Wei Weng | 1 Oct 01:47 2008

Re: libcurl.framework.make Question

AG wrote:
> I need to create a universal static library or a universal framework  
> on 10.5.4.
> 
> I downloaded curl-7.19.0 and ran configure.   When I try to run
> 	make build -e -f libcurl.framework.make
> I get a bunch of undefined symbols including: _ldap_memfree,  
> _ldap_free_urldesc, _ldap_simple_bind_s, _ldap_get_dn, etc.
> 
> My questions are:  does anyone know what steps are necessary for  
> successful compile of the framework or alternatively, does anyone have  
> an XCode project for compiling this as a static library?
> 
> TIA,
> 
> AG
> 
Looks like your system needs ldap-devl libraries.

You can disable the ldap support by running configure with "--disable-ldap"
option.

Thanks
Wei

Dan Fandrich | 1 Oct 08:04 2008

Re: [what do you think?] libcurl and security

On Fri, Sep 05, 2008 at 10:03:27AM +0200, Daniel Stenberg wrote:
> I'm going to do a talk[*] on security in "popular" open source software in 
> a while, with stories and experiences from our little project.
>
> So I'm curious on how you app authors feel about security and the curl  
> project, in general and specific cases. I feel that I have a view on this 
> from an author's perspective and I have opinions about what we (can) do to 
> make curl and libcurl remain safe and secure. But how do you users of 
> (primarily) libcurl view us; the code, the project, the product from a 
> security perspective?

I have some opinions on this from the perspective of having hacked the
libcurl code somewhat.  Many of the points I'm about to make aren't
specific to security, but are general problems that can result in
introduced bugs, many of which could have security implications.
curl deals with untrusted input from random remote servers so there are
many classes of bugs that can be exploited remotely (even if such bugs
only result in a crash, that's still a denial of service problem that
falls under the security heading).

The main issue I see with curl is the age of the code base. It's over ten
years old now and has been in continual development during that time.
Features have been tacked on one at a time, often through patches
created by people who aren't very familiar with the code or its design.
Over time, this results in effects like:

- Functions end up being much too long (I recall seeing a few at close to
1000 lines) as they're patched and expanded--I've found several
bugs by simply refactoring long functions into several smaller ones.
One problem had to do with local variables being declared hundreds of
(Continue reading)

Mukul Kedare | 1 Oct 08:22 2008
Picon

Re: Problem using curl easy Milli Seconds time out options ...

Hi ,

I tried version 7.19.0 too, still it did'nt work.
One more thing they say in man page --- if using standard name resolvers all the timeouts will be done in seconds unit.
Is there any thing regarding name resolvers that I can do while building libcurl ?
What are C-areas and how to enable it for libcurl built, I am searching for it but could not find anything uptill now.

Thanks
Mukul


On Tue, Sep 30, 2008 at 11:15 PM, Dan Fandrich <dan <at> coneharvesters.com> wrote:
On Tue, Sep 30, 2008 at 09:56:45PM +0530, Mukul Kedare wrote:
> I am using curl easy interface in my application, was trying to set
> CURLOPT_CONNECTTIMEOUT_MS and CURLOPT_TIMEOUT_MS options using curl_easy_setopt
> .
>                                curl_easy_setopt(curl_handle,
> CURLOPT_CONNECTTIMEOUT_MS, 20);
>                                curl_easy_setopt(curl_handle,
> CURLOPT_TIMEOUT_MS, 30);
>
>
> However the curl easy interface is not timing out in milli seconds unit but the
> same is working fine with timouts in second options ie ..
> CURLOPT_CONNECTTIMEOUT and CURLOPT_TIMEOUT.
>                               curl_easy_setopt(curl_handle,
> CURLOPT_CONNECTTIMEOUT, 1);
>                               curl_easy_setopt(curl_handle, CURLOPT_TIMEOUT,
> 1);
>
> What could be the reason that millisecond time out options are not working, is
> there any way to fix this issue.
> The curl_easy_setopt man page says that the MS options were added in version
> 7.16.2 and am using curl 7.17.0.

Some timeouts are limited to a minimum of 1 second when using a synchronous
host resolver. Try enabling C-Ares in your libcurl build and see if that
works any better.

>>> Dan
--
http://www.MoveAnnouncer.com              The web change of address service
         Let webmasters know that your web site has moved

Michael Wood | 1 Oct 08:58 2008
Picon

Re: Problem using curl easy Milli Seconds time out options ...

On Wed, Oct 1, 2008 at 8:22 AM, Mukul Kedare <kedare.mukul <at> gmail.com> wrote:
> Hi ,
>
> I tried version 7.19.0 too, still it did'nt work.
> One more thing they say in man page --- if using standard name resolvers all
> the timeouts will be done in seconds unit.
> Is there any thing regarding name resolvers that I can do while building
> libcurl ?
> What are C-areas and how to enable it for libcurl built, I am searching for
> it but could not find anything uptill now.

Perhaps your misspelling of the library name is causing you not to be
able to find it :)

http://daniel.haxx.se/projects/c-ares/

--

-- 
Michael Wood <esiotrot <at> gmail.com>

Mukul Kedare | 1 Oct 09:31 2008
Picon

Re: Problem using curl easy Milli Seconds time out options ...

ya I mis-spelled it :)

Thanks
Mukul

On Wed, Oct 1, 2008 at 12:28 PM, Michael Wood <esiotrot <at> gmail.com> wrote:
On Wed, Oct 1, 2008 at 8:22 AM, Mukul Kedare <kedare.mukul <at> gmail.com> wrote:
> Hi ,
>
> I tried version 7.19.0 too, still it did'nt work.
> One more thing they say in man page --- if using standard name resolvers all
> the timeouts will be done in seconds unit.
> Is there any thing regarding name resolvers that I can do while building
> libcurl ?
> What are C-areas and how to enable it for libcurl built, I am searching for
> it but could not find anything uptill now.

Perhaps your misspelling of the library name is causing you not to be
able to find it :)

http://daniel.haxx.se/projects/c-ares/

--
Michael Wood <esiotrot <at> gmail.com>

Daniel Stenberg | 1 Oct 09:48 2008
Picon

Re: Problem using curl easy Milli Seconds time out options ...

On Wed, 1 Oct 2008, Mukul Kedare wrote:

> Is there any thing regarding name resolvers that I can do while building
> libcurl ?

Here's a relevant piece from the FAQ:

 	http://curl.haxx.se/docs/faq.html#How_does_libcurl_resolve_host_na

--

-- 

  / daniel.haxx.se

Daniel Stenberg | 1 Oct 09:55 2008
Picon

Re: [what do you think?] libcurl and security

On Tue, 30 Sep 2008, Dan Fandrich wrote:

> I have some opinions on this from the perspective of having hacked the 
> libcurl code somewhat.  Many of the points I'm about to make aren't specific 
> to security, but are general problems that can result in introduced bugs, 
> many of which could have security implications. curl deals with untrusted 
> input from random remote servers so there are many classes of bugs that can 
> be exploited remotely (even if such bugs only result in a crash, that's 
> still a denial of service problem that falls under the security heading).

Thanks for your thoughts and perspective on these issues. I think I've got my 
nose buried a bit too deep into the code at times to realize these things 
myself, but of course all the points you make are reasonable and agreeable!

I wish the coverity[*] scan guys would do another scan on the libcurl source 
code. The one they did on 7.16.1 resulted in almost 30 potential flaws - and 
while we have all of them fixed since I'm sure there are more (new?) to 
find...

[*]= http://daniel.haxx.se/blog/2008/05/20/coveritys-open-source-bug-report/

--

-- 

  / daniel.haxx.se

Jvp | 1 Oct 10:22 2008
Picon

FreeBasic & Dos

Hi all
 
New to the list and LibcURL.
 
I am investigating the use of the library with FreeBasic for Dos.
Reading the site information, I simply cant get an overall picture of what is required to do that.
When I emailed to the person on the Dos bindings page (Doug Kaufman) the reply indicated that he is not involved with
and does not use the library.
 
I use Win95 Dos together with CwsDPMI on a Compact Flash Card to boot
my machines. (Industrial Weighing Machines)
The Freebasic libraries are supplemented with Allegro & CGUI.
 
The aim is to include a Network for reporting to Windows computers.
I have done this previously in 16bit Dos, but need to do this without jumping back & forth to real mode  (Hopefully with LibcURL)
 
The assumptions I have made of what would be needed is as follows.
 
1.Compile the Library with DJGPP
2.Create or convert a header file for FreeBasic.
3.Link the library to my code.
4.Call the routines from my code.
5.Find a packet driver (32 bit) ? NE2000 ?
 
Sounds simple enough, but ....
Does anybody on the group have experience with porting the Library to Dos.?
 
 
Regards from downunder.
 
Daniel Stenberg | 1 Oct 10:40 2008
Picon

Re: FreeBasic & Dos

On Wed, 1 Oct 2008, Jvp wrote:

> I am investigating the use of the library with FreeBasic for Dos. Reading 
> the site information, I simply cant get an overall picture of what is 
> required to do that.

Make libcurl compile and run on DOS? That should be doable with 
lib/makefile.dj, or at least that's a start to work from.

Then make sure FreeBasic can use libcurl. That's then basically "just" a 
question of making a binding for FreeBasic to libcurl.

> Does anybody on the group have experience with porting the Library to Dos.?

It has been built for DOS for quite a while so even though it may have quirks 
at times, I believe it should work with not too much trouble.

--

-- 

  / daniel.haxx.se

Yang Tse | 1 Oct 14:36 2008
Picon

Re: gcc warnings in non-debug builds

2008/9/30, Daniel Stenberg wrote:

> We could also of course introduce a new --enable-warnings configure option
> that would only do exactly that (== enable picky compiler warning options)
> and not all the (other) magic --enable-debug does.

An --enable-warnings option is the kitchen ;-)

--

-- 
-=[Yang]=-


Gmane