1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Commit Graph

789 Commits

Author SHA1 Message Date
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Daniel Stenberg
397abc8b44 bump: next version will be 7.52.0 2016-11-09 09:15:58 +01:00
Kamil Dudka
6ad3add606 vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 11:52:07 +01:00
Daniel Stenberg
27302abb94 s/cURL/curl
We're mostly saying just "curl" in lower case these days so here's a big
cleanup to adapt to this reality. A few instances are left as the
project could still formally be considered called cURL.
2016-11-07 10:36:23 +01:00
Daniel Stenberg
71cfce9ce7 bump: start working on 7.51.1 2016-11-03 10:08:26 +01:00
Michael Kaufmann
e9e5366193 New libcurl option to keep sending on error
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.

This is suitable for manual NTLM authentication.

Reviewed-by: Jay Satiro

Closes https://github.com/curl/curl/pull/904
2016-09-22 22:22:31 +02:00
Jay Satiro
af2d679e14 errors: new alias CURLE_WEIRD_SERVER_REPLY (8)
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as
more of a generic "failed to parse" introduce an alias without FTP in
the name.

Closes https://github.com/curl/curl/pull/975
2016-09-07 21:24:27 -04:00
Daniel Stenberg
add8ee7d57 bump: toward 7.51.0 2016-09-07 15:45:24 +02:00
Daniel Stenberg
5fce88aa8c curl.h: make CURL_NO_OLDIES define CURL_STRICTER 2016-08-09 14:46:51 +02:00
Daniel Stenberg
73878278d8 bump: start working toward 7.50.2 2016-08-03 09:36:27 +02:00
Daniel Stenberg
d6604524ad include: revert 9adf3c4 and make public types void * again
Many applications assume the actual contents of the public types and use
that do for example forward declarations (saving them from including our
public header) which then breaks when we switch from void * to a struct
*.

I'm not convinced we were wrong, but since this practise seems
widespread enough I'm willing to (partly) step down.

Now libcurl uses the struct itself when it is built and it allows
applications to use the struct type if CURL_STRICTER is defined at the
time of the #include.

Reported-by: Peter Frühberger
Fixes #926
2016-07-31 22:59:22 +02:00
Daniel Stenberg
001f8d06fe bump: start working on 7.50.1 2016-07-21 11:16:08 +02:00
Daniel Stenberg
434f8d0389 internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
Daniel Stenberg
9adf3c473a headers: forward declare CURL, CURLM and CURLSH as structs
Instead of typedef'ing to void, typedef to their corresponding actual
struct names to allow compilers to type-check.

Assisted-by: Reinhard Max
2016-06-22 10:28:36 +02:00
Frank Gevaerts
071c561394 http: add CURLINFO_HTTP_VERSION and %{http_version}
Adds access to the effectively used http version to both libcurl and
curl.

Closes #799
2016-05-30 22:58:51 +02:00
Daniel Stenberg
4bffaad85f bump: start the journey toward 7.50.0 2016-05-30 22:55:54 +02:00
Steve Holme
1c86f14030 bump: Start work on 7.49.1 2016-05-18 17:47:38 +01:00
Daniel Stenberg
63e1f060a2 curlbuild.h.dist: check __LP64__ as well to fix MIPS build
The preprocessor check that sets up the 32bit defines for non-configure
builds didn't work properly for MIPS systems as __mips__ is defined for
both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit.

Reported-by: Tomas Jakobsson
Fixes #813
2016-05-18 14:10:36 +02:00
Daniel Stenberg
56fb8a1f11 curl.h: clarify curl_sslbackend for openssl clones and renames 2016-04-25 11:37:40 +02:00
Patrick Monnerat
3cd082be83 curl.h: CURLOPT_CONNECT_TO sets a struct slist *, not a string 2016-04-22 16:49:02 +02:00
Alessandro Ghedini
dc68f2dab9 url: add CURLOPT_TCP_FASTOPEN option 2016-04-18 23:17:19 +02:00
Daniel Stenberg
a9a1d303f5 includes: avoid duplicate memory callback typdefs even harder 2016-04-18 15:04:17 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Tatsuhiro Tsujikawa
92c2a4c053 http2: Add handling stream level error
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
by RST_STREAM, underlying TCP connection was dropped.  This is
undesirable since there may be other streams multiplexed and they are
very much fine.  This change introduce new error code
CURLE_HTTP2_STREAM, which indicates stream error that only affects the
relevant stream, and connection should be kept open.  The existing
CURLE_HTTP2 means connection error in general.

Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
2016-04-11 21:43:24 -04:00
Steve Holme
ccf7a82605 CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
As these two options provide identical functionality, the former for
SOCK5 proxies and the latter for HTTP proxies, merged the two options
together.

As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
7.49.0.
2016-04-09 20:47:05 +01:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Daniel Stenberg
c40e85334d 7.49.0: next release version 2016-04-02 17:26:54 +02:00
Daniel Stenberg
7db9782dd6 curl.h: define CURL_DID_MEMORY_FUNC_TYPEDEFS
So that we only do the extra typedefs in curl_memory.h when we really
need to and avoid double typedefs.

follow-up commit to 7218b52c49

Thanks-to: Steve Holme
2016-04-01 13:14:57 +02:00
Daniel Stenberg
55452ebdff curl/mprintf.h: remove support for _MPRINTF_REPLACE
The define is not in our name space and is therefore not protected by
our API promises.

It was only really used by libcurl internals but was mostly erased from
there already in 8aabbf5 (March 2015). This is supposedly the final
death blow to that define from everywhere.

As a side-effect, making sure _MPRINTF_REPLACE is gone and not used, I
made the lib tests in tests/libtest/ use curl_printf.h for its redefine
magic and then subsequently the use of sprintf() got banned in the tests
as well (as it is in libcurl internals) and I then replaced them all
with snprintf().

In the unlikely event that any users is actually using this define and
gets sad by this change, it is very easily copied to the user's own
code.
2016-04-01 10:46:36 +02:00
Diego Bes
324a97ecf8 http2: support "prior knowledge", no upgrade from HTTP/1.1
Supports HTTP/2 over clear TCP

- Optimize switching to HTTP/2 by removing calls to init and setup
before switching. Switching will eventually call setup and setup calls
init.

- Supports new version to “force” the use of HTTP/2 over clean TCP

- Add common line parameter “--http2-prior-knowledge” to the Curl
  command line tool.
2016-03-31 22:23:11 +02:00
Daniel Stenberg
5173c499c1 bump: work on 7.48.1 2016-03-23 09:35:23 +01:00
Daniel Stenberg
997a95bbc8 bump: the coming release is 7.48.0 2016-03-18 21:59:53 +01:00
Jay Satiro
332414a30e getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
The two options are almost the same, except in the case of OpenSSL:

CURLINFO_TLS_SESSION OpenSSL session internals is SSL_CTX *.

CURLINFO_TLS_SSL_PTR OpenSSL session internals is SSL *.

For backwards compatibility we couldn't modify CURLINFO_TLS_SESSION to
return an SSL pointer for OpenSSL.

Also, add support for the 'internals' member to point to SSL object for
the other backends axTLS, PolarSSL, Secure Channel, Secure Transport and
wolfSSL.

Bug: https://github.com/curl/curl/issues/234
Reported-by: dkjjr89@users.noreply.github.com

Bug: https://curl.haxx.se/mail/lib-2015-09/0127.html
Reported-by: Michael König
2016-02-23 19:03:03 -05:00
Michael Koenig
9dc3eaee29 TFTP: add option to suppress TFTP option requests (Part 1)
Some TFTP server implementations ignore the "TFTP Option extension"
(RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing
problems with libcurl. Another switch for curl_easy_setopt
"CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from
sending TFTP option requests to a server, avoiding many problems caused
by faulty implementations.

Bug: https://github.com/curl/curl/issues/481
2016-02-23 03:00:58 -05:00
Daniel Stenberg
7f97fd5a83 bump: work toward the next release 2016-02-08 10:47:44 +01:00
Dan Fandrich
093f9cd38d URLs: Change more haxx.se URLs from http: to https: 2016-02-03 01:45:21 +01:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Daniel Stenberg
300718382f bump: towards the next (7.47.1 ?) 2016-01-28 16:36:29 +01:00
Daniel Stenberg
18ecdd0430 curlver: the pending release will become 7.47.0 2015-12-15 00:02:20 +01:00
Daniel Stenberg
4bcc532de5 http: add libcurl option to allow HTTP/2 for HTTPS only
... and stick to 1.1 for HTTP. This is in line with what browsers do and
should have very little risk.
2015-12-13 09:24:51 +01:00
Gisle Vanem
e1b6b2219d lwip: Fix compatibility issues with later versions
The name of the header guard in lwIP's <lwip/opt.h> has changed from
'__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015).

Other fixes:

- In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is
used.

- In memdebug.h, the 'socket' should be undefined first due to lwIP's
lwip_socket() macro.

- In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need
special handling because they were undef'ed in memdebug.h.

- In select.c we can't use preprocessor conditionals inside select if
MSVC and select is a macro, as it is with lwIP.

http://curl.haxx.se/mail/lib-2015-12/0023.html
http://curl.haxx.se/mail/lib-2015-12/0024.html
2015-12-07 14:27:55 -05:00
Gisle Vanem
b1f9424fa7 version: Add flag CURL_VERSION_PSL for libpsl 2015-12-07 02:59:54 -05:00
Daniel Stenberg
e7d8d8e257 bump: towards next release
for all we know now, it might be called 7.46.1
2015-12-02 23:24:47 +01:00
Patrick Monnerat
ff8d352ae9 curl.h: s/#defien/#define/ 2015-11-19 13:53:47 +01:00
Daniel Stenberg
796c6ef02b typecheck-gcc.h: add missing slist-using options
CURLOPT_RESOLVE and CURLOPT_PROXYHEADER were missing

Also sorted the list.
2015-11-13 23:19:19 +01:00
Daniel Stenberg
60cf8157c7 typecheck-gcc.h: added CURLOPT_CLOSESOCKETDATA
... and sorted curl_is_cb_data_option alphabetically
2015-11-13 23:12:48 +01:00
Daniel Stenberg
fd0c678e21 typecheck-gcc.h: add some missing string types
Also sorted that list alphabetically
2015-11-13 16:53:17 +01:00
Daniel Stenberg
aba281e762 curl.h: introducing the STRINGPOINT alias
As an alias for OBJECTPOINT. Provided to allow us to grep for all string
options easier.
2015-11-13 16:50:10 +01:00
Daniel Stenberg
ca5f9341ef formadd: support >2GB files on windows
Closes #425
2015-11-02 08:41:46 +01:00
Daniel Stenberg
49a991346e curl.h: s/HTTPPOST_/CURL_HTTPOST_
Fixes a name space pollution at the cost of programs using one of these
defines will no longer compile. However, the vast majority of libcurl
programs that do multipart formposts use curl_formadd() to build this
list.

Closes #506
2015-10-31 22:51:20 +01:00