1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 21:45:13 -05:00
Commit Graph

612 Commits

Author SHA1 Message Date
Daniel Gustafsson
21ef78b556 docs: fix inconsistencies in EGDSOCKET documentation
Only the OpenSSL backend actually use the EGDSOCKET, and also use
TLS consistently rather than mixing SSL and TLS. While there, also
fix a minor spelling nit.

Closes: #7391
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
2021-07-14 23:47:37 +02:00
Viktor Szakats
2026124691
idn: fix libidn2 with windows unicode builds
Unicode Windows builds use UTF-8 strings internally in libcurl,
so make sure to call the UTF-8 flavour of the libidn2 API. Also
document that Windows builds with libidn2 and UNICODE do expect
CURLOPT_URL as an UTF-8 string.

Reported-by: dEajL3kA on github
Assisted-by: Jay Satiro
Reviewed-by: Marcel Raad
Closes #7246
Fixes #7228
2021-06-15 12:10:48 +00:00
Fawad Mirza
92c588f04b
CURLOPT_WRITEFUNCTION.3: minor update of the example
Safely avoid chunk.size garbage value if declared non globally.

Closes #7219
2021-06-09 14:29:40 +02:00
Daniel Stenberg
628ebd82b9
test269: disable for hyper
--ignore-content-length / CURLOPT_IGNORE_CONTENT_LENGTH doesn't work
with hyper.

Closes #7184
2021-06-03 23:11:11 +02:00
Lucas Clemente Vella
84d2839740
CURLOPT_IPRESOLVE: preventing wrong IP version from being used
In some situations, it was possible that a transfer was setup to
use an specific IP version, but due do DNS caching or connection
reuse, it ended up using a different IP version from requested.

This commit changes the effect of CURLOPT_IPRESOLVE from simply
restricting address resolution to preventing the wrong connection
type being used, when choosing a connection from the pool, and
to restricting what addresses could be used when establishing
a new connection.

It is important that all addresses versions are resolved, even if
not used in that transfer in particular, because the result is
cached, and could be useful for a different transfer with a
different CURLOPT_IPRESOLVE setting.

Closes #6853
2021-05-20 16:58:31 +02:00
Daniel Stenberg
5dfa4c08bb
docs: cookies from HTTP headers need domain set
... or the cookies won't get sent. Push users to using the "Netscape"
format instead, which curl uses when saving a cookie "jar".

Reported-by: Martin Dorey
Reviewed-by: Daniel Gustafsson
Fixes #6723
Closes #7077
2021-05-17 10:57:03 +02:00
Daniel Stenberg
fe5a61c007
CURLOPT_CAPATH.3: defaults to a path, not NULL
Reported-by: Andrew Barnert

Closes #7062
2021-05-16 00:50:27 +02:00
Daniel Stenberg
1763aceb0c
http: limit the initial send amount to used upload buffer size
Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes,
but for the situations where a larger upload buffer has been set, this
function can benefit from sending more bytes. With default size used,
this does the same as before.

Also changed the storage of the size to an 'unsigned int' as it is not
allowed to be set larger than 2M.

Also added cautions to the man pages about changing buffer sizes in
run-time.

Closes #7022
2021-05-07 08:51:39 +02:00
Gilles Vollant
77fc3859b2 SSL: support in-memory CA certs for some backends
- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
  specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
  and Secure Transport (Apple) SSL backends.

Prior to this change PEM certificates could only be imported from a file
and not from memory.

Co-authored-by: moparisthebest@users.noreply.github.com

Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109

Closes https://github.com/curl/curl/pull/6662
2021-05-05 02:29:16 -04:00
Daniel Stenberg
f014eeceb2
CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data
Ref: https://curl.se/mail/lib-2021-04/0085.html
Closes #6943
2021-04-23 23:20:31 +02:00
Jay Satiro
54e7475016 schannel: Disable auto credentials; add an option to enable it
- Disable auto credentials by default. This is a breaking change
  for clients that are using it, wittingly or not.

- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
  to automatically locate and use a client certificate for
  authentication, when requested by the server.

- New curl tool options --ssl-auto-client-cert and
  --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.

This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.

Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn

Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard

Closes https://github.com/curl/curl/pull/6673
2021-04-22 16:53:37 -04:00
Daniel Stenberg
eff614fb02
vtls: refuse setting any SSL version
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.

Closes #6773
2021-04-19 08:16:02 +02:00
Daniel Stenberg
520bd5225c
cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
the cookiejar from memory.

Reported-by: Stefan Karpinski
Fixes #6889
Closes #6891
2021-04-14 23:09:36 +02:00
Daniel Stenberg
5a80a869a7
CURLOPT_AUTOREFERER.3: clarify that it sets the full URL
... some users may not want that!
2021-03-30 14:47:14 +02:00
Daniel Stenberg
472b537215
docs: clarify timeouts for queued transfers in multi API
Closes #6758
2021-03-19 23:28:21 +01:00
Jay Satiro
8a4ef73c8f docs: Explain DOH transfers inherit some SSL settings
- Document in DOH that some SSL settings are inherited but DOH hostname
  and peer verification are not and are controlled separately.

- Document that CURLOPT_SSL_CTX_FUNCTION is inherited by DOH handles but
  we're considering changing behavior to no longer inherit it. Request
  feedback.

Closes https://github.com/curl/curl/pull/6688
2021-03-17 18:12:45 -04:00
Daniel Gustafsson
4d28382bd3 docs: Fix typos
Random typos spotted when skimming docs.
2021-02-25 09:28:00 +01:00
Jay Satiro
c79b9de45c docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions
Closes https://github.com/curl/curl/pull/6639
2021-02-23 02:31:20 -05:00
Viktor Szakats
f65d7889b5
http: add new files missed from referrer commit
Ref: 44872aefc2
Ref: #6591
2021-02-19 16:18:15 +00:00
Viktor Szakats
44872aefc2
http: add support to read and store the referrer header
- add CURLINFO_REFERER libcurl option
- add --write-out '%{referer}' command-line option
- extend --xattr command-line option to fill user.xdg.referrer.url extended
  attribute with the referrer (if there was any)

Closes #6591
2021-02-19 13:57:19 +00:00
Jay Satiro
53022e1893 doh: add options to disable ssl verification
- New libcurl options CURLOPT_DOH_SSL_VERIFYHOST,
  CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the
  same as their respective counterparts.

- New curl tool options --doh-insecure and --doh-cert-status do the same
  as their respective counterparts.

Prior to this change DOH SSL certificate verification settings for
verifyhost and verifypeer were supposed to be inherited respectively
from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug
were not. As a result DOH verification remained at the default, ie
enabled, and it was not possible to disable. This commit changes
behavior so that the DOH verification settings are independent and not
inherited.

Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676

Fixes https://github.com/curl/curl/issues/4578
Closes https://github.com/curl/curl/pull/6597
2021-02-14 18:20:48 -05:00
Daniel Stenberg
ff9ec4e4a0
CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
... so passed in commands may confuse libcurl's knowledge of state.

Reported-by: Bodo Bergmann
Fixes #6577
Closes #6580
2021-02-08 22:35:50 +01:00
Dmitry Wagin
796ce293de
http: improve AWS HTTP v4 Signature auth
- Add support services without region and service prefixes in
the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
by providing region and service parameters via aws-sigv4 option.
- Add [:region[:service]] suffix to aws-sigv4 option;
- Fix memory allocation errors.
- Refactor memory management.
- Use Curl_http_method instead() STRING_CUSTOMREQUEST.
- Refactor canonical headers generating.
- Remove repeated sha256_to_hex() usage.
- Add some docs fixes.
- Add some codestyle fixes.
- Add overloaded strndup() for debug - curl_dbg_strndup().
- Update tests.

Closes #6524
2021-01-30 23:48:22 +01:00
Daniel Stenberg
ec8dcd7b33
CURLINFO_PRETRANSFER_TIME.3: clarify
... the timer *does* include the instructions for getting the remote
file.

Ref: #6452
Closes #6453
2021-01-14 23:15:07 +01:00
Emil Engler
725ec470e2
language: s/behaviour/behavior/g
We currently use both spellings the british "behaviour" and the american
"behavior". However "behavior" is more used in the project so I think
it's worth dropping the british name.

Closes #6395
2021-01-02 23:35:59 +01:00
Olaf Hering
f2ed79d8ee
docs/examples: adjust prototypes for CURLOPT_READFUNCTION
The type of the buffer in curl_read_callback is 'char *', not 'void *'.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Closes #6392
2020-12-30 22:20:24 +01:00
Paul Groke
8324dc8b1a
dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries
Extend the syntax of CURLOPT_RESOLVE strings: allow using a '+' prefix
(similar to the existing '-' prefix for removing entries) to add
DNS cache entries that will time out just like entries that are added
by libcurl itself.

Append " (non-permanent)" to info log message in case a non-permanent
entry is added.

Adjust relevant comments to reflect the new behavior.

Adjust documentation.

Extend unit1607 to test the new functionality.

Closes #6294
2020-12-29 17:49:36 +01:00
Matthias Gatto
e2b2afbeea
docs: add AWS HTTP v4 Signature 2020-12-21 16:28:03 +01:00
Daniel Stenberg
a0f0c7149f
CURLOPT_URL.3: remove scheme specific details
... that are now found in URL-SYNTAX.md

Closes #6307
2020-12-12 22:46:37 +01:00
Daniel Stenberg
ec9cc725d5
ftp: CURLOPT_FTP_SKIP_PASV_IP by default
The command line tool also independently sets --ftp-skip-pasv-ip by
default.

Ten test cases updated to adapt the modified --libcurl output.

Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284

Reported-by: Varnavas Papaioannou
2020-12-07 08:38:05 +01:00
Daniel Stenberg
03822c3a6d
CURLOPT_HSTS.3: document the file format
Closes #6205
2020-11-13 23:28:58 +01:00
Daniel Stenberg
ac0a88fd25
copyright: fix year ranges
Follow-up from 4d2f800677
2020-11-05 08:22:10 +01:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Daniel Stenberg
2cfc4ed983
hsts: add read/write callbacks
- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks

Closes #5896
2020-11-03 16:08:48 +01:00
Daniel Stenberg
7385610d0c
hsts: add support for Strict-Transport-Security
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle

Closes #5896
2020-11-03 16:08:42 +01:00
Jay Satiro
9f4c1c0cce CURLOPT_DNS_USE_GLOBAL_CACHE.3: fix typo
Reported-by: Rui LIU

Closes https://github.com/curl/curl/issues/6131
2020-10-26 17:18:44 -04:00
Daniel Stenberg
96450a1a33
alt-svc: enable by default
Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported.

alt-svc support in curl is no longer considered experimental

Closes #5868
2020-10-25 23:08:54 +01:00
Daniel Stenberg
6f85968678
CURLOPT_NOBODY.3: fix typo
Reported-by: Basuke Suzuki
Fixes #6097
2020-10-16 23:02:49 +02:00
Daniel Stenberg
bfd35d5eda
CURLOPT_URL.3: clarify SCP/SFTP URLs are for uploads as well 2020-10-16 15:36:01 +02:00
Zenju
6d1a05b0bf
CURLOPT_TCP_NODELAY.3: fix comment in example code
Closes #6096
2020-10-16 15:06:51 +02:00
Samanta Navarro
2ead0ca482
docs/opts: fix typos in two manual pages
Closes #6039
2020-10-03 22:53:16 +02:00
Daniel Stenberg
83cc966708
man pages: switch to https://example.com URLs
Since HTTPS is "the new normal", this update changes a lot of man page
examples to use https://example.com instead of the previous "http://..."

Closes #5969
2020-09-17 16:28:18 +02:00
Michael Baentsch
ede125b7b7
tls: add CURLOPT_SSL_EC_CURVES and --curves
Closes #5892
2020-08-30 17:24:04 +02:00
Alessandro Ghedini
0ac310a825
docs: non-existing macros in man pages
As reported by man(1) when invoked as:

  man --warnings -E UTF-8 -l -Tutf8 -Z <file> >/dev/null

Closes #5846
2020-08-27 23:07:53 +02:00
Michael Musset
ebc6c54c74
sftp: add the option CURLKHSTAT_FINE_REPLACE
Replace the old fingerprint of the host with a new.

Closes #5685
2020-08-24 17:26:08 +02:00
COFFEETALES
fab5185275
sftp: add new quote commands 'atime' and 'mtime'
Closes #5810
2020-08-24 09:01:56 +02:00
Daniel Stenberg
88b1ca7cba
CURLE_PROXY: new error code
Failures clearly returned from a (SOCKS) proxy now causes this return
code. Previously the situation was not very clear as what would be
returned and when.

In addition: when this error code is returned, an application can use
CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then
returns a value from the new 'CURLproxycode' enum.

Closes #5770
2020-08-24 08:41:48 +02:00
Daniel Stenberg
712d16cbe0
KNOWN_BUGS: 'no_proxy' string-matches IPv6 numerical addreses
Also: the current behavior is now documented in the curl.1 and
CURLOPT_NOPROXY.3 man pages.

Reported-by: Andrew Barnes
Closes #5745
Closes #5841
2020-08-23 00:09:39 +02:00
Daniel Stenberg
d491916a4a
docs: clarify MAX_SEND/RECV_SPEED functionality
... in particular what happens if the maximum speed limit is set to a
value that's smaller than the transfer buffer size in use.

Reported-by: Tomas Berger
Fixes #5788
Closes #5813
2020-08-15 00:22:05 +02:00
Daniel Stenberg
2429f45a97
TLS naming: fix more Winssl and Darwinssl leftovers
The CMake option is now called CMAKE_USE_SCHANNEL

The winbuild flag is USE_SCHANNEL

The CI jobs and build scripts only use the new names and the new name
options

Tests now require 'Schannel' (when necessary)

Closes #5795
2020-08-08 00:19:21 +02:00