1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00
Commit Graph

5046 Commits

Author SHA1 Message Date
Daniel Stenberg
b03b82a85f
docs/tests: remove freenode references 2021-05-24 00:21:00 +02:00
Lucas Clemente Vella
84d2839740
CURLOPT_IPRESOLVE: preventing wrong IP version from being used
In some situations, it was possible that a transfer was setup to
use an specific IP version, but due do DNS caching or connection
reuse, it ended up using a different IP version from requested.

This commit changes the effect of CURLOPT_IPRESOLVE from simply
restricting address resolution to preventing the wrong connection
type being used, when choosing a connection from the pool, and
to restricting what addresses could be used when establishing
a new connection.

It is important that all addresses versions are resolved, even if
not used in that transfer in particular, because the result is
cached, and could be useful for a different transfer with a
different CURLOPT_IPRESOLVE setting.

Closes #6853
2021-05-20 16:58:31 +02:00
Ryan Beck-Buysse
d845d392b5
docs/TheArtOfHttpScripting: fix markdown links
extra parens cause the links to be incorrectly formatted
and inconsistent with the rest of the document.

Signed-off-by: Ryan Beck-Buysse <rbuysse@gmail.com>
Closes #7097
2021-05-19 09:10:11 +02:00
Emil Engler
3d3f4efbc8
docs: replace dots with dashes in markdown enums
We use dashes instead of dots nearly everywhere except for those few
cases. This commit addresses this issues and brings more coherency into
it.

Closes #7093
2021-05-19 00:40:12 +02:00
Emil Engler
d79f8492c5
docs: improve INTERNALS.md regarding getsock cb
This adds the I/O prefix to indicate that those "actions" are kind-of
related to those found in select(2) or poll(2) (reading/writing).

It also adds a note where the prototypes of those functions can be found
in the source code.

Closes #7092
2021-05-19 00:39:06 +02:00
Emil Engler
158d26e4fc
docs: document attach in INTERNALS.md
The new field in the Curl_handler struct still lacks documentation. This
adds it it from the information extracted from lib/urldata.h:797

Closes #7091
2021-05-19 00:38:10 +02:00
Daniel Stenberg
5dfa4c08bb
docs: cookies from HTTP headers need domain set
... or the cookies won't get sent. Push users to using the "Netscape"
format instead, which curl uses when saving a cookie "jar".

Reported-by: Martin Dorey
Reviewed-by: Daniel Gustafsson
Fixes #6723
Closes #7077
2021-05-17 10:57:03 +02:00
Daniel Stenberg
fe5a61c007
CURLOPT_CAPATH.3: defaults to a path, not NULL
Reported-by: Andrew Barnert

Closes #7062
2021-05-16 00:50:27 +02:00
Daniel Stenberg
f71d3e01ec
travis: disable the libssh build
It can't run on focal and causes warnings on bionic. Since the focal
failure started rather suddenly a while ago, we can suspect it might be
temporary.

Added "bring back the build" to the TODO document.

Fixes #7011
Closes #7012
2021-05-09 00:13:37 +02:00
Daniel Stenberg
63813a0325
HTTP3: make the ngtcp2 build use the quictls fork
... as ngtcp2 itself documents the build this way.

Closes #7031
2021-05-07 22:43:54 +02:00
Daniel Stenberg
1763aceb0c
http: limit the initial send amount to used upload buffer size
Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes,
but for the situations where a larger upload buffer has been set, this
function can benefit from sending more bytes. With default size used,
this does the same as before.

Also changed the storage of the size to an 'unsigned int' as it is not
allowed to be set larger than 2M.

Also added cautions to the man pages about changing buffer sizes in
run-time.

Closes #7022
2021-05-07 08:51:39 +02:00
Daniel Stenberg
e2497c73f9
curl_mprintf.3: add description
These functions have existed in the API since the dawn of time. It is
about time we describe how they work, even if we discourage users from
using them.

Closes #7010
2021-05-06 23:21:12 +02:00
Timothy Gu
51e3388f7d
URL-SYNTAX: update IDNA section for WHATWG spec changes
WHATWG URL has dictated the use of Nontransitional Processing (IDNA
2008) for several years now. Chrome (and derivatives) still use
Transitional Processing, but Firefox and Safari have both switched.

Also document the fact that winidn functions differently from libidn2
here.

Closes #7026
2021-05-06 23:15:46 +02:00
Calvin Buckley
69bf70d7dc
INSTALL: add IBM i specific quirks
Fixes #6830
Closes #7013
2021-05-06 16:59:43 +02:00
Daniel Stenberg
a42b8f08d8
libcurl.3: mention the URL API
To make it easier to find. Also a minor polish of libcurl-url.3

Closes #7009
2021-05-06 16:54:05 +02:00
Gilles Vollant
77fc3859b2 SSL: support in-memory CA certs for some backends
- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
  specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
  and Secure Transport (Apple) SSL backends.

Prior to this change PEM certificates could only be imported from a file
and not from memory.

Co-authored-by: moparisthebest@users.noreply.github.com

Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109

Closes https://github.com/curl/curl/pull/6662
2021-05-05 02:29:16 -04:00
Daniel Stenberg
7d7a0a8b09
KNOWN_BUGS: add two HTTP/2 bugs 2021-05-03 17:27:35 +02:00
Daniel Stenberg
e41f2e5225
KNOWN_BUGS: add three HTTP/3 issues
... and moved the HTTP/2 issues to its own section

Closes #6606
Closes #6510
Closes #6494
2021-05-03 17:22:52 +02:00
ejanchivdorj
94241a9e78
CURLcode: add CURLE_SSL_CLIENTCERT
When a TLS server requests a client certificate during handshake and
none can be provided, libcurl now returns this new error code
CURLE_SSL_CLIENTCERT

Only supported by Secure Transport and OpenSSL for TLS 1.3 so far.

Closes #6721
2021-05-03 17:11:01 +02:00
Jacob Hoffman-Andrews
8228002cd1
rustls: use ALPN
Update required rustls to 0.5.0

Closes #6960
2021-04-30 08:27:37 +02:00
Ayushman Singh Chauhan
6aae7b1761
docs: camelcase it like GitHub everywhere
Closes #6979
2021-04-28 08:16:20 +02:00
Lucas Servén Marín
b08863822c docs: fix typo in fail-with-body doc
This commit fixes a small typo in the documentation for the
--fail-with-body flag.

Closes https://github.com/curl/curl/pull/6977
2021-04-27 15:11:08 -04:00
Daniel Stenberg
2e23f3b8d5
libcurl-security.3: be careful of setuid
Reported-by: Harry Sintonen
Closes #6970
2021-04-27 07:51:42 +02:00
Daniel Stenberg
7fdf01f32e
libcurl-security.3: don't try to filter IPv4 hosts based on the URL
Closes #6942
2021-04-26 10:25:03 +02:00
Yusuke Nakamura
c1311dba6e
docs/HTTP3.md: fix nghttp2's HTTP/3 server port
Port 8443 does not work now.
Correct origin is in the quicwg's wiki.
https://github.com/quicwg/base-drafts/wiki/Implementations#ngtcp2

Closes #6964
2021-04-26 08:07:37 +02:00
Johann150
68f6c56396
curl_url_set.3: add memory management information
wording taken from man page for CURLOPT_URL.3

As far as I can see, the URL part is either malloc'ed before due to
encoding or it is strdup'ed.

Closes #6953
2021-04-25 14:13:29 +02:00
Daniel Stenberg
f014eeceb2
CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data
Ref: https://curl.se/mail/lib-2021-04/0085.html
Closes #6943
2021-04-23 23:20:31 +02:00
Martin Halle
e540b32562 version: add gsasl_version to curl_version_info_data
- Add gsasl_version string and bump to CURLVERSION_TENTH.

Ref: https://curl.se/mail/lib-2021-04/0003.html

Closes https://github.com/curl/curl/pull/6843
2021-04-22 18:28:28 -04:00
Morten Minde Neergaard
67d3afa73f schannel: Support strong crypto option
- Support enabling strong crypto via optional user cipher list when
  USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.

MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
versions that may be otherwise enabled for better interoperability."

Ref: https://curl.se/mail/lib-2021-02/0066.html
Ref: https://curl.se/docs/manpage.html#--ciphers
Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred

Closes https://github.com/curl/curl/pull/6734
2021-04-22 17:40:19 -04:00
Daniel Stenberg
68d89f242c
configure: make the TLS library choice(s) explicit
configure no longer tries to find a TLS library by default, but all
libraries are now equal: the user needs to explicitly ask what TLS
library or libraries to use.

If no TLS library is selected, configure will error out unless
--without-ssl is explicitly used to request a built without TLS (as that
is very rare these days).

Removes: --with-winssl, --with-darwinssl and all --without-* options for
TLS libraries.

Closes #6897
2021-04-22 23:19:47 +02:00
Jay Satiro
54e7475016 schannel: Disable auto credentials; add an option to enable it
- Disable auto credentials by default. This is a breaking change
  for clients that are using it, wittingly or not.

- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
  to automatically locate and use a client certificate for
  authentication, when requested by the server.

- New curl tool options --ssl-auto-client-cert and
  --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.

This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.

Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn

Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard

Closes https://github.com/curl/curl/pull/6673
2021-04-22 16:53:37 -04:00
Daniel Stenberg
52fab72397
checksrc: complain on == NULL or != 0 checks in conditions
... to make them all consistenly use if(!var) and if(var)

Also added a few missing warnings to the documentation.

Closes #6912
2021-04-22 09:10:17 +02:00
Daniel Stenberg
063d3f3b96
tidy-up: make conditional checks more consistent
... remove '== NULL' and '!= 0'

Closes #6912
2021-04-22 09:10:17 +02:00
Patrick Monnerat
34cf40321c
bufref: buffer reference support
A struct bufref holds a buffer pointer, a data size and a destructor.
When freed or its contents are changed, the previous buffer is implicitly
released by the associated destructor. The data size, although not used
internally, allows binary data support.

A unit test checks its handling methods: test 1661

Closes #6654
2021-04-22 09:05:53 +02:00
Daniel Stenberg
d71ff2b9db
hsts: enable by default
No longer considered experimental.

Closes #6700
2021-04-19 08:22:16 +02:00
Daniel Stenberg
eff614fb02
vtls: refuse setting any SSL version
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.

Closes #6773
2021-04-19 08:16:02 +02:00
Daniel Stenberg
cf65d4237e
curl: ignore options asking for SSLv2 or SSLv3
Instead output a warning about it and continue with the defaults.

These SSL versions are typically not supported by the TLS libraries since a
long time back already since they are inherently insecure and broken. Asking
for them to be used will just cause an error to be returned slightly later.

In the unlikely event that a user's TLS library actually still supports these
protocol versions, this change might make the request a little less insecure.

Closes #6772
2021-04-19 08:14:05 +02:00
Victor Vieux
0d7c55bd57
tool_getparam: replace (in-place) '%20' by '+' according to RFC1866
Signed-off-by: Victor Vieux <victorvieux@gmail.com>

Closes #6895
2021-04-15 13:45:12 +02:00
Daniel Stenberg
7bdec2a08b
configure: provide --with-openssl, deprecate --with-ssl
Makes the option more explicit.

Closes #6887
2021-04-15 09:08:34 +02:00
Daniel Stenberg
520bd5225c
cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
the cookiejar from memory.

Reported-by: Stefan Karpinski
Fixes #6889
Closes #6891
2021-04-14 23:09:36 +02:00
Daniel Stenberg
aba89ca236
THANKS: add names from 7.76.1 2021-04-13 14:32:30 +02:00
Daniel Stenberg
95d525a9e1
misc: update copyright year ranges to match latest updates 2021-04-13 14:32:30 +02:00
Jay Satiro
0409c12ae7 TODO: remove 18.22 --fail-with-body
--fail-with-body was added in 8a964cb (precedes curl-7_76_0).
2021-04-11 00:36:13 -04:00
Jochem Broekhoff
255bdfe65c
examples/hiperfifo.c: check event_initialized before delete
If event_del is called with the event struct (still) zeroed out, a
segmentation fault may occur.  event_initialized checks whether the
event struct is nonzero.

Closes #6876
2021-04-09 11:44:21 +02:00
Muhammed Yavuz Nuzumlalı
694eab18bc
install: add instructions for Apple Darwin platforms
Closes #6860
2021-04-07 15:54:32 +02:00
David Hu
3be5ebf303
docs/HTTP3.md: update the build instruction using gnutls
In ngtcp2 the `with-gnutls` option is disabled by default, which will
cause `curl` unable to be `make` because of lacking the libraries
needed.

Closes #6857
2021-04-07 09:02:33 +02:00
Daniel Stenberg
e1c51916e2
THANKS: added names from 7.76.0 2021-03-31 00:08:24 +02:00
Daniel Stenberg
5a80a869a7
CURLOPT_AUTOREFERER.3: clarify that it sets the full URL
... some users may not want that!
2021-03-30 14:47:14 +02:00
Daniel Stenberg
ce2d5fb7fa
HISTORY: add two 2021 events 2021-03-29 09:05:12 +02:00
Daniel Stenberg
85e6975643
copyright: update copyright year ranges to 2021
Reviewed-by: Emil Engler
Closes #6802
2021-03-27 23:00:14 +01:00