1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-13 13:05:03 -05:00
Commit Graph

5013 Commits

Author SHA1 Message Date
Daniel Stenberg
8a964cb217
curl: add --fail-with-body
Prevent both --fail and --fail-with-body on the same command line.

Verify with test 349, 360 and 361.

Closes #6449
2021-02-11 08:35:27 +01:00
Daniel Stenberg
c386a0df44
TODO: remove HSTS
Provided now since commit 7385610d0c
2021-02-10 22:54:33 +01:00
Jay Satiro
41863a94b5 create-file-mode.d: add missing Arg tag
Prior to this change the required argument was not shown.

curl.1 before: --create-file-mode
curl.1 after: --create-file-mode <mode>

Reported-by: ZimCodes@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/6590
2021-02-10 13:57:40 -05:00
Viktor Szakats
2dfe3d7093
Makefile.m32: add support for libgsasl dependency
Reviewed-by: Marcel Raad
Closes #6586
2021-02-10 18:48:29 +00:00
Jacob Hoffman-Andrews
246399a874
vtls: initial implementation of rustls backend
This adds a new TLS backend, rustls. It uses the C-to-rustls bindings
from https://github.com/abetterinternet/crustls.

Rustls is at https://github.com/ctz/rustls/.

There is still a fair bit to be done, like sending CloseNotify on
connection shutdown, respecting CAPATH, and properly indicating features
like "supports TLS 1.3 ciphersuites." But it works well enough to make
requests and receive responses.

Blog post for context:
https://www.abetterinternet.org/post/memory-safe-curl/

Closes #6350
2021-02-09 11:06:18 +01:00
Jay Satiro
65ca229461 tool_writeout: refactor write-out and write-out json
- Deduplicate the logic used by write-out and write-out json.

Rather than have separate writeLong, writeString, etc, logic for
each of write-out and write-out json instead have respective shared
functions that can output either format and a 'use_json' parameter to
indicate whether it is json that is output.

This will make it easier to maintain. Rather than have to go through
two sets of logic now we only have to go through one.

- Support write-out %{errormsg} and %{exitcode} in json.

- Clarify in the doc that %{exitcode} is the exit code of the transfer.

Prior to this change it just said "The numerical exitcode" which
implies it's the exit code of the tool, and it's not necessarily that.

Closes https://github.com/curl/curl/pull/6544
2021-02-09 02:48:27 -05:00
Daniel Stenberg
ff9ec4e4a0
CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
... so passed in commands may confuse libcurl's knowledge of state.

Reported-by: Bodo Bergmann
Fixes #6577
Closes #6580
2021-02-08 22:35:50 +01:00
Daniel Stenberg
8a644f3355
RELEASE-PROCEDURE: remove old release dates, add new 2021-02-08 14:04:05 +01:00
Daniel Stenberg
82551c1308
docs/SSL-PROBLEMS: enhanced
Elaborate on the intermediate cert issue, and mention that anything
below TLS 1.2 is generally considered insecure these days.

Closes #6572
2021-02-05 23:56:47 +01:00
Daniel Stenberg
666743a204
THANKS: remove a Jon Rumsey dupe 2021-02-05 13:43:26 +01:00
nimaje
373c9155a0 docs: fix FILE example url in --metalink documentation
In a url after <scheme>:// follows the possibly empty authority part
till the next /, so that url missed a /.

Closes #6573
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2021-02-05 13:34:12 +01:00
Daniel Stenberg
62d91e0078
mailmap: Jon Rumsey 2021-02-05 08:46:11 +01:00
Daniel Stenberg
a030c59c6d
BUG-BOUNTY: removed the cooperation mention 2021-02-03 14:24:25 +01:00
Daniel Stenberg
0397557624
THANKS: added contributors from 7.75.0 2021-02-03 08:02:36 +01:00
Daniel Stenberg
fc9dd2d198
TODO: remove items for next SONAME bump etc
We want to avoid that completely, so we don't plan for things after such
an event.
2021-02-02 08:46:37 +01:00
Alessandro Ghedini
e58560bdaf travis: enable quiche's FFI feature 2021-02-01 13:13:12 +00:00
Dmitry Wagin
796ce293de
http: improve AWS HTTP v4 Signature auth
- Add support services without region and service prefixes in
the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
by providing region and service parameters via aws-sigv4 option.
- Add [:region[:service]] suffix to aws-sigv4 option;
- Fix memory allocation errors.
- Refactor memory management.
- Use Curl_http_method instead() STRING_CUSTOMREQUEST.
- Refactor canonical headers generating.
- Remove repeated sha256_to_hex() usage.
- Add some docs fixes.
- Add some codestyle fixes.
- Add overloaded strndup() for debug - curl_dbg_strndup().
- Update tests.

Closes #6524
2021-01-30 23:48:22 +01:00
Daniel Stenberg
36ef64841d
KNOWN_BUGS: cmake: ExternalProject_Add does not set CURL_CA_PATH
Closes #6313
2021-01-28 09:27:41 +01:00
Daniel Stenberg
ded1d9c843
KNOWN_BUGS: Multi perform hangs waiting for threaded resolver
Closes #4852
2021-01-28 09:22:51 +01:00
Daniel Stenberg
4615f8440e
KNOWN_BUGS: "pulseUI VPN client" is known to be buggy
First entry in the new section "applications" for known problems in
libcurl using applications.

Closes #6306
2021-01-28 08:25:36 +01:00
Daniel Stenberg
46f4736356
INSTALL.md: fix typo
Found-by: Marcel Raad
2021-01-20 22:45:12 +01:00
Daniel Stenberg
89918c424c
INSTALL: now at 85 operating systems 2021-01-20 14:58:05 +01:00
Emil Engler
0d26ab9ed3
docs: fix typos in NEW-PROTOCOL.md
This fixes a misspelled "it" and a grammatically wrong "-ing" suffix.

Closes #6471
2021-01-17 12:56:03 +01:00
Daniel Stenberg
ec8dcd7b33
CURLINFO_PRETRANSFER_TIME.3: clarify
... the timer *does* include the instructions for getting the remote
file.

Ref: #6452
Closes #6453
2021-01-14 23:15:07 +01:00
Daniel Stenberg
ac1f1b77a8
ROADMAP: refreshed
o removed HSTS - already implemented
o added HTTPS RR records
o mention HTTP/3 completion
2021-01-14 09:49:17 +01:00
Daniel Stenberg
33993d45fe
gen.pl: fix perl syntax
Follow-up to 324cf1d2e
2021-01-12 08:12:41 +01:00
Emil Engler
324cf1d2ee
docs: fix line length bug in gen.pl
The script warns if the length of $opt and $desc is > 78. However, these
two variables are on totally separate lines so the check makes no sense.
Also the $bitmask field is totally forgotten. Currently this leads to
two warnings within `--resolve` and `--aws-sigv4`.

Closes #6438
2021-01-12 08:06:54 +01:00
Emil Engler
efa5b16d38
docs: fix wrong documentation in help.d
curl does not list all categories when you invoke "--help" without any
parameters.

Closes #6436
2021-01-12 00:08:55 +01:00
Daniel Stenberg
90aad9cb1f
aws-sigv4.d: polish the wording
Make it shorter and imperative form

Closes #6439
2021-01-12 00:07:52 +01:00
Fabian Keil
4f61fd87b2
misc: fix typos
Bug: https://curl.se/mail/lib-2021-01/0063.html
Closes #6434
2021-01-11 15:12:25 +01:00
Daniel Stenberg
d336ac33c1
HYPER: no longer needs the special branch 2021-01-08 23:54:22 +01:00
Daniel Stenberg
a56f263cdc
TODO: Directory listing for FILE:
Ref #6379
2021-01-07 16:17:13 +01:00
Daniel Stenberg
f52c6981c5
curl.h: add CURLPROTO_GOPHERS as own protocol identifier
Follow-up to a1f06f32b8, to make sure it can be handled separately
from plain gopher.

Closes #6418
2021-01-06 15:23:41 +01:00
Daniel Stenberg
5808144f3c
travis: adapt to Hyper build change
Closes #6419
2021-01-06 15:09:20 +01:00
Daniel Stenberg
eacfe36991
KNOWN_BUGS: fixed "wolfSSL lacks support for renegotiation"
Fixed by #6411
2021-01-05 10:08:06 +01:00
Daniel Stenberg
bcce220367
http_proxy: make CONNECT work with the Hyper backend
Makes test 80 run

Closes #6406
2021-01-05 09:37:08 +01:00
Daniel Stenberg
e269785cf1
TODO: --fail-with-body perchance? 2021-01-05 09:36:10 +01:00
Daniel Stenberg
36b36ce988
HISTORY: added dates to early history
Mostly thanks to this archived web page for urlget:

https://web.archive.org/web/19980216125115/http://www.inf.ufrgs.br/~sagula/urlget.html
2021-01-03 16:27:51 +01:00
Emil Engler
725ec470e2
language: s/behaviour/behavior/g
We currently use both spellings the british "behaviour" and the american
"behavior". However "behavior" is more used in the project so I think
it's worth dropping the british name.

Closes #6395
2021-01-02 23:35:59 +01:00
Daniel Stenberg
aa71750687
cmdline-opts/retry.d: mention response code 429 as well
Reported-by: Cherish98
Bug: https://curl.se/mail/archive-2020-12/0018.html
2021-01-02 11:51:55 +01:00
Daniel Stenberg
9e4b7aa769
docs/HYPER.md: mention outstanding issues
To make it more obvious to users what doesn't work (yet)

Closes #6389
2021-01-02 11:42:27 +01:00
Daniel Stenberg
2855997a95
examples/curlgtk.c: fix the copyright year range
... and make private functions static.
2020-12-30 22:37:44 +01:00
Olaf Hering
f2ed79d8ee
docs/examples: adjust prototypes for CURLOPT_READFUNCTION
The type of the buffer in curl_read_callback is 'char *', not 'void *'.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Closes #6392
2020-12-30 22:20:24 +01:00
Daniel Stenberg
0a5b8af777
examples: fix more empty expression statement has no effect
Follow-up to 26e46617b9
2020-12-30 22:19:05 +01:00
Daniel Stenberg
a6d20b89db
cleanup: fix two empty expression statement has no effect
Follow-up to 26e46617b9
2020-12-30 16:58:19 +01:00
Paul Groke
8324dc8b1a
dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries
Extend the syntax of CURLOPT_RESOLVE strings: allow using a '+' prefix
(similar to the existing '-' prefix for removing entries) to add
DNS cache entries that will time out just like entries that are added
by libcurl itself.

Append " (non-permanent)" to info log message in case a non-permanent
entry is added.

Adjust relevant comments to reflect the new behavior.

Adjust documentation.

Extend unit1607 to test the new functionality.

Closes #6294
2020-12-29 17:49:36 +01:00
Denis Laxalde
dc7bd62c67
docs: remove redundant "better" in --fail help
Closes #6385
2020-12-29 17:08:41 +01:00
Kevin Ushey
0be8818f6e
curl.1: fix typo microsft -> microsoft
Closes #6380
2020-12-27 11:07:46 +01:00
XhmikosR
aadc75626b
misc: assorted typo fixes
Closes #6375
2020-12-26 23:54:25 +01:00
Daniel Stenberg
ec424f311a
KNOWN_BUGS: 6.10 curl never completes Negotiate over HTTP
Closes #5235
Closes #6370
2020-12-26 16:11:17 +01:00
Daniel Stenberg
a66df02864
INSTALL: update the list known OSes and CPU archs curl has run on
Closes #6366
2020-12-25 16:06:49 +01:00
Daniel Stenberg
64e6e54f4b
curl_easy_pause.3: add multiplexed pause effects
and generally refresh and update. Remove details for ancient versions.

Reviewed-by: Jay Satiro
Closes #6360
2020-12-22 23:08:03 +01:00
Jay Satiro
f0ba3d5e1b curl_easy_pause.3: fix man page reference
Follow-up to ac9a724 from earlier today.

Ref: https://github.com/curl/curl/pull/6359
2020-12-22 16:51:19 -05:00
Daniel Stenberg
4d1a620891
EXPERIMENTAL: add the Hyper backend to the list
... of current experimental features in curl.
2020-12-22 17:17:59 +01:00
Daniel Stenberg
ac9a7245fc
speedcheck: exclude paused transfers
Paused transfers should not be stopped due to slow speed even when
CURLOPT_LOW_SPEED_LIMIT is set. Additionally, the slow speed timer is
now reset when the transfer is unpaused - as otherwise it would easily
just trigger immediately after unpausing.

Reported-by: Harry Sintonen
Fixes #6358
Closes #6359
2020-12-22 13:51:07 +01:00
Daniel Stenberg
44c5e3901c
cmdline-opts/gen.pl: return hard on errors
... as the warnings tend to go unnoticed otherwise!

Closes #6354
2020-12-21 22:39:26 +01:00
Daniel Stenberg
a93c647de8
examples/libtest: add .checksrc to dist
... so that (auto)builds from tarballs also get the correct instructions.

Fixes #6176
Closes #6353
2020-12-21 17:06:06 +01:00
Daniel Stenberg
7a90ddf88f
curl: add variables to --write-out
In particular, these ones can help a user to create its own error
message when one or transfers fail.

writeout: add 'onerror', 'url', 'urlnum', 'exitcode', 'errormsg'

onerror - lets a user only show the rest on non-zero exit codes

url - the input URL used for this transfer

urlnum - the numerical URL counter (0 indexed) for this transfer

exitcode - the numerical exit code for the transfer

errormsg - obvious

Reported-by: Earnestly on github
Fixes #6199
Closes #6207
2020-12-21 16:38:48 +01:00
Matthias Gatto
e2b2afbeea
docs: add AWS HTTP v4 Signature 2020-12-21 16:28:03 +01:00
Matthias Gatto
08e8455ddd
http: introduce AWS HTTP v4 Signature
It is a security process for HTTP.

It doesn't seems to be standard, but it is used by some cloud providers.

Aws:
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Outscale:
https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request
GCP (I didn't test that this code work with GCP though):
https://cloud.google.com/storage/docs/access-control/signing-urls-manually

most of the code is in lib/http_v4_signature.c

Information require by the algorithm:
- The URL
- Current time
-  some prefix that are append to some of the signature parameters.

The data extracted from the URL are: the URI, the region,
the host and the API type

example:
https://api.eu-west-2.outscale.com/api/latest/ReadNets
        ~~~ ~~~~~~~~               ~~~~~~~~~~~~~~~~~~~
        ^       ^                          ^
       /         \                        URI
   API type     region

Small description of the algorithm:
- make canonical header using content type, the host, and the date
- hash the post data
- make canonical_request using custom request, the URI,
  the get data, the canonical header, the signed header
  and post data hash
- hash canonical_request
- make str_to_sign using one of the prefix pass in parameter,
  the date, the credential scope and the canonical_request hash
- compute hmac from date, using secret key as key.
- compute hmac from region, using above hmac as key
- compute hmac from api_type, using above hmac as key
- compute hmac from request_type, using above hmac as key
- compute hmac from str_to_sign using above hmac as key
- create Authorization header using above hmac, prefix pass in parameter,
  the date, and above hash

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>

Closes #5703
2020-12-21 16:27:50 +01:00
Daniel Stenberg
a7696c7343
curl: add --create-file-mode [mode]
This option sets the (octal) mode to use for the remote file when one is
created, using the SFTP, SCP or FILE protocols. When not set, the
default is 0644.

Closes #6244
2020-12-21 10:52:41 +01:00
Daniel Stenberg
6e2392f177
KNOWN_BUGS: Remote recursive folder creation with SFTP
Closes #5204
2020-12-20 22:49:59 +01:00
Jay Satiro
4cc115a85b KNOWN_BUGS: Secure Transport disabling hostname validation also disables SNI
That behavior is a limitation of Apple's Secure Transport.

Reported-by: Cory Benfield
Reported-by: Ian Spence
Confirmed-by: Nick Zitzmann

Ref: https://github.com/curl/curl/issues/998

Closes https://github.com/curl/curl/issues/6347
Closes https://github.com/curl/curl/pull/6348
2020-12-20 15:58:26 -05:00
Daniel Stenberg
ccbdbe13c4
TODO: alt-svc should fallback if alt-svc doesn't work
Closes #4908
2020-12-18 23:39:22 +01:00
Daniel Stenberg
9211cb2034
version: include hyper version 2020-12-18 09:58:03 +01:00
Daniel Stenberg
8a113ba93c
docs: add HYPER.md 2020-12-18 09:58:03 +01:00
Daniel Stenberg
f25112074d
TODO: Prevent terminal injection when writing to terminal
Closes #6150
2020-12-16 23:38:20 +01:00
Daniel Stenberg
1451f4d2e1
examples: remove superfluous asterisk uses
... for function pointers. Breaks in ancient compilers.
2020-12-16 09:24:16 +01:00
Daniel Stenberg
98b6aa14d9
URL-SYNTAX: add gophers details 2020-12-15 12:58:19 +01:00
Daniel Stenberg
be8c94da78
TODO: Package curl for Windows in a signed installer
Closes #5424
2020-12-15 12:02:14 +01:00
Daniel Stenberg
c4d88f89a9
BUG-BOUNTY: minor language update
... and remove the wording about entries from before 2019 as the "within
12 months" is still there and covers that.

Closes #6318
2020-12-15 08:57:07 +01:00
Jay Satiro
9f85b986a9 KNOWN_BUGS: SHA-256 digest not supported in Windows SSPI builds
Closes https://github.com/curl/curl/issues/6302
2020-12-14 01:08:15 -05:00
Daniel Stenberg
78af8b68cf
URL-SYNTAX: add default port numbers and IDNA details
Closes #6316
2020-12-13 23:20:36 +01:00
Daniel Stenberg
7ba2577988
URL-SYNTAX: mention how FILE:// access can access network on windows
Closes #6314
2020-12-13 12:24:57 +01:00
Jay Satiro
b90c23d580 URL-SYNTAX: Document default SMTP port 25
Note that ports 25 and 587 are common ports for smtp, the former being
the default.

Closes https://github.com/curl/curl/pull/6310
2020-12-12 19:09:42 -05:00
Daniel Stenberg
a0f0c7149f
CURLOPT_URL.3: remove scheme specific details
... that are now found in URL-SYNTAX.md

Closes #6307
2020-12-12 22:46:37 +01:00
Dan Fandrich
2a264d494e docs: Fix some typos
[skip ci]
2020-12-12 09:59:28 -08:00
Daniel Stenberg
c29db0303d
URL-SYNTAX: mention all supported schemes
Closes #6311
2020-12-12 16:37:16 +01:00
Douglas R. Reno
940d414980
URL-SYNTAX.md: minor language improvements
Closes #6308
2020-12-12 11:19:10 +01:00
Daniel Stenberg
ea0916d41b
docs/URL-SYNTAX: the URL syntax curl accepts and works with
Closes #6285
2020-12-11 23:57:46 +01:00
0xflotus
5253444090
docs: enable syntax highlighting in several docs files
... for better readability

Closes #6286
2020-12-11 18:06:41 +01:00
Daniel Stenberg
e052859759
RELEASE-NOTES: synced
for 7.74.0
2020-12-09 07:38:24 +01:00
Daniel Stenberg
0611fded46
VERSIONS: refreshed
We always use the patch number these days: all releases are
"major.minor.patch"
2020-12-07 13:23:04 +01:00
Daniel Stenberg
ec9cc725d5
ftp: CURLOPT_FTP_SKIP_PASV_IP by default
The command line tool also independently sets --ftp-skip-pasv-ip by
default.

Ten test cases updated to adapt the modified --libcurl output.

Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284

Reported-by: Varnavas Papaioannou
2020-12-07 08:38:05 +01:00
Daniel Stenberg
6703eb2f4c
SECURITY-PROCESS: disclose on hackerone
Once a vulnerability has been published, the hackerone issue should be
disclosed. For tranparency.

Closes #6275
2020-12-03 22:29:34 +01:00
Daniel Gustafsson
41b3b830f1 docs: fix typos and markup in ETag manpage sections
Reported-by: emanruse on github
Fixes #6273
2020-12-03 13:25:42 +01:00
Daniel Stenberg
221c9da9af
NEW-PROTOCOL: document what needs to be done to add one
Closes #6263
2020-12-01 10:18:46 +01:00
Daniel Stenberg
020aa0131b
docs/INTERNALS: remove reference to Curl_sendf()
The function has been removed from common usage. Also removed comment in
gopher.c that still referenced it.

Reported-by: Rikard Falkeborn
Fixes #6242
Closes #6243
2020-11-24 13:17:25 +01:00
Rikard Falkeborn
77b2f702c4
examples: update .gitignore
Add files that are generated by 'make examples' and remove some that
have been renamed.

The commits that renamed the programs are e9625c5bc6 (imap.c and
simplesmtp.c were renamed to imap-fetch.c and smtp-send.c) and
ad39e7ec01 (pop3slist.c and pop3s.c were renamed to pop3-list.c and
pop3-ssl.c).

Closes #6240
2020-11-23 23:09:33 +01:00
Daniel Stenberg
a95a6ce6b8
urldata: remove 'void *protop' and create the union 'p'
... to avoid the use of 'void *' for the protocol specific structs done
per transfer.

Closes #6238
2020-11-23 16:16:16 +01:00
Daiki Ueno
898fca27cd
http3: use the master branch of GnuTLS for testing
Closes #6235
2020-11-22 16:40:05 +01:00
Daniel Stenberg
7fa6d5e383
KNOWN_BUGS: curl with wolfSSL lacks support for renegotiation
Closes #5839
2020-11-22 00:06:24 +01:00
Daniel Stenberg
10818dc7cb
KNOWN_BUGS: wakeup socket disconnect causes havoc
Closes #6132
Closes #6133
2020-11-22 00:01:29 +01:00
Cristian Morales Vega
f21cc62832
cmake: make CURL_ZLIB a tri-state variable
By differentiating between ON and AUTO it can make a missing zlib
library a hard error when CURL_ZLIB=ON is used.

Reviewed-by: Jakub Zakrzewski
Closes #6221
Fixes #6173
2020-11-19 13:38:47 +01:00
Daniel Stenberg
33a0b7ad73
KNOWN_BUGS: cmake: libspsl is not supported
Closes #6214
2020-11-18 22:51:08 +01:00
Daniel Stenberg
bf9e14159c
KNOWN_BUGS: cmake autodetects cert paths when cross-compiling
Closes #6178
2020-11-18 22:51:08 +01:00
Daniel Stenberg
529423a270
KNOWN_BUGS: cmake build doesn't fail if zlib not found
Closes #6173
2020-11-18 22:51:08 +01:00
Daniel Stenberg
192099333b
KNOWN_BUGS: cmake libcurl.pc uses absolute library paths
Closes #6169
2020-11-18 22:51:08 +01:00
Daniel Stenberg
ad4b608263
KNOWN_BUGS: cmake: generated .pc file contains strange entries
Closes #6167
2020-11-18 22:51:08 +01:00
Daniel Stenberg
943cc00aad
KNOWN_BUGS: cmake uses -lpthread instead of Threads::Threads
Closes #6166
2020-11-18 22:51:08 +01:00