1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 05:25:06 -05:00
Commit Graph

1686 Commits

Author SHA1 Message Date
Jay Satiro
abbc5d6044 openssl: Don't ignore CA paths when using Windows CA store
This commit changes the behavior of CURLSSLOPT_NATIVE_CA so that it does
not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded default
locations. Instead the CA store can now be used at the same time.

The change is due to the impending release. The issue is still being
discussed. The behavior of CURLSSLOPT_NATIVE_CA is subject to change and
is now documented as experimental.

Ref: bc052cc (parent commit)
Ref: https://github.com/curl/curl/issues/5585
2020-06-22 15:31:38 -04:00
Daniel Stenberg
2a0269589a
ABI.md: rename to .md and polish the markdown
Closes #5562
2020-06-12 17:05:21 +02:00
Daniel Stenberg
eab2f95c0d
wording: avoid blacklist/whitelist stereotypes
Instead of discussing if there's value or meaning (implied or not) in
the colors, let's use words without the same possibly negative
associations.

Closes #5546
2020-06-10 08:49:17 +02:00
Daniel Stenberg
a00668d296
CURLINFO_ACTIVESOCKET.3: clarify the description
Reported-by: Jay Satiro
Fixes #5299
Closes #5520
2020-06-05 08:50:48 +02:00
Gilles Vollant
7f40633422
setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency
Closes #5431
2020-05-23 23:19:13 +02:00
Gilles Vollant
cac5374298
setopt: support certificate options in memory with struct curl_blob
This change introduces a generic way to provide binary data in setopt
options, called BLOBs.

This change introduces these new setopts:

CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB,
CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB.

Reviewed-by: Daniel Stenberg
Closes #5357
2020-05-15 13:03:59 +02:00
Daniel Stenberg
81a54b12c6
OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN
... to avoid an OpenSSL bug that otherwise makes the CRL check to fail.

Reported-by: Michael Kaufmann
Fixes #5374
Closes #5376
2020-05-13 16:39:36 +02:00
Gilles Vollant
148534db57
CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)
Closes #4346
2020-05-08 15:55:04 +02:00
Emil Engler
6540cbbc75
doc: add missing closing parenthesis in CURLINFO_SSL_VERIFYRESULT.3
Closes #5320
2020-05-02 12:03:20 +02:00
Emil Engler
42d8d9a7e8
GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT
Closes #5287
2020-04-30 14:40:54 +02:00
Daniel Stenberg
b7135f58f5
copyright updates: adjust year ranges 2020-04-26 23:59:22 +02:00
i-ky
b1b9692614
libcurl-multi.3: added missing full stop
Closes #5285
2020-04-23 13:57:53 +02:00
Bjorn Stenberg
2522903b79
mqtt: add new experimental protocol
Closes #5173
2020-04-14 13:03:40 +02:00
Daniel Stenberg
946a71a14f
CURLOPT_WRITEFUNCTION.3: add inline example and new see-also
Closes #5192
2020-04-07 00:07:49 +02:00
Daniel Stenberg
fef4334091
cleanup: correct copyright year range on a few files 2020-04-06 23:21:52 +02:00
Kwon-Young Choi
54ecc11cc4
CURLINFO_CONDITION_UNMET: return true for 304 http status code
In libcurl, CURLINFO_CONDITION_UNMET is used to avoid writing to the
output file if the server did not transfered a file based on time
condition. In the same manner, getting a 304 HTTP response back from the
server, for example after passing a custom If-Match-* header, also
fulfill this condition.

Fixes #5181
Closes #5183
2020-04-05 11:13:49 +02:00
Daniel Stenberg
93fafb93db
curl.h: remnove CURL_VERSION_ESNI. Never supported nor documented
Considered experimental and therefore we can do this.

Closes #5157
2020-03-29 23:28:49 +02:00
Daniel Stenberg
6de756c9b1
version: add 'cainfo' and 'capath' to version info struct
Suggested-by: Timothe Litt
URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
Reviewed-by: Jay Satiro

Closes #5150
2020-03-27 09:04:27 +01:00
Daniel Stenberg
9a8b3b3e13
copyright: fix out-of-date copyright ranges and missing headers
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.

Removed three (mostly usesless) README files from docs/

Closes #5141
2020-03-24 15:05:59 +01:00
Johannes Schindelin
5450428491 schannel: add "best effort" revocation check option
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
  --ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

	Unknown error (0x80092012) - The revocation function was unable
	to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981
2020-03-18 03:23:39 -04:00
Jay Satiro
a268ad5d7e multi: Improve parameter check for curl_multi_remove_handle
- If an easy handle is owned by a multi different from the one specified
  then return CURLM_BAD_EASY_HANDLE.

Prior to this change I assume user error could cause corruption.

Closes https://github.com/curl/curl/pull/5116
2020-03-18 02:58:42 -04:00
Daniel Stenberg
0845ecbb6d
docs: add warnings about FILE: URLs on Windows
- --url man page section
 - libcurl-security.3 gets the full text
 - CURLOPT_URL.3

Reported-by: Tim Sedlmeyer
2020-03-13 16:56:41 +01:00
Jay Satiro
485d4470d3 curl_share_setopt.3: Note sharing cookies doesn't enable the engine
Follow-up to d0a7ee3 which fixed a bug in 7.66.0 that caused
CURL_LOCK_DATA_COOKIE to enable the easy handle's cookie engine.

Bug: https://curl.haxx.se/mail/lib-2020-03/0019.html
Reported-by: Felipe Gasper

Closes https://github.com/curl/curl/pull/5048
2020-03-06 02:57:17 -05:00
Daniel Stenberg
52d302ed64
polarssl: remove more references and mentions
Assisted-by: Jay Satiro
Follow-up to 6357a19ff2
Closes #5036
2020-03-05 07:57:45 +01:00
Jay Satiro
256a29361f curl_escape.3: Add a link to curl_free
Ref: https://github.com/curl/curl/pull/5016#issuecomment-593628582
2020-03-02 18:16:24 -05:00
Jay Satiro
1722eb83b4 curl_getenv.3: Fix the memory handling description
- Tell the user to call curl_free() to free the pointer returned by
  curl_getenv().

Prior to this change the user was directed to call free(), but that
would not work in cases where the library and application use separate C
runtimes and therefore have separate heap memory management.

Closes https://github.com/curl/curl/pull/5016
2020-03-02 18:16:23 -05:00
Jonathan Cardoso Machado
5b46790f11
docs: fix typo on CURLINFO_RETRY_AFTER - alwaus -> always
Reviewed-by: Steve Holme
Closes #5005
2020-02-29 21:14:26 +00:00
Daniel Stenberg
d79ee4ae32
CURLOPT_REDIR_PROTOCOLS.3: update the DEFAULT section
to be in sync with the description above

Reported-by: Joonas Kuorilehto
Fixes #4943
Closes #4945
2020-02-18 09:19:39 +01:00
Jay Satiro
03564deba2 CURLINFO_COOKIELIST.3: Fix example
Prior to this change the example would try to import cookies from stdin,
which wasn't what was intended.

Reported-by: 3dyd@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4930
2020-02-15 18:17:31 -05:00
Daniel Stenberg
8957e6e4ed
CURLOPT_ALTSVC_CTRL.3: fix the DEFAULT wording
Assisted-by: Jay Satiro
Reported-by: Craig Andrews
Fixes #4909
Closes #4910
2020-02-11 22:37:02 +01:00
Daniel Stenberg
02f8de6516
altsvc: keep a copy of the file name to survive handle reset
The alt-svc cache survives a call to curl_easy_reset fine, but the file
name to use for saving the cache was cleared. Now the alt-svc cache has
a copy of the file name to survive handle resets.

Added test 1908 to verify.

Reported-by: Craig Andrews
Fixes #4898
Closes #4902
2020-02-09 22:41:49 +01:00
Daniel Stenberg
8b7fff3311
location.d: the method change is from POST to GET only
Not from generic non-GET to GET.

Reported-by: Andrius Merkys
Ref: #4859
Closes #4861
2020-01-28 12:58:33 +01:00
Daniel Stenberg
8bd863f97b
curl.h: define CURL_WIN32 on windows
... so that the subsequent logic below can use a single known define to know
when built on Windows (as we don't define WIN32 anymore).

Follow-up to 1adebe7886

Reported-by: crazydef on github
Assisted-by: Marcel Raad
Fixes #4854
Closes #4855
2020-01-27 13:02:28 +01:00
Daniel Stenberg
1ad49feb71
global_init: assume the EINTR bit by default
- Removed from global_init since it isn't thread-safe. The symbol will
  still remain to not break compiles, it just won't have any effect going
  forward.

- make the internals NOT loop on EINTR (the opposite from previously).
  It only risks returning from the select/poll/wait functions early, and that
  should be risk-free.

Closes #4840
2020-01-26 18:27:18 +01:00
Jay Satiro
5e2ad2d015 CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3
- Copy CURLOPT_SSL_OPTIONS.3 description to CURLOPT_PROXY_SSL_OPTIONS.3.

Prior to this change CURLSSLOPT_NO_PARTIALCHAIN was missing from the
CURLOPT_PROXY_SSL_OPTIONS description.
2020-01-23 02:51:52 -05:00
Pavel Volgarev
4a4609bf3c
smtp: Allow RCPT TO command to fail for some recipients
Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.

Verified with the new tests 3002-3007

Closes #4816
2020-01-21 10:40:19 +01:00
加藤郁之
7ff9222ced
HTTP: increase EXPECT_100_THRESHOLD to 1Mb
Mentioned: https://curl.haxx.se/mail/lib-2020-01/0050.html

Closes #4814
2020-01-20 08:33:44 +01:00
Daniel Stenberg
9d1a0922b7
HTTP-COOKIES.md: describe the cookie file format
... and refer to that file from from CURLOPT_COOKIEFILE.3 and
CURLOPT_COOKIELIST.3

Assisted-by: Jay Satiro
Reported-by: bsammon on github
Fixes #4805
Closes #4806
2020-01-13 23:18:32 +01:00
Emil Engler
cbb5429001 ngtcp2: Add an error code for QUIC connection errors
- Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection
  errors.

Prior to this change CURLE_FAILED_INIT was used, but that was not
correct.

Closes https://github.com/curl/curl/pull/4754
2020-01-11 18:19:32 -05:00
Jay Satiro
b700662b1c multi: Change curl_multi_wait/poll to error on negative timeout
- Add new error CURLM_BAD_FUNCTION_ARGUMENT and return that error when
  curl_multi_wait/poll is passed timeout param < 0.

Prior to this change passing a negative value to curl_multi_wait/poll
such as -1 could cause the function to wait forever.

Reported-by: hamstergene@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4763

Closes https://github.com/curl/curl/pull/4765
2020-01-11 18:16:28 -05:00
Daniel Stenberg
920deff861
include: remove non-curl prefixed defines
...requires some rearranging of the setup of CURLOPT_ and CURLMOPT_
enums.
2020-01-09 22:57:33 +01:00
Jay Satiro
aeb32d059b CURLOPT_READFUNCTION.3: fix fopen params in example 2020-01-06 03:09:53 -05:00
Jay Satiro
e9dd17b754 CURLOPT_READFUNCTION.3: fix variable name in example
Reported-by: Paul Joyce

Fixes https://github.com/curl/curl/issues/4787
2020-01-06 03:01:33 -05:00
Daniel Stenberg
2150c4b5d3
docs: mention CURL_MAX_INPUT_LENGTH restrictions
... for curl_easy_setopt() and curl_url_set().

[skip ci]

Closes #4783
2020-01-05 17:06:47 +01:00
Jay Satiro
97934a2f71 CURLOPT_HEADERFUNCTION.3: Document that size is always 1
For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback
is passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.

This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.

Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.

Reported-by: Frank Gevaerts
Commit-message-by: Christopher Head

Ref: https://github.com/curl/curl/pull/2787

Fixes https://github.com/curl/curl/issues/4758
2019-12-26 02:26:08 -05:00
Jay Satiro
c1592cc92b CURLOPT_QUOTE.3: fix typos
Prior to this change the EXAMPLE in the QUOTE/PREQUOTE/POSTQUOTE man
pages would not compile because a variable name was incorrect.

Reported-by: Bylon2@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4736
2019-12-18 15:21:58 -05:00
Daniel Stenberg
14f8b6e69e
CURLOPT_URL.3: "curl supports SMB version 1 (only)"
[skip ci]
2019-12-18 10:14:18 +01:00
Daniel Stenberg
4147d58aee
docs: TLS SRP doesn't work with TLS 1.3
Reported-by: sayrer on github
Closes #4262
[skip ci]
2019-12-16 16:03:22 +01:00
Daniel Stenberg
2ebce6b060
CURLOPT_VERBOSE.3: see also ERRORBUFFER 2019-12-04 09:30:57 +01:00
Daniel Stenberg
564d88a8bd
openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains
Closes #4655
2019-12-03 16:28:50 +01:00