moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
18,106 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

2825 Commits

Author SHA1 Message Date
Daniel Stenberg 821d4a1e55 symbols: CURL_VERSION_GSSNEGOTIATE is deprecated 2014-07-24 23:47:32 +02:00
Daniel Stenberg 81cd24adb8 http2: more and better error checking 
1 - fixes the warnings when built without http2 support

2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
basically when they are about http2 specific things.
 2014-07-23 09:23:56 +02:00
Daniel Stenberg cc52d776dd symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0 2014-07-23 00:01:39 +02:00
Alessandro Ghedini 6f8046f7a4 CURLOPT_CHUNK_BGN_FUNCTION: fix typo 2014-07-19 21:27:38 +02:00
Daniel Stenberg da172b0dde THANKS: added new contributors from 7.37.1 announcement 2014-07-17 13:18:46 +02:00
David Woodhouse 9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support 
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
 2014-07-16 17:26:08 +02:00
Steve Holme f9b80cded7 CURLOPT_UPLOAD: Corrected argument type 2014-07-10 22:30:43 +01:00
Daniel Stenberg 6273b23a05 FAQ: expand the thread-safe section 
... with a mention of *NOSIGNAL, based on talk in bug #1386
 2014-07-09 22:07:36 -05:00
Dan Fandrich 3ae2b6cd7f Update instances of some obsolete CURLOPTs to their new names 2014-07-05 22:47:13 +02:00
Dimitrios Siganos 22eb00f937 example: use correct type (long) for CURLOPT_FOLLOWLOCATION 2014-07-03 22:47:28 +02:00
Dimitrios Siganos afbd5f978e Document type of argument for CURLOPT_FOLLOWLOCATION. 2014-07-03 22:44:45 +02:00
Dimitrios Siganos 7441c6d7af Document type of argument for CURLOPT_ERRORBUFFER. 2014-07-03 22:44:45 +02:00
Dimitrios Siganos 3e0443239a Document type of argument for CURLOPT_COPYPOSTFIELDS. 2014-07-03 22:44:45 +02:00
Dimitrios Siganos 8b8cc85d8d Document type of argument for CURLOPT_ADDRESS_SCOPE. 2014-07-03 22:44:45 +02:00
Daniel Stenberg 97db9fb653 curl.1: minor language fix 
Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
 2014-07-03 22:37:43 +02:00
Dan Fandrich 1c1d9a3a86 opts: fixed some CURLOPT references so they get turned into links 2014-07-02 21:40:39 +02:00
Dan Fandrich 46a886cd48 opts: Document the socket callback function parameters 2014-07-01 08:12:11 +02:00
Steve Holme 1b6bc02fb9 opts: Fixed some typos 2014-06-28 12:40:06 +01:00
Dan Fandrich 057cc2e915 curl_easy_setopt.3: fixed the error code for an unsupported option 2014-06-25 22:33:32 +02:00
Dan Fandrich d8287ca8bc opts: added some DEFAULT and RETURN VALUE sections 2014-06-24 00:00:34 +02:00
Daniel Stenberg cf1f8d4528 libcurl docs: man page edits 
mainly to improve how the web versions render
 2014-06-21 23:52:06 +02:00
Dan Fandrich c66c2dd755 curl_easy_setopt.3: fixed some typos 2014-06-21 20:43:04 +02:00
Daniel Stenberg c7e491f9c2 lib man pages: update easy setopt option references 
... by using the "\fIopt(3)\fP" syntax they will be linked properly when
the web version of the page is generated.
 2014-06-21 20:21:47 +02:00
Daniel Stenberg 7d618c477f opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default 2014-06-21 20:03:35 +02:00
Daniel Stenberg ac5b6f8082 curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception 
... to the always-copy-char *-argument.

And fix some minor mistakes.
 2014-06-21 19:46:45 +02:00
Daniel Stenberg ecacdb3430 curl_easy_setopt.3: refer to the individual man pages 
With all the new individual option man pages created, this now refers to
each separate one instead of duplicaing the info. Also makes this page
easier to overview.
 2014-06-21 15:45:50 +02:00
Dan Fandrich d4cc9db64d opts: fixed mancheck for out-of-tree builds 2014-06-21 11:22:04 +02:00
Daniel Stenberg 31b28a0942 curl_easy_setopt.3: shorten 
shorten descriptions, mostly refer to the separate descriptions
 2014-06-21 00:04:13 +02:00
Daniel Stenberg 25a975408e CURLOPT_DNS_LOCAL_IP4.3: better short desc 2014-06-21 00:04:13 +02:00
Dan Fandrich c088f29b98 opts: document CURLE_OUT_OF_MEMORY among other return values 2014-06-20 23:43:46 +02:00
Dan Fandrich 59d5b4ce06 opts: fixed some typos 2014-06-20 23:31:06 +02:00
Daniel Stenberg 68d1bea5fc opts: various corrections 2014-06-20 01:10:34 +02:00
Daniel Stenberg 662f749cec opts: add the rest of the options 
... and fixed mancheck to ignore obsolete options
 2014-06-20 01:02:49 +02:00
Daniel Stenberg 290e1bbe0d opts: the final bunch of options as man pages 
Now all current options have their own man pages.
 2014-06-20 00:58:18 +02:00
Daniel Stenberg a6cd174b2e opts: 37 additional man pages 2014-06-19 17:59:13 +02:00
Daniel Stenberg fede49532d CURLOPT_URL: move up the text from "Notes" 2014-06-19 15:11:49 +02:00
Daniel Stenberg 49078ae363 ROADMAP: removed, now ROADMAP.md 2014-06-19 15:11:28 +02:00
Daniel Stenberg 42d199b1f1 ROADMAP.md: make it markdown formatted 2014-06-19 14:16:14 +02:00
Daniel Stenberg 00d84a2f3e ROADMAP: initial commit of "curl the next few years" 
To be further discussed, debated and edited
 2014-06-19 14:08:12 +02:00
Daniel Stenberg c31e6d223a opts: more man pages 2014-06-19 13:53:13 +02:00
Daniel Stenberg 47311e4c7e CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T' 2014-06-19 08:40:51 +02:00
Daniel Stenberg ba1d831cf1 opts: makefile now includes all current man pages 2014-06-19 00:08:18 +02:00
Daniel Stenberg ae353b0b20 opts: 11 more man pages 2014-06-19 00:03:17 +02:00
Dan Fandrich efbffa2fb7 opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE 2014-06-18 23:28:13 +02:00
Dan Fandrich 479675f23e opts: fixed a couple of typos 2014-06-18 23:07:08 +02:00
Daniel Stenberg 8fab76e8f3 opts: 16 more man pages 2014-06-18 14:40:26 +02:00
Daniel Stenberg c3954ffb25 opts: more man pages 2014-06-18 13:18:58 +02:00
Daniel Stenberg 38bf85fd61 CURLOPT_READFUNCTION.3: add short desc 2014-06-18 11:55:13 +02:00
Daniel Stenberg de6b89262e CURLOPT_LOW_SPEED_LIMIT.3: language 2014-06-18 11:54:42 +02:00
Daniel Stenberg e34bdc3187 opts: 4 more man pages 2014-06-18 11:45:22 +02:00