1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 08:38:49 -05:00
Commit Graph

331 Commits

Author SHA1 Message Date
Kamil Dudka
e3e8d0204b nss: load libnssckbi.so if no other trust is specified
The module contains a more comprehensive set of trust information than
supported by nss-pem, because libnssckbi.so also includes information
about distrusted certificates.

Reviewed-by: Kai Engert
Closes #1414
2017-04-25 13:24:24 +02:00
Jay Satiro
fa66403280 CURLINFO_SCHEME.3: fix variable type
- Change documented param type to char ** from incorrect long *.
2017-04-08 15:44:39 -04:00
Daniel Stenberg
721f8c05c7 docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3 2017-04-03 00:00:43 +02:00
Peter Wu
ec493dbda2 cmake: fix build with cmake 2.8.12.2
For some reason, CMake 2.8.12.2 did not expand the list argument in a
single DEPENDS argument. Remove the quotes, so it gets expanded into
multiple arguments for add_custom_command and add_custom_target.

Fixes https://github.com/curl/curl/issues/1370
Closes #1372
2017-03-30 23:43:35 +02:00
Daniel Stenberg
f8952932e7 cmake: add cmake file in docs/libcurl/opts/ to dist 2017-03-30 08:16:56 +02:00
klemens
f7df67cff0 spelling fixes
Closes #1356
2017-03-26 23:56:23 +02:00
Daniel Stenberg
e369303cdc CURLINFO_PRIMARY_IP.3: add example 2017-03-22 11:28:33 +01:00
Ales Mlakar
a360906de6 mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION
Ref: https://curl.haxx.se/mail/lib-2017-02/0097.html

Closes https://github.com/curl/curl/pull/1272
2017-03-21 23:51:44 -04:00
Peter Wu
898b012a9b cmake: add support for building HTML and PDF docs
Note that for some reason there is this warning (that also exists with
autotools, added since curl-7_15_1-94-ga718cb05f):

    docs/libcurl/curl_multi_socket_all.3:1: can't open `man3/curl_multi_socket.3': No such file or directory

Additionally, adjust the roffit --mandir option to support creating
links when doing out-of-tree builds.

Ref: https://github.com/curl/curl/pull/1288
2017-03-21 14:49:53 +01:00
Peter Wu
6f6e9193df docs: split file lists into Makefile.inc
For easier sharing with CMake. The contents were reformatted to use
two-space indent and expanded tabs (matching lib/Makefile.common).

Ref: https://github.com/curl/curl/pull/1288
2017-03-21 14:49:53 +01:00
Jay Satiro
f7b3914c55 CURLINFO_LOCAL_PORT.3: fix typo 2017-03-16 18:18:49 -04:00
Daniel Stenberg
49f7b13536 CURLINFO_LOCAL_PORT.3: added example 2017-03-16 23:05:22 +01:00
Desmond O. Chang
d2bcf1e3e2 url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing
  proxy CONNECT response headers from the user callback functions
  CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION.

- Add new tool option --suppress-connect-headers to expose
  CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT
  response headers from --dump-header and --include.

Assisted-by: Jay Satiro
Assisted-by: CarloCannas@users.noreply.github.com
Closes https://github.com/curl/curl/pull/783
2017-03-12 01:32:33 -05:00
Jozef Kralik
6448f98c18 vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.

Closes https://github.com/curl/curl/pull/1166
2017-03-08 15:54:07 +01:00
Steve Brokenshire
f5712ca277 Makefile.am: Remove distribution man pages when running 'make clean' 2017-03-07 23:27:31 +01:00
Jay Satiro
21512a015f CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors
.. also document that CURLE_NOT_BUILT_IN is a RETURN VALUE.

Ref: https://github.com/curl/curl/pull/1290
2017-03-04 16:07:28 -05:00
JDepooter
0966ab5bd4 darwinssl: Warn that disabling host verify also disables SNI
In DarwinSSL the SSLSetPeerDomainName function is used to enable both
sending SNI and verifying the host. When host verification is disabled
the function cannot be called, therefore SNI is disabled as well.

Closes https://github.com/curl/curl/pull/1240
2017-03-02 02:42:15 -05:00
Peter Wu
eac0dc6a3f docs: de-duplicate file lists in the Makefiles
Make use of macro substitution of suffix patterns to remove duplication
of manual names. This approach is portable according to
http://pubs.opengroup.org/onlinepubs/009695399/utilities/make.html

Closes https://github.com/curl/curl/pull/1287
2017-02-25 16:26:22 -05:00
Jay Satiro
b259646ea1 url: Improve CURLOPT_PROXY_CAPATH error handling
- Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option
  is not supported, which is the same as what we already do for
  CURLOPT_CAPATH.

- Change the curl tool to handle CURLOPT_PROXY_CAPATH error
  CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the
  same as what we already do for CURLOPT_CAPATH.

- Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the
  respective CAPATH option is not supported by the SSL library.

Ref: https://github.com/curl/curl/pull/1257
2017-02-21 22:24:40 -05:00
Daniel Stenberg
1dcf244721 CURLOPT_SSL_VERIFYPEER.3: also the https proxy version 2017-02-09 23:22:57 +01:00
Jay Satiro
423a93ce32 docs: Add more HTTPS proxy documentation
- Document HTTPS proxy type.

- Document --write-out %{proxy_ssl_verify_result}.

- Document SOCKS proxy + HTTP/HTTPS proxy combination.

HTTPS proxy support was added in 7.52.0 for OpenSSL, GnuTLS and NSS.

Ref: https://github.com/curl/curl/commit/cb4e2be
2017-02-06 03:13:42 -05:00
Richy Kim
6b7616690e CURLOPT_BUFFERSIZE: support enlarging receive buffer
Replace use of fixed macro BUFSIZE to define the size of the receive
buffer.  Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive
buffer size.  Upon setting, resize buffer if larger than the current
default size up to a MAX_BUFSIZE (512KB). This can benefit protocols
like SFTP.

Closes #1222
2017-01-19 23:38:04 +01:00
Isaac Boukris
1d786faee1 unix_socket: add support for abstract unix domain socket
In addition to unix domain sockets, Linux also supports an
abstract namespace which is independent of the filesystem.

In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET
option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH
internally, along with a flag to specify abstract socket.

On non-supporting platforms, the abstract address will be
interpreted as an empty string and fail gracefully.

Also add new --abstract-unix-socket tool parameter.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reported-by: Chungtsun Li (typeless)
Reviewed-by: Daniel Stenberg
Reviewed-by: Peter Wu
Closes #1197
Fixes #1061
2017-01-13 16:25:20 +01:00
Frank Gevaerts
dbd3793859 docs: Add note about libcurl copying strings to CURLOPT_* manpages
Closes #1169
2017-01-13 15:14:55 +01:00
Frank Gevaerts
d2b2c63852 CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char* 2017-01-13 15:14:38 +01:00
Dan Fandrich
bbee0d4eee wolfssl: support setting cipher list 2017-01-06 23:02:09 +01:00
Jay Satiro
4f2239c5ca docs/libcurl: TCP_KEEPALIVE start and interval default to 60
Since the TCP keep-alive options were added in 705f0f7 the start and
interval default values have been 60, but that wasn't documented.

Bug: https://curl.haxx.se/mail/lib-2017-01/0000.html
Reported-by: Praveen Pvs
2017-01-02 13:43:05 -05:00
Daniel Stenberg
209b230227 docs/ciphers: link to our own new page about ciphers
... as the former ones always go stale!
2016-12-25 11:01:17 +01:00
Michael Kaufmann
afff64dbcd curl_easy_recv: Improve documentation and example program
Follow-up to 82245ea: Fix the example program sendrecv.c (handle
CURLE_AGAIN, handle incomplete send). Improve the documentation
for curl_easy_recv() and curl_easy_send().

Reviewed-by: Frank Meier
Assisted-by: Jay Satiro

See https://github.com/curl/curl/pull/1134
2016-12-18 12:56:23 +01:00
Daniel Stenberg
c588840568 CURLINFO_SSL_VERIFYRESULT.3: language 2016-12-16 16:59:08 +01:00
Daniel Stenberg
b0fcb92f80 HTTPS-PROXY docs: update/polish 2016-12-16 16:57:39 +01:00
Daniel Stenberg
845522cadb preproxy: renamed what was added as SOCKS_PROXY
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY

Added the corresponding --preroxy command line option. Sets a SOCKS
proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16 16:04:23 +01:00
Daniel Stenberg
7907a2bec9 CURLOPT_SOCKS_PROXYTYPE: removed
This was added as part of the SOCKS+HTTPS proxy merge but there's no
need to support this as we prefer to have the protocol specified as a
prefix instead.
2016-12-16 15:10:19 +01:00
Daniel Stenberg
c67f842093 CURLOPT_PROXY_*.3: polished some proxy option man pages 2016-11-27 00:21:15 +01:00
Daniel Stenberg
3f7d9b9001 CURLOPT_PROXY_CAINFO.3: clarify proxy use 2016-11-25 16:40:32 +01:00
Daniel Stenberg
2527dd4378 CURLOPT_PROXY_CRLFILE.3: clarify https proxy and availability 2016-11-25 16:36:27 +01:00
Daniel Stenberg
9bfb00efc9 docs: include all opts man pages in dist
Sorted the lists too.

... and include the new ones in the PDF and HTML generation targets
2016-11-25 11:14:58 +01:00
Thomas Glanzmann
4f8b17743d HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY 2016-11-25 10:49:38 +01:00
Thomas Glanzmann
1232dbb8bd url: proxy: Use 443 as default port for https proxies 2016-11-25 10:01:58 +01:00
Frank Gevaerts
ba410f6c64 add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
Adds access to the effectively used protocol/scheme to both libcurl and
curl, both in string and numeric (CURLPROTO_*) form.

Note that the string form will be uppercase, as it is just the internal
string.

As these strings are declared internally as const, and all other strings
returned by curl_easy_getinfo() are de-facto const as well, string
handling in getinfo.c got const-ified.

Closes #1137
2016-11-25 00:45:18 +01:00
Okhin Vasilij
c6da05a5ec HTTPS-proxy: fixed mbedtls and polishing 2016-11-24 23:41:45 +01:00
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Kamil Dudka
cfd69c1339 docs: the next release will be 7.52.0 2016-11-15 12:21:00 +01:00
Kamil Dudka
6ad3add606 vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 11:52:07 +01:00
Jay Satiro
568037f6af CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
- Clarify that this option is only for HTTP/1.1 pipelining.

Bug: https://github.com/curl/curl/issues/1059
Reported-by: Jeroen Ooms

Assisted-by: Daniel Stenberg
2016-10-27 23:15:41 -04:00
Daniel Stenberg
0f1996321f s/cURL/curl
The tool was never called cURL, only the project. But even so, we have
more and more over time switched to just use lower case.
2016-10-18 13:59:54 +02:00
Daniel Stenberg
358fd32820 dist: remove PDF and HTML converted docs from the releases 2016-10-10 23:33:13 +02:00
Rainer Müller
c271b1c29a CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)
The 'userp' argument is unused in this example code.
2016-10-06 08:06:13 +02:00
Daniel Stenberg
15aefc6adc CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is added 2016-10-04 23:46:45 +02:00
Michael Kaufmann
e9e5366193 New libcurl option to keep sending on error
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.

This is suitable for manual NTLM authentication.

Reviewed-by: Jay Satiro

Closes https://github.com/curl/curl/pull/904
2016-09-22 22:22:31 +02:00