In some situations, it was possible that a transfer was setup to
use an specific IP version, but due do DNS caching or connection
reuse, it ended up using a different IP version from requested.
This commit changes the effect of CURLOPT_IPRESOLVE from simply
restricting address resolution to preventing the wrong connection
type being used, when choosing a connection from the pool, and
to restricting what addresses could be used when establishing
a new connection.
It is important that all addresses versions are resolved, even if
not used in that transfer in particular, because the result is
cached, and could be useful for a different transfer with a
different CURLOPT_IPRESOLVE setting.
Closes#6853
extra parens cause the links to be incorrectly formatted
and inconsistent with the rest of the document.
Signed-off-by: Ryan Beck-Buysse <rbuysse@gmail.com>
Closes#7097
We use dashes instead of dots nearly everywhere except for those few
cases. This commit addresses this issues and brings more coherency into
it.
Closes#7093
This adds the I/O prefix to indicate that those "actions" are kind-of
related to those found in select(2) or poll(2) (reading/writing).
It also adds a note where the prototypes of those functions can be found
in the source code.
Closes#7092
... or the cookies won't get sent. Push users to using the "Netscape"
format instead, which curl uses when saving a cookie "jar".
Reported-by: Martin Dorey
Reviewed-by: Daniel Gustafsson
Fixes#6723Closes#7077
It can't run on focal and causes warnings on bionic. Since the focal
failure started rather suddenly a while ago, we can suspect it might be
temporary.
Added "bring back the build" to the TODO document.
Fixes#7011Closes#7012
Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes,
but for the situations where a larger upload buffer has been set, this
function can benefit from sending more bytes. With default size used,
this does the same as before.
Also changed the storage of the size to an 'unsigned int' as it is not
allowed to be set larger than 2M.
Also added cautions to the man pages about changing buffer sizes in
run-time.
Closes#7022
These functions have existed in the API since the dawn of time. It is
about time we describe how they work, even if we discourage users from
using them.
Closes#7010
WHATWG URL has dictated the use of Nontransitional Processing (IDNA
2008) for several years now. Chrome (and derivatives) still use
Transitional Processing, but Firefox and Safari have both switched.
Also document the fact that winidn functions differently from libidn2
here.
Closes#7026
When a TLS server requests a client certificate during handshake and
none can be provided, libcurl now returns this new error code
CURLE_SSL_CLIENTCERT
Only supported by Secure Transport and OpenSSL for TLS 1.3 so far.
Closes#6721
wording taken from man page for CURLOPT_URL.3
As far as I can see, the URL part is either malloc'ed before due to
encoding or it is strdup'ed.
Closes#6953
configure no longer tries to find a TLS library by default, but all
libraries are now equal: the user needs to explicitly ask what TLS
library or libraries to use.
If no TLS library is selected, configure will error out unless
--without-ssl is explicitly used to request a built without TLS (as that
is very rare these days).
Removes: --with-winssl, --with-darwinssl and all --without-* options for
TLS libraries.
Closes#6897
- Disable auto credentials by default. This is a breaking change
for clients that are using it, wittingly or not.
- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
to automatically locate and use a client certificate for
authentication, when requested by the server.
- New curl tool options --ssl-auto-client-cert and
--proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.
This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.
Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn
Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard
Closes https://github.com/curl/curl/pull/6673
A struct bufref holds a buffer pointer, a data size and a destructor.
When freed or its contents are changed, the previous buffer is implicitly
released by the associated destructor. The data size, although not used
internally, allows binary data support.
A unit test checks its handling methods: test 1661
Closes#6654
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.
Closes#6773
Instead output a warning about it and continue with the defaults.
These SSL versions are typically not supported by the TLS libraries since a
long time back already since they are inherently insecure and broken. Asking
for them to be used will just cause an error to be returned slightly later.
In the unlikely event that a user's TLS library actually still supports these
protocol versions, this change might make the request a little less insecure.
Closes#6772
Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
the cookiejar from memory.
Reported-by: Stefan Karpinski
Fixes#6889Closes#6891
If event_del is called with the event struct (still) zeroed out, a
segmentation fault may occur. event_initialized checks whether the
event struct is nonzero.
Closes#6876
In ngtcp2 the `with-gnutls` option is disabled by default, which will
cause `curl` unable to be `make` because of lacking the libraries
needed.
Closes#6857
