1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 06:25:03 -05:00
Commit Graph

4541 Commits

Author SHA1 Message Date
Niklas Hambüchen
8dd041bf0a
docs: fix string suggesting HTTP/2 is not the default
Commit 25fd1057c9 made HTTP2 the default, and further down in the
man page that new default is mentioned, but the section at the top
contradicted it until now.

Also remove claim that setting the HTTP version is not sensible.

Closes #4075
2019-06-25 17:40:21 +02:00
Daniel Stenberg
1853c884ef
KNOWN_BUGS: Don't clear digest for single realm
Closes #3267
2019-06-24 23:26:59 +02:00
Daniel Stenberg
53cc6c79f1
KNOWN_BUGS: Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname
Closes #3284
2019-06-24 23:23:13 +02:00
Daniel Gustafsson
1862cacd03 CURLMOPT_SOCKETFUNCTION.3: fix typo 2019-06-24 14:19:13 +02:00
Daniel Stenberg
ae99b4de1c
typecheck: CURLOPT_CONNECT_TO takes an slist too
Additionally, add an alias in curl.h for slist-using options so that
we can grep/parse those out at will.

Closes #4042
2019-06-20 08:47:42 +02:00
Daniel Stenberg
9dd731c94e
quote.d: asterisk prefix works for SFTP as well
Reported-by: Ben Voris
Fixes #4017
Closes #4019
2019-06-13 08:48:46 +02:00
Daniel Stenberg
f0b7b106ff
CURLMOPT_SOCKETFUNCTION.3: clarified
Moved away the callback explanation from curl_multi_socket_action.3 and
expanded it somewhat.

Closes #4006
2019-06-10 13:07:32 +02:00
Daniel Stenberg
027c065f3c
CURLOPT_CAINFO.3: polished wording
Clarify the functionality when built to use Schannel and Secure
Transport and stop calling it the "recommended" or "preferred" way and
instead rather call it the default.

Removed the reference to the ssl comparison table as it isn't necessary.

Reported-by: Richard Alcock
Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html
Closes #4005
2019-06-10 12:43:46 +02:00
Daniel Stenberg
deb9462ff2
wolfssl: refer to it as wolfSSL only
Remove support for, references to and use of "cyaSSL" from the source
and docs. wolfSSL is the current name and there's no point in keeping
references to ancient history.

Assisted-by: Daniel Gustafsson

Closes #3903
2019-06-10 09:18:16 +02:00
Sorcus
fb2839db24
libcurl-tutorial.3: Fix small typo (mutipart -> multipart)
Fixed-by: MrSorcus on github
Closes #4000
2019-06-09 18:36:16 +02:00
Marcel Raad
e1f3aaea0c
examples/htmltitle: use C++ casts between pointer types
Compilers and static analyzers warn about using C-style casts here.

Closes https://github.com/curl/curl/pull/3975
2019-06-05 20:38:11 +02:00
Marcel Raad
992083b1ab
examples/fopen: fix comparison
As want is size_t, (file->buffer_pos - want) is unsigned, so checking
if it's less than zero makes no sense.
Check if file->buffer_pos is less than want instead to avoid the
unsigned integer wraparound.

Closes https://github.com/curl/curl/pull/3975
2019-06-05 20:38:08 +02:00
Marcel Raad
e23c52b329
build: fix Codacy warnings
Reduce variable scopes and remove redundant variable stores.

Closes https://github.com/curl/curl/pull/3975
2019-06-05 20:38:06 +02:00
Daniel Stenberg
fde3ae462a
THANKS: new contributors from 7.65.1 2019-06-04 22:33:57 +02:00
Daniel Stenberg
be527afad0
curl_share_setopt.3: improve wording [ci ship]
Reported-by: Carlos ORyan
2019-06-04 20:25:39 +02:00
Daniel Stenberg
8c88e8e623
TODO: "at least N milliseconds between requests" [ci skip]
Suggested-by: dkwolfe4 on github
Closes #3920
2019-06-03 22:55:48 +02:00
Daniel Stenberg
7e590b3ecd
tls13-docs: mention it is only for OpenSSL >= 1.1.1
Reported-by: Jay Satiro
Co-authored-by: Jay Satiro
Fixes #3938
Closes #3946
2019-06-02 16:15:45 +02:00
Daniel Stenberg
ca09d96574
dump-header.d: spell out that no headers == empty file [ci skip]
Reported-by: wesinator at github
Fixes #3964
Closes #3974
2019-06-01 10:42:00 +02:00
Hubert Kario
319ae9075e nss: allow to specify TLS 1.3 ciphers if supported by NSS
Closes #3916
2019-05-27 09:04:09 +02:00
Jay Satiro
db8ec1fa38
Revert all SASL authzid (new feature) commits
- Revert all commits related to the SASL authzid feature since the next
  release will be a patch release, 7.65.1.

Prior to this change CURLOPT_SASL_AUTHZID  / --sasl-authzid was destined
for the next release, assuming it would be a feature release 7.66.0.
However instead the next release will be a patch release, 7.65.1 and
will not contain any new features.

After the patch release after the reverted commits can be restored by
using cherry-pick:

git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690

Details for all reverted commits:

Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()."

This reverts commit 0edf6907ae.

Revert "tests: Fix the line endings for the SASL alt-auth tests"

This reverts commit c2a8d52a13.

Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples"

This reverts commit 8c1cc369d0.

Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool"

This reverts commit a9499ff136.

Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID"

This reverts commit a14d72ca2f.
2019-05-25 23:36:11 +02:00
dbrowndan
84086b39c1
FAQ: more minor updates and spelling fixes
Closes #3937
2019-05-25 23:33:53 +02:00
Steve Holme
8c1cc369d0
examples: Added SASL PLAIN authorisation identity (authzid) examples 2019-05-22 22:55:17 +01:00
Steve Holme
a9499ff136
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool 2019-05-22 22:55:11 +01:00
Steve Holme
a14d72ca2f
sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.

Fixed #3653
Closes #3790
2019-05-22 22:55:05 +01:00
Marcel Raad
159ea554af
examples: fix "clarify calculation precedence" warnings
Closes https://github.com/curl/curl/pull/3919
2019-05-22 10:06:33 +02:00
Marcel Raad
acb097ca7f
hiperfifo: remove unused variable
Closes https://github.com/curl/curl/pull/3919
2019-05-22 10:06:29 +02:00
Marcel Raad
f91baf842a
examples: remove dead variable stores
Closes https://github.com/curl/curl/pull/3919
2019-05-22 10:06:25 +02:00
Marcel Raad
10b7067eb7
examples: reduce variable scopes
Closes https://github.com/curl/curl/pull/3919
2019-05-22 10:06:21 +02:00
Marcel Raad
918987a844
http2-download: fix format specifier
Closes https://github.com/curl/curl/pull/3919
2019-05-22 10:06:17 +02:00
Daniel Stenberg
269f7df0ae
PolarSSL: deprecate support step 1. Removed from configure.
Also removed mentions from most docs.

Discussed: https://curl.haxx.se/mail/lib-2019-05/0045.html

Closes #3888
2019-05-22 10:00:56 +02:00
Daniel Stenberg
adea6eddba
THANKS: from the 7.65.0 release-notes 2019-05-22 07:48:44 +02:00
Marcel Raad
b069815a7a
examples: remove unused variables
Fixes Codacy/CppCheck warnings.

Closes
2019-05-21 09:47:03 +02:00
Viktor Szakats
f3e0f071b1 docs: Markdown and misc improvements [ci skip]
Approved-by: Daniel Stenberg
Closes #3896
2019-05-16 22:11:27 +00:00
Viktor Szakats
196ae60402 docs/RELEASE-PROCEDURE: link to live iCalendar [ci skip]
Ref: 0af41b40b2 (commitcomment-33563135)
Approved-by: Daniel Stenberg
Closes #3895
2019-05-16 18:56:42 +00:00
Daniel Stenberg
8ece8177f1
cleanup: remove FIXME and TODO comments
They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.

Ref: #3876
Closes #3883
2019-05-16 09:16:56 +02:00
Daniel Stenberg
0af41b40b2
docs/RELEASE-PROCEDURE: updated coming releases dates [ci skip] 2019-05-15 13:56:19 +02:00
Daniel Stenberg
f778c356a8
CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [ci skip]
Reported-by: Roy Bellingan
Bug: #3885
2019-05-15 12:05:49 +02:00
Daniel Stenberg
6123d718aa
CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [ci skip]
Clues-provided-by: Jay Satiro
Clues-provided-by: Jeroen Ooms
Fixes #3711
Closes #3874
2019-05-14 08:19:58 +02:00
Jay Satiro
4d8461ae8a
docs/INSTALL: fix broken link [ci skip]
Reported-by: Joombalaya on github
Fixes #3818
2019-05-12 16:15:14 +02:00
Daniel Stenberg
b4988286a9
SECURITY-PROCESS: fix links [ci skip] 2019-05-11 17:50:37 +02:00
Daniel Stenberg
12d655d456
doh: disable DOH for the cases it doesn't work
Due to limitations in Curl_resolver_wait_resolv(), it doesn't work for
DOH resolves. This fix disables DOH for those.

Limitation added to KNOWN_BUGS.

Fixes #3850
Closes #3857
2019-05-11 11:38:58 +02:00
Daniel Stenberg
a07f376861
BUG-BOUNTY: minor formatting fixes [ci skip] 2019-05-09 23:30:26 +02:00
Daniel Stenberg
489a4be12a
BUG-BOUNTY.md: add the Dropbox "bonus" extra payout ability [ci skip]
Closes #3839
2019-05-09 10:03:47 +02:00
Daniel Stenberg
2d0e9b40d3
urlapi: add CURLUPART_ZONEID to set and get
The zoneid can be used with IPv6 numerical addresses.

Updated test 1560 to verify.

Closes #3834
2019-05-05 15:52:46 +02:00
Daniel Stenberg
139202bb68
CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [ci skip]
Reported-by: Ricardo Gomes

Bug: #3537
Closes #3836
2019-05-03 23:21:07 +02:00
Daniel Stenberg
28f38da506
CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
The time field in the curl_fileinfo struct will always be zero. No code
was ever implemented to actually convert the date string to a time_t.

Fixes #3829
Closes #3835
2019-05-03 23:19:56 +02:00
Daniel Stenberg
bdb2dbc103
urlapi: strip off scope id from numerical IPv6 addresses
... to make the host name "usable". Store the scope id and put it back
when extracting a URL out of it.

Also makes curl_url_set() syntax check CURLUPART_HOST.

Fixes #3817
Closes #3822
2019-05-03 12:17:22 +02:00
Reed Loden
361f9957cb
docs: minor polish to the bug bounty / security docs
Closes #3811
2019-04-29 08:09:10 +02:00
Daniel Gustafsson
7794cacf7e INTERNALS: fix misindentation of ToC item
Kerberos was incorrectly indented as a subsection under FTP, which is
incorrect as they are both top level sections. A fix for this was first
attempted in commit fef38a0898 but that
was a few paddles short of being complete.
2019-04-23 13:11:19 +02:00
Aron Bergman
c3666e431f INTERNALS: Add structs to ToC
Add the subsections under "Structs in libcurl" to the table of contents.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-04-23 13:10:32 +02:00
Aron Bergman
927ee2cc60 INTERNALS: Add code highlighting
Make all struct members under the Curl_handler section
print in monospace font.

Closes #3801
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-04-23 13:09:35 +02:00
Daniel Stenberg
10e4dd6a7b
docs/BUG-BOUNTY: bug bounty time [skip ci]
Introducing the curl bug bounty program on hackerone. We now recommend
filing security issues directly in the hackerone ticket system which
only is readable to curl security team members.

Assisted-by: Daniel Gustafsson

Closes #3488
2019-04-22 17:19:19 +02:00
Daniel Stenberg
e649432e72
CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
... and disconnect too old ones instead of trying to reuse.

Default max age is set to 118 seconds.

Ref: #3722
Closes #3782
2019-04-21 23:06:23 +02:00
Jay Satiro
d69ffec9d8 TODO: Add issue link to an existing entry 2019-04-16 15:45:41 -04:00
Jay Satiro
538db66fe2 tool_help: Warn if curl and libcurl versions do not match
.. because functionality may be affected if the versions differ.

This commit implements TODO 18.7 "warning if curl version is not in sync
with libcurl version".

Ref: https://github.com/curl/curl/blob/curl-7_64_1/docs/TODO#L1028-L1033

Closes https://github.com/curl/curl/pull/3774
2019-04-16 03:09:42 -04:00
tmilburn
c3e38a4250
CURLOPT_ADDRESS_SCOPE: fix range check and more
Commit 9081014 fixed most of the confusing issues between scope id and
scope however 844896d added bad limits checking assuming that the scope
is being set and not the scope id.

I have fixed the documentation so it all refers to scope ids.

In addition Curl_if2ip refered to the scope id as remote_scope_id which
is incorrect, so I renamed it to local_scope_id.

Adjusted-by: Daniel Stenberg

Closes #3655
Closes #3765
Fixes #3713
2019-04-13 11:18:55 +02:00
Daniel Stenberg
d715d2ac89
urlapi: stricter CURLUPART_PORT parsing
Only allow well formed decimal numbers in the input.

Document that the number MUST be between 1 and 65535.

Add tests to test 1560 to verify the above.

Ref: https://github.com/curl/curl/issues/3753
Closes #3762
2019-04-13 11:17:30 +02:00
Daniel Stenberg
f73de32d46
CURLOPT_DNS_USE_GLOBAL_CACHE: remove
Remove the code too. The functionality has been disabled in code since
7.62.0. Setting this option will from now on simply be ignored and have
no function.

Closes #3654
2019-04-11 22:22:39 +02:00
Daniel Stenberg
20b8df1096
curl_easy_getinfo.3: fix minor formatting mistake 2019-04-11 16:06:40 +02:00
Daniel Stenberg
ebb2ebe18b
config.d: clarify that initial : and = might need quoting [skip ci]
Fixes #3738
Closes #3749
2019-04-08 21:57:22 +02:00
Daniel Stenberg
2f44e94efb
pipelining: removed
As previously planned and documented in DEPRECATE.md, all pipelining
code is removed.

Closes #3651
2019-04-06 22:49:50 +02:00
cclauss
aba1c51553
tests: make Impacket (SMB server) Python 3 compatible
Closes #3731
Fixes #3289
2019-04-06 22:29:57 +02:00
Tim Rühsen
7b758e9835 documentation: Fix several typos
Closes #3724
Reviewed-by: Jakub Zakrzewski
Reviewed-by: Daniel Gustafsson
2019-04-03 22:06:06 +02:00
Daniel Stenberg
521bbbe299
RELEASE: 7.64.1 2019-03-27 07:53:33 +01:00
Jay Satiro
2bcdf722b8 CURLMOPT_PIPELINING.3: fix typo 2019-03-25 17:12:19 -04:00
Daniel Stenberg
401810434c
TODO: config file parsing
Closes #3698
2019-03-25 22:03:00 +01:00
Daniel Stenberg
7c46691178
curl_url.3: this is not experimental anymore 2019-03-22 18:33:06 +01:00
Daniel Stenberg
5cf5d57ab9
makefile: make checksrc and hugefile commands "silent"
... to match the style already used for compiling, linking
etc. Acknowledges 'make V=1' to enable verbose.

Closes #3681
2019-03-14 20:11:24 +01:00
Daniel Stenberg
2af732f364
curl.1: --user and --proxy-user are hidden from ps output
Suggested-by: Eric Curtin
Improved-by: Dan Fandrich
Ref: #3680

Closes #3683
2019-03-14 20:09:41 +01:00
Daniel Stenberg
05a131eb77
curl.1: mark the argument to --cookie as <data|filename>
From a discussion in #3676

Suggested-by: Tim Rühsen

Closes #3682
2019-03-14 17:25:40 +01:00
Andre Guibert de Bruet
57c7076793 examples/externalsocket: add missing close socket calls
.. and for Windows also call WSACleanup since we call WSAStartup.

The example is to demonstrate handling the socket independently of
libcurl. In this case libcurl is not responsible for creating, opening
or closing the socket, it is handled by the application (our example).

Fixes https://github.com/curl/curl/pull/3663
2019-03-11 23:02:54 -04:00
Daniel Stenberg
50afa478e1
cmdline-opts/proxytunnel.d: the option tunnnels all protocols
Clarify the language and simplify.

Reported-by: Daniel Lublin
Closes #3658
2019-03-08 23:19:11 +01:00
Daniel Stenberg
5114f82331
KNOWN_BUGS: Client cert (MTLS) issues with Schannel
Closes #3145
2019-03-07 13:14:51 +01:00
Daniel Stenberg
af219e4492
ROADMAP: updated to some more current things to work on 2019-03-07 00:00:30 +01:00
Daniel Stenberg
dd7d7107c7
examples: only include <curl/curl.h>
That's the only public curl header we should encourage use of.

Reviewed-by: Marcel Raad
Closes #3645
2019-03-05 07:58:29 +01:00
Daniel Stenberg
98441f3586
docs/ALTSVC.md: docs describing the approach
Closes #3498
2019-03-03 11:17:52 +01:00
Daniel Stenberg
c51c78dd8d
alt-svc: the curl command line bits 2019-03-03 11:17:52 +01:00
Daniel Stenberg
e1be825453
alt-svc: the libcurl bits 2019-03-03 11:17:52 +01:00
Daniel Stenberg
8754ddb85d
curl_easy_duphandle.3: clarify that a duped handle has no shares
Reported-by: Sara Golemon

Fixes #3592
Closes #3634
2019-03-01 21:47:30 +01:00
Daniel Stenberg
091cdf2795
10-at-a-time.c: fix too long line 2019-03-01 21:46:59 +01:00
Arnaud Rebillout
a977d93805
examples: various fixes in ephiperfifo.c
The main change here is the timer value that was wrong, it was given in
usecs (ms * 1000), while the itimerspec struct wants nsecs (ms * 1000 *
1000). This resulted in the callback being invoked WAY TOO OFTEN.

As a quick check you can run this command before and after applying this
commit:

    # shell 1
    ./ephiperfifo 2>&1 | tee ephiperfifo.log
    # shell 2
    echo http://hacking.elboulangero.com > hiper.fifo

Then just compare the size of the logs files.

Closes #3633
Fixes #3632
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
2019-03-01 21:38:04 +01:00
Daniel Stenberg
8cf6c170cf
examples/10-at-a-time.c: improve readability and simplify
- use better variable names to explain their purposes
 - convert logic to curl_multi_wait()
2019-03-01 17:11:57 +01:00
Ԝеѕ
8f105b0534
docs: update max-redirs.d phrasing
clarify redir - "in absurdum" doesn't seem to make sense in this context

Closes #3631
2019-03-01 09:26:33 +01:00
Daniel Stenberg
b4755887b9
INSTALL: refer to the current TLS library names and configure options 2019-02-28 09:13:09 +01:00
Daniel Stenberg
1640bb6fc2
FAQ: minor updates and spelling fixes 2019-02-28 09:09:51 +01:00
Daniel Stenberg
4fac2899d0
GOVERNANCE.md: minor spelling fixes 2019-02-28 09:09:31 +01:00
Daniel Stenberg
76a9c3c4be
Secure Transport: no more "darwinssl"
Everyone calls it Secure Transport, now we do too.

Reviewed-by: Nick Zitzmann

Closes #3619
2019-02-28 08:42:59 +01:00
DaVieS
0f6c6efd81
cacertinmem.c: use multiple certificates for loading CA-chain
Closes #3421
2019-02-27 09:33:03 +01:00
georgeok
531b7ad43a schannel: support CALG_ECDH_EPHEM algorithm
Add support for Ephemeral elliptic curve Diffie-Hellman key exchange
algorithm option when selecting ciphers. This became available on the
Win10 SDK.

Closes https://github.com/curl/curl/pull/3608
2019-02-25 01:38:35 -05:00
Daniel Stenberg
47e540df8f
examples: remove recursive calls to curl_multi_socket_action
From within the timer callbacks. Recursive is problematic for several
reasons. They should still work, but this way the examples and the
documentation becomes simpler. I don't think we need to encourage
recursive calls.

Discussed in #3537
Closes #3601
2019-02-23 23:08:38 +01:00
Daniel Stenberg
8bc5ceb204
TODO: Allow SAN names in HTTP/2 server push
Suggested-by: Nicolas Grekas
2019-02-20 08:44:21 +01:00
Daniel Stenberg
c543da9a50
curl: remove MANUAL from -M output
... and remove it from the dist tarball. It has served its time, it
barely gets updated anymore and "everything curl" is now convering all
this document once tried to include, and does it more and better.

In the compressed scenario, this removes ~15K data from the binary,
which is 25% of the -M output.

It remains in the git repo for now for as long as the web site builds a
page using that as source. It renders poorly on the site (especially for
mobile users) so its not even good there.

Closes #3587
2019-02-20 08:20:27 +01:00
Daniel Stenberg
b08898fb29
connection: never reuse CONNECT_ONLY conections
and make CONNECT_ONLY conections never reuse any existing ones either.

Reported-by: Pavel Löbl
Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html
Closes #3586
2019-02-19 22:50:02 +01:00
Daniel Stenberg
5e1b5e6936
curl_multi_remove_handle.3: use at any time, just not from within callbacks
[ci skip]
2019-02-19 11:22:29 +01:00
Daniel Stenberg
af143ef45e
examples/http2-serverpush: add some sensible error checks
To avoid NULL pointer dereferences etc in the case of problems.

Closes #3580
2019-02-18 14:57:38 +01:00
Daniel Gustafsson
e6522522f9 cookie: Add support for cookie prefixes
The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes
and how they should affect cookie initialization, which has been
adopted by the major browsers. This adds support for the two prefixes
defined, __Host- and __Secure, and updates the testcase with the
supplied examples from the draft.

Closes #3554
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-17 00:09:30 +01:00
Daniel Stenberg
5341c65667
examples/sftpuploadresume: Value stored to 'result' is never read
Detected by scan-build
2019-02-14 23:30:44 +01:00
Daniel Stenberg
25233d9478
examples/http2-upload: cleaned up
Fix scan-build warnings, no globals, no silly handle scan. Also remove
handles from the multi before cleaning up.
2019-02-14 23:30:43 +01:00
Daniel Stenberg
b2e5af4aec
examples/http2-download: cleaned up
To avoid scan-build warnings and global variables.
2019-02-14 23:30:43 +01:00
Daniel Stenberg
52d98194b5
examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
Detected by scan-build
2019-02-14 23:30:43 +01:00
Daniel Stenberg
9bd704c02a
examples/httpcustomheader: Value stored to 'res' is never read
Detected by scan-build
2019-02-14 23:30:43 +01:00
Daniel Stenberg
b4beb3b115
examples: remove superfluous null-pointer checks
in ftpget, ftpsget and sftpget, so that scan-build stops warning for
potential NULL pointer dereference below!

Detected by scan-build
2019-02-14 23:30:43 +01:00
Daniel Stenberg
a75de9de40
KNOWN_BUGS: Cannot compile against a static build of OpenLDAP
Closes #2367
2019-02-14 15:36:43 +01:00
Daniel Stenberg
e6ac3ba657
KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10
Closes #2905
2019-02-14 10:49:22 +01:00
Daniel Stenberg
917b1bb192
KNOWN_BUGS: Deflate error after all content was received
Closes #2719
2019-02-14 10:46:18 +01:00
Daniel Stenberg
d957b61db3
TODO: Upgrade to websockets
Closes #3523
2019-02-14 08:30:49 +01:00
Daniel Stenberg
885eea10b0
TODO: cmake test suite improvements
Closes #3109
2019-02-14 08:09:31 +01:00
Daniel Stenberg
a7c228ab89
TODO: TFO support on Windows
Nobody works on this now.

Closes #3378
2019-02-13 08:28:28 +01:00
Jay Satiro
db239c07af examples/crawler: Fix the Accept-Encoding setting
- Pass an empty string to CURLOPT_ACCEPT_ENCODING to use the default
  supported encodings.

Prior to this change the specific encodings of gzip and deflate were set
but there's no guarantee they'd be supported by the user's libcurl.
2019-02-12 18:07:29 -05:00
Daniel Gustafsson
fef38a0898 INTERNALS.md: fix subsection depth and link
The Kerberos subsection was mistakenly a subsubsection under FTP, and
the curlx subsection was missing an anchor for the TOC link.

Closes #3529
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-06 10:29:14 +01:00
Daniel Stenberg
1c986c068d
RELEASE-PROCEDURE: update the release calendar 2019-02-06 07:57:13 +01:00
Daniel Stenberg
f3e5a91e44
THANKS: 7.64.0 status 2019-02-06 07:57:12 +01:00
Daniel Gustafsson
55e962cacb ROADMAP: remove already performed item
Commit 7a09b52c98 introduced support
for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while
the entry was removed from the TODO it was mistakenly left here.
Fix by removing and rewording the entry slightly.

Closes #3530
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-05 23:20:56 +01:00
Etienne Simard
e49ca2a115 CONTRIBUTE.md: Fix grammatical errors
Fix grammatical errors making the document read better. Also fixes
a typo.

Closes #3525
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-02-05 11:56:04 +01:00
Julian Z
2568441cab
docs: use $(INSTALL_DATA) to install man page
Fixes #3518
Closes #3522
2019-02-04 23:39:18 +01:00
Daniel Stenberg
180501cb02
schannel: stop calling it "winssl"
Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alias.

Closes #3504
2019-02-01 08:20:38 +01:00
John Marshall
427fa512be
doc: use meaningless port number in CURLOPT_LOCALPORT example
Use an ephemeral port number here; previously the example had 8080
which could be confusing as the common web server port number might
be misinterpreted as suggesting this option affects the remote port.

URL: https://curl.haxx.se/mail/lib-2019-01/0084.html
Closes #3513
2019-01-31 13:54:59 +01:00
Gisle Vanem
06f744d447
Escape the '\'
A backslash should be escaped in Roff / Troff.
2019-01-29 16:42:22 +01:00
Jay Satiro
3de607415c TODO: WinSSL: 'Add option to disable client cert auto-send'
By default WinSSL selects and send a client certificate automatically,
but for privacy and consistency we should offer an option to disable the
default auto-send behavior.

Reported-by: Jeroen Ooms

Closes https://github.com/curl/curl/issues/2262
2019-01-29 00:33:14 -05:00
Daniel Stenberg
458e898911
KNOWN_BUGS: tests not compatible with python3
Closes #3289
[skip ci]
2019-01-21 12:16:20 +01:00
Alessandro Ghedini
7c16871d0b Fix typo in manpage 2019-01-16 19:05:12 +00:00
Sergei Nikulov
99c2e7e554 cmake: updated check for HAVE_POLL_FINE to match autotools 2019-01-16 11:39:34 +03:00
Daniel Stenberg
13f09f6f6b
KNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW
Closes #3125
2019-01-10 16:52:39 +01:00
Daniel Stenberg
411d0c7244
KNOWN_BUGS: Improve --data-urlencode space encoding
Closes #3229
2019-01-10 15:55:37 +01:00
Katsuhiko YOSHIDA
1f30dc886d
cookies: skip custom cookies when redirecting cross-site
Closes #3417
2019-01-09 15:18:08 +01:00
Daniel Stenberg
89165c1a94
THANKS: fixups and a dedupe
[skip ci]
2019-01-09 11:08:47 +01:00
Daniel Stenberg
d42520f2c8
INTERNALS: correct some outdated function names
Closes #3431
2019-01-03 15:47:00 +01:00
Daniel Stenberg
f2d5e34bae
docs/version.d: mention MultiSSL
Reviewed-by: Daniel Gustafsson
Closes #3432
2019-01-03 15:45:18 +01:00
Rikard Falkeborn
251cabfb4a examples: Update .gitignore
Add a few missing examples to make `make examples` not leave the
workspace in a dirty state.

Closes #3427
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-01-02 14:32:01 +01:00
Daniel Gustafsson
b3e24e26e1 THANKS: add more missing names
Add Adrian Burcea who made the artwork for the curl://up 2018 event
which was held in Stockholm, Sweden.
2019-01-02 13:40:13 +01:00
Daniel Gustafsson
5cc3285574 docs: mention potential leak in curl_slist_append
When a non-empty list is appended to, and used as the returnvalue,
the list pointer can leak in case of an allocation failure in the
curl_slist_append() call. This is correctly handled in curl code
usage but we weren't explicitly pointing it out in the API call
documentation. Fix by extending the RETURNVALUE manpage section
and example code.

Closes #3424
Reported-by: dnivras on github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-01-02 12:49:49 +01:00
Daniel Stenberg
01ba09e25a THANKS: dedupe more names
Researched-by: Tae Wong
2019-01-01 17:55:41 +01:00
Daniel Stenberg
47e95c89b7 THANKS: added missing names from year <= 2000
Due to a report of a missing name in THANKS I manually went through an
old CHANGES.0 file and added many previously missing names here.
2018-12-31 20:03:49 +01:00
Daniel Stenberg
2a8801d7ba THANKS: dedupe Guenter Knauf
Reported-by: Tae Wong
2018-12-30 17:59:58 +01:00
Daniel Stenberg
1a6efadce8 THANKS: missing name from the 6.3.1 release! 2018-12-30 17:57:54 +01:00
Claes Jakobsson
d8cae791f4 hostip: support wildcard hosts
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
try-last so any non-wildcard entry is resolved first. If specified,
any host not matched by another CURLOPT_RESOLVE config will use this
as fallback.

Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
  curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
       https://a.com https://b.com

This is probably quite similar to using:
  --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443

Closes #3406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-27 14:23:53 +01:00
Daniel Gustafsson
b3d111ae15 FAQ: remove mention of sourceforge for github
The project bug tracker is no longer hosted at sourceforge but is now
hosted on the curl Github page. Update the FAQ to reflect.

Closes #3410
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-25 23:20:55 +01:00
Daniel Stenberg
006ff62d8c
http: added options for allowing HTTP/0.9 responses
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
Closes #3383
2018-12-21 10:49:30 +01:00
Daniel Stenberg
9e6518481c
TODO: Windows: set attribute 'archive' for completed downloads
Closes #3354
2018-12-14 11:18:57 +01:00
Daniel Stenberg
04b69c744c
http: minor whitespace cleanup from f464535b 2018-12-14 10:20:06 +01:00
Ayoub Boudhar
f464535bfd
http: Implement trailing headers for chunked transfers
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
options that allow a callback based approach to sending trailing headers
with chunked transfers.

The test server (sws) was updated to take into account the detection of the
end of transfer in the case of trailing headers presence.

Test 1591 checks that trailing headers can be sent using libcurl.

Closes #3350
2018-12-14 10:10:48 +01:00
Daniel Gustafsson
7a09b52c98 cookies: leave secure cookies alone
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.

Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-13 09:57:58 +01:00
Daniel Stenberg
fdc5563b6e
docs: fix the --tls-max description
Reported-by: Tobias Lindgren
Pointed out in #3367

Closes #3368
2018-12-13 08:35:55 +01:00
Daniel Stenberg
a58741aab7
THANKS: from the curl 7.62.0 cycle 2018-12-12 08:12:27 +01:00
Patrick Monnerat
37093a21a6 documentation: curl_formadd field and file names are now escaped
Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
header without special processing: this may lead to invalid RFC 822
quoted-strings.
7.56.0 introduces escaping of backslashes and double quotes in these names:
mention it in the documentation.

Reported-by: daboul on github
Closes #3361
2018-12-11 15:31:23 +01:00
Daniel Gustafsson
6381708970 checksrc: add COPYRIGHTYEAR check
Forgetting to bump the year in the copyright clause when hacking has
been quite common among curl developers, but a traditional checksrc
check isn't a good fit as it would penalize anyone hacking on January
1st (among other things). This adds a more selective COPYRIGHTYEAR
check which intends to only cover the currently hacked on changeset.

The check for updated copyright year is currently not enforced on all
files but only on files edited and/or committed locally. This is due to
the amount of files which aren't updated with their correct copyright
year at the time of their respective commit.

To further avoid running this expensive check for every developer, it
adds a new local override mode for checksrc where a .checksrc file can
be used to turn on extended warnings locally.

Closes #3303
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-03 23:13:40 +01:00
Daniel Stenberg
847b130244
CHECKSRC.md: document more warnings
Closes #3335
[ci skip]
2018-12-03 09:47:13 +01:00
Daniel Stenberg
4a01a20bdb
SECURITY-PROCESS: bountygraph shuts down
This backpedals back the documents to the state before bountygraph.

Closes #3311
2018-11-30 22:50:36 +01:00
Daniel Gustafsson
436b50f2f7 TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entry
Commit 7c5837e792 deprecated the option
making it a manual code-edit operation to turn it back on. The removal
process has thus started and is now documented in docs/DEPRECATE.md so
remove from the TODO to avoid anyone looking for something to pick up
spend cycles on an already in-progress entry.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-29 12:15:04 +01:00
Daniel Gustafsson
8802ad965d cmdline-opts/gen.pl: define the correct varname
The variable definition had a small typo making it declare another
variable then the intended.

Closes #3304
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-26 09:56:49 +01:00