1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 22:45:03 -05:00
Commit Graph

496 Commits

Author SHA1 Message Date
Kamil Dudka
4ef6b2d6c6 curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts
The behavior has been clarified in CURLOPT_FTP_USE_{EPRT,EPSV}.3 man
pages since curl-7_12_3~131.  This patch makes it clear in the curl.1
man page, too.

Bug: https://bugzilla.redhat.com/1305970
2016-02-12 18:47:17 +01:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Daniel Stenberg
6b485c7407 HTTPS: update a bunch of URLs from HTTP to HTTPS 2016-02-02 00:24:30 +01:00
Jay Satiro
96596334c8 curl.1: Explain remote-name behavior if file already exists
.. also warn about letting the server pick the filename.
2016-01-29 03:28:48 -05:00
Daniel Stenberg
b4a39491ca curl --expect100-timeout: added
This is the new command line option to set the value for the existing
libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
2015-12-15 13:59:56 +01:00
Daniel Stenberg
748ffc77c6 curl.1: remove the overlap --range example
... it is just weird to include by default even if it still works.
2015-11-06 15:03:00 +01:00
Daniel Stenberg
9b87078d55 curl.1: -E: s/private certificate/client certificate
... as the certificate is strictly speaking not private.

Reported-by: John Levon
2015-10-28 13:17:54 +01:00
Daniel Stenberg
b1fc8c0e97 curl.1: --ignore-content-length now works for FTP too 2015-10-23 15:24:31 +02:00
Daniel Stenberg
4ceddcf8ca curl.1: update RFC references 2015-09-03 19:52:23 +02:00
Jay Satiro
cb6a07fed0 docs: Warn about any-domain cookies and multiple transfers
- Warn that cookies without a domain are sent to any domain:
CURLOPT_COOKIELIST, CURLOPT_COOKIEFILE, --cookie

- Note that imported Set-Cookie cookies without a domain are no longer
exported:
CURLINFO_COOKIELIST, CURLOPT_COOKIEJAR, --cookie-jar
2015-09-03 02:35:11 -04:00
Nathaniel Waisbrot
9756d1da76 CURLOPT_DEFAULT_PROTOCOL: added
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
protocol for schemeless URLs.

- Add new tool option --proto-default to expose
CURLOPT_DEFAULT_PROTOCOL.

In the case of schemeless URLs libcurl will behave in this way:

When the option is used libcurl will use the supplied default.

When the option is not used, libcurl will follow its usual plan of
guessing from the hostname and falling back to 'http'.
2015-08-22 21:57:14 -04:00
Jay Satiro
1f1f131e09 docs: Update the redirect protocols disabled by default
- Clarify that FILE and SCP are disabled by default since 7.19.4
- Add that SMB and SMBS are disabled by default since 7.40.0
- Add CURLPROTO_SMBS to the list of protocols
2015-08-18 01:38:07 -04:00
Daniel Kahn Gillmor
31673ff517 curl.1: Document weaknesses in SSLv2 and SSLv3
Acknowledge that SSLv3 is also widely considered to be insecure.

Also, provide references for people who want to know more about why it's
insecure.
2015-08-15 22:53:46 +02:00
Alessandro Ghedini
5be0c88297 docs: fix typos
closes #376
2015-08-12 11:29:55 +02:00
Daniel Stenberg
c092b0f0f3 docs: formpost needs the full size at start of upload
Closes #360
2015-08-02 00:15:39 +02:00
Jay Satiro
172b2beba6 SSL: Add an option to disable certificate revocation checks
New tool option --ssl-no-revoke.
New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.

Currently this option applies only to WinSSL where we have automatic
certificate revocation checking by default. According to the
ssl-compared chart there are other backends that have automatic checking
(NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
some later point.

Bug: https://github.com/bagder/curl/issues/264
Reported-by: zenden2k <zenden2k@gmail.com>
2015-07-17 02:40:16 -04:00
55b78c5ae9 SSL: Pinned public key hash support 2015-07-01 19:43:47 +02:00
Viktor Szakats
45f21e0f37 docs: update URLs 2015-06-16 09:08:00 +02:00
Daniel Stenberg
45bad4ac97 curl.1: netrc is in man section 5 2015-06-15 08:28:42 +02:00
Daniel Stenberg
f3288196ff curl.1: small format fix
use \fI-style instead of .BR for references
2015-06-15 08:26:37 +02:00
Ville Skyttä
025dbe46df docs: man page indentation and syntax fixes 2015-06-08 13:37:14 +02:00
Jay Satiro
265f83a9f0 curl.1: fix missing space in section --data 2015-05-19 15:43:40 -04:00
Linus Nielsen
97c272e5d1 Negotiate: custom service names for SPNEGO.
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
* Add new curl options, --proxy-service-name and --service-name.
2015-04-28 08:29:56 +02:00
Anthony Avina
6a7261359b tool: New option --data-raw to HTTP POST data, '@' allowed.
Add new option --data-raw which is almost the same as --data but does
not have a special interpretation of the @ character.

Prior to this change there was no (easy) way to pass the @ character as
the first character in POST data without it being interpreted as a
special character.

Bug: https://github.com/bagder/curl/issues/198
Reported-by: Jens Rantil
2015-04-25 14:51:14 -04:00
Jay Satiro
0675abbc75 cyassl: Implement public key pinning
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
2015-04-22 17:07:19 -04:00
Alessandro Ghedini
26cbd7a1d9 curl.1: fix typo 2015-04-22 21:47:32 +02:00
Kamil Dudka
b47c17d67c nss: implement public key pinning for NSS backend
Bug: https://bugzilla.redhat.com/1195771
2015-04-22 13:21:31 +02:00
Daniel Stenberg
5d23279299 CURLOPT_PATH_AS_IS: added
--path-as-is is the command line option

Added docs in curl.1 and CURLOPT_PATH_AS_IS.3

Added test in test 1241
2015-03-24 10:31:58 +01:00
Nick Zitzmann
7f5a170442 darwinsssl: add support for TLS False Start
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
2015-03-21 12:22:56 -05:00
Alessandro Ghedini
1f651d1d4d curl: add --false-start option 2015-03-20 20:14:35 +01:00
Daniel Stenberg
6bba85d500 curl.1: fix "The the" typo
Reported-by: Jon Seymour
2015-03-04 07:29:06 +01:00
Alessandro Ghedini
49655a6822 curl.1: --cert-status is also supported by OpenSSL now 2015-02-14 20:30:32 +00:00
Daniel Stenberg
0daf1ef729 curl.1: clarify that -X is used for all requests
Reported-by: Jon Seymour
2015-02-09 10:33:54 +01:00
Daniel Stenberg
499024d208 curl.1: add warning when using -H and redirects 2015-02-08 00:05:55 +01:00
Daniel Stenberg
a4065ebf1c copyright years: after OCSP stapling changes 2015-01-16 23:23:29 +01:00
Alessandro Ghedini
bd0c3b3c66 curl: add --cert-status option
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
2015-01-16 23:23:29 +01:00
Steve Holme
1abe65d928 code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
2014-12-26 21:42:44 +00:00
Daniel Stenberg
7853c1cfe6 curl.1: added --unix-socket 2014-12-04 02:52:19 +01:00
Dave Reisner
8ef77547d0 curl.1: fix trivial typo 2014-12-03 22:38:46 +01:00
Bill Nagel
96c3b1a1bb docs: Updated for the SMB protocol
This patch updates the documentation for the SMB/CIFS protocol.
2014-11-30 21:53:30 +00:00
Steve Holme
982a649aa5 docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion 2014-11-26 23:32:38 +00:00
be1a505189 SSL: Add PEM format support for public key pinning 2014-11-24 19:30:09 +01:00
Steve Holme
338b641370 docs: Updated following the addition of SSPI based HTTP digest auth 2014-11-06 23:44:11 +00:00
Daniel Stenberg
9f59fb6d33 curl.1: show zone index use in a URL 2014-11-06 17:35:22 +01:00
Steve Holme
f7e24683c4 sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
Fixed the ability to use the current log-in credentials with DIGEST-MD5.
I had previously disabled this functionality in commit 607883f13c as I
couldn't get this to work under Windows 8, however, from testing HTTP
Digest authentication through Windows SSPI and then further testing of
this code I have found it works in Windows 7.

Some further investigation is required to see what the differences are
between Windows 7 and 8, but for now enable this functionality as the
code will return an error when AcquireCredentialsHandle() fails.
2014-10-29 14:24:38 +00:00
Daniel Stenberg
50313059fc curl.1: edited for clarity 2014-10-21 11:57:13 +02:00
93e450793c SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
2014-10-07 14:44:19 +02:00
Jeremy Lin
fa7d04fed4 ssh: improve key file search
For private keys, use the first match from: user-specified key file
(if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa

Note that the previous code only looked for id_dsa files. id_rsa is
now generally preferred, as it supports larger key sizes.

For public keys, use the user-specified key file, if provided.
Otherwise, try to extract the public key from the private key file.
This means that passing --pubkey is typically no longer required,
and makes the key-handling behavior more like OpenSSH.
2014-10-03 16:20:54 +02:00
Daniel Stenberg
69ce8a72f5 curl.1: mention quoting in the URL section
and separate the example URLs with newlines
2014-10-01 08:29:43 +02:00
Daniel Stenberg
7bff23b166 curl.1: add an example for -H 2014-08-29 08:07:47 +02:00
Daniel Stenberg
a20da5523e curl.1: clarify --limit-rate's effect on both directions
Bug: http://curl.haxx.se/bug/view.cgi?id=1414
Reported-by: teo8976
2014-08-23 00:40:52 +02:00
Daniel Stenberg
5be48639b1 curl.1: mention the --post30x options within the --location desc 2014-08-23 00:00:00 +02:00
Steve Holme
75be5a6681 docs: Escaped single backslash 2014-08-16 11:52:11 +01:00
Steve Holme
7679cb3fa8 docs: Added Kerberos V5 and NTLM domain information to --user 2014-08-16 10:37:16 +01:00
Steve Holme
0574196acb docs: Added Kerberos V5 to the --user SSPI current credentials usage 2014-08-16 10:16:05 +01:00
Michael Osipov
37f0e8a32c docs: Update SPNEGO and GSS-API related doc sections
Reflect recent changes in SPNEGO and GSS-API code in the docs.
Update them with appropriate namings and remove visible spots for
GSS-Negotiate.
2014-08-09 00:08:51 +01:00
Steve Holme
f719a97e12 docs: Added Negotiate to the SSPI current credentials usage description 2014-08-07 08:04:40 +01:00
Daniel Stenberg
97db9fb653 curl.1: minor language fix
Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
2014-07-03 22:37:43 +02:00
Daniel Stenberg
3b65aeda52 curl.1: clarify that -u can't specify a user with colon 2014-05-23 14:34:03 +02:00
Steve Holme
fa083980c5 curl.1: Added missing --login-options option
...and removed ;OPTIONS from --user as that functionality was removed
in 7.34.0.
2014-05-07 19:47:22 +01:00
Daniel Stenberg
109e94c51c docs: this is for 7.37.0
And clarify for curl that --proxy-header now must be used for headers
that are meant for a proxy, and they will not be included if the request
is not for a proxy.
2014-04-04 17:10:47 +02:00
Daniel Stenberg
20f61cd12c curl.1: documented --proxy-header 2014-04-04 17:03:43 +02:00
Dan Fandrich
ca7d1de69c docs: fixed a bunch of typos 2014-03-14 23:38:00 +01:00
Steve Holme
1a9b58fcb2 tool_getparam: Added initial support for --next/-:
Added initial support for --next/-: which will be used to replace the
rather confusing : command line operation what was used for the URL
specific options prototype.
2014-02-26 20:42:30 +00:00
Kamil Dudka
03c288202e curl.1: update the description of --tlsv1
... and mention the --tlsv1.[0-2] options in the --tslv1 entry

Reported-by: Hubert Kario
2014-02-18 10:35:41 +01:00
Fabian Frank
909a68c121 NPN/ALPN: allow disabling via command line
when using --http2 one can now selectively disable NPN or ALPN with
--no-alpn and --no-npn. for now honored with NSS only.

TODO: honor this option with GnuTLS and OpenSSL
2014-02-10 13:06:17 +01:00
Daniel Stenberg
0952c9abcc http2: call it "HTTP 2" and not 2.0
The minor version will be dropped for HTTP 2 so it will make sense to
avoid using it in option names etc.
2014-01-30 16:59:35 +01:00
Daniel Stenberg
0a898655e8 curl.1: remove URL encoding phrase from --data description
... it could be misleading a reader into thinking it _has_ to be encoded.
2013-12-18 22:46:38 +01:00
Daniel Stenberg
8a8f9a5d57 curl.1 document -J doesn't %-decode
...also added as KNOWN_BUG #87 with reference to bug #1294
2013-12-15 23:38:37 +01:00
Daniel Stenberg
0db811b69b parseconfig: dash options can't specified with colon or equals
Bug: http://curl.haxx.se/bug/view.cgi?id=1297
Reported-by: Michael Osipov
2013-11-29 15:17:08 +01:00
Daniel Stenberg
d81cbbcc2c curl.1: -G also takes --data-urlencode data 2013-11-29 15:10:53 +01:00
Steve Holme
3c8c9b2779 smtp: Changed the default command to HELP when no options are specified
Otherwise a NOOP operation would be performed which a) only returns a
single line response and not a multiline response where -I needs to be
used, and b) provides an inconsistent user experience compared to that
of the POP3 and IMAP protocols.
2013-11-17 10:09:07 +00:00
Steve Holme
d630e1f389 DOCS: Updated manpage following recent SMTP modifications
* Added SMTP section to --request
* Expanded --mail-rcpt to describe the usage when using the verify and
  expand commands.
2013-11-15 21:23:56 +00:00
Daniel Stenberg
6901861fc9 curl.1: mention that -O does no URL decoding 2013-11-12 09:28:07 -08:00
Steve Holme
0177f28c51 DOCS: Expanded --request description to include POP3 and IMAP details 2013-11-03 14:39:10 +00:00
Steve Holme
526a1c3b45 DOCS: Updated --list-only description to include POP3
Additionally corrected typos in --oauth2-bearer protocol list.
2013-11-03 13:54:49 +00:00
Gisle Vanem
ae495ffcc3 curl.1: add missing exit-code
I noted a missing text for exit-code 89 in docs/curl.1
2013-10-20 23:57:24 +02:00
Alessandro Ghedini
69c0d3fbc8 curl.1: fix typo conjuction -> conjunction 2013-10-15 20:37:13 +02:00
Daniel Stenberg
076726f141 curl: document the new --tlsv1.[012] options 2013-10-15 20:31:04 +02:00
Daniel Stenberg
5df04bfafd curl: rename --bearer to --oauth2-bearer
The option '--bearer' might be slightly ambiguous in name. It doesn't
create any conflict that I am aware of at the moment, however, OAUTH v2
is not the only authentication mechanism which uses "bearer" tokens.

Reported-by: Kyle L. Huff
URL: http://curl.haxx.se/mail/lib-2013-10/0064.html
2013-10-12 23:26:38 +02:00
Heinrich Schaefer
9b33ecfd01 minor fix in doc 2013-10-11 11:57:26 +02:00
Steve Holme
6dd8bd8d2f curl.1: Added information about optional login options to --user in manpage
Added missing information, from curl 7.31.0, regarding the use of the
optional login options that may be specified as part of --user.

For example:

--user 'user:password;auth=NTLM' in IMAP, POP3 and SMTP protocols.
2013-09-21 22:05:12 +01:00
Kim Vandry
fcfa26a7ee Documented --dns-* options in curl manpage 2013-09-20 23:09:39 +02:00
Steve Holme
18db743851 pop3: Added basic SASL XOAUTH2 support
Added the ability to use an XOAUTH2 bearer token [RFC6750] with POP3 for
authentication using RFC6749 "OAuth 2.0 Authorization Framework".

The bearer token is expected to be valid for the user specified in
conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
an advertised auth mechanism of "XOAUTH2", the user and access token are
formatted as a base64 encoded string and sent to the server as
"AUTH XOAUTH2 <bearer token>".
2013-09-20 21:56:30 +01:00
Daniel Stenberg
0a691f8935 curl.1: detail how short/long options work
URL: http://curl.haxx.se/bug/view.cgi?id=1279
Suggested-by: Jerry Krinock
2013-09-13 23:14:41 +02:00
Daniel Stenberg
01d7bbbebe --data: mention CRLF treatment when reading from file 2013-09-06 13:52:56 +02:00
Nick Zitzmann
d2fe616e7e darwinssl: add support for PKCS#12 files for client authentication
I also documented the fact that the OpenSSL engine also supports them.
2013-09-05 18:57:06 -05:00
Daniel Stenberg
2eabb7d590 curl: add --http1.1 and --http2.0 options 2013-09-04 22:29:38 +02:00
Daniel Stenberg
f19efd07e7 -x: rephrased the --proxy section somewhat 2013-08-31 22:55:53 +02:00
Kyle L. Huff
7e489c42f7 curl.1: Add usage of '--bearer' option 2013-08-30 21:34:20 +01:00
Dave Reisner
d8c04909fa src/tool: allow timeouts to accept decimal values
Implement wrappers around strtod to convert the user argument to a
double with sane error checking. Use this to allow --max-time and
--connect-timeout to accept decimal values instead of strictly integers.

The manpage is updated to make mention of this feature and,
additionally, forewarn that the actual timeout of the operation can
vary in its precision (particularly as the value increases in its
decimal precision).
2013-07-14 23:04:05 +02:00
Dave Reisner
c0a7a98aee curl.1: fix long line, found by checksrc.pl 2013-07-14 22:50:29 +02:00
Kamil Dudka
45339625bc Revert "curl.1: document the --time-cond option in the man page"
This reverts commit 3a0e931fc7 because
the documentation of --time-cond was duplicated by mistake.

Reported by: Dave Reisner
2013-07-09 15:46:49 +02:00
Kamil Dudka
20ff820ef2 curl.1: document the --sasl-ir option in the man page 2013-07-09 15:18:39 +02:00
Kamil Dudka
39e85d99fe curl.1: document the --post303 option in the man page 2013-07-09 15:18:39 +02:00
Kamil Dudka
3a0e931fc7 curl.1: document the --time-cond option in the man page 2013-07-09 15:18:39 +02:00
Daniel Stenberg
9c2853f2ae curl.1: fix typo in --xattr description
Bug: http://curl.haxx.se/bug/view.cgi?id=1252
Reported-by: Jean-Noël Rouvignac
2013-06-25 10:41:16 +02:00
Daniel Stenberg
ba9a66663a curl.1: clarify that --silent still outputs data 2013-05-28 11:37:58 +02:00
Kamil Dudka
42e01cff9a curl.1: document escape sequences recognized by -E 2013-05-06 14:32:26 +02:00
Nick Zitzmann
a5c0e20939 darwinssl: add TLS crypto authentication
Users using the Secure Transport (darwinssl) back-end can now use a
certificate and private key to authenticate with a site using TLS. Because
Apple's security system is based around the keychain and does not have any
non-public function to create a SecIdentityRef data structure from data
loaded outside of the Keychain, the certificate and private key have to be
loaded into the Keychain first (using the certtool command line tool or
the Security framework's C API) before we can find it and use it.
2013-04-27 23:15:07 -06:00