1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-12 04:25:08 -05:00
Commit Graph

133 Commits

Author SHA1 Message Date
Sylvestre Ledru
66de563482 Improve code readbility
... by removing the else branch after a return, break or continue.

Closes #1310
2017-03-13 23:11:45 +01:00
Desmond O. Chang
d2bcf1e3e2 url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing
  proxy CONNECT response headers from the user callback functions
  CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION.

- Add new tool option --suppress-connect-headers to expose
  CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT
  response headers from --dump-header and --include.

Assisted-by: Jay Satiro
Assisted-by: CarloCannas@users.noreply.github.com
Closes https://github.com/curl/curl/pull/783
2017-03-12 01:32:33 -05:00
Jozef Kralik
6448f98c18 vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.

Closes https://github.com/curl/curl/pull/1166
2017-03-08 15:54:07 +01:00
Nick Draffen
690935390c curl: fix typo in time condition warning message
The warning message had a typo. The argument long form is --time-cond
not --timecond

Closes #1263
2017-02-14 22:50:15 +01:00
Isaac Boukris
1d786faee1 unix_socket: add support for abstract unix domain socket
In addition to unix domain sockets, Linux also supports an
abstract namespace which is independent of the filesystem.

In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET
option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH
internally, along with a flag to specify abstract socket.

On non-supporting platforms, the abstract address will be
interpreted as an empty string and fail gracefully.

Also add new --abstract-unix-socket tool parameter.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reported-by: Chungtsun Li (typeless)
Reviewed-by: Daniel Stenberg
Reviewed-by: Peter Wu
Closes #1197
Fixes #1061
2017-01-13 16:25:20 +01:00
Daniel Stenberg
de0cd5e55a tool_getparam.c: make comments use the up-to-date option names 2016-12-17 23:49:11 +01:00
Daniel Stenberg
845522cadb preproxy: renamed what was added as SOCKS_PROXY
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY

Added the corresponding --preroxy command line option. Sets a SOCKS
proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16 16:04:23 +01:00
Daniel Stenberg
642398c651 curl: normal socks proxies still use CURLOPT_PROXY
... the newly introduced CURLOPT_SOCKS_PROXY is special and should be
asked for specially. (Needs new code.)

Unified proxy type to a single variable in the config struct.
2016-12-16 15:34:14 +01:00
Daniel Stenberg
1c3e8bbfed checksrc: warn for assignments within if() expressions
... they're already frowned upon in our source code style guide, this
now enforces the rule harder.
2016-12-14 01:29:44 +01:00
Daniel Stenberg
b228d2952b checksrc: stricter no-space-before-paren enforcement
In order to make the code style more uniform everywhere
2016-12-13 23:39:11 +01:00
Daniel Stenberg
720ea577dc curl: remove --proxy-ssl* options
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS
proxy. Those protocols are insecure by design and deprecated.
2016-11-28 00:07:45 +01:00
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Daniel Stenberg
f82bbe01c8 curl: add --fail-early
Exit with an error on the first transfer error instead of continuing to
do the rest of the URLs.

Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-14 08:35:40 +01:00
Daniel Hwang
cdfda3ee82 curl: Add --retry-connrefused
to consider ECONNREFUSED as a transient error.

Closes #1064
2016-11-11 10:00:54 +01:00
Kamil Dudka
a110a03b43 curl: introduce the --tlsv1.3 option to force TLS 1.3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 12:07:11 +01:00
Daniel Stenberg
95bd2b3e7f strcase: make the tool use curl_str[n]equal instead
As they are after all part of the public API. Saves space and reduces
complexity. Remove the strcase defines from the curlx_ family.

Suggested-by: Dan Fandrich
Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
2016-10-31 21:51:19 +01:00
Daniel Stenberg
811a693b80 strcasecompare: all case insensitive string compares ignore locale now
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
Daniel Stenberg
502acba2af strcasecompare: is the new name for strequal()
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
2016-10-31 08:46:35 +01:00
David Woodhouse
01f69232b0 curl: allow "pkcs11:" prefix for client certificates
RFC7512 provides a standard method to reference certificates in PKCS#11
tokens, by means of a URI starting 'pkcs11:'.

We're working on fixing various applications so that whenever they would
have been able to use certificates from a file, users can simply insert
a PKCS#11 URI instead and expect it to work. This expectation is now a
part of the Fedora packaging guidelines, for example.

This doesn't work with cURL because of the way that the colon is used
to separate the certificate argument from the passphrase. So instead of

   curl -E 'pkcs11:manufacturer=piv_II;id=%01' …

I instead need to invoke cURL with the colon escaped, like this:

   curl -E 'pkcs11\:manufacturer=piv_II;id=%01' …

This is suboptimal because we want *consistency* — the URI should be
usable in place of a filename anywhere, without having strange
differences for different applications.

This patch therefore disables the processing in parse_cert_parameter()
when the string starts with 'pkcs11:'. It means you can't pass a
passphrase with an unescaped PKCS#11 URI, but there's no need to do so
because RFC7512 allows a PIN to be given as a 'pin-value' attribute in
the URI itself.

Also, if users are already using RFC7512 URIs with the colon escaped as
in the above example — even providing a passphrase for cURL to handling
instead of using a pin-value attribute, that will continue to work
because their string will start 'pkcs11\:' and won't match the check.

What *does* break with this patch is the extremely unlikely case that a
user has a file which is in the local directory and literally named
just "pkcs11", and they have a passphrase on it. If that ever happened,
the user would need to refer to it as './pkcs11:<passphrase>' instead.
2016-08-17 11:35:16 +02:00
Daniel Stenberg
ce7826f613 curl: remove "--socks" as "--socks5" turned 8
In commit 2e42b0a252 (Jan 2008) we made the option "--socks" deprecated
and it has not been documented since. The more explicit socks options
(like --socks4 or --socks5) should be used.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
d0f42e5273 curl: remove --http-request
It was mentioned as deprecated already in commit ae1912cb0d from
1999. It has not been documented in this millennium.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
10ea631390 curl: use --telnet-option as documented
The code said "telnet-options" but no documentation ever said so. It
worked fine since the code is fine with a unique match of the first
part.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
d6fa190503 getparam: remove support for --ftpport
It has been deprecated and undocumented since commit ad5ead8bed (Dec
2003). --ftp-port is the proper long option name.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
b499973c7b aliases: remove trailing space from capath string 2016-04-29 00:31:37 +02:00
Daniel Stenberg
388c6b5e75 cmdline parse: only single letter options have single-letter strings
... moved around options so that parsing the code to find all
single-letter options easier.
2016-04-29 00:31:37 +02:00
Alessandro Ghedini
d49087f6bc tool: add --tcp-fastopen option 2016-04-18 23:17:19 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Steve Holme
ccf7a82605 CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
As these two options provide identical functionality, the former for
SOCK5 proxies and the latter for HTTP proxies, merged the two options
together.

As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
7.49.0.
2016-04-09 20:47:05 +01:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Diego Bes
324a97ecf8 http2: support "prior knowledge", no upgrade from HTTP/1.1
Supports HTTP/2 over clear TCP

- Optimize switching to HTTP/2 by removing calls to init and setup
before switching. Switching will eventually call setup and setup calls
init.

- Supports new version to “force” the use of HTTP/2 over clean TCP

- Add common line parameter “--http2-prior-knowledge” to the Curl
  command line tool.
2016-03-31 22:23:11 +02:00
Jay Satiro
186546f1c5 TFTP: add option to suppress TFTP option requests (Part 2)
- Add tests.

- Add an example to CURLOPT_TFTP_NO_OPTIONS.3.

- Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS.

Bug: https://github.com/curl/curl/issues/481
2016-02-23 03:01:07 -05:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Daniel Stenberg
b4a39491ca curl --expect100-timeout: added
This is the new command line option to set the value for the existing
libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
2015-12-15 13:59:56 +01:00
Steve Holme
eaa98cef8d oauth2: Don't use XOAUTH2 in OAuth 2.0 variables 2015-11-09 22:25:08 +00:00
Steve Holme
4e3d396900 oauth2: Use OAuth 2.0 rather than XOAUTH2 in comments
When referring to OAuth 2.0 we should use the official name rather the
SASL mechanism name.
2015-11-09 22:25:08 +00:00
Daniel Stenberg
4a889441d3 curl: point out the conflicting HTTP methods if used
It isn't always clear to the user which options that cause the HTTP
methods to conflict so by spelling them out it should hopefully be
easier to understand why curl complains.
2015-08-25 09:20:56 +02:00
Nathaniel Waisbrot
9756d1da76 CURLOPT_DEFAULT_PROTOCOL: added
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
protocol for schemeless URLs.

- Add new tool option --proto-default to expose
CURLOPT_DEFAULT_PROTOCOL.

In the case of schemeless URLs libcurl will behave in this way:

When the option is used libcurl will use the supplied default.

When the option is not used, libcurl will follow its usual plan of
guessing from the hostname and falling back to 'http'.
2015-08-22 21:57:14 -04:00
Jay Satiro
172b2beba6 SSL: Add an option to disable certificate revocation checks
New tool option --ssl-no-revoke.
New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.

Currently this option applies only to WinSSL where we have automatic
certificate revocation checking by default. According to the
ssl-compared chart there are other backends that have automatic checking
(NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
some later point.

Bug: https://github.com/bagder/curl/issues/264
Reported-by: zenden2k <zenden2k@gmail.com>
2015-07-17 02:40:16 -04:00
Daniel Stenberg
afbee791d5 tool: always provide negotiate/kerberos options
libcurl can still be built with it, even if the tool is not. Maintain
independence!
2015-06-18 16:57:38 +02:00
Jay Satiro
e8423f9ce1 curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT
- Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt"
- Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt"

This change is to explicitly specify when we need to read/write text.
Unfortunately 't' is not part of POSIX fopen so we can't specify it
directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT.

Prior to this change we had an issue on Windows if an application that
uses libcurl overrides the default file mode to binary. The default file
mode in Windows is normally text mode (translation mode) and that's what
libcurl expects.

Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055
Reported-by: Orgad Shaneh
2015-06-01 03:21:23 -04:00
Linus Nielsen
97c272e5d1 Negotiate: custom service names for SPNEGO.
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
* Add new curl options, --proxy-service-name and --service-name.
2015-04-28 08:29:56 +02:00
Anthony Avina
6a7261359b tool: New option --data-raw to HTTP POST data, '@' allowed.
Add new option --data-raw which is almost the same as --data but does
not have a special interpretation of the @ character.

Prior to this change there was no (easy) way to pass the @ character as
the first character in POST data without it being interpreted as a
special character.

Bug: https://github.com/bagder/curl/issues/198
Reported-by: Jens Rantil
2015-04-25 14:51:14 -04:00
Dan Fandrich
79478fdb68 tool: fixed a comment typo 2015-04-23 00:09:49 +02:00
Daniel Stenberg
5d23279299 CURLOPT_PATH_AS_IS: added
--path-as-is is the command line option

Added docs in curl.1 and CURLOPT_PATH_AS_IS.3

Added test in test 1241
2015-03-24 10:31:58 +01:00
Alessandro Ghedini
1f651d1d4d curl: add --false-start option 2015-03-20 20:14:35 +01:00
Daniel Stenberg
9395999543 checksrc: use space after comma 2015-03-17 13:57:37 +01:00
Steve Holme
c715fa0b60 tool: Updated the warnf() function to use the GlobalConfig structure
As the 'error' and 'mute' options are now part of the GlobalConfig,
rather than per Operation, updated the warnf() function to use this
structure rather than the OperationConfig.
2015-02-27 21:05:52 +00:00
Daniel Stenberg
a4065ebf1c copyright years: after OCSP stapling changes 2015-01-16 23:23:29 +01:00
Alessandro Ghedini
bd0c3b3c66 curl: add --cert-status option
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
2015-01-16 23:23:29 +01:00
Peter Wu
c8644d1f63 tool: add --unix-socket option
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00