1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 19:45:04 -05:00
Commit Graph

3686 Commits

Author SHA1 Message Date
Thomas Glanzmann
4f8b17743d HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY 2016-11-25 10:49:38 +01:00
Thomas Glanzmann
1232dbb8bd url: proxy: Use 443 as default port for https proxies 2016-11-25 10:01:58 +01:00
Daniel Stenberg
8ebc5cda8f TODO: removed "HTTPS proxy" 2016-11-25 09:52:22 +01:00
Frank Gevaerts
ba410f6c64 add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
Adds access to the effectively used protocol/scheme to both libcurl and
curl, both in string and numeric (CURLPROTO_*) form.

Note that the string form will be uppercase, as it is just the internal
string.

As these strings are declared internally as const, and all other strings
returned by curl_easy_getinfo() are de-facto const as well, string
handling in getinfo.c got const-ified.

Closes #1137
2016-11-25 00:45:18 +01:00
Daniel Stenberg
63198a4750 curl.1: the new --proxy options ship in 7.52.0 2016-11-25 00:14:39 +01:00
Daniel Stenberg
6832c1d4b2 checksrc: move open braces to comply with function declaration style 2016-11-24 23:58:22 +01:00
Daniel Stenberg
8657c268e1 checksrc: white space edits to comply to stricter checksrc 2016-11-24 23:58:22 +01:00
Daniel Stenberg
dbadaebfc4 checksrc: code style: use 'char *name' style 2016-11-24 23:58:22 +01:00
Okhin Vasilij
c6da05a5ec HTTPS-proxy: fixed mbedtls and polishing 2016-11-24 23:41:45 +01:00
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Jay Satiro
a4d888857e http2: Use huge HTTP/2 windows
- Improve performance by using a huge HTTP/2 window size.

Bug: https://github.com/curl/curl/issues/1102
Reported-by: afrind@users.noreply.github.com
Assisted-by: Tatsuhiro Tsujikawa
2016-11-16 17:35:11 -05:00
Daniel Stenberg
342aa4797e cmdline-docs: more conversion 2016-11-16 15:15:57 +01:00
Daniel Stenberg
c3c1e96185 gen: support 'protos'
and warn on unrecognized lines
2016-11-16 15:13:17 +01:00
Daniel Stenberg
5781e3653e gen: support 'single' to make an individual page man page 2016-11-16 11:41:02 +01:00
Daniel Stenberg
41b1f649bf cmdline-docs: more options converted over 2016-11-16 10:42:51 +01:00
Daniel Stenberg
81e61cda39 gen: support 'redirect'
... and warn for too long --help lines
2016-11-16 10:42:50 +01:00
Daniel Stenberg
1ef1f10cab cmdline/gen: replace options in texts better 2016-11-16 08:23:36 +01:00
Jay Satiro
7f439f1652 curl.1: Clarify --dump-header only writes received headers 2016-11-16 01:40:23 -05:00
Alex Chan
771f3f22dd docs: Spelling fixes 2016-11-15 15:41:45 +01:00
Kamil Dudka
cfd69c1339 docs: the next release will be 7.52.0 2016-11-15 12:21:00 +01:00
Daniel Stenberg
b8c35f40f9 cmdline-opts: support generating the --help output 2016-11-15 09:08:50 +01:00
Daniel Stenberg
f82bbe01c8 curl: add --fail-early
Exit with an error on the first transfer error instead of continuing to
do the rest of the URLs.

Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-14 08:35:40 +01:00
Daniel Stenberg
050aa80309 cmdline-opts: first test version of a new man page generator kit
See MANPAGE.md for the description of how this works. Each command line
option is now described in a separate .d file.
2016-11-13 23:40:12 +01:00
Daniel Hwang
cdfda3ee82 curl: Add --retry-connrefused
to consider ECONNREFUSED as a transient error.

Closes #1064
2016-11-11 10:00:54 +01:00
Daniel Stenberg
1299df6868 CODE_STYLE.md: link to INTERNALS.md correctly 2016-11-09 09:56:13 +01:00
Daniel Stenberg
dfcdaaba37 examples/fileupload.c: fclose the file as well 2016-11-08 23:00:43 +01:00
Daniel Stenberg
c2bc47ddb8 curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept
Reported-by: Frank Gevaerts
2016-11-08 15:28:04 +01:00
Kamil Dudka
a110a03b43 curl: introduce the --tlsv1.3 option to force TLS 1.3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 12:07:11 +01:00
Kamil Dudka
6ad3add606 vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 11:52:07 +01:00
Daniel Stenberg
27302abb94 s/cURL/curl
We're mostly saying just "curl" in lower case these days so here's a big
cleanup to adapt to this reality. A few instances are left as the
project could still formally be considered called cURL.
2016-11-07 10:36:23 +01:00
Daniel Stenberg
677d8b3fec curl.1: explain the SMTP data expected for -T
Fixes #1107

Reported-by: Adam Piggott
2016-11-07 08:33:02 +01:00
Daniel Stenberg
c8e6e60b40 docs: shorten and simplify the top comment in multi-uv.c
and change URL to use https
2016-11-03 12:44:38 +01:00
Andrei Sedoi
82b6fd4112 docs: handle CURL_POLL_INOUT in multi-uv example 2016-11-03 12:32:14 +01:00
Andrei Sedoi
e6882ce484 docs: multi-uv: don't use CURLMsg after cleanup 2016-11-03 12:32:14 +01:00
Andrei Sedoi
b1aeed302d docs: remove unused variables in multi-uv example 2016-11-03 12:32:14 +01:00
Daniel Stenberg
3c561c657c THANKS: synced with 7.51.0 2016-11-02 07:34:06 +01:00
Daniel Stenberg
1fe755f99d RELEASE-NOTES: 7.51.0 2016-11-02 07:34:06 +01:00
Daniel Stenberg
e5c49b9e69 curl.1: typo 2016-11-01 10:27:40 +01:00
Daniel Stenberg
b744950f43 curl.1: expand on how multiple uses of -o looks
Suggested-by: Dan Jacobson
Issue: https://github.com/curl/curl/issues/1097
2016-11-01 10:24:49 +01:00
Daniel Stenberg
53e71e47d6 unescape: avoid integer overflow
CVE-2016-8622

Bug: https://curl.haxx.se/docs/adv_20161102H.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
Daniel Stenberg
fba28277ca TODO: remove IDNA2008 2016-10-31 08:46:35 +01:00
Jay Satiro
164ee10b0b INTERNALS: better markdown (follow-up)
- Wrap more words with underscores in backticks.

Follow-up to 13f4913.
2016-10-31 00:38:27 -04:00
Daniel Stenberg
13f4913303 INTERNALS: better markdown
words with underscore need to be within `these`

Bug: https://github.com/curl/curl-www/issues/19
Reported-by : Jay Satiro
2016-10-30 23:46:11 +01:00
Daniel Stenberg
d0623f856c BINDINGS: converted to markdown
To make it render better on the web site, at the price of it becoming
slightly less readable as text.
2016-10-28 09:54:39 +02:00
Jay Satiro
568037f6af CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
- Clarify that this option is only for HTTP/1.1 pipelining.

Bug: https://github.com/curl/curl/issues/1059
Reported-by: Jeroen Ooms

Assisted-by: Daniel Stenberg
2016-10-27 23:15:41 -04:00
Daniel Stenberg
4eb7657a13 KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted
Closes #927
2016-10-27 23:47:59 +02:00
Daniel Stenberg
c443a8ce21 KNOWN_BUGS: c-ares deviates from stock resolver on http://1346569778
Closes #893
2016-10-27 23:46:13 +02:00
Daniel Stenberg
a65db0bbcb SECURITY: minor updates
- we allow the security push up to 48 hours before the release

- add a mention about possible pre-notifications

- lower case the 'curl-security' title
2016-10-27 10:21:52 +02:00
Andrei Sedoi
50ef91b59a docs: fix req->data in multi-uv example
Closes #1088
2016-10-27 09:14:24 +02:00
Daniel Stenberg
4d7fc0a9bb TODO: indent code to make it render properly 2016-10-24 14:03:08 +02:00
Daniel Stenberg
cc8c8f957e TODO: Remove the generated include file 2016-10-24 13:38:29 +02:00
Daniel Stenberg
21b9e54058 TODO: add "--retry should resume"
See #1084
2016-10-24 11:56:26 +02:00
Daniel Stenberg
f435308cfa mk-ca-bundle.1: document -k
Brought in 1ad2bdcf11. Now does HTTPS by default and needs -k to
fall back to plain HTTP.
2016-10-24 10:24:27 +02:00
Dan Fandrich
50ee3aaf1a INSTALL.md: Updated minimum file sizes for 7.50.3 2016-10-23 22:42:19 +02:00
Daniel Stenberg
8571d1c0b4 INSTALL: converted to markdown => INSTALL.md
Also heavily edited for content. Removed lots of old cruft that we added
like 10+ years ago that is likely incorrect by now.

Also removed INSTALL.devcpp for same reason.
2016-10-21 15:57:29 +02:00
Daniel Stenberg
0f1996321f s/cURL/curl
The tool was never called cURL, only the project. But even so, we have
more and more over time switched to just use lower case.
2016-10-18 13:59:54 +02:00
Daniel Stenberg
9291a34d5d HTTP2: mention the tool's limited support 2016-10-17 08:01:44 +02:00
Daniel Stenberg
96e3c07744 KNOWN_BUGS: two more existing problems 2016-10-16 12:55:40 +02:00
Daniel Stenberg
4ddc772b30 KNOWN_BUGS: minor formatting edit 2016-10-16 11:53:54 +02:00
Daniel Stenberg
358fd32820 dist: remove PDF and HTML converted docs from the releases 2016-10-10 23:33:13 +02:00
Daniel Stenberg
f74baaf3b3 TODO: build: Enable PIE and RELRO by default 2016-10-08 12:17:26 +02:00
Daniel Stenberg
e11da9f4b7 TODO: Support better than MD5 hostkey hash (for ssh) 2016-10-08 11:51:21 +02:00
Daniel Stenberg
13f3912471 TODO: Introduce --fail-fast to exit on first transfer fail
See #1054
2016-10-06 17:45:06 +02:00
Daniel Stenberg
da1a2d1ac8 TODO: Leave secure cookies alone 2016-10-06 09:40:47 +02:00
Rainer Müller
c271b1c29a CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)
The 'userp' argument is unused in this example code.
2016-10-06 08:06:13 +02:00
Daniel Stenberg
2a3bca9aa0 TODO: TCP Fast Open for windows 2016-10-05 11:50:50 +02:00
Daniel Stenberg
15aefc6adc CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is added 2016-10-04 23:46:45 +02:00
Daniel Stenberg
203c5d5b3c TODO: Add easy argument to formpost functions 2016-10-04 18:34:31 +02:00
Stephen Brokenshire
2a1d538963 FAQ: Fix typos in section 5.14 (#1047)
Type required for YourClass::func C++ function (using size_t in line
with the documentation for CURLOPT_WRITEFUNCTION) and missing second
colon when specifying the static function for CURLOPT_WRITEFUNCTION.
2016-10-01 17:36:50 +02:00
Sebastian Mundry
9eda44a200 KNOWN_BUGS: Fix typos in section 5.8.
Closes #1046
2016-09-30 20:50:55 +02:00
mundry
dd42963a52 CONTRIBUTE.md: Fix typo in 'About pull requests' section. (#1045) 2016-09-30 20:49:48 +02:00
Daniel Stenberg
7ea1469468 curl.1: --trace supports % for sending to stderr! 2016-09-30 17:17:48 +02:00
Daniel Stenberg
bd742adb6f KNOWN_BUGS: 5.8 configure finding libs in wrong directory 2016-09-26 11:44:00 +02:00
Daniel Stenberg
cd7f562bdc SECURITY: remove the top ascii logo 2016-09-23 22:11:55 +02:00
Michael Kaufmann
e9e5366193 New libcurl option to keep sending on error
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.

This is suitable for manual NTLM authentication.

Reviewed-by: Jay Satiro

Closes https://github.com/curl/curl/pull/904
2016-09-22 22:22:31 +02:00
Jay Satiro
36e53ec6ff docs: Remove that --proto is just used for initial retrieval
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not
override protocols denied by --proto and CURLOPT_PROTOCOLS.

- Add a test to enforce: --proto deny must override --proto-redir allow

Closes https://github.com/curl/curl/pull/1031
2016-09-21 17:23:24 -04:00
Daniel Stenberg
aab94da619 curl_global_cleanup.3: don't unload the lib with sub threads running
Discussed in #997

Assisted-by: Jay Satiro
2016-09-20 23:00:52 +02:00
Daniel Stenberg
88e3743dde MAIL-ETIQUETTE: language 2016-09-20 15:37:46 +02:00
rugk
31dd3bf674 TODO: Add PINNEDPUBLICKEY - HPKP compatibility, HSTS & HPKP
Closes #1025
Closes #1026
Closes #1027
2016-09-19 16:58:33 +02:00
Daniel Stenberg
fb0032a33e TODO: Support SSLKEYLOGFILE 2016-09-19 10:29:00 +02:00
Jay Satiro
6ee9ea5e70 CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting 2016-09-18 17:56:35 -04:00
Jay Satiro
45c1c54c42 examples/imap-append: Set size of data to be uploaded
Prior to this commit this example failed with error
'Cannot APPEND with unknown input file size'.

Bug: https://github.com/curl/curl/issues/1008
Reported-by: lukaszgn@users.noreply.github.com

Closes https://github.com/curl/curl/pull/1011
2016-09-18 02:19:17 -04:00
Tony Kelman
e01d0f1030 LICENSE-MIXING.md: update with mbedTLS dual licensing
Recent versions of mbedTLS are available under either Apache 2.0 or GPL
2.0, see https://tls.mbed.org/how-to-get

Closes #1019
2016-09-16 23:56:28 +02:00
Daniel Stenberg
710f0572c9 KNOWN_BUGS: chunked-encoded requests with HTTP/2 is fixed 2016-09-16 09:00:20 +02:00
Daniel Stenberg
8986c86e1e THANKS: updated with curl 7.50.3 contributors 2016-09-14 07:56:18 +02:00
Jay Satiro
511838f1d8 CODE_STYLE: fix long-line guideline
- Change maximum allowed line length from 80 to 79.
2016-09-12 01:51:37 -04:00
Jay Satiro
27c2131b02 CODE_STYLE: add column alignment section
Note that since the added examples are for column alignment I had to
encapsulate with ~~~c markdown to preserve their alignment.
2016-09-11 19:12:14 -04:00
Jay Satiro
af2d679e14 errors: new alias CURLE_WEIRD_SERVER_REPLY (8)
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as
more of a generic "failed to parse" introduce an alias without FTP in
the name.

Closes https://github.com/curl/curl/pull/975
2016-09-07 21:24:27 -04:00
Daniel Stenberg
ebd620d691 HISTORY: remove ascii logo to render nicer on web 2016-09-07 14:29:19 +02:00
Daniel Stenberg
e79de9e326 THANKS: updated for 7.50.2 2016-09-07 07:45:40 +02:00
Olivier Brunel
4b86113f5e speed caps: not based on average speeds anymore
Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE &
CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits
with the cumulative average speed of the entire transfer; While this
might work at times with good/constant connections, in other cases it
can result to the limits simply being "ignored" for more than "short
bursts" (as told in man page).

Consider a download that goes on much slower than the limit for some
time (because bandwidth is used elsewhere, server is slow, whatever the
reason), then once things get better, curl would simply ignore the limit
up until the average speed (since the beginning of the transfer) reached
the limit.  This could prove the limit useless to effectively avoid
using the entire bandwidth (at least for quite some time).

So instead, we now use a "moving starting point" as reference, and every
time at least as much as the limit as been transferred, we can reset
this starting point to the current position. This gets a good limiting
effect that applies to the "current speed" with instant reactivity (in
case of sudden speed burst).

Closes #971
2016-09-04 13:11:23 +02:00
Daniel Stenberg
85e5ebe75f HISTORY.md: the multi socket was put in the wrong year! 2016-09-03 23:14:18 +02:00
Daniel Stenberg
4c44155cfe CURLMOPT_PIPELINING.3: language 2016-09-01 14:09:21 +02:00
Daniel Stenberg
a409b4b466 CURLMOPT_PIPELINING.3: extended and clarified
Especially in regards to the multiplexing part.
2016-09-01 14:08:01 +02:00
Steve Holme
7c6c2194b8 KNOWN_BUGS: Move the Visual Studio project shortcomings from local README 2016-08-31 11:33:22 +01:00
Steve Holme
088ffcba3e KNOWN_BUGS: Expand 6.4 to include Kerberos V5
...and discuss a possible solution.
2016-08-31 11:22:12 +01:00
Daniel Stenberg
b73b423ba0 KNOWN_BUGS: mention some cmake "support gaps" 2016-08-29 23:02:14 +02:00
Nick Zitzmann
e171968ba3 darwinssl: add documentation stating that the --cainfo option is intended for backward compatibility only
In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.
2016-08-28 16:46:59 -05:00
Daniel Stenberg
3533def3d5 http2: make sure stream errors don't needlessly close the connection
With HTTP/2 each transfer is made in an indivial logical stream over the
connection, making most previous errors that caused the connection to get
forced-closed now instead just kill the stream and not the connection.

Fixes #941
2016-08-28 16:44:49 +02:00
Daniel Stenberg
a032a6f2bb INTERNALS: fix title 2016-08-25 11:00:28 +02:00