Paused transfers should not be stopped due to slow speed even when
CURLOPT_LOW_SPEED_LIMIT is set. Additionally, the slow speed timer is
now reset when the transfer is unpaused - as otherwise it would easily
just trigger immediately after unpausing.
Reported-by: Harry Sintonen
Fixes#6358Closes#6359
In particular, these ones can help a user to create its own error
message when one or transfers fail.
writeout: add 'onerror', 'url', 'urlnum', 'exitcode', 'errormsg'
onerror - lets a user only show the rest on non-zero exit codes
url - the input URL used for this transfer
urlnum - the numerical URL counter (0 indexed) for this transfer
exitcode - the numerical exit code for the transfer
errormsg - obvious
Reported-by: Earnestly on github
Fixes#6199Closes#6207
It is a security process for HTTP.
It doesn't seems to be standard, but it is used by some cloud providers.
Aws:
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Outscale:
https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request
GCP (I didn't test that this code work with GCP though):
https://cloud.google.com/storage/docs/access-control/signing-urls-manually
most of the code is in lib/http_v4_signature.c
Information require by the algorithm:
- The URL
- Current time
- some prefix that are append to some of the signature parameters.
The data extracted from the URL are: the URI, the region,
the host and the API type
example:
https://api.eu-west-2.outscale.com/api/latest/ReadNets
~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
^ ^ ^
/ \ URI
API type region
Small description of the algorithm:
- make canonical header using content type, the host, and the date
- hash the post data
- make canonical_request using custom request, the URI,
the get data, the canonical header, the signed header
and post data hash
- hash canonical_request
- make str_to_sign using one of the prefix pass in parameter,
the date, the credential scope and the canonical_request hash
- compute hmac from date, using secret key as key.
- compute hmac from region, using above hmac as key
- compute hmac from api_type, using above hmac as key
- compute hmac from request_type, using above hmac as key
- compute hmac from str_to_sign using above hmac as key
- create Authorization header using above hmac, prefix pass in parameter,
the date, and above hash
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
Closes#5703
This option sets the (octal) mode to use for the remote file when one is
created, using the SFTP, SCP or FILE protocols. When not set, the
default is 0644.
Closes#6244
The command line tool also independently sets --ftp-skip-pasv-ip by
default.
Ten test cases updated to adapt the modified --libcurl output.
Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284
Reported-by: Varnavas Papaioannou
The function has been removed from common usage. Also removed comment in
gopher.c that still referenced it.
Reported-by: Rikard Falkeborn
Fixes#6242Closes#6243
Add files that are generated by 'make examples' and remove some that
have been renamed.
The commits that renamed the programs are e9625c5bc6 (imap.c and
simplesmtp.c were renamed to imap-fetch.c and smtp-send.c) and
ad39e7ec01 (pop3slist.c and pop3s.c were renamed to pop3-list.c and
pop3-ssl.c).
Closes#6240
By differentiating between ON and AUTO it can make a missing zlib
library a hard error when CURL_ZLIB=ON is used.
Reviewed-by: Jakub Zakrzewski
Closes#6221Fixes#6173
for curl_easy_escape and curl_easy_setopt()
The limit is there to catch mistakes and abuse. It is meant to be large
enough to allow virtually all "fine" use cases.
Reported-by: Marc Schlatter
Fixes#6190Closes#6191
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle
Closes#5896
Whitespace is spelled without a space between white and space, so
make sure to consistently spell it that way across the codebase.
Closes#6023
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Emil Engler <me@emilengler.com>
www.netscape.com is redirecting to a cookie consent form on Aol, and
cool.haxx.se isn't responding to FTP anymore. Replace with examples
that resolves in case users try out the commands when reading the
manual.
Closes#6024
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Emil Engler <me@emilengler.com>
Fix the HSTS PR
Remove DoT, thread-safe init and hard-coded localhost. I feel very
little interest for these with users so I downgrade them to plain "TODO"
entries again.
Fixed two return code mixups. CURLE_UNKNOWN_OPTION is saved for when the
option is, yeah, not known. Clarified this in the setopt man page too.
Closes#5993
These two files were always tightly connected and it was hard to
understand what went into which. This also allows us to make the
ftpsend() function static (moved from ftp.c).
Removed security.c
Renamed curl_sec.h to krb5.h
Closes#5987
This document is not maintained and rather than trying to refresh it,
let's kill it. A more up-to-date document with relevant RFCs is this
page on the curl website: https://curl.haxx.se/rfc/Closes#5980