+ Curl_safefree(sslc->username);
+ Curl_safefree(sslc->password);
+ #endif
}
#ifdef USE_SSL
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/Makefile.inc curl_h5/tests/data/Makefile.inc
*** 61,67 ****
test343 test344 test345 test346 test347 test348 test349 test350 test351 \
test352 test353 test354 test355 test356 test357 test358 test359 test360 \
test361 test362 test363 test364 \
! \
test393 test394 test395 test396 test397 \
\
test400 test401 test402 test403 test404 test405 test406 test407 test408 \
--- 61,67 ----
test343 test344 test345 test346 test347 test348 test349 test350 test351 \
test352 test353 test354 test355 test356 test357 test358 test359 test360 \
test361 test362 test363 test364 \
! test387 \
test393 test394 test395 test396 test397 \
\
test400 test401 test402 test403 test404 test405 test406 test407 test408 \
*** 69,74 ****
--- 69,76 ----
\
test430 test431 test432 test433 test434 \
\
+ test442 test443 test444 \
+ \
test490 test491 test492 test493 test494 \
\
test500 test501 test502 test503 test504 test505 test506 test507 test508 \
*** 106,112 ****
test863 test864 test865 test866 test867 test868 test869 test870 test871 \
test872 test873 test874 test875 test876 test877 test878 test879 test880 \
test881 test882 test883 test884 test885 test886 test887 test888 test889 \
! test890 test891 test892 test893 test894 test895 test896 \
\
test900 test901 test902 test903 test904 test905 test906 test907 test908 \
test909 test910 test911 test912 test913 test914 test915 test916 test917 \
--- 108,114 ----
test863 test864 test865 test866 test867 test868 test869 test870 test871 \
test872 test873 test874 test875 test876 test877 test878 test879 test880 \
test881 test882 test883 test884 test885 test886 test887 test888 test889 \
! test890 test891 test892 test893 test894 test895 test896 test898 \
\
test900 test901 test902 test903 test904 test905 test906 test907 test908 \
test909 test910 test911 test912 test913 test914 test915 test916 test917 \
*** 116,122 ****
test945 test946 test947 test948 test949 test950 test951 test952 test953 \
test954 test955 test956 test957 test958 test959 test960 test961 test962 \
test963 test964 test965 test966 test967 test968 test969 test970 test971 \
! test972 \
\
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
--- 118,126 ----
test945 test946 test947 test948 test949 test950 test951 test952 test953 \
test954 test955 test956 test957 test958 test959 test960 test961 test962 \
test963 test964 test965 test966 test967 test968 test969 test970 test971 \
! test972 test973 test974 test975 test976 \
! \
! test980 test981 test982 test983 test984 test985 test986 \
\
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test387 curl_h5/tests/data/test387
--- 1,53 ----
+ <testcase>
+ <info>
+ <keywords>
+ HTTP
+ gzip
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data nocheck="yes">
+ HTTP/1.1 200 OK
+ Transfer-Encoding: gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip
+
+ -foo-
+ </data>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <name>
+ Response with overly long compression chain
+ </name>
+ <command>
+ http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET /%TESTNUMBER HTTP/1.1
+ Host: %HOSTIP:%HTTPPORT
+ User-Agent: curl/%VERSION
+ Accept: */*
+
+ </protocol>
+
+ # CURLE_BAD_CONTENT_ENCODING is 61
+ <errorcode>
+ 61
+ </errorcode>
+ <stderr mode="text">
+ curl: (61) Reject response due to 5 content encodings
+ </stderr>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test442 curl_h5/tests/data/test442
--- 1,209 ----
+ # perl:
+ #
+ # for(1 .. 151) {
+ # print join("\t",
+ # "attack.invalid", "TRUE", "/", "FALSE", "0",
+ # "name$_", "could-be-large-$_")."\n";
+ # }
+ #
+ <testcase>
+ <info>
+ <keywords>
+ HTTP
+ cookies
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 6
+
+ -foo-
+ </data>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <name>
+ Send capped huge number of matching cookies
+ </name>
+ <command>
+ http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -b log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP -L
+ </command>
+ <file name="log/cookie%TESTNUMBER" mode="text">
+ attack.invalid TRUE / FALSE 0 name1 could-be-large-1
+ attack.invalid TRUE / FALSE 0 name2 could-be-large-2
+ attack.invalid TRUE / FALSE 0 name3 could-be-large-3
+ attack.invalid TRUE / FALSE 0 name4 could-be-large-4
+ attack.invalid TRUE / FALSE 0 name5 could-be-large-5
+ attack.invalid TRUE / FALSE 0 name6 could-be-large-6
+ attack.invalid TRUE / FALSE 0 name7 could-be-large-7
+ attack.invalid TRUE / FALSE 0 name8 could-be-large-8
+ attack.invalid TRUE / FALSE 0 name9 could-be-large-9
+ attack.invalid TRUE / FALSE 0 name10 could-be-large-10
+ attack.invalid TRUE / FALSE 0 name11 could-be-large-11
+ attack.invalid TRUE / FALSE 0 name12 could-be-large-12
+ attack.invalid TRUE / FALSE 0 name13 could-be-large-13
+ attack.invalid TRUE / FALSE 0 name14 could-be-large-14
+ attack.invalid TRUE / FALSE 0 name15 could-be-large-15
+ attack.invalid TRUE / FALSE 0 name16 could-be-large-16
+ attack.invalid TRUE / FALSE 0 name17 could-be-large-17
+ attack.invalid TRUE / FALSE 0 name18 could-be-large-18
+ attack.invalid TRUE / FALSE 0 name19 could-be-large-19
+ attack.invalid TRUE / FALSE 0 name20 could-be-large-20
+ attack.invalid TRUE / FALSE 0 name21 could-be-large-21
+ attack.invalid TRUE / FALSE 0 name22 could-be-large-22
+ attack.invalid TRUE / FALSE 0 name23 could-be-large-23
+ attack.invalid TRUE / FALSE 0 name24 could-be-large-24
+ attack.invalid TRUE / FALSE 0 name25 could-be-large-25
+ attack.invalid TRUE / FALSE 0 name26 could-be-large-26
+ attack.invalid TRUE / FALSE 0 name27 could-be-large-27
+ attack.invalid TRUE / FALSE 0 name28 could-be-large-28
+ attack.invalid TRUE / FALSE 0 name29 could-be-large-29
+ attack.invalid TRUE / FALSE 0 name30 could-be-large-30
+ attack.invalid TRUE / FALSE 0 name31 could-be-large-31
+ attack.invalid TRUE / FALSE 0 name32 could-be-large-32
+ attack.invalid TRUE / FALSE 0 name33 could-be-large-33
+ attack.invalid TRUE / FALSE 0 name34 could-be-large-34
+ attack.invalid TRUE / FALSE 0 name35 could-be-large-35
+ attack.invalid TRUE / FALSE 0 name36 could-be-large-36
+ attack.invalid TRUE / FALSE 0 name37 could-be-large-37
+ attack.invalid TRUE / FALSE 0 name38 could-be-large-38
+ attack.invalid TRUE / FALSE 0 name39 could-be-large-39
+ attack.invalid TRUE / FALSE 0 name40 could-be-large-40
+ attack.invalid TRUE / FALSE 0 name41 could-be-large-41
+ attack.invalid TRUE / FALSE 0 name42 could-be-large-42
+ attack.invalid TRUE / FALSE 0 name43 could-be-large-43
+ attack.invalid TRUE / FALSE 0 name44 could-be-large-44
+ attack.invalid TRUE / FALSE 0 name45 could-be-large-45
+ attack.invalid TRUE / FALSE 0 name46 could-be-large-46
+ attack.invalid TRUE / FALSE 0 name47 could-be-large-47
+ attack.invalid TRUE / FALSE 0 name48 could-be-large-48
+ attack.invalid TRUE / FALSE 0 name49 could-be-large-49
+ attack.invalid TRUE / FALSE 0 name50 could-be-large-50
+ attack.invalid TRUE / FALSE 0 name51 could-be-large-51
+ attack.invalid TRUE / FALSE 0 name52 could-be-large-52
+ attack.invalid TRUE / FALSE 0 name53 could-be-large-53
+ attack.invalid TRUE / FALSE 0 name54 could-be-large-54
+ attack.invalid TRUE / FALSE 0 name55 could-be-large-55
+ attack.invalid TRUE / FALSE 0 name56 could-be-large-56
+ attack.invalid TRUE / FALSE 0 name57 could-be-large-57
+ attack.invalid TRUE / FALSE 0 name58 could-be-large-58
+ attack.invalid TRUE / FALSE 0 name59 could-be-large-59
+ attack.invalid TRUE / FALSE 0 name60 could-be-large-60
+ attack.invalid TRUE / FALSE 0 name61 could-be-large-61
+ attack.invalid TRUE / FALSE 0 name62 could-be-large-62
+ attack.invalid TRUE / FALSE 0 name63 could-be-large-63
+ attack.invalid TRUE / FALSE 0 name64 could-be-large-64
+ attack.invalid TRUE / FALSE 0 name65 could-be-large-65
+ attack.invalid TRUE / FALSE 0 name66 could-be-large-66
+ attack.invalid TRUE / FALSE 0 name67 could-be-large-67
+ attack.invalid TRUE / FALSE 0 name68 could-be-large-68
+ attack.invalid TRUE / FALSE 0 name69 could-be-large-69
+ attack.invalid TRUE / FALSE 0 name70 could-be-large-70
+ attack.invalid TRUE / FALSE 0 name71 could-be-large-71
+ attack.invalid TRUE / FALSE 0 name72 could-be-large-72
+ attack.invalid TRUE / FALSE 0 name73 could-be-large-73
+ attack.invalid TRUE / FALSE 0 name74 could-be-large-74
+ attack.invalid TRUE / FALSE 0 name75 could-be-large-75
+ attack.invalid TRUE / FALSE 0 name76 could-be-large-76
+ attack.invalid TRUE / FALSE 0 name77 could-be-large-77
+ attack.invalid TRUE / FALSE 0 name78 could-be-large-78
+ attack.invalid TRUE / FALSE 0 name79 could-be-large-79
+ attack.invalid TRUE / FALSE 0 name80 could-be-large-80
+ attack.invalid TRUE / FALSE 0 name81 could-be-large-81
+ attack.invalid TRUE / FALSE 0 name82 could-be-large-82
+ attack.invalid TRUE / FALSE 0 name83 could-be-large-83
+ attack.invalid TRUE / FALSE 0 name84 could-be-large-84
+ attack.invalid TRUE / FALSE 0 name85 could-be-large-85
+ attack.invalid TRUE / FALSE 0 name86 could-be-large-86
+ attack.invalid TRUE / FALSE 0 name87 could-be-large-87
+ attack.invalid TRUE / FALSE 0 name88 could-be-large-88
+ attack.invalid TRUE / FALSE 0 name89 could-be-large-89
+ attack.invalid TRUE / FALSE 0 name90 could-be-large-90
+ attack.invalid TRUE / FALSE 0 name91 could-be-large-91
+ attack.invalid TRUE / FALSE 0 name92 could-be-large-92
+ attack.invalid TRUE / FALSE 0 name93 could-be-large-93
+ attack.invalid TRUE / FALSE 0 name94 could-be-large-94
+ attack.invalid TRUE / FALSE 0 name95 could-be-large-95
+ attack.invalid TRUE / FALSE 0 name96 could-be-large-96
+ attack.invalid TRUE / FALSE 0 name97 could-be-large-97
+ attack.invalid TRUE / FALSE 0 name98 could-be-large-98
+ attack.invalid TRUE / FALSE 0 name99 could-be-large-99
+ attack.invalid TRUE / FALSE 0 name100 could-be-large-100
+ attack.invalid TRUE / FALSE 0 name101 could-be-large-101
+ attack.invalid TRUE / FALSE 0 name102 could-be-large-102
+ attack.invalid TRUE / FALSE 0 name103 could-be-large-103
+ attack.invalid TRUE / FALSE 0 name104 could-be-large-104
+ attack.invalid TRUE / FALSE 0 name105 could-be-large-105
+ attack.invalid TRUE / FALSE 0 name106 could-be-large-106
+ attack.invalid TRUE / FALSE 0 name107 could-be-large-107
+ attack.invalid TRUE / FALSE 0 name108 could-be-large-108
+ attack.invalid TRUE / FALSE 0 name109 could-be-large-109
+ attack.invalid TRUE / FALSE 0 name110 could-be-large-110
+ attack.invalid TRUE / FALSE 0 name111 could-be-large-111
+ attack.invalid TRUE / FALSE 0 name112 could-be-large-112
+ attack.invalid TRUE / FALSE 0 name113 could-be-large-113
+ attack.invalid TRUE / FALSE 0 name114 could-be-large-114
+ attack.invalid TRUE / FALSE 0 name115 could-be-large-115
+ attack.invalid TRUE / FALSE 0 name116 could-be-large-116
+ attack.invalid TRUE / FALSE 0 name117 could-be-large-117
+ attack.invalid TRUE / FALSE 0 name118 could-be-large-118
+ attack.invalid TRUE / FALSE 0 name119 could-be-large-119
+ attack.invalid TRUE / FALSE 0 name120 could-be-large-120
+ attack.invalid TRUE / FALSE 0 name121 could-be-large-121
+ attack.invalid TRUE / FALSE 0 name122 could-be-large-122
+ attack.invalid TRUE / FALSE 0 name123 could-be-large-123
+ attack.invalid TRUE / FALSE 0 name124 could-be-large-124
+ attack.invalid TRUE / FALSE 0 name125 could-be-large-125
+ attack.invalid TRUE / FALSE 0 name126 could-be-large-126
+ attack.invalid TRUE / FALSE 0 name127 could-be-large-127
+ attack.invalid TRUE / FALSE 0 name128 could-be-large-128
+ attack.invalid TRUE / FALSE 0 name129 could-be-large-129
+ attack.invalid TRUE / FALSE 0 name130 could-be-large-130
+ attack.invalid TRUE / FALSE 0 name131 could-be-large-131
+ attack.invalid TRUE / FALSE 0 name132 could-be-large-132
+ attack.invalid TRUE / FALSE 0 name133 could-be-large-133
+ attack.invalid TRUE / FALSE 0 name134 could-be-large-134
+ attack.invalid TRUE / FALSE 0 name135 could-be-large-135
+ attack.invalid TRUE / FALSE 0 name136 could-be-large-136
+ attack.invalid TRUE / FALSE 0 name137 could-be-large-137
+ attack.invalid TRUE / FALSE 0 name138 could-be-large-138
+ attack.invalid TRUE / FALSE 0 name139 could-be-large-139
+ attack.invalid TRUE / FALSE 0 name140 could-be-large-140
+ attack.invalid TRUE / FALSE 0 name141 could-be-large-141
+ attack.invalid TRUE / FALSE 0 name142 could-be-large-142
+ attack.invalid TRUE / FALSE 0 name143 could-be-large-143
+ attack.invalid TRUE / FALSE 0 name144 could-be-large-144
+ attack.invalid TRUE / FALSE 0 name145 could-be-large-145
+ attack.invalid TRUE / FALSE 0 name146 could-be-large-146
+ attack.invalid TRUE / FALSE 0 name147 could-be-large-147
+ attack.invalid TRUE / FALSE 0 name148 could-be-large-148
+ attack.invalid TRUE / FALSE 0 name149 could-be-large-149
+ attack.invalid TRUE / FALSE 0 name150 could-be-large-150
+ attack.invalid TRUE / FALSE 0 name151 could-be-large-151
+ </file>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET /a/b/%TESTNUMBER HTTP/1.1
+ Host: attack.invalid:%HTTPPORT
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Cookie: name150=could-be-large-150; name149=could-be-large-149; name148=could-be-large-148; name147=could-be-large-147; name146=could-be-large-146; name145=could-be-large-145; name144=could-be-large-144; name143=could-be-large-143; name142=could-be-large-142; name141=could-be-large-141; name140=could-be-large-140; name139=could-be-large-139; name138=could-be-large-138; name137=could-be-large-137; name136=could-be-large-136; name135=could-be-large-135; name134=could-be-large-134; name133=could-be-large-133; name132=could-be-large-132; name131=could-be-large-131; name130=could-be-large-130; name129=could-be-large-129; name128=could-be-large-128; name127=could-be-large-127; name126=could-be-large-126; name125=could-be-large-125; name124=could-be-large-124; name123=could-be-large-123; name122=could-be-large-122; name121=could-be-large-121; name120=could-be-large-120; name119=could-be-large-119; name118=could-be-large-118; name117=could-be-large-117; name116=could-be-large-116; name115=could-be-large-115; name114=could-be-large-114; name113=could-be-large-113; name112=could-be-large-112; name111=could-be-large-111; name110=could-be-large-110; name109=could-be-large-109; name108=could-be-large-108; name107=could-be-large-107; name106=could-be-large-106; name105=could-be-large-105; name104=could-be-large-104; name103=could-be-large-103; name102=could-be-large-102; name101=could-be-large-101; name100=could-be-large-100; name99=could-be-large-99; name98=could-be-large-98; name97=could-be-large-97; name96=could-be-large-96; name95=could-be-large-95; name94=could-be-large-94; name93=could-be-large-93; name92=could-be-large-92; name91=could-be-large-91; name90=could-be-large-90; name89=could-be-large-89; name88=could-be-large-88; name87=could-be-large-87; name86=could-be-large-86; name85=could-be-large-85; name84=could-be-large-84; name83=could-be-large-83; name82=could-be-large-82; name81=could-be-large-81; name80=could-be-large-80; name79=could-be-large-79; name78=could-be-large-78; name77=could-be-large-77; name76=could-be-large-76; name75=could-be-large-75; name74=could-be-large-74; name73=could-be-large-73; name72=could-be-large-72; name71=could-be-large-71; name70=could-be-large-70; name69=could-be-large-69; name68=could-be-large-68; name67=could-be-large-67; name66=could-be-large-66; name65=could-be-large-65; name64=could-be-large-64; name63=could-be-large-63; name62=could-be-large-62; name61=could-be-large-61; name60=could-be-large-60; name59=could-be-large-59; name58=could-be-large-58; name57=could-be-large-57; name56=could-be-large-56; name55=could-be-large-55; name54=could-be-large-54; name53=could-be-large-53; name52=could-be-large-52; name51=could-be-large-51; name50=could-be-large-50; name49=could-be-large-49; name48=could-be-large-48; name47=could-be-large-47; name46=could-be-large-46; name45=could-be-large-45; name44=could-be-large-44; name43=could-be-large-43; name42=could-be-large-42; name41=could-be-large-41; name40=could-be-large-40; name39=could-be-large-39; name38=could-be-large-38; name37=could-be-large-37; name36=could-be-large-36; name35=could-be-large-35; name34=could-be-large-34; name33=could-be-large-33; name32=could-be-large-32; name31=could-be-large-31; name30=could-be-large-30; name29=could-be-large-29; name28=could-be-large-28; name27=could-be-large-27; name26=could-be-large-26; name25=could-be-large-25; name24=could-be-large-24; name23=could-be-large-23; name22=could-be-large-22; name21=could-be-large-21; name20=could-be-large-20; name19=could-be-large-19; name18=could-be-large-18; name17=could-be-large-17; name16=could-be-large-16; name15=could-be-large-15; name14=could-be-large-14; name13=could-be-large-13; name12=could-be-large-12; name11=could-be-large-11; name10=could-be-large-10; name9=could-be-large-9; name8=could-be-large-8; name7=could-be-large-7; name6=could-be-large-6; name5=could-be-large-5; name4=could-be-large-4; name3=could-be-large-3; name2=could-be-large-2; name1=could-be-large-1
+
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test443 curl_h5/tests/data/test443
--- 1,78 ----
+ # perl:
+ #
+ #for(1 .. 20) {
+ # print join("\t",
+ # "attack.invalid", "TRUE", "/", "FALSE", "0",
+ # "huge-$_", ('a' x 500)."-$_")."\n";
+ #}
+ #
+ <testcase>
+ <info>
+ <keywords>
+ HTTP
+ cookies
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 6
+
+ -foo-
+ </data>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <name>
+ Cookie header in request no longer than 8K
+ </name>
+ <command>
+ http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -b log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP -L
+ </command>
+ <file name="log/cookie%TESTNUMBER" mode="text">
+ attack.invalid TRUE / FALSE 0 huge-1 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-1
+ attack.invalid TRUE / FALSE 0 huge-2 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-2
+ attack.invalid TRUE / FALSE 0 huge-3 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-3
+ attack.invalid TRUE / FALSE 0 huge-4 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-4
+ attack.invalid TRUE / FALSE 0 huge-5 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-5
+ attack.invalid TRUE / FALSE 0 huge-6 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-6
+ attack.invalid TRUE / FALSE 0 huge-7 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-7
+ attack.invalid TRUE / FALSE 0 huge-8 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-8
+ attack.invalid TRUE / FALSE 0 huge-9 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-9
+ attack.invalid TRUE / FALSE 0 huge-10 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-10
+ attack.invalid TRUE / FALSE 0 huge-11 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-11
+ attack.invalid TRUE / FALSE 0 huge-12 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-12
+ attack.invalid TRUE / FALSE 0 huge-13 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-13
+ attack.invalid TRUE / FALSE 0 huge-14 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-14
+ attack.invalid TRUE / FALSE 0 huge-15 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-15
+ attack.invalid TRUE / FALSE 0 huge-16 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-16
+ attack.invalid TRUE / FALSE 0 huge-17 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-17
+ attack.invalid TRUE / FALSE 0 huge-18 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-18
+ attack.invalid TRUE / FALSE 0 huge-19 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-19
+ attack.invalid TRUE / FALSE 0 huge-20 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-20
+ </file>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET /a/b/%TESTNUMBER HTTP/1.1
+ Host: attack.invalid:%HTTPPORT
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Cookie: huge-20=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-20; huge-19=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-19; huge-18=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-18; huge-17=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-17; huge-16=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-16; huge-15=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-15; huge-14=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-14; huge-13=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-13; huge-12=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-12; huge-11=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-11; huge-10=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-10; huge-9=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-9; huge-8=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-8; huge-7=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-7; huge-6=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-6
+
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test444 curl_h5/tests/data/test444
--- 1,189 ----
+ # perl:
+ #
+ #for(1 .. 200) {
+ #
+ #}
+ #
+ <testcase>
+ <info>
+ <keywords>
+ HTTP
+ cookies
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 6
+ Set-Cookie: cookie-1=yes;
+ Set-Cookie: cookie-2=yes;
+ Set-Cookie: cookie-3=yes;
+ Set-Cookie: cookie-4=yes;
+ Set-Cookie: cookie-5=yes;
+ Set-Cookie: cookie-6=yes;
+ Set-Cookie: cookie-7=yes;
+ Set-Cookie: cookie-8=yes;
+ Set-Cookie: cookie-9=yes;
+ Set-Cookie: cookie-10=yes;
+ Set-Cookie: cookie-11=yes;
+ Set-Cookie: cookie-12=yes;
+ Set-Cookie: cookie-13=yes;
+ Set-Cookie: cookie-14=yes;
+ Set-Cookie: cookie-15=yes;
+ Set-Cookie: cookie-16=yes;
+ Set-Cookie: cookie-17=yes;
+ Set-Cookie: cookie-18=yes;
+ Set-Cookie: cookie-19=yes;
+ Set-Cookie: cookie-20=yes;
+ Set-Cookie: cookie-21=yes;
+ Set-Cookie: cookie-22=yes;
+ Set-Cookie: cookie-23=yes;
+ Set-Cookie: cookie-24=yes;
+ Set-Cookie: cookie-25=yes;
+ Set-Cookie: cookie-26=yes;
+ Set-Cookie: cookie-27=yes;
+ Set-Cookie: cookie-28=yes;
+ Set-Cookie: cookie-29=yes;
+ Set-Cookie: cookie-30=yes;
+ Set-Cookie: cookie-31=yes;
+ Set-Cookie: cookie-32=yes;
+ Set-Cookie: cookie-33=yes;
+ Set-Cookie: cookie-34=yes;
+ Set-Cookie: cookie-35=yes;
+ Set-Cookie: cookie-36=yes;
+ Set-Cookie: cookie-37=yes;
+ Set-Cookie: cookie-38=yes;
+ Set-Cookie: cookie-39=yes;
+ Set-Cookie: cookie-40=yes;
+ Set-Cookie: cookie-41=yes;
+ Set-Cookie: cookie-42=yes;
+ Set-Cookie: cookie-43=yes;
+ Set-Cookie: cookie-44=yes;
+ Set-Cookie: cookie-45=yes;
+ Set-Cookie: cookie-46=yes;
+ Set-Cookie: cookie-47=yes;
+ Set-Cookie: cookie-48=yes;
+ Set-Cookie: cookie-49=yes;
+ Set-Cookie: cookie-50=yes;
+ Set-Cookie: cookie-51=yes;
+ Set-Cookie: cookie-52=yes;
+ Set-Cookie: cookie-53=yes;
+ Set-Cookie: cookie-54=yes;
+ Set-Cookie: cookie-55=yes;
+ Set-Cookie: cookie-56=yes;
+ Set-Cookie: cookie-57=yes;
+ Set-Cookie: cookie-58=yes;
+ Set-Cookie: cookie-59=yes;
+ Set-Cookie: cookie-60=yes;
+ Set-Cookie: cookie-61=yes;
+ Set-Cookie: cookie-62=yes;
+ Set-Cookie: cookie-63=yes;
+ Set-Cookie: cookie-64=yes;
+ Set-Cookie: cookie-65=yes;
+ Set-Cookie: cookie-66=yes;
+ Set-Cookie: cookie-67=yes;
+ Set-Cookie: cookie-68=yes;
+ Set-Cookie: cookie-69=yes;
+ Set-Cookie: cookie-70=yes;
+ Set-Cookie: cookie-71=yes;
+ Set-Cookie: cookie-72=yes;
+ Set-Cookie: cookie-73=yes;
+ Set-Cookie: cookie-74=yes;
+ Set-Cookie: cookie-75=yes;
+ Set-Cookie: cookie-76=yes;
+ Set-Cookie: cookie-77=yes;
+ Set-Cookie: cookie-78=yes;
+ Set-Cookie: cookie-79=yes;
+ Set-Cookie: cookie-80=yes;
+
+ -foo-
+ </data>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <name>
+ Many Set-Cookie response headers
+ </name>
+ <command>
+ http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -c log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET /a/b/%TESTNUMBER HTTP/1.1
+ Host: attack.invalid:%HTTPPORT
+ User-Agent: curl/%VERSION
+ Accept: */*
+
+ </protocol>
+ <file name="log/cookie%TESTNUMBER" mode="text">
+ # Netscape HTTP Cookie File
+ # https://curl.se/docs/http-cookies.html
+ # This file was generated by libcurl! Edit at your own risk.
+
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-50 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-49 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-48 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-47 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-46 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-45 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-44 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-43 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-42 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-41 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-40 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-39 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-38 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-37 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-36 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-35 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-34 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-33 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-32 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-31 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-30 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-29 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-28 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-27 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-26 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-25 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-24 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-23 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-22 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-21 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-20 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-19 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-18 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-17 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-16 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-15 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-14 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-13 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-12 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-11 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-10 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-9 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-8 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-7 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-6 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-5 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-4 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-3 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-2 yes
+ attack.invalid FALSE /a/b/ FALSE 0 cookie-1 yes
+ </file>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test898 curl_h5/tests/data/test898
--- 1,90 ----
+ <testcase>
+ <info>
+ <keywords>
+ HTTP
+ --location
+ Authorization
+ Cookie
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
+
+ </data>
+ <data2>
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 4
+ Connection: close
+ Content-Type: text/html
+
+ hey
+ </data2>
+
+ <datacheck>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
+
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 4
+ Connection: close
+ Content-Type: text/html
+
+ hey
+ </datacheck>
+
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <name>
+ HTTP with custom auth and cookies redirected to HTTP on a diff port
+ </name>
+ <command>
+ -x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -H "Authorization: Basic am9lOnNlY3JldA==" -H "Cookie: userpwd=am9lOnNlY3JldA=="
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET http://firsthost.com/ HTTP/1.1
+ Host: firsthost.com
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+ Authorization: Basic am9lOnNlY3JldA==
+ Cookie: userpwd=am9lOnNlY3JldA==
+
+ GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
+ Host: firsthost.com:9999
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test973 curl_h5/tests/data/test973
--- 1,88 ----
+ <testcase>
+ <info>
+ <keywords>
+ HTTP
+ FTP
+ --location
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
+
+ </data>
+ <data2>
+ data
+ to
+ see
+ that FTP
+ works
+ so does it?
+ </data2>
+
+ <datacheck>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
+
+ data
+ to
+ see
+ that FTP
+ works
+ so does it?
+ </datacheck>
+
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ ftp
+ </server>
+ <name>
+ HTTP with auth redirected to FTP w/o auth
+ </name>
+ <command>
+ http://%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u joe:secret
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET /%TESTNUMBER HTTP/1.1
+ Host: %HOSTIP:%HTTPPORT
+ Authorization: Basic am9lOnNlY3JldA==
+ User-Agent: curl/%VERSION
+ Accept: */*
+
+ USER anonymous
+ PASS ftp@example.com
+ PWD
+ CWD a
+ CWD path
+ EPSV
+ TYPE I
+ SIZE %TESTNUMBER0002
+ RETR %TESTNUMBER0002
+ QUIT
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test974 curl_h5/tests/data/test974
--- 1,87 ----
+ <testcase>
+ <info>
+ <keywords>
+ HTTP
+ --location
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
+
+ </data>
+ <data2>
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 4
+ Connection: close
+ Content-Type: text/html
+
+ hey
+ </data2>
+
+ <datacheck>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
+
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 4
+ Connection: close
+ Content-Type: text/html
+
+ hey
+ </datacheck>
+
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <name>
+ HTTP with auth redirected to HTTP on a diff port w/o auth
+ </name>
+ <command>
+ -x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET http://firsthost.com/ HTTP/1.1
+ Host: firsthost.com
+ Authorization: Basic am9lOnNlY3JldA==
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
+ Host: firsthost.com:9999
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test975 curl_h5/tests/data/test975
--- 1,88 ----
+ <testcase>
+ <info>
+ <keywords>
+ HTTP
+ FTP
+ --location-trusted
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
+
+ </data>
+ <data2>
+ data
+ to
+ see
+ that FTP
+ works
+ so does it?
+ </data2>
+
+ <datacheck>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
+
+ data
+ to
+ see
+ that FTP
+ works
+ so does it?
+ </datacheck>
+
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ ftp
+ </server>
+ <name>
+ HTTP with auth redirected to FTP allowing auth to continue
+ </name>
+ <command>
+ http://%HOSTIP:%HTTPPORT/%TESTNUMBER --location-trusted -u joe:secret
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET /%TESTNUMBER HTTP/1.1
+ Host: %HOSTIP:%HTTPPORT
+ Authorization: Basic am9lOnNlY3JldA==
+ User-Agent: curl/%VERSION
+ Accept: */*
+
+ USER joe
+ PASS secret
+ PWD
+ CWD a
+ CWD path
+ EPSV
+ TYPE I
+ SIZE %TESTNUMBER0002
+ RETR %TESTNUMBER0002
+ QUIT
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test976 curl_h5/tests/data/test976
--- 1,88 ----
+ <testcase>
+ <info>
+ <keywords>
+ HTTP
+ --location-trusted
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
+
+ </data>
+ <data2>
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 4
+ Connection: close
+ Content-Type: text/html
+
+ hey
+ </data2>
+
+ <datacheck>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
+
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 4
+ Connection: close
+ Content-Type: text/html
+
+ hey
+ </datacheck>
+
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <name>
+ HTTP with auth redirected to HTTP on a diff port --location-trusted
+ </name>
+ <command>
+ -x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET http://firsthost.com/ HTTP/1.1
+ Host: firsthost.com
+ Authorization: Basic am9lOnNlY3JldA==
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
+ Host: firsthost.com:9999
+ Authorization: Basic am9lOnNlY3JldA==
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test980 curl_h5/tests/data/test980
--- 1,52 ----
+ <testcase>
+ <info>
+ <keywords>
+ SMTP
+ STARTTLS
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <servercmd>
+ CAPA STARTTLS
+ AUTH PLAIN
+ REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted
+ REPLY AUTH 535 5.7.8 Authentication credentials invalid
+ </servercmd>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <features>
+ SSL
+ </features>
+ <server>
+ smtp
+ </server>
+ <name>
+ SMTP STARTTLS pipelined server response
+ </name>
+ <stdin>
+ mail body
+ </stdin>
+ <command>
+ smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T -
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ # 8 is CURLE_WEIRD_SERVER_REPLY
+ <errorcode>
+ 8
+ </errorcode>
+ <protocol>
+ EHLO %TESTNUMBER
+ STARTTLS
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test981 curl_h5/tests/data/test981
--- 1,59 ----
+ <testcase>
+ <info>
+ <keywords>
+ IMAP
+ STARTTLS
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <servercmd>
+ CAPA STARTTLS
+ REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted
+ REPLY LOGIN A003 BAD Authentication credentials invalid
+ </servercmd>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <features>
+ SSL
+ </features>
+ <server>
+ imap
+ </server>
+ <name>
+ IMAP STARTTLS pipelined server response
+ </name>
+ <command>
+ imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl
+ </command>
+ <file name="log/upload%TESTNUMBER">
+ Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
+ From: Fred Foobar <foobar@example.COM>
+ Subject: afternoon meeting
+ To: joe@example.com
+ Message-Id: <B27397-0100000@example.COM>
+ MIME-Version: 1.0
+ Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
+
+ Hello Joe, do you think we can meet at 3:30 tomorrow?
+ </file>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ # 8 is CURLE_WEIRD_SERVER_REPLY
+ <errorcode>
+ 8
+ </errorcode>
+ <protocol>
+ A001 CAPABILITY
+ A002 STARTTLS
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test982 curl_h5/tests/data/test982
--- 1,57 ----
+ <testcase>
+ <info>
+ <keywords>
+ POP3
+ STARTTLS
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <servercmd>
+ CAPA STLS USER
+ REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated
+ REPLY PASS -ERR Authentication credentials invalid
+ </servercmd>
+ <data nocheck="yes">
+ From: me@somewhere
+ To: fake@nowhere
+
+ body
+
+ --
+ yours sincerely
+ </data>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <features>
+ SSL
+ </features>
+ <server>
+ pop3
+ </server>
+ <name>
+ POP3 STARTTLS pipelined server response
+ </name>
+ <command>
+ pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ # 8 is CURLE_WEIRD_SERVER_REPLY
+ <errorcode>
+ 8
+ </errorcode>
+ <protocol>
+ CAPA
+ STLS
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test983 curl_h5/tests/data/test983
--- 1,52 ----
+ <testcase>
+ <info>
+ <keywords>
+ FTP
+ STARTTLS
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <servercmd>
+ REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete
+ REPLY PASS 530 Login incorrect
+ </servercmd>
+ </reply>
+
+ # Client-side
+ <client>
+ <features>
+ SSL
+ </features>
+ <server>
+ ftp
+ </server>
+ <name>
+ FTP STARTTLS pipelined server response
+ </name>
+ <file name="log/test%TESTNUMBER.txt">
+ data
+ to
+ see
+ that FTPS
+ works
+ so does it?
+ </file>
+ <command>
+ --ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP
+ </command>
+ </client>
+
+ # Verify data after the test has been "shot"
+ <verify>
+ # 8 is CURLE_WEIRD_SERVER_REPLY
+ <errorcode>
+ 8
+ </errorcode>
+ <protocol>
+ AUTH SSL
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test984 curl_h5/tests/data/test984
--- 1,56 ----
+ <testcase>
+ <info>
+ <keywords>
+ IMAP
+ STARTTLS
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <servercmd>
+ REPLY CAPABILITY A001 BAD Not implemented
+ </servercmd>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <features>
+ SSL
+ </features>
+ <server>
+ imap
+ </server>
+ <name>
+ IMAP require STARTTLS with failing capabilities
+ </name>
+ <command>
+ imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd
+ </command>
+ <file name="log/upload%TESTNUMBER">
+ Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
+ From: Fred Foobar <foobar@example.COM>
+ Subject: afternoon meeting
+ To: joe@example.com
+ Message-Id: <B27397-0100000@example.COM>
+ MIME-Version: 1.0
+ Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
+
+ Hello Joe, do you think we can meet at 3:30 tomorrow?
+ </file>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ # 64 is CURLE_USE_SSL_FAILED
+ <errorcode>
+ 64
+ </errorcode>
+ <protocol>
+ A001 CAPABILITY
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test985 curl_h5/tests/data/test985
--- 1,54 ----
+ <testcase>
+ <info>
+ <keywords>
+ POP3
+ STARTTLS
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <servercmd>
+ REPLY CAPA -ERR Not implemented
+ </servercmd>
+ <data nocheck="yes">
+ From: me@somewhere
+ To: fake@nowhere
+
+ body
+
+ --
+ yours sincerely
+ </data>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <features>
+ SSL
+ </features>
+ <server>
+ pop3
+ </server>
+ <name>
+ POP3 require STARTTLS with failing capabilities
+ </name>
+ <command>
+ pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ # 64 is CURLE_USE_SSL_FAILED
+ <errorcode>
+ 64
+ </errorcode>
+ <protocol>
+ CAPA
+ </protocol>
+ </verify>
+ </testcase>
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' curl/tests/data/test986 curl_h5/tests/data/test986
--- 1,53 ----
+ <testcase>
+ <info>
+ <keywords>
+ FTP
+ STARTTLS
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <servercmd>
+ REPLY welcome 230 Welcome
+ REPLY AUTH 500 unknown command
+ </servercmd>
+ </reply>
+
+ # Client-side
+ <client>
+ <features>
+ SSL
+ </features>
+ <server>
+ ftp
+ </server>
+ <name>
+ FTP require STARTTLS while preauthenticated
+ </name>
+ <file name="log/test%TESTNUMBER.txt">
+ data
+ to
+ see
+ that FTPS
+ works
+ so does it?
+ </file>
+ <command>
+ --ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret
+ </command>
+ </client>
+
+ # Verify data after the test has been "shot"
+ <verify>
+ # 64 is CURLE_USE_SSL_FAILED
+ <errorcode>
+ 64
+ </errorcode>
+ <protocol>
+ AUTH SSL
+ AUTH TLS
+ </protocol>
+ </verify>
+ </testcase>