In order for this API to fully work for libcurl itself, it now offers a
CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host
name prefix just like libcurl always did. If there's no known prefix, it
will guess "http://".
Separately, it relaxes the check of the host name so that IDN host names
can be passed in as well.
Both these changes are necessary for libcurl itself to use this API.
Assisted-by: Daniel Gustafsson
Closes#3018
TODO item 1.1 was implemented in commit 946ce5b61f, update reference
to it with instead referencing the implemented option.
Closes#3013
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
On Windows, the read function from <io.h> is used, which has its byte
count parameter as unsigned int instead of size_t.
Closes https://github.com/curl/curl/pull/2972
Add functionality so that protocols can do custom keepalive on their
connections, when an external API function is called.
Add docs for the new options in 7.62.0
Closes#1641
... and add "MAILINDEX".
As described in #2789, this is a suggested solution. Changing UID=xx to
actually get mail with UID xx and add "MAILINDEX" to get a mail with a
special index in the mail box (old behavior). So MAILINDEX=1 gives the
first non deleted mail in the mail box.
Fixes#2789Closes#2815
Transparently. The related curl_multi_setopt() options all still returns
OK when pipelining is selected.
To re-enable the support, the single line change in lib/multi.c needs to
be reverted.
See docs/DEPRECATE.md
Closes#2705
Multi-threaded applictions basically MUST set CURLOPT_NO_SIGNAL to 1L to
avoid the risk of getting a SIGPIPE.
Either way, a multi-threaded application that uses libcurl/openssl needs
to have a signhandler for or ignore SIGPIPE on its own.
Based on discussions in #2800Closes#2904
This warning used to be enabled only for clang as it's a bit stricter
on GCC. Silence the remaining occurrences and enable it on GCC too.
Closes https://github.com/curl/curl/pull/2747
- CURLOPT_HEADERFUNCTION: add newlines
- CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
- CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
- CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
how to set it
Closes https://github.com/curl/curl/pull/2868
This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.
Acked-by: Nikos Mavrogiannopoulos
Closes#2333
The statement, “The application does not have to keep the string around
after setting this option,” appears to be indented under the RTMP
paragraph. It actually applies to all protocols, not just RTMP.
Eliminate the extra indentation.
Closes#2788
For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.
This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.
Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.
Closes#2787
When size_t is not a typedef for unsigned long (as usually the case on
Windows), GCC emits -Wformat warnings when using lu and lx format
specifiers with size_t. Silence them with explicit casts to
unsigned long.
Closes https://github.com/curl/curl/pull/2721
The code treated the set version as the *exact* version to require in
the TLS handshake, which is not what other TLS backends do and probably
not what most people expect either.
Reported-by: Andreas Olsson
Assisted-by: Gaurav Malhotra
Fixes#2691Closes#2694
The previous example was a little bit confusing, because SSL* structure
(or other "in use" SSL connection pointer) is not accessible after the
transfer is completed, therefore working with the raw TLS library
specific pointer needs to be done during transfer.
Closes#2690
Given the contstraints of SChannel, I'm exposing these as the algorithms
themselves instead; while replicating the ciphersuite as specified by
OpenSSL would have been preferable, I found no way in the SChannel API
to do so.
To use this from the commandline, you need to pass the names of contants
defining the desired algorithms. For example, curl --ciphers
"CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM"
https://github.com The specific names come from wincrypt.h
Closes#2630
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.
curl: added --tls13-ciphers and --proxy-tls13-ciphers
Fixes#2435
Reported-by: zzq1015 on github
Closes#2607
This was added earlier but appears to have been removed accidentally.
AFAICT this is very much still an issue.
-----
I say "accidentally" because the text seems to have harmlessly snuck
into [1] (which makes no mention of it). [1] was later reverted for
unspecified reasons in [2], presumably because the mentioned issue was
fixed or invalid.
[1] de9fac00c4
[2] 16d1f36940Closes#2618
The latest psl is cached in the multi or share handle. It is refreshed
before use after 72 hours.
New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing.
If the latest psl is not available, the builtin psl is used.
Reported-by: Yaakov Selkowitz
Fixes#2553Closes#2601
--data, --form, and --ntlm were declared to be mutually exclusive with
non-existing options. --data and --form referred to --upload (which is
short for --upload-file and therefore did work, so this one was merely
a bit confusing), --ntlm referred to --negotiated instead of --negotiate.
Closes#2612
The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.
If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.
This commit was triggered by yet another OSS-Fuzz timeout due to this.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369Closes#2587
This example was changed in ce2140a8c1 to use the new microsecond based
getinfo option. This change makes it conditionally keep using the older
option so that the example still builds with older libcurl versions.
Closes#2584
Provide a set of new timers that return the time intervals using integer
number of microseconds instead of floats.
The new info names are as following:
CURLINFO_APPCONNECT_TIME_T
CURLINFO_CONNECT_TIME_T
CURLINFO_NAMELOOKUP_TIME_T
CURLINFO_PRETRANSFER_TIME_T
CURLINFO_REDIRECT_TIME_T
CURLINFO_STARTTRANSFER_TIME_T
CURLINFO_TOTAL_TIME_T
Closes#2495
... and remove the github markdown syntax so that it renders better on
the web site. Also, don't use back-ticks inlined to allow the CSS to
highlight source code better.
This file wasn't included in commit 4af40b3646 which updated all
haxx.se http urls to https. The file was committed prior to that update,
but may have been merged after it and hence didn't get updated.
Closes#2550
This reverts commit d5d683a97f.
--disable-pthreads can be used to disable pthreads and get the threaded
resolver to use the windows threading when building with mingw.
- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
from schannel.c have been moved to schannel.h to allow them to be
used in schannel_verify.c.
- Make verify_certificate functionality for Schannel available on
all versions of Windows instead of just Windows CE. verify_certificate
will be invoked on Windows CE or when the user specifies
CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.
- In verify_certificate, create a custom certificate chain engine that
exclusively trusts the certificate store backed by the CURLOPT_CAINFO
file.
- doc updates of --cacert/CAINFO support for schannel
- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
when available. This implements a TODO in schannel.c to improve
handling of multiple SANs in a certificate. In particular, all SANs
will now be searched instead of just the first name.
- Update tool_operate.c to not search for the curl-ca-bundle.crt file
when using Schannel to maintain backward compatibility. Previously,
any curl-ca-bundle.crt file found in that search would have been
ignored by Schannel. But, with CAINFO support, the file found by
that search would have been used as the certificate store and
could cause issues for any users that have curl-ca-bundle.crt in
the search path.
- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
SSL backend is Schannel. We allow setting CA location for schannel
only when explicitly specified by the user via CURLOPT_CAINFO /
--cacert.
- Add new test cases 3000 and 3001. These test cases check that the first
and last SAN, respectively, matches the connection hostname. New test
certificates have been added for these cases. For 3000, the certificate
prefix is Server-localhost-firstSAN and for 3001, the certificate
prefix is Server-localhost-secondSAN.
- Remove TODO 15.2 (Add support for custom server certificate
validation), this commit addresses it.
Closes https://github.com/curl/curl/pull/1325
Users can now specify a client certificate in system certificates store
explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"`
Closes#2376
When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, but using calloc() everywhere increases consistency in the
codebase and avoids the risk of subtle bugs when code is injected
between malloc and memset by accident.
Closes https://github.com/curl/curl/pull/2497
- Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows.
- Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print
curl_off_t.
Caught by Marc's CI builds.
- Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf.
For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar.
Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html
Reported-by: David L.