1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 06:25:03 -05:00
Commit Graph

3268 Commits

Author SHA1 Message Date
Michael Stapelberg
cc0e7ebc3b CURLMOPT_TIMERFUNCTION.3: Clarify, add an example 2015-04-19 23:29:51 +02:00
Daniel Stenberg
63c64e05a4 curl_version_info.3: fixed the 'protocols' variable type
Reported-by: John Marshall
Bug: https://github.com/bagder/curl/issues/225
2015-04-18 22:46:52 +02:00
Daniel Stenberg
b6e477890f TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods
... and some minor edits
2015-04-17 23:53:11 +02:00
Daniel Stenberg
1ba6e4c88e TODO: 17.9 Choose the name of file in braces for complex URLs 2015-04-15 21:13:25 +02:00
Daniel Stenberg
8f78794fd5 TODO: a little caution that maybe not all ideas are still good 2015-04-15 20:56:43 +02:00
Daniel Stenberg
0cbbbbdc31 TODO: 17.8 offer color-coded HTTP header output 2015-04-15 14:29:30 +02:00
Daniel Stenberg
78843afb9f TODO: 17.7 warning when sending binary output to terminal 2015-04-15 14:27:32 +02:00
Daniel Stenberg
ad48b177c3 KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes 2015-04-15 02:48:20 +02:00
Daniel Stenberg
9e7125a1db BUGS: refer to the github issue tracker now as primary 2015-04-13 16:43:52 +02:00
Thomas Ruecker
c84f0250e3 CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
Icecast versions 1.3.0 through 1.3.12 would reply with "ICY 200"
under certain conditions:

    client_wants_icy_headers (connection_t *con)
    {
            const char *val;

            if (!con)
                    return 1;

            val = get_user_agent (con);
            if (!val || !val[0] || strcmp (val, "(null)") == 0)
                    return 1;

            if (con->food.client->use_icy)
                    return 1;
            if (strncasecmp (val, "winamp", 6) == 0)
                    return 1;
            if (strncasecmp (val, "Shoutcast", 9) == 0)
                    return 1;

            return 0;
    }

So mainly if there is no 'user agent' or it is '(null)' or contains
'winamp' or 'Shoutcast'.

No mainstream distribution carries Icecast 1.3.x anymore, after all
it was released in 2002 and superseded by Icecast 2.x.
2015-03-31 23:53:56 +02:00
Daniel Stenberg
31987c340e KNOWN_BUGS: 89 is bug #1411
Disabling pipelining on multi handle with in-progress pipelined requests
leads to heap corruption and crash
2015-03-29 23:20:15 +02:00
Jay Satiro
fcdc597b1a cyassl: CTX callback cosmetic changes and doc fix
- More descriptive fail message for NO_FILESYSTEM builds.
- Cosmetic changes.
- Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific.
2015-03-28 16:41:51 +01:00
Kyle L. Huff
d2feb71752 cyassl: add SSL context callback support for CyaSSL
Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.
2015-03-27 23:32:14 +01:00
Dan Fandrich
aa5808b504 symbols-in-versions: added CURLOPT_PATH_AS_IS 2015-03-24 23:47:02 +01:00
Jay Satiro
9edf28e12d curl_easy_setopt.3: Fix misspelling in CURLOPT_PATH_AS_IS description 2015-03-24 21:48:15 +01:00
Viktor Szakáts
bbd0dd3fe2 CURLOPT_HTTPHEADER.3: fix typo in recent commit 2015-03-24 21:48:02 +01:00
Viktor Szakáts
e438a9e2f0 CURLOPT_PATH_AS_IS.3: add type 'long' to prototype 2015-03-24 21:46:07 +01:00
Daniel Stenberg
f687860936 curl_easy_setopt.3: Add CURLOPT_PATH_AS_IS 2015-03-24 11:06:38 +01:00
Daniel Stenberg
5d23279299 CURLOPT_PATH_AS_IS: added
--path-as-is is the command line option

Added docs in curl.1 and CURLOPT_PATH_AS_IS.3

Added test in test 1241
2015-03-24 10:31:58 +01:00
Yamada Yasuharu
ecc4940df2 curl_easy_recv/send: make them work with the multi interface
By making sure Curl_getconnectinfo() uses the correct connection cache
to find the last connection.
2015-03-23 22:46:58 +01:00
Nick Zitzmann
7f5a170442 darwinsssl: add support for TLS False Start
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
2015-03-21 12:22:56 -05:00
Alessandro Ghedini
1f651d1d4d curl: add --false-start option 2015-03-20 20:14:35 +01:00
Alessandro Ghedini
4dcd25e138 url: add CURLOPT_SSL_FALSESTART option
This option can be used to enable/disable TLS False Start defined in the RFC
draft-bmoeller-tls-falsestart.
2015-03-20 20:14:33 +01:00
Alessandro Ghedini
a332922a52 gtls: implement CURLOPT_CERTINFO 2015-03-20 19:03:53 +01:00
Daniel Stenberg
9e8f9dbdd3 CURLOPT_URL.3: spelling!
Reported-by: Frank Gevaerts
2015-03-20 13:49:45 +01:00
Daniel Stenberg
620e0b23c8 CURLOPT_URL.3: Added "SECURITY CONCERNS" 2015-03-20 12:14:40 +01:00
Daniel Stenberg
2b7ac4e710 CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section 2015-03-20 12:03:09 +01:00
Dan Fandrich
8ecfaad2cc docs/libcurl: clean up libcurl-symbols.3 2015-03-18 23:54:36 +01:00
Dan Fandrich
431c5261d2 docs/libcurl: check that all options with man pages are referenced
If a man page exists in the opts/ directory, it must also be referenced
either in curl_easy_setopt.3 or curl_multi_setopt.3
2015-03-18 23:44:45 +01:00
Dan Fandrich
d260a0aeeb curl_easy_setopt.3: added a few missing options 2015-03-18 23:20:49 +01:00
Christian Weisgerber
e539f01567 docs/libcurl: make portability fix
Using $< in a non-suffix rule context is a GNU make idiom.  This bug was
introduced in 7.41.0.
2015-03-18 08:31:06 +01:00
Daniel Stenberg
3dbe12a1e9 CONTRIBUTE: refer to git log instead of deprecated CHANGES file 2015-03-17 09:09:41 +01:00
Daniel Stenberg
40914fd544 CURLOPT_*.3: more examples and edits 2015-03-17 08:57:31 +01:00
Daniel Stenberg
8c41f368f5 CURLOPT_*.3: added lots of small example sections 2015-03-17 08:03:46 +01:00
Daniel Stenberg
6105029b23 CURLOPT_PRIVATE.3: provide an example 2015-03-16 23:56:11 +01:00
Daniel Stenberg
9c518a7d95 CURLOPT_*TIMEOUT.3: provide examples 2015-03-16 23:51:22 +01:00
Daniel Stenberg
8644a88202 CURLOPT_USERAGENT.3: added an example 2015-03-16 23:41:45 +01:00
Daniel Stenberg
76afe14584 CURLOPT_STDERR.3: added an example 2015-03-16 23:40:52 +01:00
Daniel Stenberg
fe02d132e2 curl_easy_perform.3: remove superfluous close brace from example 2015-03-16 23:28:23 +01:00
Markus Elfring
29c655c0a6 Bug #149: Deletion of unnecessary checks before calls of the function "free"
The function "free" is documented in the way that no action shall occur for
a passed null pointer. It is therefore not needed that a function caller
repeats a corresponding check.
http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16 12:13:56 +01:00
Daniel Stenberg
918e040953 mksymbolsmanpage.pl: use std header and generate better nroff header 2015-03-15 23:23:20 +01:00
Alessandro Ghedini
5a1614cecd gtls: add support for CURLOPT_CAPATH 2015-03-10 15:03:54 +01:00
Daniel Stenberg
163d29826d curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS
Reported-by: Jonathan Cardoso
2015-03-06 17:07:28 +01:00
Daniel Stenberg
ae8235571f FAQ: 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? 2015-03-04 18:24:46 +01:00
Daniel Stenberg
ac4d08b5e2 symbols.pl: handle '-' in the deprecated field
... which otherwise made the script skip the _LAST define for some
symbols.

Reported-by: Jeroen Ooms
Bug: http://curl.haxx.se/mail/lib-2015-03/0052.html
2015-03-04 08:36:38 +01:00
Daniel Stenberg
6bba85d500 curl.1: fix "The the" typo
Reported-by: Jon Seymour
2015-03-04 07:29:06 +01:00
Viktor Szakáts
1cb227c1f1 BINDINGS: add link to Harbour bindings
And UTF8-fix a few names
2015-03-02 17:43:06 +01:00
Daniel Stenberg
f3f7d37c1d CURLOPT_HEADERFUNCTION.3: typo in error code name
Reported-by: Jonathan Cardoso
2015-03-02 17:25:39 +01:00
Daniel Stenberg
ca04681c3b BINDINGS: tclcurl moved
Reporte-by: Steve Havelka
2015-03-02 08:51:14 +01:00
Jay Satiro
e349a1bf74 opts: Fix pipelining examples 2015-03-02 08:38:43 +01:00
Jay Satiro
70523c690b curl_multi_setopt.3: Link to CURLMOPT_MAXCONNECTS 2015-03-02 08:38:30 +01:00
Daniel Stenberg
17abfd5a4b CONTRIBUTE: the new more github-friendly attitude! 2015-03-01 23:39:14 +01:00
Daniel Stenberg
0409a7d969 RELEASE-PROCEDURE: add some more future release dates
... and remove some old ones
2015-02-25 10:05:41 +01:00
Daniel Stenberg
ff837422ee THANKS: added contributors from the 7.41.0 RELEASE-NOTES 2015-02-25 08:34:06 +01:00
Daniel Stenberg
5e4395eab8 ROADMAP: curl_easy_setopt.3 has already been split up
Remove cmake as marked for removal. It is in much better state now.
2015-02-20 23:32:48 +01:00
Daniel Stenberg
689061e3f2 ROADMAP: extend the HTTP/2 stuff, remove SPDY 2015-02-20 23:29:19 +01:00
Alessandro Ghedini
49655a6822 curl.1: --cert-status is also supported by OpenSSL now 2015-02-14 20:30:32 +00:00
Daniel Stenberg
0daf1ef729 curl.1: clarify that -X is used for all requests
Reported-by: Jon Seymour
2015-02-09 10:33:54 +01:00
Daniel Stenberg
499024d208 curl.1: add warning when using -H and redirects 2015-02-08 00:05:55 +01:00
Jay Satiro
ac100f1624 opts: CURLOPT_CAINFO availability depends on SSL engine 2015-02-03 08:41:25 +01:00
Daniel Stenberg
ae9963776a libcurl-symbols: first basic shot for autogenerated docs 2015-02-02 15:38:54 +01:00
Daniel Stenberg
7b5348415f FAQ: minor edit of 3.22 2015-02-02 15:38:29 +01:00
Daniel Stenberg
ca51ac4017 CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0
And modify the text to refer to HTTP 2 as it isn't called "2.0".

Reported-By: Michael Wallner
2015-02-02 13:17:20 +01:00
Marc Hoersken
4161624e94 TODO: moved WinSSL/SChannel todo items into docs 2015-01-31 12:30:11 +01:00
Michael Kaufmann
04f246f8c7 CURLOPT_SEEKFUNCTION.3: also when server closes a connection 2015-01-29 22:34:21 +01:00
Patrick Monnerat
980ba2202c docs: cite SASL external authentication. 2015-01-27 19:10:18 +01:00
Alessandro Ghedini
d1cf5d5706 openssl: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.

Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
2015-01-22 23:25:23 +01:00
Daniel Stenberg
b2c01f02d5 CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0 2015-01-16 23:41:50 +01:00
Daniel Stenberg
14a6cfaddb opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile 2015-01-16 23:34:28 +01:00
Daniel Stenberg
a4065ebf1c copyright years: after OCSP stapling changes 2015-01-16 23:23:29 +01:00
Alessandro Ghedini
bd0c3b3c66 curl: add --cert-status option
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
2015-01-16 23:23:29 +01:00
Alessandro Ghedini
3af90a6e19 url: add CURLOPT_SSL_VERIFYSTATUS option
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
2015-01-16 23:23:29 +01:00
Daniel Stenberg
5e113a18c5 TheArtOfHttpScripting: skip the date at the top, we have git 2015-01-16 23:23:29 +01:00
Daniel Stenberg
5940e06f01 TheArtOfHttpScripting: phrase it TLS lib agnostic 2015-01-16 23:23:29 +01:00
Steve Holme
5c73cdef62 TODO: Added some SMB ideas 2015-01-16 22:22:28 +00:00
Daniel Stenberg
003076e17c THANKS: 14 new contributors from the 7.40.0 release notes 2015-01-08 09:57:19 +01:00
Steve Holme
4c8a053855 sepheaders.c: Applied curl oding standards 2014-12-31 11:20:41 +00:00
Julien Nabet
8a3c0fbed1 sepheaders.c: Fixed resource leak on failure 2014-12-31 11:14:22 +00:00
Daniel Stenberg
6d79722d78 TODO: 2.3 Better support for same name resolves 2014-12-28 16:30:03 +01:00
Steve Holme
e5a8a26bcb docs: Updated following the addition of SASL GSSAPI via GSS-API libraries
As this feature has been implemented for 7.40.0.
2014-12-27 12:08:15 +00:00
Steve Holme
a9eadc9f91 asiohiper.cpp: No need to initialise members of ConnInfo
...as calloc() automatically clears the area of memory with zeros.
2014-12-27 12:01:13 +00:00
Steve Holme
193ba7b46e asiohiper.cpp: Updated for curl coding standards
...with the exception of the start of block statement curly brackets.
2014-12-27 12:01:11 +00:00
Steve Holme
151ae59436 code/docs: Use correct case for IPv4 and IPv6
For consistency, as we seem to have a bit of a mixed bag, changed all
instances of ipv4 and ipv6 in comments and documentations to use the
correct case.
2014-12-27 11:31:55 +00:00
Steve Holme
1abe65d928 code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
2014-12-26 21:42:44 +00:00
Daniel Stenberg
5590a3f179 KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME 2014-12-15 22:30:27 +01:00
Jay Satiro
7b3afc952f opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and
CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one
that will be used.

Prior to this change that behavior was only noted in the
CURLOPT_TIMEOUT_MS doc.
2014-12-15 22:24:22 +01:00
Guenter Knauf
c0fc9066a9 synctime.c: added own user-agent string. 2014-12-13 15:02:30 +01:00
Guenter Knauf
157c9752d5 synctime.c: removed another timeserver URL.
worldtimeserver.com seems also no longer available.
2014-12-13 13:43:19 +01:00
Guenter Knauf
e98b7b1cb3 synctime.c: fixed timeserver URLs.
For getting the date header its not necessary to access special
pages or even CGI scripts - all pages including the main index
reply with the date header, therefore shortened URLs to domain.
Removed worldtime.com; added pool.ntp.org.
2014-12-13 13:38:37 +01:00
Daniel Stenberg
cd6c13c2b3 TODO: Cache negative name resolves
Worth exploring
2014-12-10 11:56:43 +01:00
Guenter Knauf
c3b85c12a9 synctime.c: fixed user-agent setting.
Some websites meanwhile refuse to reply to requests from ancient
browsers like IE6, therefore I've comment out this setting, but
also fixed the string to now fake IE8 if someone enables it.
2014-12-09 18:18:40 +01:00
Steve Holme
58b317c9da Makefile.inc: Added our standard header and updated file formatting 2014-12-06 19:53:44 +00:00
Guenter Knauf
ccfa139c71 build: updated dependencies in makefiles. 2014-12-05 14:54:25 +01:00
Jay Satiro
7b5ca30917 examples: remove sony.com from 10-at-a-time
Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR
for the sony website because it ends the connection when the request is
missing a user agent.
2014-12-04 14:27:44 -08:00
Peter Wu
4fd0add1cd opts: fix CURLOPT_UNIX_SOCKET_PATH formatting
Add .nf and .fi such that the code gets wrapped in a pre on the web.
Fixed grammar, fixed formatting of the "See also" items.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 06:52:09 -08:00
Daniel Stenberg
b216427e73 opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am 2014-12-03 18:42:45 -08:00
Daniel Stenberg
7853c1cfe6 curl.1: added --unix-socket 2014-12-04 02:52:19 +01:00
Peter Wu
970c22f970 libcurl: add UNIX domain sockets support
The ability to do HTTP requests over a UNIX domain socket has been
requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
discussion happened, no patch seems to get through. I decided to give it
a go since I need to test a nginx HTTP server which listens on a UNIX
domain socket.

One patch [3] seems to make it possible to use the
CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
Another person wrote a Go program which can do HTTP over a UNIX socket
for Docker[4] which uses a special URL scheme (though the name contains
cURL, it has no relation to the cURL library).

This patch considers support for UNIX domain sockets at the same level
as HTTP proxies / IPv6, it acts as an intermediate socket provider and
not as a separate protocol. Since this feature affects network
operations, a new feature flag was added ("unix-sockets") with a
corresponding CURL_VERSION_UNIX_SOCKETS macro.

A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
option enables UNIX domain sockets support for all requests on the
handle (replacing IP sockets and skipping proxies).

A new configure option (--enable-unix-sockets) and CMake option
(ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
deliberately did not mark this feature as advanced, this is a
feature/component that should easily be available.

 [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
 [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
 [2]: http://sourceforge.net/p/curl/feature-requests/53/
 [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
 [4]: https://github.com/Soulou/curl-unix-socket

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00
Dave Reisner
8ef77547d0 curl.1: fix trivial typo 2014-12-03 22:38:46 +01:00
Steve Holme
018b9d421a sasl_gssapi: Introduced GSS-API based SASL module
Added the initial version of curl_sasl_gssapi.c and updated the project
files in preparation for adding GSS-API based Kerberos V5 support.
2014-12-02 21:57:45 +00:00
Bill Nagel
96c3b1a1bb docs: Updated for the SMB protocol
This patch updates the documentation for the SMB/CIFS protocol.
2014-11-30 21:53:30 +00:00
Bill Nagel
557658776f smb: Added SMB protocol and port definitions
Added the necessary protocol and port definitions in order to support
SMB/CIFS.
2014-11-29 21:26:40 +00:00
Steve Holme
982a649aa5 docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion 2014-11-26 23:32:38 +00:00
Steve Holme
aa3e8dd3da CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols 2014-11-25 23:23:42 +00:00
Daniel Stenberg
0beda1a388 curl*3: added small examples
and some minor edits
2014-11-25 14:25:02 +01:00
Daniel Stenberg
7eb7f7c32d libcurl.3: fix formatting
refer to functions with the man page section properly
2014-11-25 11:56:43 +01:00
Daniel Stenberg
b486d1ce05 man pages: SEE ALSO curl_multi_wait 2014-11-25 11:48:56 +01:00
Daniel Stenberg
29aa9a37cc curl_multi_wait.3: clarify numfds being used if not NULL 2014-11-25 11:48:38 +01:00
Daniel Stenberg
bc860548c2 multi-single.c: switch to use curl_multi_wait
Makes the example much easier and straight-forward!
2014-11-25 11:45:38 +01:00
be1a505189 SSL: Add PEM format support for public key pinning 2014-11-24 19:30:09 +01:00
Brad Harder
416cd9ac11 CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option 2014-11-20 10:27:09 +01:00
Steve Holme
804e462305 multi-uv.c: Updated for curl coding standards 2014-11-19 20:15:32 +00:00
Jay Satiro
cb13fad733 examples: Wait recommended 100ms when no file descriptors are ready
Prior to this change when no file descriptors were ready on platforms
other than Windows the multi examples would sleep whatever was in
timeout, which may or may not have been less than the minimum
recommended value [1] of 100ms.

[1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html
2014-11-19 13:34:05 +01:00
Waldek Kozba
9406ab91a2 multi-uv.c: close the file handle after download 2014-11-19 13:28:48 +01:00
Jay Satiro
a607f8a20c examples: Don't call select() to sleep on windows
Windows does not support using select() for sleeping without a dummy
socket. Instead use Windows' Sleep() and sleep for 100ms which is the
minimum suggested value in the curl_multi_fdset() doc.

Prior to this change the multi examples would exit prematurely since
select() would error instead of sleeping when called without an fd.

Reported-by: Johan Lantz
Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html
2014-11-15 21:27:20 +01:00
Michael Osipov
d54b551f6c docs: Use consistent naming for Kerberos 2014-11-15 13:10:45 +00:00
Steve Holme
2e05db347e TODO: Lets support QOP options in GSSAPI authentication 2014-11-15 00:38:00 +00:00
Steve Holme
5d427004c6 INSTALL: Updated pre-processor references to the old VC6 project files
Reworked the two sections that discuss modifying the Visual Studio pre-
processor settings, and vc6libcurl.dsw/vc6libcurl.dsp, to remove the
project files references as they have been superseded by a more thorough
set of project files for VC6 through VC12, but to also give the correct
reference to this setting in later versions of Visual Studio.
2014-11-09 14:22:02 +00:00
Steve Holme
0106575728 INSTALL: Added email protocols to the "Disabling in Win32 builds" section 2014-11-09 13:35:08 +00:00
Steve Holme
7599143dcc version info: Added Kerberos V5 to the supported features 2014-11-07 10:55:14 +00:00
Steve Holme
338b641370 docs: Updated following the addition of SSPI based HTTP digest auth 2014-11-06 23:44:11 +00:00
Daniel Stenberg
9f59fb6d33 curl.1: show zone index use in a URL 2014-11-06 17:35:22 +01:00
Daniel Stenberg
68542e72a9 curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY
Reported-by: Christian Hägele
Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html
2014-11-06 10:15:52 +01:00
Daniel Stenberg
e5a4d1d9e5 THANKS-filter: added another Michał Górny version we've used 2014-11-05 23:14:32 +01:00
Daniel Stenberg
54c8728cd7 contributors.sh: filter common alternative name spellings
docs/THANKS-filter is a new filter file for converting contributor names
we get or have recorded in alternative formats to the one we already use
in THANKS. To help us show individual contributors using a single
presentation of their names.
2014-11-05 13:01:37 +01:00
Daniel Stenberg
08f10fcd02 THANKS: added missing contributor from 2012 2014-11-05 13:01:37 +01:00
Frank Gevaerts
5babaf7491 Remove duplicate names.
The removed names also appear as:
Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien
Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su,
S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder
2014-11-05 13:01:37 +01:00
Daniel Stenberg
ad63f8a53c THANKS: added two missing names and removed a duplicate
./contributors.sh found these extra ones that somehow had fallen
through the cracks and never gotten added here.

Reported-by: Frank Gevaerts
2014-11-05 11:28:59 +01:00
Daniel Stenberg
f222778489 THANKS: added names from 7.39.0 release notes 2014-11-05 09:42:55 +01:00
Steve Holme
5e873952b0 INSTALL: Consistent spacing in section headings, paragraphs and examples 2014-11-04 14:07:55 +00:00
Steve Holme
34f7a3a229 INSTALL: Corrected MIT Kerberos and Heimdal package names 2014-11-04 12:44:54 +00:00
Steve Holme
777c6e3c94 INSTALL: Use GSS-API rather than GSSAPI
As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to the SASL authentication mechanism.

...and minor rewording on the same paragraph.
2014-11-04 11:51:19 +00:00
Daniel Stenberg
fb24990211 opts-Makefile: put more man pages into dist and make hmtl+pdf 2014-11-04 10:40:07 +01:00
Daniel Stenberg
0320f6930d curl_multi_setopt.3: refer to stand-alone pages
... instead of duplicating info.
2014-11-04 10:37:09 +01:00
Daniel Stenberg
1b8977ff7c opts: more multi options as stand-alone man pages 2014-11-04 10:37:09 +01:00
Daniel Stenberg
a14ccfffb8 opts: made stand-alone man-pages for several multi options 2014-11-03 23:50:31 +01:00
Steve Holme
e7497c0c99 CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version number 2014-11-02 11:03:13 +00:00
Steve Holme
a419802c71 CURLOPT_SASL_IR.3: Added supported mechanism information
...and removed duplication of what protocols are supported from the
description text.
2014-11-02 11:03:11 +00:00
Steve Holme
2b535b3947 opts: Use common wording for MAIL related names 2014-11-02 11:03:09 +00:00
Steve Holme
7ba8e0bd01 opts: Use common wording for TLS user/password option names
...and revised the proxy wording a little as well.
2014-11-02 11:03:06 +00:00
Steve Holme
49ae8f8144 CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusing
...and corrected a related typo in curl_easy_setopt.3.
2014-11-02 11:03:04 +00:00
Steve Holme
e7da67f5d3 docs: Added mention of Kerberos for CURL_VERSION_SSPI
As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP,
POP3 and SMTP authentication since v7.38.0.
2014-11-02 01:00:29 +00:00
Steve Holme
569288b3bf CURL_VERSION_KERBEROS4: Mark as deprecated
Support for Kerberos V4 was removed in v7.33.0.
2014-11-02 00:50:16 +00:00
Steve Holme
795885f454 opts: Use common wording for user/password option names 2014-10-31 22:22:19 +00:00
Steve Holme
7d9c1ebd66 CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." text
As this is covered by the PROTOCOLS section and saves having to update
two parts of the document with the same information in future.
2014-10-31 13:14:14 +00:00
Steve Holme
3af962a993 CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPI
As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to an authentication mechanism.
2014-10-31 12:48:48 +00:00
Steve Holme
211ca5ff77 CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol list
Added missing IMAP to the protocol list.
2014-10-31 12:44:43 +00:00
Steve Holme
a9db36d1fd curl_easy_setopt.3: Fixed lots of typos 2014-10-30 22:40:05 +00:00
Steve Holme
acd90fcdc6 curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONS
...as this option affects more that just FTP.
2014-10-30 18:22:25 +00:00
Daniel Stenberg
006556713e CURLOPT_PINNEDPUBLICKEY.3: added details 2014-10-30 14:57:07 +01:00
Steve Holme
b274dedf1b CURLOPT_CUSTOMREQUEST.3: Fixed incomplete protocol list
Whilst the description included information about SMTP, the protocol
list only showed "TTP, FTP, IMAP, POP3".
2014-10-30 12:42:06 +00:00
Steve Holme
89cc9988c9 CURLOPT_DIRLISTONLY.3: Added information about the usage in POP3 2014-10-30 12:42:05 +00:00
Daniel Stenberg
e102478b3d opts: added some "SEE ALSO" references 2014-10-29 22:38:39 +01:00
Steve Holme
f7e24683c4 sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
Fixed the ability to use the current log-in credentials with DIGEST-MD5.
I had previously disabled this functionality in commit 607883f13c as I
couldn't get this to work under Windows 8, however, from testing HTTP
Digest authentication through Windows SSPI and then further testing of
this code I have found it works in Windows 7.

Some further investigation is required to see what the differences are
between Windows 7 and 8, but for now enable this functionality as the
code will return an error when AcquireCredentialsHandle() fails.
2014-10-29 14:24:38 +00:00
Daniel Stenberg
b790bdf46b TODO: consider supporting STAT 2014-10-28 22:31:48 +01:00
Jay Satiro
ec783dc142 SSL: Remove SSLv3 from SSL default due to POODLE attack
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.

- Update CURLOPT_SSLVERSION doc
2014-10-24 13:41:56 +02:00
Daniel Stenberg
e9bbe425d4 *.3: add/extend "SEE ALSO" sections 2014-10-24 09:22:38 +02:00
Daniel Stenberg
019c95f566 curl_easy_pause.3: minor wording edit 2014-10-24 09:16:06 +02:00
Daniel Stenberg
40be9a1c1d curl_getdate.3: provide a "SEE ALSO" section 2014-10-24 09:12:17 +02:00
Daniel Stenberg
bf769d09ec curl_global_init.3: minor formatting fix, add version info 2014-10-24 09:08:22 +02:00
Daniel Stenberg
e116d0a625 CURLOPT_RESOLVE.3: add an example 2014-10-23 14:34:41 +02:00
Daniel Stenberg
4cb7aa067c opts: provide more and updated examples 2014-10-21 13:40:38 +02:00
Daniel Stenberg
4111032511 CURLOPT_RANGE.3: works for SFTP as well
... and added a small example
2014-10-21 13:06:22 +02:00
Daniel Stenberg
50313059fc curl.1: edited for clarity 2014-10-21 11:57:13 +02:00
Daniel Stenberg
1de0823953 CURLOPT_SSLVERSION.3: provide an example 2014-10-21 11:10:03 +02:00
Daniel Stenberg
9069794e5e docs/libcurl/ABI: more markdown friendly 2014-10-21 10:43:12 +02:00
Daniel Stenberg
7b82b07fba docs: edited lots of libcurl docs for clarity 2014-10-21 10:26:40 +02:00
Daniel Stenberg
c857bb68ec opts: added examples 2014-10-21 08:58:24 +02:00
Daniel Stenberg
005f2adaaa HISTORY: two glimpses in 2014 2014-10-21 08:58:24 +02:00
Daniel Stenberg
c927c92086 httpcustomheader.c: make use of more CURLOPT_HTTPHEADER features
... and only do a single request for clarity.
2014-10-16 11:38:32 +02:00
Bruno Thomsen
3621045631 mk-ca-bundle: added SHA-384 signature algorithm
Certificates based on SHA-1 are being phased out[1].
So we should expect a rise in certificates based on SHA-2.
Adding SHA-384 as a valid signature algorithm.

[1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/

Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
2014-10-15 13:23:22 +02:00
Daniel Stenberg
89e543f383 CURLOPT_TLSAUTH_*.3: fix reference typos 2014-10-14 10:23:27 +02:00
Patrick Monnerat
265b9a2e49 vtls: remove QsoSSL 2014-10-13 16:33:47 +02:00
Peter Wu
aec7c5a87c cmake: enable IPv6 by default if available
ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a
Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if
struct sockaddr_in6 is not found in netinet/in.h.

Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more
platform checks even though POSIX requires a thread-safe getaddrinfo.

Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-13 11:21:03 +02:00
Peter Wu
b55502cdae cmake: build tool_hugehelp (ENABLE_MANUAL)
Rather than always outputting an empty manual page for the '-M' option,
generate a full manual page as done by autotools. For simplicity in
CMake, always generate the gzipped page as it will not be used anyway
when zlib is not available.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-12 14:11:42 +02:00
Daniel Stenberg
c6c22aeb44 SECURITY: slightly nicer markdown format 2014-10-10 10:50:23 +02:00
Daniel Stenberg
4f3ba55ed1 RELEASE-PROCEDURE: better markdown, more content 2014-10-10 10:39:01 +02:00
Daniel Stenberg
51f6702fe1 curl_multi_fdset.3: improved the formatting slightly 2014-10-09 13:41:13 +02:00
Daniel Stenberg
93b268ade0 curl_multi_fdset: explain the fd_set arguments 2014-10-09 13:17:27 +02:00
Daniel Stenberg
e0d269c0d8 curl_easy_getinfo.3: spell-fix
Reported-By: Luan Cestari
2014-10-07 15:48:37 +02:00
93e450793c SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
2014-10-07 14:44:19 +02:00
Waldek Kozba
b7d3338df2 multi-uv.c: call curl_multi_info_read() better
Improves it for low-latency cases (like the communication with
localhost)
2014-10-07 10:20:41 +02:00
Jeremy Lin
fa7d04fed4 ssh: improve key file search
For private keys, use the first match from: user-specified key file
(if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa

Note that the previous code only looked for id_dsa files. id_rsa is
now generally preferred, as it supports larger key sizes.

For public keys, use the user-specified key file, if provided.
Otherwise, try to extract the public key from the private key file.
This means that passing --pubkey is typically no longer required,
and makes the key-handling behavior more like OpenSSH.
2014-10-03 16:20:54 +02:00
Daniel Stenberg
b1c4c39c58 CURLOPT_HTTPHEADER.3: libcurl doesn't copy the whole list 2014-10-03 13:35:40 +02:00
Daniel Stenberg
69ce8a72f5 curl.1: mention quoting in the URL section
and separate the example URLs with newlines
2014-10-01 08:29:43 +02:00
Yousuke Kimoto
b10a838a7a CURLOPT_COOKIELIST: Added "RELOAD" command 2014-09-25 16:28:17 +02:00
Michael Wallner
9ee8efc63b CURLOPT_POSTREDIR.3: Added availability for CURL_REDIR_POST_303 2014-09-25 15:14:16 +02:00
Daniel Stenberg
3ef73d9a88 libcurl docs: improvements all over 2014-09-19 15:08:26 +02:00
Daniel Stenberg
9d49e4706e tutorial: signals aren't used for the threaded resolver 2014-09-19 12:54:19 +02:00
Daniel Stenberg
17932a8f7b FAQ: update the pronunciation section
As we weren't using the correct phonetic description and doing it correctly
involves funny letters that I'm sure will cause problems for people in a text
document so I instead rephrased it and link to a WAV file with a person
actually saying 'curl'.

Reported-By: Dimitar Boevski
2014-09-19 10:01:45 +02:00
Daniel Stenberg
841c9884b2 CURLOPT_COOKIE*: added more cross-references 2014-09-18 22:58:12 +02:00
Daniel Stenberg
30fc601e6c BINDINGS: add node-libcurl
Reported-By: Jonathan Cardoso Machado
URL: http://curl.haxx.se/mail/lib-2014-09/0102.html
2014-09-18 09:05:29 +02:00
Daniel Stenberg
06b27ea24c libcurl-tutorial.3: fix GnuTLS link to thread-safety guidelines
The former link was turned into a 404 at some point.

Reported-By: Askar Safin
2014-09-12 21:02:12 +02:00
Daniel Stenberg
748644b72d ROADMAP: markdown eats underscores
It interprets them as italic indictors unless we backtick the word.
2014-09-11 10:56:20 +02:00
Daniel Stenberg
110cf8bc9e ROADMAP: tiny formatting edit for nicer web output 2014-09-11 00:15:12 +02:00
Steve Holme
376f3c10de ROADMAP.md: Updated GSSAPI authentication following 7.38.0 additions 2014-09-10 22:51:07 +01:00
Steve Holme
ae975713c2 INTERNALS: Added email and updated Kerberos details 2014-09-10 22:11:49 +01:00
Steve Holme
ca2c12d353 FEATURES: Updated Kerberos details
Added support for Kerberos 5 to the email protocols following the recent
additions in 7.38.0.

Removed Kerberos 4 as this has been gone for a while now.
2014-09-10 22:11:46 +01:00
Daniel Stenberg
e3be3e69c0 LICENSE-MIXING: removed krb4 info
krb4 has been dropped since a while now
2014-09-10 10:38:31 +02:00
Daniel Stenberg
f213c0db09 SSLCERTS: minor updates
Edited format to look better on the web, added a "it is about trust"
section.
2014-09-10 10:13:04 +02:00
Daniel Stenberg
1ccfabb66d HISTORY: fix the 1998 title position 2014-09-10 00:40:11 +02:00
Daniel Stenberg
40bcd5447c HISTORY: extended and now markdown 2014-09-10 00:34:32 +02:00
Daniel Stenberg
4455f1f599 SSLCERTS: converted to markdown
Only minor edits to make it generate nice HTML output using markdown, as
this document serves both in source release tarballs as on the web site.

URL: http://curl.haxx.se/docs/sslcerts.html
2014-09-09 23:46:58 +02:00
Daniel Stenberg
9e6c3638e6 ftp-wildcard.c: spell fix
Reported-By: Frank Gevaerts
2014-09-09 11:10:18 +02:00
Daniel Stenberg
38ced24ad1 THANKS: synced with RELEASE-NOTES for 921a0c22a6 2014-09-08 10:26:32 +02:00
Daniel Stenberg
55f8b03948 SECURITY: eh, make more sense! 2014-09-08 10:00:18 +02:00
Daniel Stenberg
55d6cba5e1 SECURITY: how to join the curl-security list 2014-09-08 09:39:14 +02:00
Daniel Stenberg
4989695ec3 MAIL-ETIQUETTE: "1.8 I posted, now what?" 2014-09-04 08:57:28 +02:00
Daniel Stenberg
0b48d1c821 CURLOPT_CA*: better refering between *CAINFO and *CAPATH
... and a minor wording edit
2014-09-03 23:04:52 +02:00
Daniel Stenberg
9e50d8f8bc THANKS: added Dennis Clarke
Dennis Clarke from Blastwave.org for ensuring that nightly builds run
smooth on Solaris!
2014-09-03 22:08:25 +02:00
Askar Safin
2434a4e88d getinfo-times: Typo fixed 2014-08-29 16:41:17 +02:00
Askar Safin
c9a981778d libcurl.3: Typo fixed 2014-08-29 16:41:11 +02:00
Daniel Stenberg
367b784738 curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlen 2014-08-29 08:10:38 +02:00
Daniel Stenberg
7bff23b166 curl.1: add an example for -H 2014-08-29 08:07:47 +02:00
Daniel Stenberg
accbbd7dc3 FAQ: mention -w in the 4.20 answer as well 2014-08-28 11:42:00 +02:00
Daniel Stenberg
889de6b285 FAQ: 4.20 curl doesn't return error for HTTP non-200 responses 2014-08-28 11:39:39 +02:00
Daniel Stenberg
1d30f40950 CURLOPT_NOBODY.3: clarify this option is for downloads
When enabling CURLOPT_NOBODY, libcurl effectively switches off upload
mode and will do a download (without a body). This is now better
explained in this man page.

Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html
Reported-by: John Coffey
2014-08-28 00:11:09 +02:00
Daniel Stenberg
1cd5008bba INTERNALS: nghttp2 must be 0.6.0 or later 2014-08-26 23:05:26 +02:00
Dan Fandrich
d4a4a42cb3 THANKS: removed a few more duplicates 2014-08-26 00:38:17 +02:00
Daniel Stenberg
0072422576 THANKS: added 52 missing contributors
I re-ran contributors.sh on all changes since 7.10 and I found these
contributors who are mentioned in the commits but never were added to
THANKS before!

I also removed a couple of duplicates (mostly due to different
spellings).
2014-08-25 23:22:40 +02:00
Daniel Stenberg
a20da5523e curl.1: clarify --limit-rate's effect on both directions
Bug: http://curl.haxx.se/bug/view.cgi?id=1414
Reported-by: teo8976
2014-08-23 00:40:52 +02:00
Daniel Stenberg
5be48639b1 curl.1: mention the --post30x options within the --location desc 2014-08-23 00:00:00 +02:00
Frank Meier
63a0bd4270 NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed
since NTLM requires multiple requests that re-use the same connection
for the authentication to work

Solution: Ignore the forbid reuse flag in case the NTLM authentication
handshake is in progress, according to the NTLM state flag.

Fixed known bug #77.
2014-08-22 16:05:31 +02:00
Daniel Stenberg
b1341b3068 FAQ: some actually sometimes get paid... 2014-08-18 08:38:34 +02:00
Steve Holme
75be5a6681 docs: Escaped single backslash 2014-08-16 11:52:11 +01:00
Steve Holme
c4410c85ab TODO: Updated following GSSAPI (Kerberos V5) additions
Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other
authentication mechanisms" following recent additions.

Added SASL 14.2 GSSAPI via GSS-API libraries.
2014-08-16 11:42:04 +01:00
Steve Holme
97f6049bc2 CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain information
This repeats what has already been documented in both the curl manpage
and CURLOPT_USERPWD documentation but is provided here for completeness
as someone may not especially read the latter when using libcurl.
2014-08-16 10:46:57 +01:00
Steve Holme
29240cb5c1 CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changes
Added information about Kerberos V5 requiring the domain part in the
user name.

Mentioned that the user name can be specified in UPN format, and not
just in Down-Level Logon Name format, following the information
added in commit 7679cb3fa8 reworking the exisitng information in the
process.
2014-08-16 10:42:31 +01:00
Steve Holme
7679cb3fa8 docs: Added Kerberos V5 and NTLM domain information to --user 2014-08-16 10:37:16 +01:00
Steve Holme
0574196acb docs: Added Kerberos V5 to the --user SSPI current credentials usage 2014-08-16 10:16:05 +01:00
Kamil Dudka
cb1f18661a docs/SSLCERTS: update the section about NSS database
Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html
Reported-by: David Shaw
2014-08-11 16:49:54 +02:00
Michael Osipov
37f0e8a32c docs: Update SPNEGO and GSS-API related doc sections
Reflect recent changes in SPNEGO and GSS-API code in the docs.
Update them with appropriate namings and remove visible spots for
GSS-Negotiate.
2014-08-09 00:08:51 +01:00
Steve Holme
f719a97e12 docs: Added Negotiate to the SSPI current credentials usage description 2014-08-07 08:04:40 +01:00
Steve Holme
6c6983f477 TODO: HTTP Digest via Windows SSPI 2014-08-06 22:58:42 +01:00
Steve Holme
c399f6eeb2 TODO: FTP GSSAPI via Windows SSPI 2014-08-06 21:54:27 +01:00
Daniel Stenberg
e4f6adb023 CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it 2014-08-02 23:09:22 +02:00
Daniel Stenberg
8da2124060 FEATURES: minor update 2014-08-01 09:00:06 +02:00
Michael Wallner
7bb4c8cadb CURLOPT_HEADEROPT.3: typo: do -> to 2014-07-31 17:52:08 +02:00
Daniel Stenberg
0c23ec232b curl_version_info.3: 'ssl_version_num' is always 0
... and has been so since 2005
2014-07-31 12:27:15 +02:00
Daniel Stenberg
a439e438f3 ssl: generalize how the ssl backend identifier is set
Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
one which was missing previously.
2014-07-31 12:19:51 +02:00
Dan Fandrich
524bb823c9 opts: fixed some typos 2014-07-30 23:37:24 +02:00
Michael Wallner
df52f3500c curl_tlsinfo -> curl_tlssessioninfo 2014-07-30 11:11:29 +02:00
Daniel Stenberg
37faf55e17 libcurl.m4: include the standard source header
... with permission from David Shaw
2014-07-29 00:06:36 +02:00
Daniel Stenberg
821d4a1e55 symbols: CURL_VERSION_GSSNEGOTIATE is deprecated 2014-07-24 23:47:32 +02:00
Daniel Stenberg
81cd24adb8 http2: more and better error checking
1 - fixes the warnings when built without http2 support

2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
basically when they are about http2 specific things.
2014-07-23 09:23:56 +02:00
Daniel Stenberg
cc52d776dd symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0 2014-07-23 00:01:39 +02:00
Alessandro Ghedini
6f8046f7a4 CURLOPT_CHUNK_BGN_FUNCTION: fix typo 2014-07-19 21:27:38 +02:00
Daniel Stenberg
da172b0dde THANKS: added new contributors from 7.37.1 announcement 2014-07-17 13:18:46 +02:00
David Woodhouse
9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00
Steve Holme
f9b80cded7 CURLOPT_UPLOAD: Corrected argument type 2014-07-10 22:30:43 +01:00