1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 09:38:54 -05:00
Commit Graph

4685 Commits

Author SHA1 Message Date
Marc Hoersken
8329775abb
TODO: update regarding missing Schannel features
Some aspects have already been implemented over the years.

15.1 Client certificates are now supported:

- System stores via e35b0256eb
- PKCS#12 files via 0fdf965126

15.2 Ciphers can now be specified through:

- Algorithms via 9aefbff30d

Reviewed-by: Daniel Stenberg and Marcel Raad
Closes #5358
2020-05-09 12:23:59 +02:00
Gilles Vollant
148534db57
CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)
Closes #4346
2020-05-08 15:55:04 +02:00
Daniel Stenberg
76b9e8de7b
TODO: native IDN support on macOS 2020-05-08 11:46:05 +02:00
Daniel Stenberg
11e4ac8291
THANKS-filter: Peter Wang 2020-05-08 08:39:17 +02:00
Daniel Stenberg
ace6ae4d0e
docs/HTTP3: add qlog to the quiche build instruction 2020-05-07 17:40:01 +02:00
Daniel Stenberg
18815aa670
ngtcp2: convert to dynbuf
Closes #5335
2020-05-04 14:57:57 +02:00
Daniel Stenberg
ed35d6590e
dynbuf: introduce internal generic dynamic buffer functions
A common set of functions instead of many separate implementations for
creating buffers that can grow when appending data to them. Existing
functionality has been ported over.

In my early basic testing, the total number of allocations seem at
roughly the same amount as before, possibly a few less.

See docs/DYNBUF.md for a description of the API.

Closes #5300
2020-05-04 10:40:39 +02:00
Emil Engler
f7ab488570
doc: Rename VERSIONS to VERSIONS.md as it already has Markdown syntax
Closes #5325
2020-05-02 23:45:09 +02:00
Daniel Stenberg
9d47ff5323
examples: remove asiohiper.cpp
This example has repeatedly been reported to contain bugs, and as users
copy and paste code from this into production, I now deem it better to
not provide the example at all.

Closes #5090
Closes #5322
2020-05-02 12:29:58 +02:00
Emil Engler
6540cbbc75
doc: add missing closing parenthesis in CURLINFO_SSL_VERIFYRESULT.3
Closes #5320
2020-05-02 12:03:20 +02:00
Emil Engler
8cf8b293a1
KNOWN_BUGS: Remove "curl --upload-file . hang if delay in STDIN"
It was fixed in 9a2cbf3

Closes #5319
2020-05-02 12:02:13 +02:00
Emil Engler
42d8d9a7e8
GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT
Closes #5287
2020-04-30 14:40:54 +02:00
Daniel Stenberg
c5d8629553
THANKS: synced with the 7.70.0 release 2020-04-29 08:02:29 +02:00
Daniel Stenberg
b7135f58f5
copyright updates: adjust year ranges 2020-04-26 23:59:22 +02:00
Yuri Slobodyanyuk
4298b97020
docs: fix two typos
Closes #5292
2020-04-25 00:50:00 +02:00
i-ky
b1b9692614
libcurl-multi.3: added missing full stop
Closes #5285
2020-04-23 13:57:53 +02:00
Emil Engler
2d137dedb3
GnuTLS: Don't skip really long certificate fields
Closes #5271
2020-04-21 08:10:55 +02:00
Daniel Stenberg
0891fe7ade
gnutls: bump lowest supported version to 3.1.10
GnuTLS 3.1.10 added new functions we want to use. That version was
released on Mar 22, 2013. Removing support for older versions also
greatly simplifies the code.

Ref: #5271
Closes #5276
2020-04-21 08:09:41 +02:00
Tom
207a6cbb90 src: Remove C99 constructs to ensure C89 compliance
This fixes the error: 'for' loop initial declaration used outside C99
mode by declaring the loop increment variable in the beginning of the
block instead of inside the for loop.

Fixes #5254
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2020-04-19 21:56:52 +02:00
JP Mens
19ec94d944
docs/MQTT: replace confusing 80 by 75
I was a bit surprised by the `80`: first thought: what's HTTP doing
here? ;)

Closes #5236
2020-04-14 23:08:43 +02:00
Jay Satiro
42e18528f6 KNOWN_BUGS: Add entry 'Blocking socket operations'
- Add threaded resolver cleanup and GSSAPI for FTP to the TODO list of
  known blocking operations.

- New known bugs entry 'Blocking socket operations in non-blocking API'
  that directs to the TODO's list of known blocking operations.

Ref: https://github.com/curl/curl/pull/5214#issuecomment-612488021

Reported-by: Marc Hoersken

Closes https://github.com/curl/curl/pull/5216
2020-04-14 14:46:13 -04:00
Bjorn Stenberg
2522903b79
mqtt: add new experimental protocol
Closes #5173
2020-04-14 13:03:40 +02:00
Daniel Stenberg
8909865191
TODO: Consider convenience options for JSON and XML?
Closes #5203
2020-04-14 08:58:38 +02:00
Daniel Stenberg
b9a0804ad1
compressed.d: stress that the headers are not modified
Suggested-by: Michael Osipov
Assisted-by: Jay Satiro
Bug: https://github.com/curl/curl/issues/5182#issuecomment-611638008
Closes #5217
2020-04-12 11:02:24 +02:00
Daniel Stenberg
946a71a14f
CURLOPT_WRITEFUNCTION.3: add inline example and new see-also
Closes #5192
2020-04-07 00:07:49 +02:00
Daniel Stenberg
fef4334091
cleanup: correct copyright year range on a few files 2020-04-06 23:21:52 +02:00
Daniel Stenberg
920dfacbf4
TODO: Option to make -Z merge lined based outputs on stdout
Closes #5175
2020-04-06 00:05:42 +02:00
Daniel Stenberg
62f5e3887d
KNOWN_BUGS: fixed "USE_UNIX_SOCKETS on Windows"
Fixed with #5170 (commit 23a870f2fd)
2020-04-05 11:24:01 +02:00
Kwon-Young Choi
54ecc11cc4
CURLINFO_CONDITION_UNMET: return true for 304 http status code
In libcurl, CURLINFO_CONDITION_UNMET is used to avoid writing to the
output file if the server did not transfered a file based on time
condition. In the same manner, getting a 304 HTTP response back from the
server, for example after passing a custom If-Match-* header, also
fulfill this condition.

Fixes #5181
Closes #5183
2020-04-05 11:13:49 +02:00
Daniel Stenberg
0c511b44ff
KNOWN_BUGS: Store TLS context per transfer instead of per connection
Closes #5102
2020-04-04 00:02:05 +02:00
Daniel Stenberg
a67b7bdda0
RELEASE-PROCEDURE.md: run the copyright.pl script! 2020-03-31 14:50:15 +02:00
Daiki Ueno
0736ee73d3
vquic: add support for GnuTLS backend of ngtcp2
Currently, the TLS backend used by vquic/ngtcp2.c is selected at compile
time. Therefore OpenSSL support needs to be explicitly disabled.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
Closes #5148
2020-03-31 14:39:00 +02:00
Gisle Vanem
e37dc71eae
examples/sessioninfo.c: add include to fix compiler warning
Fixes #5171
2020-03-31 14:32:29 +02:00
Daniel Stenberg
c79e428940
output.d: quote the URL when globbing
Some shells do globbing of their own unless the URL is quoted, so maybe
encourage this.

Co-authored-by: Jay Satiro
Closes #5160
2020-03-30 08:46:08 +02:00
Daniel Stenberg
93fafb93db
curl.h: remnove CURL_VERSION_ESNI. Never supported nor documented
Considered experimental and therefore we can do this.

Closes #5157
2020-03-29 23:28:49 +02:00
Daniel Stenberg
96a617b140
KNOWN_BUGS: DoH doesn't inherit all transfer options
Closes #4578
Closes #4579
2020-03-28 23:09:45 +01:00
Daniel Stenberg
34696ab5a5
KNOWN_BUGS: DoH leaks memory after followlocation
Closes #4592
2020-03-28 23:08:41 +01:00
Daniel Stenberg
6be2804cdc
KNOWN_BUGS: "FTPS needs session reuse"
Closes #4654
2020-03-28 23:04:14 +01:00
Daniel Stenberg
bbe476d58c
KNOWN_BUGS: "stick to same family over SOCKS pro" is presumed fixed 2020-03-28 23:02:03 +01:00
Daniel Stenberg
37b6cc2fe1
TODO: Set custom client ip when using haproxy protocol
Closes #5125
2020-03-28 22:58:50 +01:00
Daniel Stenberg
6de756c9b1
version: add 'cainfo' and 'capath' to version info struct
Suggested-by: Timothe Litt
URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
Reviewed-by: Jay Satiro

Closes #5150
2020-03-27 09:04:27 +01:00
Jay Satiro
0d0537aeae SSLCERTS.md: Fix example code for setting CA cert file
Prior to this change the documentation erroneously said use
CURLOPT_CAPATH to set a CA cert file.

Bug: https://curl.haxx.se/mail/lib-2020-03/0121.html
Reported-by: Timothe Litt

Closes https://github.com/curl/curl/pull/5151
2020-03-26 18:46:15 -04:00
Daniel Stenberg
361d4f3fdc
docs/make: generate curl.1 from listed files only
Previously it rendered the page from files matching "*.d" in the correct
directory, which worked fine in git builds when the files were added but
made it easy to forget adding the files to the dist.

Now, only man page sections listed in DPAGES in Makefile.inc will be
used, thus "forcing" us to update this to get the man page right and get
it included in the dist at the same time.

Ref: #5146
Closes #5149
2020-03-26 13:25:59 +01:00
Daniel Stenberg
35318218b8
dist: add mail-rcpt-allowfails.d to the tarball
Reported-by: Maksim Stsepanenka
Reviewed-by: Jat Satiro

Closes #5146
2020-03-25 23:20:04 +01:00
Daniel Stenberg
9a8b3b3e13
copyright: fix out-of-date copyright ranges and missing headers
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.

Removed three (mostly usesless) README files from docs/

Closes #5141
2020-03-24 15:05:59 +01:00
Clément Notin
12144fdda8
nghttp2: 1.12.0 required
since nghttp2_session_set_local_window_size is needed

Closes #5140
2020-03-23 22:22:22 +01:00
Daniel Stenberg
4b355dd13b
TODO: Use "random" ports for the test servers 2020-03-22 23:30:09 +01:00
Johannes Schindelin
5450428491 schannel: add "best effort" revocation check option
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
  --ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

	Unknown error (0x80092012) - The revocation function was unable
	to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981
2020-03-18 03:23:39 -04:00
Jay Satiro
a268ad5d7e multi: Improve parameter check for curl_multi_remove_handle
- If an easy handle is owned by a multi different from the one specified
  then return CURLM_BAD_EASY_HANDLE.

Prior to this change I assume user error could cause corruption.

Closes https://github.com/curl/curl/pull/5116
2020-03-18 02:58:42 -04:00
Mathias Gumz
04c03416e6
writeout: support to generate JSON output
This commit adds support to generate JSON via the writeout feature:

    -w "%{json}"

It leverages the existing infrastructure as much as possible. Thus,
generating the JSON on STDERR is possible by:

    -w "%{stderr}%{json}"

This implements a variant of
https://github.com/curl/curl/wiki/JSON#--write-out-json.

Closes #4870
2020-03-17 15:01:28 +01:00