1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 12:05:06 -05:00
Commit Graph

5027 Commits

Author SHA1 Message Date
Jacob Hoffman-Andrews
8228002cd1
rustls: use ALPN
Update required rustls to 0.5.0

Closes #6960
2021-04-30 08:27:37 +02:00
Ayushman Singh Chauhan
6aae7b1761
docs: camelcase it like GitHub everywhere
Closes #6979
2021-04-28 08:16:20 +02:00
Lucas Servén Marín
b08863822c docs: fix typo in fail-with-body doc
This commit fixes a small typo in the documentation for the
--fail-with-body flag.

Closes https://github.com/curl/curl/pull/6977
2021-04-27 15:11:08 -04:00
Daniel Stenberg
2e23f3b8d5
libcurl-security.3: be careful of setuid
Reported-by: Harry Sintonen
Closes #6970
2021-04-27 07:51:42 +02:00
Daniel Stenberg
7fdf01f32e
libcurl-security.3: don't try to filter IPv4 hosts based on the URL
Closes #6942
2021-04-26 10:25:03 +02:00
Yusuke Nakamura
c1311dba6e
docs/HTTP3.md: fix nghttp2's HTTP/3 server port
Port 8443 does not work now.
Correct origin is in the quicwg's wiki.
https://github.com/quicwg/base-drafts/wiki/Implementations#ngtcp2

Closes #6964
2021-04-26 08:07:37 +02:00
Johann150
68f6c56396
curl_url_set.3: add memory management information
wording taken from man page for CURLOPT_URL.3

As far as I can see, the URL part is either malloc'ed before due to
encoding or it is strdup'ed.

Closes #6953
2021-04-25 14:13:29 +02:00
Daniel Stenberg
f014eeceb2
CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data
Ref: https://curl.se/mail/lib-2021-04/0085.html
Closes #6943
2021-04-23 23:20:31 +02:00
Martin Halle
e540b32562 version: add gsasl_version to curl_version_info_data
- Add gsasl_version string and bump to CURLVERSION_TENTH.

Ref: https://curl.se/mail/lib-2021-04/0003.html

Closes https://github.com/curl/curl/pull/6843
2021-04-22 18:28:28 -04:00
Morten Minde Neergaard
67d3afa73f schannel: Support strong crypto option
- Support enabling strong crypto via optional user cipher list when
  USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.

MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
versions that may be otherwise enabled for better interoperability."

Ref: https://curl.se/mail/lib-2021-02/0066.html
Ref: https://curl.se/docs/manpage.html#--ciphers
Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred

Closes https://github.com/curl/curl/pull/6734
2021-04-22 17:40:19 -04:00
Daniel Stenberg
68d89f242c
configure: make the TLS library choice(s) explicit
configure no longer tries to find a TLS library by default, but all
libraries are now equal: the user needs to explicitly ask what TLS
library or libraries to use.

If no TLS library is selected, configure will error out unless
--without-ssl is explicitly used to request a built without TLS (as that
is very rare these days).

Removes: --with-winssl, --with-darwinssl and all --without-* options for
TLS libraries.

Closes #6897
2021-04-22 23:19:47 +02:00
Jay Satiro
54e7475016 schannel: Disable auto credentials; add an option to enable it
- Disable auto credentials by default. This is a breaking change
  for clients that are using it, wittingly or not.

- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
  to automatically locate and use a client certificate for
  authentication, when requested by the server.

- New curl tool options --ssl-auto-client-cert and
  --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.

This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.

Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn

Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard

Closes https://github.com/curl/curl/pull/6673
2021-04-22 16:53:37 -04:00
Daniel Stenberg
52fab72397
checksrc: complain on == NULL or != 0 checks in conditions
... to make them all consistenly use if(!var) and if(var)

Also added a few missing warnings to the documentation.

Closes #6912
2021-04-22 09:10:17 +02:00
Daniel Stenberg
063d3f3b96
tidy-up: make conditional checks more consistent
... remove '== NULL' and '!= 0'

Closes #6912
2021-04-22 09:10:17 +02:00
Patrick Monnerat
34cf40321c
bufref: buffer reference support
A struct bufref holds a buffer pointer, a data size and a destructor.
When freed or its contents are changed, the previous buffer is implicitly
released by the associated destructor. The data size, although not used
internally, allows binary data support.

A unit test checks its handling methods: test 1661

Closes #6654
2021-04-22 09:05:53 +02:00
Daniel Stenberg
d71ff2b9db
hsts: enable by default
No longer considered experimental.

Closes #6700
2021-04-19 08:22:16 +02:00
Daniel Stenberg
eff614fb02
vtls: refuse setting any SSL version
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.

Closes #6773
2021-04-19 08:16:02 +02:00
Daniel Stenberg
cf65d4237e
curl: ignore options asking for SSLv2 or SSLv3
Instead output a warning about it and continue with the defaults.

These SSL versions are typically not supported by the TLS libraries since a
long time back already since they are inherently insecure and broken. Asking
for them to be used will just cause an error to be returned slightly later.

In the unlikely event that a user's TLS library actually still supports these
protocol versions, this change might make the request a little less insecure.

Closes #6772
2021-04-19 08:14:05 +02:00
Victor Vieux
0d7c55bd57
tool_getparam: replace (in-place) '%20' by '+' according to RFC1866
Signed-off-by: Victor Vieux <victorvieux@gmail.com>

Closes #6895
2021-04-15 13:45:12 +02:00
Daniel Stenberg
7bdec2a08b
configure: provide --with-openssl, deprecate --with-ssl
Makes the option more explicit.

Closes #6887
2021-04-15 09:08:34 +02:00
Daniel Stenberg
520bd5225c
cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
the cookiejar from memory.

Reported-by: Stefan Karpinski
Fixes #6889
Closes #6891
2021-04-14 23:09:36 +02:00
Daniel Stenberg
aba89ca236
THANKS: add names from 7.76.1 2021-04-13 14:32:30 +02:00
Daniel Stenberg
95d525a9e1
misc: update copyright year ranges to match latest updates 2021-04-13 14:32:30 +02:00
Jay Satiro
0409c12ae7 TODO: remove 18.22 --fail-with-body
--fail-with-body was added in 8a964cb (precedes curl-7_76_0).
2021-04-11 00:36:13 -04:00
Jochem Broekhoff
255bdfe65c
examples/hiperfifo.c: check event_initialized before delete
If event_del is called with the event struct (still) zeroed out, a
segmentation fault may occur.  event_initialized checks whether the
event struct is nonzero.

Closes #6876
2021-04-09 11:44:21 +02:00
Muhammed Yavuz Nuzumlalı
694eab18bc
install: add instructions for Apple Darwin platforms
Closes #6860
2021-04-07 15:54:32 +02:00
David Hu
3be5ebf303
docs/HTTP3.md: update the build instruction using gnutls
In ngtcp2 the `with-gnutls` option is disabled by default, which will
cause `curl` unable to be `make` because of lacking the libraries
needed.

Closes #6857
2021-04-07 09:02:33 +02:00
Daniel Stenberg
e1c51916e2
THANKS: added names from 7.76.0 2021-03-31 00:08:24 +02:00
Daniel Stenberg
5a80a869a7
CURLOPT_AUTOREFERER.3: clarify that it sets the full URL
... some users may not want that!
2021-03-30 14:47:14 +02:00
Daniel Stenberg
ce2d5fb7fa
HISTORY: add two 2021 events 2021-03-29 09:05:12 +02:00
Daniel Stenberg
85e6975643
copyright: update copyright year ranges to 2021
Reviewed-by: Emil Engler
Closes #6802
2021-03-27 23:00:14 +01:00
Daniel Stenberg
eef3b43ae8
HISTORY: fixed the Mac OS X 10.1 release date
Based on what Wikipedia says
2021-03-26 09:08:10 +01:00
Jay Satiro
a8da0302a7 examples: Remove threaded-shared-conn.c due to bug
Known bug 11.11 is the shared object's connection cache is not thread
safe, so we should not have an example for it.

Ref: https://github.com/curl/curl/issues/4915
Ref: https://curl.se/docs/knownbugs.html#A_shared_connection_cache_is_not

Closes https://github.com/curl/curl/pull/6795
2021-03-26 03:14:50 -04:00
Jay Satiro
65aa275bbc KNOWN_BUGS: Update 11.9 - DoH option inheritance
- Add description: Explain that some options aren't inherited because
  they are not relevant for the DoH SSL connections or may result in
  unexpected behavior.

- Remove the reference to #4578 (SSL verify options not inherited) since
  that was fixed by #6597 (separate DoH-specific options for verify).

- Explain that DoH-specific options (those created by #6597) are
  available: CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and
  CURLOPT_DOH_SSL_VERIFYSTATUS.

- Add a reference to #6605 and explain that the user's debug function is
  not inherited because it would be unexpected to pass internal handles
  (ie DoH handles) to the user's callback.

Closes https://github.com/curl/curl/issues/6605
2021-03-26 03:14:28 -04:00
Daniel Stenberg
ae42f1df15
curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO 2021-03-26 07:56:22 +01:00
Daniel Stenberg
8494abfb1b
TODO: Custom progress meter update interval
Ref: https://stackoverflow.com/q/66789977/93747
2021-03-25 09:22:52 +01:00
Daniel Stenberg
8593b15c77
docs/ABI: tighten up the language
Make the promises more firm

Closes #6786
2021-03-24 23:45:29 +01:00
Daniel Stenberg
d7f737dd13
docs: make gen.pl support *italic* and **bold**
Remove some nroffisms from the cmdline doc files to simplify editing,
and instead support this markdown style.

Closes #6771
2021-03-22 16:50:58 +01:00
Jacob Hoffman-Andrews
2e444a17d4
docs: document version of crustls dependency
This also pins a specific release in the Travis test so future
API-breaking changins in crustls won't break curl builds.

Add RUSTLS documentation to release tarball.

Enable running tests for rustls, minus FTP tests (require
connect_blocking, which rustls doesn't implement) and 313 (requires CRL
handling).

Closes #6763
2021-03-21 00:16:32 +01:00
Daniel Stenberg
472b537215
docs: clarify timeouts for queued transfers in multi API
Closes #6758
2021-03-19 23:28:21 +01:00
Daniel Stenberg
453ad35d15
KNOWN_BUGS: CURLOPT_OPENSOCKETPAIRFUNCTION is missing
Closes #5747
2021-03-18 12:53:28 +01:00
Daniel Stenberg
74ec0e5ec0
TODO: provide timing info for each redirect
Closes #6743
2021-03-18 08:39:59 +01:00
Jay Satiro
2d04286793 docs: Add SSL backend names to CURL_SSL_BACKEND
- Document the names that can be used with CURL_SSL_BACKEND:
  bearssl, gnutls, gskit, mbedtls, mesalink, nss, openssl, rustls,
  schannel, secure-transport, wolfssl

Ref: https://github.com/curl/curl/issues/2209#issuecomment-360623286
Ref: https://github.com/curl/curl/issues/6717#issuecomment-800745201

Closes https://github.com/curl/curl/pull/6755
2021-03-17 18:15:10 -04:00
Jay Satiro
8a4ef73c8f docs: Explain DOH transfers inherit some SSL settings
- Document in DOH that some SSL settings are inherited but DOH hostname
  and peer verification are not and are controlled separately.

- Document that CURLOPT_SSL_CTX_FUNCTION is inherited by DOH handles but
  we're considering changing behavior to no longer inherit it. Request
  feedback.

Closes https://github.com/curl/curl/pull/6688
2021-03-17 18:12:45 -04:00
Daniel Stenberg
aab3a77e8c
HTTP2: remove the outdated remark about multiplexing for the tool 2021-03-16 00:35:38 +01:00
Daniel Stenberg
d4a932797a
HISTORY: curl 7.7.2 was the first version used in Mac OS X 10.1 2021-03-15 09:00:50 +01:00
Daniel Stenberg
f83d4ea56e
gen.pl: quote "bare" minuses in the nroff curl.1
Reported-by: Alejandro Colomar
Fixes #6698
Closes #6722
2021-03-14 23:44:43 +01:00
Jay Satiro
21445a76df retry.d: Clarify transient 5xx HTTP response codes
- Clarify the only 5xx response codes that are treated as transient are
  500, 502, 503 and 504.

Prior to this change it said it treated all 5xx as transient, but the
code says otherwise.

Ref: https://github.com/curl/curl/blob/curl-7_75_0/src/tool_operate.c#L462-L495

Closes https://github.com/curl/curl/pull/6724
2021-03-12 03:16:22 -05:00
Jay Satiro
cf9d16b98c retry-all-errors.d: Explain curl errors versus HTTP response errors
- Add a paragraph explaining that curl does not consider HTTP response
  errors as curl errors, and how that behavior can be modified by using
  --retry and --fail.

The --retry-all-errors doc says "Retry on any error" which some users
may find misleading without the added explanation.

Ref: https://curl.se/docs/faq.html#Why_do_I_get_downloaded_data_eve
Ref: https://curl.se/docs/faq.html#curl_doesn_t_return_error_for_HT

Reported-by: Lawrence Gripper

Fixes https://github.com/curl/curl/issues/6712
Closes https://github.com/curl/curl/pull/6720
2021-03-12 03:15:48 -05:00
Jay Satiro
bde786b5d1 version.d: Add missing features to the features list
- Add missing entries for gsasl, Kerberos, NTLM_WB, TrackMemory,
  Unicode and zstd.

- Remove krb4 since it's no longer a feature.

Reported-by: Ádler Jonas Gross

Fixes https://github.com/curl/curl/issues/6677
Closes https://github.com/curl/curl/pull/6687
2021-03-04 18:07:06 -05:00