Fix curl deprecation warnings, and set minimum curl version to 7.56.0

doc/compiling/linux.md

@@ -13,6 +13,7 @@
 | LuaJIT     | 2.0+    | Bundled Lua 5.1 is used if not present |
 | GMP        | 5.0.0+  | Bundled mini-GMP is used if not present |
 | JsonCPP    | 1.0.0+  | Bundled JsonCPP is used if not present |
+| Curl       | 7.56.0+ | Optional   |
 
 For Debian/Ubuntu users:
 

src/httpfetch.cpp

@@ -213,26 +213,22 @@ public:
 
 private:
 	CurlHandlePool *pool;
-	CURL *curl;
+	CURL *curl = nullptr;
-	CURLM *multi;
+	CURLM *multi = nullptr;
 	HTTPFetchRequest request;
 	HTTPFetchResult result;
 	std::ostringstream oss;
-	struct curl_slist *http_header;
+	struct curl_slist *http_header = nullptr;
-	curl_httppost *post;
+	curl_mime *multipart_mime = nullptr;
 };
 
 
 HTTPFetchOngoing::HTTPFetchOngoing(const HTTPFetchRequest &request_,
 		CurlHandlePool *pool_):
 	pool(pool_),
-	curl(NULL),
-	multi(NULL),
 	request(request_),
 	result(request_),
-	oss(std::ios::binary),
+	oss(std::ios::binary)
-	http_header(NULL),
-	post(NULL)
 {
 	curl = pool->alloc();
 	if (curl == NULL) {
@@ -254,10 +250,15 @@ HTTPFetchOngoing::HTTPFetchOngoing(const HTTPFetchRequest &request_,
 		curl_easy_setopt(curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
 	}
 
-#if LIBCURL_VERSION_NUM >= 0x071304
 	// Restrict protocols so that curl vulnerabilities in
 	// other protocols don't affect us.
-	// These settings were introduced in curl 7.19.4.
+#if LIBCURL_VERSION_NUM >= 0x075500
+	// These settings were introduced in curl 7.85.0.
+	const char *protocols = "HTTP,HTTPS,FTP,FTPS";
+	curl_easy_setopt(curl, CURLOPT_PROTOCOLS_STR, protocols);
+	curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS_STR, protocols);
+#elif LIBCURL_VERSION_NUM >= 0x071304
+	// These settings were introduced in curl 7.19.4, and later deprecated.
 	long protocols =
 		CURLPROTO_HTTP |
 		CURLPROTO_HTTPS |
@@ -293,19 +294,13 @@ HTTPFetchOngoing::HTTPFetchOngoing(const HTTPFetchRequest &request_,
 
 	// Set data from fields or raw_data
 	if (request.multipart) {
-		curl_httppost *last = NULL;
+		multipart_mime = curl_mime_init(curl);
-		for (StringMap::iterator it = request.fields.begin();
+		for (auto &it : request.fields) {
-				it != request.fields.end(); ++it) {
+			curl_mimepart *part = curl_mime_addpart(multipart_mime);
-			curl_formadd(&post, &last,
+			curl_mime_name(part, it.first.c_str());
-					CURLFORM_NAMELENGTH, it->first.size(),
+			curl_mime_data(part, it.second.c_str(), it.second.size());
-					CURLFORM_PTRNAME, it->first.c_str(),
-					CURLFORM_CONTENTSLENGTH, it->second.size(),
-					CURLFORM_PTRCONTENTS, it->second.c_str(),
-					CURLFORM_END);
 		}
-		curl_easy_setopt(curl, CURLOPT_HTTPPOST, post);
+		curl_easy_setopt(curl, CURLOPT_MIMEPOST, multipart_mime);
-		// request.post_fields must now *never* be
-		// modified until CURLOPT_HTTPPOST is cleared
 	} else {
 		switch (request.method) {
 		case HTTP_GET:
@@ -427,9 +422,9 @@ HTTPFetchOngoing::~HTTPFetchOngoing()
 		curl_easy_setopt(curl, CURLOPT_HTTPHEADER, NULL);
 		curl_slist_free_all(http_header);
 	}
-	if (post) {
+	if (multipart_mime) {
-		curl_easy_setopt(curl, CURLOPT_HTTPPOST, NULL);
+		curl_easy_setopt(curl, CURLOPT_MIMEPOST, nullptr);
-		curl_formfree(post);
+		curl_mime_free(multipart_mime);
 	}
 
 	// Store the cURL handle for reuse