1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-05 17:15:04 -05:00
Commit Graph

414 Commits

Author SHA1 Message Date
Daniel Stenberg
97f63f512d
CURLOPT_URL.3: add ENCODING section [ci skip]
Feedback-by: Michael Kilburn
2018-04-30 14:31:04 +02:00
Daniel Stenberg
f84139fd08
CURLINFO_PROTOCOL.3: mention the existing defined names 2018-04-27 11:50:16 +02:00
Archangel_SDY
f0819f99ae CURLOPT_SSLCERT.3: improve WinSSL-specific usage info
Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780

Closes https://github.com/curl/curl/pull/2504
2018-04-23 03:16:52 -04:00
Dan McNulty
8996300211 schannel: add support for CURLOPT_CAINFO
- Move verify_certificate functionality in schannel.c into a new
  file called schannel_verify.c. Additionally, some structure defintions
  from schannel.c have been moved to schannel.h to allow them to be
  used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
  all versions of Windows instead of just Windows CE. verify_certificate
  will be invoked on Windows CE or when the user specifies
  CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
  exclusively trusts the certificate store backed by the CURLOPT_CAINFO
  file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
  when available. This implements a TODO in schannel.c to improve
  handling of multiple SANs in a certificate. In particular, all SANs
  will now be searched instead of just the first name.

- Update tool_operate.c to not search for the curl-ca-bundle.crt file
  when using Schannel to maintain backward compatibility. Previously,
  any curl-ca-bundle.crt file found in that search would have been
  ignored by Schannel. But, with CAINFO support, the file found by
  that search would have been used as the certificate store and
  could cause issues for any users that have curl-ca-bundle.crt in
  the search path.

- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
  SSL backend is Schannel. We allow setting CA location for schannel
  only when explicitly specified by the user via CURLOPT_CAINFO /
  --cacert.

- Add new test cases 3000 and 3001. These test cases check that the first
  and last SAN, respectively, matches the connection hostname. New test
  certificates have been added for these cases. For 3000, the certificate
  prefix is Server-localhost-firstSAN and for 3001, the certificate
  prefix is Server-localhost-secondSAN.

- Remove TODO 15.2 (Add support for custom server certificate
  validation), this commit addresses it.

Closes https://github.com/curl/curl/pull/1325
2018-04-18 03:59:47 -04:00
Jakub Wilk
24e8355877 docs: fix typos
Closes https://github.com/curl/curl/pull/2503
2018-04-17 15:32:51 -04:00
Archangel_SDY
e35b0256eb
schannel: add client certificate authentication
Users can now specify a client certificate in system certificates store
explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"`

Closes #2376
2018-04-17 00:23:01 +02:00
Jay Satiro
cbc0f131c2 docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
- Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf.

For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar.

Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html
Reported-by: David L.
2018-03-31 14:52:55 -04:00
Daniel Stenberg
3ff09ce777
CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some text
Reported-by: Michal Trybus

Fixes #2400
2018-03-21 01:04:41 +01:00
Daniel Stenberg
27d7e511d5
CURLINFO_COOKIELIST.3: made the example not leak memory
Reported-by: Muz Dima
2018-03-20 23:18:23 +01:00
Rick Deist
d95f3dc0b1
resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request
shuffling of IP addresses returned for a hostname when there is more
than one. This is useful when the application knows that a round robin
approach is appropriate and is willing to accept the consequences of
potentially discarding some preference order returned by the system's
implementation.

Closes #1694
2018-03-17 20:44:14 +01:00
Daniel Stenberg
fb4f568b1e
add_handle/easy_perform: clear errorbuffer on start if set
To offer applications a more defined behavior, we clear the buffer as
early as possible.

Assisted-by: Jay Satiro

Fixes #2190
Closes #2377
2018-03-17 12:07:37 +01:00
Lawrence Matthews
6baeb6df35
CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol
Add --haproxy-protocol for the command line tool

Closes #2162
2018-03-17 11:50:06 +01:00
Daniel Stenberg
d974b39a9e
CURLOPT_COOKIEFILE.3: "-" as file name means stdin
Reported-by: Aron Bergman
Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html

[ci skip]
2018-03-13 13:04:12 +01:00
Daniel Stenberg
4d0b1e6887
CURLOPT_NOPROXY.3: mention how to list numerical IPv6 addresses 2018-03-04 19:51:37 +01:00
Viktor Szakats
7e35eb7729 spelling fixes
Detected using the `codespell` tool.

Also contains one URL protocol upgrade.

Closes https://github.com/curl/curl/pull/2334
2018-02-23 23:29:01 +00:00
Francisco Sedano
23713645d4 url: Add option CURLOPT_RESOLVER_START_FUNCTION
- Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that
  will be called every time before a new resolve request is started
  (ie before a host is resolved) with a pointer to backend-specific
  resolver data. Currently this is only useful for ares.

- Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to
  pass to the resolver start callback.

Closes https://github.com/curl/curl/pull/2311
2018-02-21 21:29:10 -05:00
Jay Satiro
dd027c80fe lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
- In keeping with the naming of our other connect timeout options rename
  CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.

This change adds the _MS suffix since the option expects milliseconds.
This is more intuitive for our users since other connect timeout options
that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS,
CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS.

The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms.

Follow-up to 2427d94 which added the lib and tool option yesterday.

Ref: https://github.com/curl/curl/pull/2260
2018-02-21 15:16:50 -05:00
Anders Bakken
2427d94c6d url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT
- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy
  eyeball timeout value.

- Add new optval macro CURL_HET_DEFAULT to represent the default happy
  eyeballs timeout value (currently 200 ms).

- Add new tool option --happy-eyeballs-timeout-ms to expose
  CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the
  other -timeout options in the tool expect seconds not milliseconds.

Closes https://github.com/curl/curl/pull/2260
2018-02-20 17:51:43 -05:00
Anders Bakken
50d1b3379a CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
This enables users to preresolve but still take advantage of happy
eyeballs and trying multiple addresses if some are not connecting.

Ref: https://github.com/curl/curl/pull/2260
2018-02-20 04:24:28 -05:00
Daniel Stenberg
174212972c
CURLOPT_HEADER.3: clarify problems with different data sizes 2018-02-16 22:54:51 +01:00
Daniel Stenberg
5a44c9fa8b
CURLOPT_HEADERFUNCTION.3: fix typo from d939226813
Reported-by: Erik Johansson
Bug: d939226813 (commitcomment-27607495)
2018-02-16 16:25:52 +01:00
Daniel Stenberg
d939226813
CURLOPT_HEADERFUNCTION.3: mention folded headers 2018-02-16 12:11:23 +01:00
Daniel Stenberg
8f69a9f28a
time: support > year 2038 time stamps for system with 32bit long
... with the introduction of CURLOPT_TIMEVALUE_LARGE and
CURLINFO_FILETIME_T.

Fixes #2238
Closes #2264
2018-01-30 08:29:59 +01:00
5c497343d9
GSKit: restore pinnedpubkey functionality
inadvertently removed in 283babfaf8

Closes #2263
2018-01-25 23:16:14 +01:00
e178fbd40a
SChannel/WinSSL: Implement public key pinning
Closes #1429
2018-01-25 22:14:39 +01:00
Daniel Stenberg
96186de1f7
docs: fix man page syntax to make test 1140 OK again 2018-01-23 01:28:18 +01:00
Daniel Stenberg
af32cd3859
http: prevent custom Authorization headers in redirects
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
curl already handles Authorization headers created internally.

Note: this changes behavior slightly, for the sake of reducing mistakes.

Added test 317 and 318 to verify.

Reported-by: Craig de Stigter
Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
2018-01-22 10:00:00 +01:00
rouzier
945df74101
CURLOPT_TCP_NODELAY.3: fix typo
Closes #2239
2018-01-15 23:06:58 +01:00
Jay Satiro
6fa10c8fa2 setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
Broken since f121575 (precedes 7.56.1).

Bug: https://github.com/curl/curl/issues/2225
Reported-by: cmfrolick@users.noreply.github.com

Closes https://github.com/curl/curl/pull/2227
2018-01-13 02:57:30 -05:00
Jay Satiro
a0f3eaf25d examples/cacertinmem: ignore cert-already-exists error
- Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback
  since it's possible the cert may have already been loaded by libcurl.

- Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc.
  Instead have it direct the reader to this cacertinmem.c example.

- Fix the CA certificate to use the right CA for example.com, Digicert.

Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html
Reported-by: Thomas van Hesteren

Closes https://github.com/curl/curl/pull/2182
2017-12-26 02:08:35 -05:00
Daniel Stenberg
9c6a6be882
CURLOPT_READFUNCTION.3: refer to argument with correct name
Bug: #2175

[ci skip]
2017-12-13 08:18:10 +01:00
Daniel Stenberg
63e58b8b40
CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference 2017-12-11 00:00:17 +01:00
Daniel Stenberg
bbea75ad69
CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE 2017-12-09 23:34:07 +01:00
richardthe3rd
9fb5a943f5 CURLOPT_PRIVATE.3: fix grammar
- Change "never does nothing" double-negative to "never does anything".

Closes https://github.com/curl/curl/pull/2168
2017-12-08 18:55:33 -05:00
Daniel Stenberg
715f1f53e0
resolve: allow IP address within [] brackets
... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.

Added test 1324 to verify
Reported-by: Alex Malinovich

Fixes #2087
Closes #2091
2017-11-17 15:26:08 +01:00
Florin
f20cbac970
auth: Added test cases for RFC7616
Updated docs to include support for RFC7616

Signed-off-by: Florin <petriuc.florin@gmail.com>

Closes #1934
2017-10-28 16:33:09 +02:00
Daniel Stenberg
172ce9cc19
setopt: avoid integer overflows when setting millsecond values
... that are multiplied by 1000 when stored.

For 32 bit long systems, the max value accepted (2147483 seconds) is >
596 hours which is unlikely to ever be set by a legitimate application -
and previously it didn't work either, it just caused undefined behavior.

Also updated the man pages for these timeout options to mention the
return code.

Closes #1938
2017-10-16 09:23:19 +02:00
Daniel Stenberg
f8e593887e
CURLOPT_XFERINFODATA.3: fix duplicate see also 2017-10-09 16:24:36 +02:00
Daniel Stenberg
d895a83a3b
CURLOPT_NOPROGRESS.3: also refer to xferinfofunction 2017-10-09 16:24:19 +02:00
Michael Kaufmann
c66d94d6da docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS
Closes #1922
2017-09-28 21:32:20 +02:00
Michael Kaufmann
46d63bbbe8 docs: clarify the use of environment variables for proxy
Closes #1921
2017-09-28 21:29:39 +02:00
Daniel Stenberg
50b208e23e
docs: clarify the CURLOPT_INTERLEAVE* options behavior 2017-09-15 15:47:56 +02:00
Jay Satiro
64bb7ae6ae mbedtls: enable CA path processing
CA path processing was implemented when mbedtls.c was added to libcurl
in fe7590f, but it was never enabled.

Bug: https://github.com/curl/curl/issues/1877
Reported-by: SBKarr@users.noreply.github.com
2017-09-10 03:22:05 -04:00
Daniel Stenberg
2e4074c953
docs: curl_mime_*.3 man page formatting edits 2017-09-04 09:20:24 +02:00
Patrick Monnerat
ce0881edee mime: new MIME API.
Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.
2017-09-02 17:47:10 +01:00
Daniel Stenberg
4a7673c8ca
CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD 2017-08-24 10:09:28 +02:00
Daniel Stenberg
582f2a1308
CURLOPT_SSH_COMPRESSION.3: enable with 1L
(leaves other values reserved for the future)
2017-08-17 09:54:07 +02:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00
Alessandro Ghedini
34f24fef4a docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description 2017-08-12 13:36:39 +01:00
Alessandro Ghedini
274f9cac96 docs: fix typo stuct -> struct 2017-08-12 13:33:10 +01:00