* Fix compilation on BoringSSL by replacing ASN1_TIME_to_tm
BoringSSL doesn't expose `ASN1_TIME_to_tm`.
This patch switches to using `ASN1_TIME_diff` to calculate `time_t`.
This is supported by OpenSSL, LibreSSL, and BoringSSL, and also avoids
the platform-specific `timegm` vs `_mkgmtime` logic.
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
* Format code
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
* Use detail::scope_exit
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
---------
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
* Correct sign comparison error with sk_X509_OBJECT_num
In some build configurations, sk_X509_OBJECT_num (from BoringSSL) returns a size_t. Comparing this directly against a signed int loop counter triggers -Werror,-Wsign-compare.
Instead, move the count into a local int variable so the compiler uses implicit conversion to ensure type consistency during the loop comparison.
* Update httplib.h
* Update httplib.h
Missed a s/int/decltype(count)
* Fix#2339
* Fix CI errors
* Fix Windows build error
* Fix CI errors on Windows
* Fix payload_max_length initialization in BodyReader
* Initialize payload_max_length with CPPHTTPLIB_PAYLOAD_MAX_LENGTH in BodyReader
* Update README and tests to clarify payload_max_length behavior and add no limit case
* Fix server thread lambda capture in ClientVulnerabilityTest
* Add C++ modules support
* Add module examples
* Missing semicolon
* Update GitHub Actions script and create a modules updating script
* Name the unused param
* Use the guarded/direct export of header approach
* Update CMakeLists.txt
Co-authored-by: Andrea Pappacoda <andrea@pappacoda.it>
* Update CMakeLists.txt
Co-authored-by: Andrea Pappacoda <andrea@pappacoda.it>
* Split scripts into split.py and generate_module.py
---------
Co-authored-by: Andrea Pappacoda <andrea@pappacoda.it>
* Add Tests for case sensitive hostname verfication
* Modify check_host_name to perform case insensitive comparisons during ssl hostname validation
---------
Co-authored-by: Tabor, Chris <chris.tabor@commscope.com>
Both APIs conceptually do the same thing: "use these CA certs for
verification." However, set_ca_cert_store() falls through to the else
branch in load_certs() where system certs are added to the user's
custom store, defeating the purpose of certificate pinning.
This change makes set_ca_cert_store() behave consistently with
set_ca_cert_path() by checking ca_cert_store_ before loading system
certificates.
Added test to verify system certs are not loaded when custom store is set.
Co-authored-by: Your <you@example.com>
* Resolve#2262
* Enhance request handling on Windows by adding early response check for large request bodies
* Enhance early response handling for large requests with long URIs on Windows
* Fix problem with 'windows without SSL`
* Fix payload limit enforcement for requests without Content-Length on Windows
- Enable MSG_PEEK on Windows (non-SSL builds) to detect payloads without Content-Length
- Only use MSG_PEEK when payload_max_length is set to a finite value to avoid blocking
- Use read_content_without_length for actual size checking to support any payload limit
- Set 413 Payload Too Large status before rejecting oversized requests
This fixes three test cases on Windows:
- RequestWithoutContentLengthOrTransferEncoding (no payload limit)
- NoContentLengthPayloadLimit (8-byte limit)
- NoContentLengthExceeds10MB (10MB limit)
* clang-format
* Ensure payload_max_length_ is respected for compressed payloads
* Fix Denial of service (DOS) using zip bomb
---------
Co-authored-by: Hritik Vijay <hey@hritik.sh>
On Windows cpp-httplib defines ssize_t, therefore applications needing
to define ssize_t for their own needs or are using libraries that do
require a means to avoid a possible incompatible redefinition.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
