1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-18 07:25:14 -05:00
Commit Graph

916 Commits

Author SHA1 Message Date
Daniel Stenberg
af8cc7a693
curlver: towards 7.57.1 2017-12-01 10:36:48 +01:00
Daniel Stenberg
d661b0afb5
global_init: ignore CURL_GLOBAL_SSL's absense
This bit is no longer used. It is not clear what it meant for users to
"init the TLS" in a world with different TLS backends and since the
introduction of multissl, libcurl didn't properly work if inited without
this bit set.

Not a single user responded to the call for users of it:
https://curl.haxx.se/mail/lib-2017-11/0072.html

Reported-by: Evgeny Grin
Assisted-by: Jay Satiro

Fixes #2089
Fixes #2083
Closes #2107
2017-11-27 08:50:33 +01:00
Patrick Monnerat
11bf1796cd HTTP: implement Brotli content encoding
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.

Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.

Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
2017-11-05 15:28:16 +01:00
Daniel Stenberg
a4c1c75da3
curlver.h: next expected release is 7.57.0 2017-10-08 17:28:07 +02:00
Daniel Stenberg
6aa86c493b
curl.h: include <sys/select.h> on cygwin too
When building with -std=c++14 on cygwin, this header won't be
automatically included as it otherwise is.

The <sys/select.h> include decision should ideally be reversed and be
avoided where that header file doesn't exist.

Reported-by: Ian Fette
Fixes #1925
2017-09-27 22:56:12 +02:00
Daniel Stenberg
b8e0fe19ec
vtls: provide curl_global_sslset() even in non-SSL builds
... it just returns error:

Bug: 1328f69d53 (commitcomment-24470367)
Reported-by: Marcel Raad

Closes #1906
2017-09-22 12:09:13 +02:00
Patrick Monnerat
ee56fdb691 form/mime: field names are not allowed to contain zero-valued bytes.
Also suppress length argument of curl_mime_name() (names are always
zero-terminated).
2017-09-22 01:08:29 +01:00
Daniel Stenberg
87501e57f1
code style: remove wrong uses of multiple spaces
Closes #1878
2017-09-12 13:54:54 +02:00
Daniel Stenberg
295ce716a2 curl.h: use lower case curl_mime* as for all public symbols 2017-09-05 17:33:16 +01:00
Daniel Stenberg
7b81623660
curl.h: fix "unused checksrc ignore", remove dangling reference
... to a README file that doesn't exist anymore
2017-09-04 19:59:11 +02:00
Viktor Szakats
1c8725e639 docs: Update to secure URL versions 2017-09-04 14:08:54 +00:00
Daniel Stenberg
bd8070085f
curl.h: make the curl_strequal() protos use the same style
... as the other functions. Makes it easier to machine-parse!
2017-09-04 09:38:19 +02:00
Daniel Stenberg
0d4a6355a8
headers: move the global_sslset() proto from multi.h to curl.h
As it was added to multi.h simply to not break test 1135, which now has
been disabled due to the mime API addition anyway and su we can now move
the sslset stuff to where the other curl_global_* prototypes are.
2017-09-03 23:53:15 +02:00
Patrick Monnerat
efd9301426 mime: use size_t instead of ssize_t in public API interface.
To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED
has been introduced.

Documentation updated accordingly.

symbols in versions updated. Added form API symbols deprecation info.
2017-09-03 16:10:55 +01:00
Patrick Monnerat
ce0881edee mime: new MIME API.
Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.
2017-09-02 17:47:10 +01:00
Daniel Stenberg
5734f73f0d
polarssl: fix multissl breakage
Reported-by: Dan Fandrich
Bug: https://curl.haxx.se/mail/lib-2017-08/0121.html
Closes #1843
2017-08-31 00:53:05 +02:00
Daniel Stenberg
29c2bdee93
curl.h: CURLSSLBACKEND_WOLFSSL used wrong value
The CURLSSLBACKEND_WOLFSSL is supposed to be an alias for
CURLSSLBACKEND_CYASSL, but used an erronous value. To reduce the risk
for a similar mistake, define the backend aliases to use the enum values
instead.

Reported-by: Gisle Vanem
Bug: https://curl.haxx.se/mail/lib-2017-08/0120.html
2017-08-30 10:04:00 +02:00
Daniel Stenberg
73fa6aa00a
curl/multi.h: remove duplicated closing c++ brace
Regression since 1328f69d53

Fixes #1841
Reported-by: Andrei Karas
2017-08-29 17:14:36 +02:00
Johannes Schindelin
9d96a5f0b5
version: add the CURL_VERSION_MULTI_SSL feature flag
This new feature flag reports When cURL was built with multiple SSL
backends.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28 22:56:49 +02:00
Johannes Schindelin
1328f69d53
vtls: introduce curl_global_sslset()
Let's add a compile time safe API to select an SSL backend. This
function needs to be called *before* curl_global_init(), and can be
called only once.

Side note: we do not explicitly test that it is called before
curl_global_init(), but we do verify that it is not called multiple times
(even implicitly).

If SSL is used before the function was called, it will use whatever the
CURL_SSL_BACKEND environment variable says (or default to the first
available SSL backend), and if a subsequent call to
curl_global_sslset() disagrees with the previous choice, it will fail
with CURLSSLSET_TOO_LATE.

The function also accepts an "avail" parameter to point to a (read-only)
NULL-terminated list of available backends. This comes in real handy if
an application wants to let the user choose between whatever SSL backends
the currently available libcurl has to offer: simply call

	curl_global_sslset(-1, NULL, &avail);

which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail
variable to point to the relevant information to present to the user.

Just like with the HTTP/2 push functions, we have to add the function
declaration of curl_global_sslset() function to the header file
*multi.h* because VMS and OS/400 require a stable order of functions
declared in include/curl/*.h (where the header files are sorted
alphabetically). This looks a bit funny, but it cannot be helped.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28 14:56:59 +02:00
Johannes Schindelin
b59288f881
vtls: refactor out essential information about the SSL backends
There is information about the compiled-in SSL backends that is really
no concern of any code other than the SSL backend itself, such as which
function (if any) implements SHA-256 summing.

And there is information that is really interesting to the user, such as
the name, or the curl_sslbackend value.

Let's factor out the latter into a publicly visible struct. This
information will be used in the upcoming API to set the SSL backend
globally.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28 14:56:58 +02:00
Daniel Stenberg
8a84fcc4b5
system.h: include sys/poll.h for AIX
... to get the event/revent defines that might be used for the poll
struct.

Reported-by: Michael Smith
Fixes #1828
Closes #1833
2017-08-27 19:04:45 +02:00
Daniel Stenberg
a4f4888006
curl/system.h: fix build for hppa
Reported-by: John David Anglin
Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872502#10
2017-08-20 21:11:48 +02:00
Daniel Stenberg
f2d060cf2b
curl/system.h: check for __ppc__ as well
... regression since issue #1774 (commit 10b3df1059) since obviously
some older gcc doesn't know __powerpc__ while some newer doesn't know
__ppc__ ...

Fixes #1797
Closes #1798
Reported-by: Ryan Schmidt
2017-08-18 15:32:21 +02:00
Daniel Stenberg
80d9e35598
system.h: remove all CURL_SIZEOF_* defines
... as they're not used externally and internally we check for the sizes
already in configure etc.

Closes #1767
2017-08-17 10:26:53 +02:00
Daniel Stenberg
b4b26cdda6
curl/system.h: checksrc compliance 2017-08-17 09:39:19 +02:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00
Daniel Stenberg
9bd2248f92
curlver: toward 7.56.0? 2017-08-15 09:20:33 +02:00
Alex Potapenko
10b3df1059
curl/system.h: GCC doesn't define __ppc__ on PowerPC, uses __powerpc__
Closes #1774
2017-08-13 17:48:42 +02:00
Daniel Stenberg
7c711996a8
curl/system.h: add Oracle Solaris Studio
Fixes #1752
2017-08-12 15:44:31 +02:00
Thomas Petazzoni
4ca5f772ec
curl/system.h: support more architectures
The long list of architectures in include/curl/system.h is annoying to
maintain, and needs to be extended for each and every architecture to
support.

Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler
(we are in the GNUC condition anyway), which tells us if long is 4
bytes or 8 bytes.

This fixes the build of libcurl 7.55.0 on architectures such as
OpenRISC or ARC.

Closes #1766

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-08-11 23:55:43 +02:00
Daniel Stenberg
37f2195a94
curlver: bump to 7.55.1 2017-08-11 10:29:43 +02:00
Marcel Raad
b22ec39640
system.h: include winsock2.h before windows.h
... to avoid compiler warnings if the user doesn't want
WIN32_LEAN_AND_MEAN.
2017-07-12 07:55:18 +02:00
Marcel Raad
beb08481d0
curl_setup: always define WIN32_LEAN_AND_MEAN on Windows
Make sure to always define WIN32_LEAN_AND_MEAN before including any
Windows headers to avoid pulling in unnecessary headers. This avoids
unnecessary macro clashes and compiler warnings.

Ref: https://github.com/curl/curl/issues/1562
Closes https://github.com/curl/curl/pull/1672
2017-07-11 11:57:00 +02:00
Kamil Dudka
8924f58c37 CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy auth
If libcurl was built with GSS-API support, it unconditionally advertised
GSS-API authentication while connecting to a SOCKS5 proxy.  This caused
problems in environments with improperly configured Kerberos: a stock
libcurl failed to connect, despite libcurl built without GSS-API
connected fine using username and password.

This commit introduces the CURLOPT_SOCKS5_AUTH option to control the
allowed methods for SOCKS5 authentication at run time.

Note that a new option was preferred over reusing CURLOPT_PROXYAUTH
for compatibility reasons because the set of authentication methods
allowed by default was different for HTTP and SOCKS5 proxies.

Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html
Closes https://github.com/curl/curl/pull/1454
2017-06-28 08:02:58 +02:00
Daniel Stenberg
ceff21ab76 curl/system.h: add check for XTENSA for 32bit gcc
Reported-by: Neil Kolban
Fixes: 1598
2017-06-24 22:26:54 +02:00
Daniel Stenberg
9b167fd090 --request-target: instead of --strip-path-slash
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH.

This option instead provides the full "alternative" target to use in the
request, instead of extracting the path from the URL.

Test 1298 and 1299 updated accordingly.

Idea-by: Evert Pot
Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373

Closes #1593
2017-06-21 23:39:10 +02:00
Marcel Raad
ec512074cc
typecheck-gcc: add support for CURLINFO_OFF_T
typecheck-gcc expected curl_socket_t instead of curl_off_t arguments
for CURLINFO_OFF_T. Detected by test1521, unfortunately only when run
locally.

Closes https://github.com/curl/curl/pull/1592
2017-06-21 12:24:22 +02:00
Daniel Stenberg
b778ae4c5e http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH
... to enable sending "OPTIONS *" which wasn't possible previously.

This option currently only works for HTTP.

Added test cases 1298 + 1299 to verify

Fixes #1280
Closes #1462
2017-06-19 16:39:22 +02:00
Daniel Stenberg
3b80d3ca46 getinfo: return sizes as curl_off_t
This change introduces new alternatives for the existing six
curl_easy_getinfo() options that return sizes or speeds as doubles. The
new versions are named like the old ones but with an appended '_T':

CURLINFO_CONTENT_LENGTH_DOWNLOAD_T
CURLINFO_CONTENT_LENGTH_UPLOAD_T
CURLINFO_SIZE_DOWNLOAD_T
CURLINFO_SIZE_UPLOAD_T
CURLINFO_SPEED_DOWNLOAD_T
CURLINFO_SPEED_UPLOAD_T

Closes #1511
2017-06-19 09:27:42 +02:00
Daniel Stenberg
2ad80eec51 curl/curlver.h: start working on 7.55.0 2017-06-15 10:49:02 +02:00
Marcel Raad
31a67ac1f1
system.h: fix MinGW build
CURLSYS_PULL_WS2TCPIP_H got renamed to CURL_PULL_WS2TCPIP_H in commit
73a2fcea0b.
2017-06-14 21:49:47 +02:00
Daniel Stenberg
73a2fcea0b includes: remove curl/curlbuild.h and curl/curlrules.h
Rely entirely on curl/system.h now.

Introduced in Aug 2008 with commit 14240e9e10. Now gone.

Fixes #1456
2017-06-14 11:07:33 +02:00
Daniel Stenberg
b8085f493a typecheck-gcc: allow CURLOPT_STDERR to be NULL too 2017-06-05 14:56:26 +02:00
Daniel Stenberg
efc7c1d86f typecheck-gcc.h: check CURLINFO_CERTINFO
... and update the certinfo.c example accordingly.

Fixes https://github.com/curl/curl/issues/846
2017-06-01 21:06:09 +02:00
Daniel Stenberg
4eafc6c249 typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
... so that they get the required "struct curl_tlssessioninfo **"
arguments.
2017-06-01 21:06:09 +02:00
Daniel Stenberg
5fe4f78902 typecheck-gcc.h: separate getinfo slist checks from other pointers
Fixes #1524
2017-06-01 21:06:09 +02:00
Daniel Stenberg
180c75eb63 curl: show the libcurl release date in --version output
... and support and additional "security patched" date for those who
enhance older versions that way. Pass on the define CURL_PATCHSTAMP with
a date for that.

Building with non-release headers shows the date as [unreleased].

Also: this changes the date format generated in the curlver.h file to be
"YYYY-MM-DD" (no name of the day or month, no time, no time zone) to
make it easier on the eye and easier to parse. Example (new) date
string: 2017-05-09

Suggested-by: Brian Childs

Closes #1474
2017-05-14 17:10:04 +02:00
Marcel Raad
fa12f54bba
typecheck-gcc: add support for CURLINFO_SOCKET
Closes https://github.com/curl/curl/pull/1452
2017-05-03 18:30:21 +02:00
Marcel Raad
3ff0d2fb00
typecheck-gcc: add missing string options
Closes https://github.com/curl/curl/pull/1452
2017-05-03 18:30:19 +02:00
Marcel Raad
9c5aed1852
typecheck-gcc: fix _curl_is_slist_info
Info values starting with CURLINFO_SOCKET expect a curl_socket_t, not a
curl_slist argument.

This fixes the following GCC warning when building the examples with
--enable-optimize:

../../include/curl/typecheck-gcc.h:126:42: warning: call to
‘_curl_easy_getinfo_err_curl_slist’ declared with attribute warning:
curl_easy_getinfo expects a pointer to 'struct curl_slist *' for this
info [enabled by default]
sendrecv.c:90:11: note: in expansion of macro ‘curl_easy_getinfo’
res = curl_easy_getinfo(curl, CURLINFO_ACTIVESOCKET, &sockfd);

Closes https://github.com/curl/curl/pull/1447
2017-04-25 11:17:50 +02:00
Marcel Raad
cbb59ed9ce
typecheck-gcc: handle function pointers properly
All the callbacks passed to curl_easy_setopt are defined as function
pointers. The possibility to pass both functions and function pointers
was handled for the callbacks that typecheck-gcc.h defined as
compatible, but not for the public callback types themselves.

This makes all compatible callback types defined in typecheck-gcc.h
function pointers too and checks all functions uniformly with
_curl_callback_compatible, which handles both functions and function
pointers.

A symptom of the problem was a warning in tool_operate.c with
--disable-libcurl-option and without --enable-debug as that file
passes the callback functions to curl_easy_setopt directly.

Fixes https://github.com/curl/curl/issues/1403
Closes https://github.com/curl/curl/pull/1404
2017-04-21 23:18:59 +02:00
Daniel Stenberg
d88d054e94 bump: start working on next release 2017-04-19 23:16:10 +02:00
Daniel Stenberg
f79913050d system.h: fix mingw section
Reported-by: Marcel Raad
Fixes #1408
Closes #1409
2017-04-11 15:54:42 +02:00
Daniel Stenberg
e61c04b457 system.h: add section for tcc
Closes #1397
2017-04-07 10:45:05 +02:00
Daniel Stenberg
ae485279a1 system.h: set sizeof long to 4 on "default 32 bit" systems
Triggered a test failure on test 1541 for the build known as
"Linux 4.4 i686 tcc 0.9.26 glibc 2.20"
2017-04-06 17:31:48 +02:00
Daniel Stenberg
9506d01ee5 include: curl/system.h is a run-time version of curlbuild.h
system.h is aimed to replace curlbuild.h at a later point in time when
we feel confident system.h works sufficiently well.

curl/system.h is currently used in parallel with curl/curlbuild.h

curl/system.h determines a data sizes, data types and include file
status based on available preprocessor defines instead of getting
generated at build-time. This, in order to avoid relying on a build-time
generated file that makes it complicated to do 32 and 64 bit bields from
the same installed set of headers.

Test 1541 verifies that system.h comes to the same conclusion that
curlbuild.h offers.

Closes #1373
2017-04-03 23:24:39 +02:00
klemens
f7df67cff0 spelling fixes
Closes #1356
2017-03-26 23:56:23 +02:00
Desmond O. Chang
d2bcf1e3e2 url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing
  proxy CONNECT response headers from the user callback functions
  CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION.

- Add new tool option --suppress-connect-headers to expose
  CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT
  response headers from --dump-header and --include.

Assisted-by: Jay Satiro
Assisted-by: CarloCannas@users.noreply.github.com
Closes https://github.com/curl/curl/pull/783
2017-03-12 01:32:33 -05:00
Daniel Stenberg
28a3453ac7 bump: next release will be known as 7.54.0
...due to the newly added CURL_SSLVERSION_MAX_* functionality
2017-03-08 23:43:24 +01:00
Jozef Kralik
6448f98c18 vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.

Closes https://github.com/curl/curl/pull/1166
2017-03-08 15:54:07 +01:00
Daniel Stenberg
03bd26852b bump: work on the next release 2017-02-24 23:48:05 +01:00
Daniel Stenberg
d3838dc68e bump: 7.53.1 coming up
synced with df665f4df0f7a352
2017-02-23 10:47:44 +01:00
Richy Kim
6b7616690e CURLOPT_BUFFERSIZE: support enlarging receive buffer
Replace use of fixed macro BUFSIZE to define the size of the receive
buffer.  Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive
buffer size.  Upon setting, resize buffer if larger than the current
default size up to a MAX_BUFSIZE (512KB). This can benefit protocols
like SFTP.

Closes #1222
2017-01-19 23:38:04 +01:00
Daniel Stenberg
8f8ba61224 bump: next release will be 7.53.0 2017-01-16 08:34:15 +01:00
Isaac Boukris
1d786faee1 unix_socket: add support for abstract unix domain socket
In addition to unix domain sockets, Linux also supports an
abstract namespace which is independent of the filesystem.

In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET
option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH
internally, along with a flag to specify abstract socket.

On non-supporting platforms, the abstract address will be
interpreted as an empty string and fail gracefully.

Also add new --abstract-unix-socket tool parameter.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reported-by: Chungtsun Li (typeless)
Reviewed-by: Daniel Stenberg
Reviewed-by: Peter Wu
Closes #1197
Fixes #1061
2017-01-13 16:25:20 +01:00
Daniel Stenberg
9b3fbf6b83 curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
This error code was once introduced when some library was dynamically
loaded and a funciton within said library couldn't be found.
2016-12-29 11:31:01 +01:00
Daniel Stenberg
ad4b348c48 bump: toward next release 2016-12-23 23:47:33 +01:00
Daniel Stenberg
462650e455 bump: toward next release 2016-12-21 12:44:09 +01:00
Daniel Stenberg
845522cadb preproxy: renamed what was added as SOCKS_PROXY
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY

Added the corresponding --preroxy command line option. Sets a SOCKS
proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16 16:04:23 +01:00
Daniel Stenberg
7907a2bec9 CURLOPT_SOCKS_PROXYTYPE: removed
This was added as part of the SOCKS+HTTPS proxy merge but there's no
need to support this as we prefer to have the protocol specified as a
prefix instead.
2016-12-16 15:10:19 +01:00
Daniel Stenberg
b228d2952b checksrc: stricter no-space-before-paren enforcement
In order to make the code style more uniform everywhere
2016-12-13 23:39:11 +01:00
Okhin Vasilij
a4b2f7aafd curl_version_info: add CURL_VERSION_HTTPS_PROXY
Closes #1142
2016-11-26 17:28:53 +01:00
Thomas Glanzmann
4f8b17743d HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY 2016-11-25 10:49:38 +01:00
Frank Gevaerts
ba410f6c64 add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
Adds access to the effectively used protocol/scheme to both libcurl and
curl, both in string and numeric (CURLPROTO_*) form.

Note that the string form will be uppercase, as it is just the internal
string.

As these strings are declared internally as const, and all other strings
returned by curl_easy_getinfo() are de-facto const as well, string
handling in getinfo.c got const-ified.

Closes #1137
2016-11-25 00:45:18 +01:00
Daniel Stenberg
8657c268e1 checksrc: white space edits to comply to stricter checksrc 2016-11-24 23:58:22 +01:00
Daniel Stenberg
dbadaebfc4 checksrc: code style: use 'char *name' style 2016-11-24 23:58:22 +01:00
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Daniel Stenberg
397abc8b44 bump: next version will be 7.52.0 2016-11-09 09:15:58 +01:00
Kamil Dudka
6ad3add606 vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 11:52:07 +01:00
Daniel Stenberg
27302abb94 s/cURL/curl
We're mostly saying just "curl" in lower case these days so here's a big
cleanup to adapt to this reality. A few instances are left as the
project could still formally be considered called cURL.
2016-11-07 10:36:23 +01:00
Daniel Stenberg
71cfce9ce7 bump: start working on 7.51.1 2016-11-03 10:08:26 +01:00
Michael Kaufmann
e9e5366193 New libcurl option to keep sending on error
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.

This is suitable for manual NTLM authentication.

Reviewed-by: Jay Satiro

Closes https://github.com/curl/curl/pull/904
2016-09-22 22:22:31 +02:00
Jay Satiro
af2d679e14 errors: new alias CURLE_WEIRD_SERVER_REPLY (8)
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as
more of a generic "failed to parse" introduce an alias without FTP in
the name.

Closes https://github.com/curl/curl/pull/975
2016-09-07 21:24:27 -04:00
Daniel Stenberg
add8ee7d57 bump: toward 7.51.0 2016-09-07 15:45:24 +02:00
Daniel Stenberg
5fce88aa8c curl.h: make CURL_NO_OLDIES define CURL_STRICTER 2016-08-09 14:46:51 +02:00
Daniel Stenberg
73878278d8 bump: start working toward 7.50.2 2016-08-03 09:36:27 +02:00
Daniel Stenberg
d6604524ad include: revert 9adf3c4 and make public types void * again
Many applications assume the actual contents of the public types and use
that do for example forward declarations (saving them from including our
public header) which then breaks when we switch from void * to a struct
*.

I'm not convinced we were wrong, but since this practise seems
widespread enough I'm willing to (partly) step down.

Now libcurl uses the struct itself when it is built and it allows
applications to use the struct type if CURL_STRICTER is defined at the
time of the #include.

Reported-by: Peter Frühberger
Fixes #926
2016-07-31 22:59:22 +02:00
Daniel Stenberg
001f8d06fe bump: start working on 7.50.1 2016-07-21 11:16:08 +02:00
Daniel Stenberg
434f8d0389 internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
Daniel Stenberg
9adf3c473a headers: forward declare CURL, CURLM and CURLSH as structs
Instead of typedef'ing to void, typedef to their corresponding actual
struct names to allow compilers to type-check.

Assisted-by: Reinhard Max
2016-06-22 10:28:36 +02:00
Frank Gevaerts
071c561394 http: add CURLINFO_HTTP_VERSION and %{http_version}
Adds access to the effectively used http version to both libcurl and
curl.

Closes #799
2016-05-30 22:58:51 +02:00
Daniel Stenberg
4bffaad85f bump: start the journey toward 7.50.0 2016-05-30 22:55:54 +02:00
Steve Holme
1c86f14030 bump: Start work on 7.49.1 2016-05-18 17:47:38 +01:00
Daniel Stenberg
63e1f060a2 curlbuild.h.dist: check __LP64__ as well to fix MIPS build
The preprocessor check that sets up the 32bit defines for non-configure
builds didn't work properly for MIPS systems as __mips__ is defined for
both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit.

Reported-by: Tomas Jakobsson
Fixes #813
2016-05-18 14:10:36 +02:00
Daniel Stenberg
56fb8a1f11 curl.h: clarify curl_sslbackend for openssl clones and renames 2016-04-25 11:37:40 +02:00
Patrick Monnerat
3cd082be83 curl.h: CURLOPT_CONNECT_TO sets a struct slist *, not a string 2016-04-22 16:49:02 +02:00
Alessandro Ghedini
dc68f2dab9 url: add CURLOPT_TCP_FASTOPEN option 2016-04-18 23:17:19 +02:00
Daniel Stenberg
a9a1d303f5 includes: avoid duplicate memory callback typdefs even harder 2016-04-18 15:04:17 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00