1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 03:55:03 -05:00
Commit Graph

176 Commits

Author SHA1 Message Date
Daniel Stenberg
9a8b3b3e13
copyright: fix out-of-date copyright ranges and missing headers
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.

Removed three (mostly usesless) README files from docs/

Closes #5141
2020-03-24 15:05:59 +01:00
Johannes Schindelin
5450428491 schannel: add "best effort" revocation check option
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
  --ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

	Unknown error (0x80092012) - The revocation function was unable
	to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981
2020-03-18 03:23:39 -04:00
Mathias Gumz
04c03416e6
writeout: support to generate JSON output
This commit adds support to generate JSON via the writeout feature:

    -w "%{json}"

It leverages the existing infrastructure as much as possible. Thus,
generating the JSON on STDERR is possible by:

    -w "%{stderr}%{json}"

This implements a variant of
https://github.com/curl/curl/wiki/JSON#--write-out-json.

Closes #4870
2020-03-17 15:01:28 +01:00
Daniel Stenberg
0845ecbb6d
docs: add warnings about FILE: URLs on Windows
- --url man page section
 - libcurl-security.3 gets the full text
 - CURLOPT_URL.3

Reported-by: Tim Sedlmeyer
2020-03-13 16:56:41 +01:00
Daniel Stenberg
d78672b5b4
create-dirs.d: mention the mode
Reported-by: Dan Jacobson
Fixes #4766
Closes #4916
2020-02-12 22:30:45 +01:00
Pedro Monreal
4b6fd29f1a cleanup: fix typos and wording in docs and comments
Closes #4869
Reviewed-by: Emil Engler and Daniel Gustafsson
2020-02-02 18:43:01 +01:00
Daniel Stenberg
d3e5311f6c
oauth2-bearer.d: works for HTTP too
Reported-by: Mischa Salle
Bug: https://curl.haxx.se/mail/lib-2020-01/0070.html
Closes #4862
2020-01-29 07:50:44 +01:00
Daniel Stenberg
8b7fff3311
location.d: the method change is from POST to GET only
Not from generic non-GET to GET.

Reported-by: Andrius Merkys
Ref: #4859
Closes #4861
2020-01-28 12:58:33 +01:00
Aron Rotteveel
1c532870ed
form.d: fix two minor typos
Closes #4843
2020-01-23 09:28:05 +01:00
Pavel Volgarev
4a4609bf3c
smtp: Allow RCPT TO command to fail for some recipients
Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.

Verified with the new tests 3002-3007

Closes #4816
2020-01-21 10:40:19 +01:00
Daniel Stenberg
81e1b1ec23
data.d: remove "Multiple files can also be specified"
It is superfluous and could even be misleading.

Bug: https://curl.haxx.se/mail/archive-2020-01/0016.html
Reported-by: Mike Norton
Closes #4832
2020-01-21 08:39:48 +01:00
Daniel Stenberg
4147d58aee
docs: TLS SRP doesn't work with TLS 1.3
Reported-by: sayrer on github
Closes #4262
[skip ci]
2019-12-16 16:03:22 +01:00
Daniel Stenberg
d4a1862719
docs: add "added: 7.68.0" to the --etag-* docs 2019-12-02 11:22:32 +01:00
Maros Priputen
18e5cb77e9
curl: two new command line options for etags
--etag-compare and --etag-save

Suggested-by: Paul Hoffman
Fixes #4277
Closes #4543
2019-11-28 13:05:20 +01:00
Daniel Stenberg
215baa74f7
curl: add --parallel-immediate
Starting with this change when doing parallel transfers, without this
option set, curl will prefer to create new transfers multiplexed on an
existing connection rather than creating a brand new one.

--parallel-immediate can be set to tell curl to prefer to use new
connections rather than to wait and try to multiplex.

libcurl-wise, this means that curl will set CURLOPT_PIPEWAIT by default
on parallel transfers.

Suggested-by: Tom van der Woerdt
Closes #4500
2019-11-21 16:36:10 +01:00
Victor Magierski
8487734e8b docs: fix typos
Change 'experiemental' to 'experimental'.

Closes #4618
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-11-20 09:59:05 +01:00
Daniel Stenberg
b1ae7f9b7f
docs: make sure the --no-progress-meter docs file is in dist too 2019-10-09 10:10:05 +02:00
Daniel Stenberg
9e03faccc3
docs: document it as --no-progress-meter instead of the reverse
Follow-up to 93373a960c

Reported-by: infinnovation-dev on github
Fixes #4474
Closes #4475
2019-10-09 10:07:02 +02:00
Daniel Stenberg
93373a960c
curl: --no-progress-meter
New option that allows a user to ONLY switch off curl's progress meter
and leave everything else in "talkative" mode.

Reported-by: Piotr Komborski
Fixes #4422
Closes #4470
2019-10-08 20:56:17 +02:00
Daniel Stenberg
862393243d
curl: use .curlrc (with a dot) on Windows as well
Fall-back to _curlrc if the dot-version is missing.

Co-Authored-By: Steve Holme

Closes #4230
2019-08-20 11:48:49 +02:00
Daniel Stenberg
026840e35c
CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
Even though it cannot fall-back to a lower HTTP version automatically. The
safer way to upgrade remains via CURLOPT_ALTSVC.

CURLOPT_H3 no longer has any bits that do anything and might be removed
before we remove the experimental label.

Updated the curl tool accordingly to use "--http3".

Closes #4197
2019-08-08 08:17:24 +02:00
Daniel Stenberg
640b9733de
curl: make use of CURLINFO_RETRY_AFTER when retrying
If a Retry-After: header was used in the response, that value overrides
other retry timing options.

Fixes #3794
Closes #4195
2019-08-07 14:45:44 +02:00
Steve Holme
1e08a79258 curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
Ref: https://github.com/curl/curl/issues/3653
Ref: https://github.com/curl/curl/pull/3790

NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.

Closes https://github.com/curl/curl/pull/4186
2019-08-06 11:38:41 -04:00
Daniel Stenberg
a42b0957ab
http09: disable HTTP/0.9 by default in both tool and library
As the plan has been laid out in DEPRECATED. Update docs accordingly and
verify in test 1174. Now requires the option to be set to allow HTTP/0.9
responses.

Closes #4191
2019-08-06 00:08:14 +02:00
Daniel Stenberg
3af0e76d1e
HTTP3: initial (experimental) support
USe configure --with-ngtcp2 or --with-quiche

Using either option will enable a HTTP3 build.
Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me>

Closes #3500
2019-07-21 23:49:03 +02:00
Daniel Stenberg
b889408500
curl: support parallel transfers
This is done by making sure each individual transfer is first added to a
linked list as then they can be performed serially, or at will, in
parallel.

Closes #3804
2019-07-20 19:14:16 +02:00
Jay Satiro
c7f3c073f4 docs: Explain behavior change in --tlsv1. options since 7.54
Since 7.54 --tlsv1. options use the specified version or later, however
older versions of curl documented it as using just the specified version
which may or may not have happened depending on the TLS library.
Document this discrepancy to allay confusion for users familiar with the
old documentation that expect just the specified version.

Fixes https://github.com/curl/curl/issues/4097
Closes https://github.com/curl/curl/pull/4119
2019-07-17 00:48:41 -04:00
Jay Satiro
e8442e4ffc libcurl: Restrict redirect schemes (follow-up)
- Allow FTPS on redirect.

- Update default allowed redirect protocols in documentation.

Follow-up to 6080ea0.

Ref: https://github.com/curl/curl/pull/4094

Closes https://github.com/curl/curl/pull/4115
2019-07-17 00:48:40 -04:00
Bjarni Ingi Gislason
4c91ab7b2f docs: Fix missing lines caused by undefined macros
- Escape apostrophes at line start.

Some lines begin with a "'" (apostrophe, single quote), which is then
interpreted as a control character in *roff.

Such lines are interpreted as being a call to a macro, and if
undefined, the lines are removed from the output.

Bug: https://bugs.debian.org/926352
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>

Submitted-by: Alessandro Ghedini

Closes https://github.com/curl/curl/pull/4111
2019-07-15 02:39:35 -04:00
Daniel Stenberg
8ad61c6847 doh-url.d: added in 7.62.0 2019-07-04 14:02:43 +02:00
Daniel Stenberg
9dd731c94e
quote.d: asterisk prefix works for SFTP as well
Reported-by: Ben Voris
Fixes #4017
Closes #4019
2019-06-13 08:48:46 +02:00
Daniel Stenberg
deb9462ff2
wolfssl: refer to it as wolfSSL only
Remove support for, references to and use of "cyaSSL" from the source
and docs. wolfSSL is the current name and there's no point in keeping
references to ancient history.

Assisted-by: Daniel Gustafsson

Closes #3903
2019-06-10 09:18:16 +02:00
Daniel Stenberg
7e590b3ecd
tls13-docs: mention it is only for OpenSSL >= 1.1.1
Reported-by: Jay Satiro
Co-authored-by: Jay Satiro
Fixes #3938
Closes #3946
2019-06-02 16:15:45 +02:00
Daniel Stenberg
ca09d96574
dump-header.d: spell out that no headers == empty file [ci skip]
Reported-by: wesinator at github
Fixes #3964
Closes #3974
2019-06-01 10:42:00 +02:00
Jay Satiro
db8ec1fa38
Revert all SASL authzid (new feature) commits
- Revert all commits related to the SASL authzid feature since the next
  release will be a patch release, 7.65.1.

Prior to this change CURLOPT_SASL_AUTHZID  / --sasl-authzid was destined
for the next release, assuming it would be a feature release 7.66.0.
However instead the next release will be a patch release, 7.65.1 and
will not contain any new features.

After the patch release after the reverted commits can be restored by
using cherry-pick:

git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690

Details for all reverted commits:

Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()."

This reverts commit 0edf6907ae.

Revert "tests: Fix the line endings for the SASL alt-auth tests"

This reverts commit c2a8d52a13.

Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples"

This reverts commit 8c1cc369d0.

Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool"

This reverts commit a9499ff136.

Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID"

This reverts commit a14d72ca2f.
2019-05-25 23:36:11 +02:00
Steve Holme
a9499ff136
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool 2019-05-22 22:55:11 +01:00
Daniel Stenberg
269f7df0ae
PolarSSL: deprecate support step 1. Removed from configure.
Also removed mentions from most docs.

Discussed: https://curl.haxx.se/mail/lib-2019-05/0045.html

Closes #3888
2019-05-22 10:00:56 +02:00
Daniel Stenberg
ebb2ebe18b
config.d: clarify that initial : and = might need quoting [skip ci]
Fixes #3738
Closes #3749
2019-04-08 21:57:22 +02:00
Tim Rühsen
7b758e9835 documentation: Fix several typos
Closes #3724
Reviewed-by: Jakub Zakrzewski
Reviewed-by: Daniel Gustafsson
2019-04-03 22:06:06 +02:00
Daniel Stenberg
2af732f364
curl.1: --user and --proxy-user are hidden from ps output
Suggested-by: Eric Curtin
Improved-by: Dan Fandrich
Ref: #3680

Closes #3683
2019-03-14 20:09:41 +01:00
Daniel Stenberg
05a131eb77
curl.1: mark the argument to --cookie as <data|filename>
From a discussion in #3676

Suggested-by: Tim Rühsen

Closes #3682
2019-03-14 17:25:40 +01:00
Daniel Stenberg
50afa478e1
cmdline-opts/proxytunnel.d: the option tunnnels all protocols
Clarify the language and simplify.

Reported-by: Daniel Lublin
Closes #3658
2019-03-08 23:19:11 +01:00
Daniel Stenberg
c51c78dd8d
alt-svc: the curl command line bits 2019-03-03 11:17:52 +01:00
Ԝеѕ
8f105b0534
docs: update max-redirs.d phrasing
clarify redir - "in absurdum" doesn't seem to make sense in this context

Closes #3631
2019-03-01 09:26:33 +01:00
Daniel Stenberg
180501cb02
schannel: stop calling it "winssl"
Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alias.

Closes #3504
2019-02-01 08:20:38 +01:00
Daniel Stenberg
f2d5e34bae
docs/version.d: mention MultiSSL
Reviewed-by: Daniel Gustafsson
Closes #3432
2019-01-03 15:45:18 +01:00
Claes Jakobsson
d8cae791f4 hostip: support wildcard hosts
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
try-last so any non-wildcard entry is resolved first. If specified,
any host not matched by another CURLOPT_RESOLVE config will use this
as fallback.

Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
  curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
       https://a.com https://b.com

This is probably quite similar to using:
  --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443

Closes #3406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-27 14:23:53 +01:00
Daniel Stenberg
006ff62d8c
http: added options for allowing HTTP/0.9 responses
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
Closes #3383
2018-12-21 10:49:30 +01:00
Daniel Stenberg
fdc5563b6e
docs: fix the --tls-max description
Reported-by: Tobias Lindgren
Pointed out in #3367

Closes #3368
2018-12-13 08:35:55 +01:00
Daniel Gustafsson
8802ad965d cmdline-opts/gen.pl: define the correct varname
The variable definition had a small typo making it declare another
variable then the intended.

Closes #3304
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-26 09:56:49 +01:00