1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 09:38:54 -05:00
Commit Graph

488 Commits

Author SHA1 Message Date
Daniel Stenberg
af32cd3859
http: prevent custom Authorization headers in redirects
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
curl already handles Authorization headers created internally.

Note: this changes behavior slightly, for the sake of reducing mistakes.

Added test 317 and 318 to verify.

Reported-by: Craig de Stigter
Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
2018-01-22 10:00:00 +01:00
rouzier
945df74101
CURLOPT_TCP_NODELAY.3: fix typo
Closes #2239
2018-01-15 23:06:58 +01:00
Jay Satiro
6fa10c8fa2 setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
Broken since f121575 (precedes 7.56.1).

Bug: https://github.com/curl/curl/issues/2225
Reported-by: cmfrolick@users.noreply.github.com

Closes https://github.com/curl/curl/pull/2227
2018-01-13 02:57:30 -05:00
Jay Satiro
a0f3eaf25d examples/cacertinmem: ignore cert-already-exists error
- Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback
  since it's possible the cert may have already been loaded by libcurl.

- Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc.
  Instead have it direct the reader to this cacertinmem.c example.

- Fix the CA certificate to use the right CA for example.com, Digicert.

Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html
Reported-by: Thomas van Hesteren

Closes https://github.com/curl/curl/pull/2182
2017-12-26 02:08:35 -05:00
Daniel Stenberg
9c6a6be882
CURLOPT_READFUNCTION.3: refer to argument with correct name
Bug: #2175

[ci skip]
2017-12-13 08:18:10 +01:00
Daniel Stenberg
63e58b8b40
CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference 2017-12-11 00:00:17 +01:00
Daniel Stenberg
bbea75ad69
CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE 2017-12-09 23:34:07 +01:00
richardthe3rd
9fb5a943f5 CURLOPT_PRIVATE.3: fix grammar
- Change "never does nothing" double-negative to "never does anything".

Closes https://github.com/curl/curl/pull/2168
2017-12-08 18:55:33 -05:00
Daniel Stenberg
715f1f53e0
resolve: allow IP address within [] brackets
... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.

Added test 1324 to verify
Reported-by: Alex Malinovich

Fixes #2087
Closes #2091
2017-11-17 15:26:08 +01:00
Florin
f20cbac970
auth: Added test cases for RFC7616
Updated docs to include support for RFC7616

Signed-off-by: Florin <petriuc.florin@gmail.com>

Closes #1934
2017-10-28 16:33:09 +02:00
Daniel Stenberg
172ce9cc19
setopt: avoid integer overflows when setting millsecond values
... that are multiplied by 1000 when stored.

For 32 bit long systems, the max value accepted (2147483 seconds) is >
596 hours which is unlikely to ever be set by a legitimate application -
and previously it didn't work either, it just caused undefined behavior.

Also updated the man pages for these timeout options to mention the
return code.

Closes #1938
2017-10-16 09:23:19 +02:00
Daniel Stenberg
f8e593887e
CURLOPT_XFERINFODATA.3: fix duplicate see also 2017-10-09 16:24:36 +02:00
Daniel Stenberg
d895a83a3b
CURLOPT_NOPROGRESS.3: also refer to xferinfofunction 2017-10-09 16:24:19 +02:00
Michael Kaufmann
c66d94d6da docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS
Closes #1922
2017-09-28 21:32:20 +02:00
Michael Kaufmann
46d63bbbe8 docs: clarify the use of environment variables for proxy
Closes #1921
2017-09-28 21:29:39 +02:00
Daniel Stenberg
50b208e23e
docs: clarify the CURLOPT_INTERLEAVE* options behavior 2017-09-15 15:47:56 +02:00
Jay Satiro
64bb7ae6ae mbedtls: enable CA path processing
CA path processing was implemented when mbedtls.c was added to libcurl
in fe7590f, but it was never enabled.

Bug: https://github.com/curl/curl/issues/1877
Reported-by: SBKarr@users.noreply.github.com
2017-09-10 03:22:05 -04:00
Daniel Stenberg
2e4074c953
docs: curl_mime_*.3 man page formatting edits 2017-09-04 09:20:24 +02:00
Patrick Monnerat
ce0881edee mime: new MIME API.
Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.
2017-09-02 17:47:10 +01:00
Daniel Stenberg
4a7673c8ca
CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD 2017-08-24 10:09:28 +02:00
Daniel Stenberg
582f2a1308
CURLOPT_SSH_COMPRESSION.3: enable with 1L
(leaves other values reserved for the future)
2017-08-17 09:54:07 +02:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00
Alessandro Ghedini
34f24fef4a docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description 2017-08-12 13:36:39 +01:00
Alessandro Ghedini
274f9cac96 docs: fix typo stuct -> struct 2017-08-12 13:33:10 +01:00
Daniel Stenberg
a7bbbb7c36
make install: add 8 missing man pages to the installation 2017-08-09 11:31:10 +02:00
Daniel Stenberg
70934885d0 CURLOPT_NETRC.3: fix typo in 7e48aa3861
Reported-by: Viktor Szakats
2017-08-02 15:29:27 +02:00
Daniel Stenberg
7e48aa3861 CURLOPT_NETRC.3: mention the file name on windows
... and CURLOPT_NETRC_FILE(3).
2017-08-02 14:34:26 +02:00
Daniel Stenberg
bbc9c6d144 CURLOPT_POSTFIELDS.3: explain the 100-continue magic better 2017-07-07 12:43:17 +02:00
Kamil Dudka
8924f58c37 CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy auth
If libcurl was built with GSS-API support, it unconditionally advertised
GSS-API authentication while connecting to a SOCKS5 proxy.  This caused
problems in environments with improperly configured Kerberos: a stock
libcurl failed to connect, despite libcurl built without GSS-API
connected fine using username and password.

This commit introduces the CURLOPT_SOCKS5_AUTH option to control the
allowed methods for SOCKS5 authentication at run time.

Note that a new option was preferred over reusing CURLOPT_PROXYAUTH
for compatibility reasons because the set of authentication methods
allowed by default was different for HTTP and SOCKS5 proxies.

Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html
Closes https://github.com/curl/curl/pull/1454
2017-06-28 08:02:58 +02:00
Daniel Stenberg
924cd3e25b CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
... supported since 7.54.1
2017-06-24 00:59:10 +02:00
Daniel Stenberg
9b167fd090 --request-target: instead of --strip-path-slash
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH.

This option instead provides the full "alternative" target to use in the
request, instead of extracting the path from the URL.

Test 1298 and 1299 updated accordingly.

Idea-by: Evert Pot
Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373

Closes #1593
2017-06-21 23:39:10 +02:00
Daniel Stenberg
b778ae4c5e http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH
... to enable sending "OPTIONS *" which wasn't possible previously.

This option currently only works for HTTP.

Added test cases 1298 + 1299 to verify

Fixes #1280
Closes #1462
2017-06-19 16:39:22 +02:00
Daniel Stenberg
3b80d3ca46 getinfo: return sizes as curl_off_t
This change introduces new alternatives for the existing six
curl_easy_getinfo() options that return sizes or speeds as doubles. The
new versions are named like the old ones but with an appended '_T':

CURLINFO_CONTENT_LENGTH_DOWNLOAD_T
CURLINFO_CONTENT_LENGTH_UPLOAD_T
CURLINFO_SIZE_DOWNLOAD_T
CURLINFO_SIZE_UPLOAD_T
CURLINFO_SPEED_DOWNLOAD_T
CURLINFO_SPEED_UPLOAD_T

Closes #1511
2017-06-19 09:27:42 +02:00
Daniel Stenberg
7b3b4722be CURLOPT_PREQUOTE.3: spellfix man page reference 2017-06-18 17:06:51 +02:00
Daniel Stenberg
8bc9cabd7f TODO: implement support for CURLOPT_PREQUOTE with SFTP
... also updated the CURLOPT_PREQUOTE.3 man page to mention the correct
protocol support.

Closes #1514
2017-06-18 00:25:09 +02:00
Daniel Stenberg
aae4a4788a CURLOPT_SSH_KEY*.3: typos
Reported-by: Gisle Vanem
2017-05-31 13:52:03 +02:00
Daniel Stenberg
399a1a6182 CURLOPT_STREAM_DEPENDS.3: typo 2017-05-31 13:39:56 +02:00
Daniel Stenberg
f072393feb CURLOPT_FNMATCH_FUNCTION.3: also modified example to avoid fcpp issues 2017-05-31 13:36:51 +02:00
Daniel Stenberg
28baf380fa CURLOPT_FNMATCH_DATA.3: modified example to avoid fcpp issues 2017-05-31 13:30:04 +02:00
Daniel Stenberg
4600362a5a opts: more than 100 more examples for man pages... 2017-05-31 11:56:53 +02:00
Daniel Stenberg
a6ad28a75e CURLOPT_PROXY.3: fix test 1140 breakage 2017-05-31 08:45:36 +02:00
Daniel Stenberg
bb1a8c174b opts: more examples added to man pages 2017-05-30 23:35:30 +02:00
Daniel Stenberg
2d5fa35e85 docs: clarify NO_PROXY further
Fixes #1208
2017-05-30 22:43:34 +02:00
Daniel Stenberg
dd97551746 CURLOPT_PROXY.3: describe the environment variables more 2017-05-30 18:05:33 +02:00
Daniel Stenberg
c2227dae53 opts: more examples added in option man pages 2017-05-27 23:11:26 +02:00
Phil Crump
a9de0a9f54 docs/CURLOPT_SSLVERSION.3: Correct define name in example
Closes #1509
2017-05-25 16:28:30 +02:00
eb16305e6a SecureTransport/DarwinSSL: Implement public key pinning
Closes #1400
2017-05-15 22:54:33 +02:00
Daniel Stenberg
1919569633 man pages: fix example syntax errors
follow-up to 5ddad099b4
2017-05-15 13:01:15 +02:00
Daniel Stenberg
5ddad099b4 docs/libcurl/opts: added more examples in man pages 2017-05-15 11:45:19 +02:00
Daniel Stenberg
e366ca2b85 CURLOPT_HTTPPROXYTUNNEL: clarify, add example 2017-05-15 10:11:23 +02:00
Dan Fandrich
d836c9fee4 url.c: add a compile-time check that CURL_MAX_WRITE_SIZE is large enough
Some code (e.g. Curl_fillreadbuffer) assumes that this buffer is not
exceedingly tiny and will break if it is. This same check is already
done at run time in the CURLOPT_BUFFERSIZE option.
2017-05-13 23:21:27 +02:00
Daniel Stenberg
289236b223 opts: fix bad example formatting \n => \\n
...to render properly nroff.
2017-05-06 23:51:29 +02:00
Daniel Stenberg
271c63748a opts: examples added to 8 more libcurl option man pages 2017-05-06 23:38:39 +02:00
Daniel Stenberg
2b7bde4d3f docs/opts: 24 more man pages now have examples 2017-05-05 17:26:08 +02:00
Daniel Stenberg
58a6265a40 docs/opts: 23 more man pages now have examples 2017-05-05 16:30:23 +02:00
Daniel Stenberg
4b93382193 CURLINFO_REDIRECT_URL.3: add example 2017-05-04 00:00:13 +02:00
Daniel Stenberg
b065a508c6 CURLINFO_EFFECTIVE_URL.3: add example 2017-05-04 00:00:07 +02:00
Kamil Dudka
e3e8d0204b nss: load libnssckbi.so if no other trust is specified
The module contains a more comprehensive set of trust information than
supported by nss-pem, because libnssckbi.so also includes information
about distrusted certificates.

Reviewed-by: Kai Engert
Closes #1414
2017-04-25 13:24:24 +02:00
Jay Satiro
fa66403280 CURLINFO_SCHEME.3: fix variable type
- Change documented param type to char ** from incorrect long *.
2017-04-08 15:44:39 -04:00
Daniel Stenberg
721f8c05c7 docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3 2017-04-03 00:00:43 +02:00
Peter Wu
ec493dbda2 cmake: fix build with cmake 2.8.12.2
For some reason, CMake 2.8.12.2 did not expand the list argument in a
single DEPENDS argument. Remove the quotes, so it gets expanded into
multiple arguments for add_custom_command and add_custom_target.

Fixes https://github.com/curl/curl/issues/1370
Closes #1372
2017-03-30 23:43:35 +02:00
Daniel Stenberg
f8952932e7 cmake: add cmake file in docs/libcurl/opts/ to dist 2017-03-30 08:16:56 +02:00
klemens
f7df67cff0 spelling fixes
Closes #1356
2017-03-26 23:56:23 +02:00
Daniel Stenberg
e369303cdc CURLINFO_PRIMARY_IP.3: add example 2017-03-22 11:28:33 +01:00
Ales Mlakar
a360906de6 mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION
Ref: https://curl.haxx.se/mail/lib-2017-02/0097.html

Closes https://github.com/curl/curl/pull/1272
2017-03-21 23:51:44 -04:00
Peter Wu
898b012a9b cmake: add support for building HTML and PDF docs
Note that for some reason there is this warning (that also exists with
autotools, added since curl-7_15_1-94-ga718cb05f):

    docs/libcurl/curl_multi_socket_all.3:1: can't open `man3/curl_multi_socket.3': No such file or directory

Additionally, adjust the roffit --mandir option to support creating
links when doing out-of-tree builds.

Ref: https://github.com/curl/curl/pull/1288
2017-03-21 14:49:53 +01:00
Peter Wu
6f6e9193df docs: split file lists into Makefile.inc
For easier sharing with CMake. The contents were reformatted to use
two-space indent and expanded tabs (matching lib/Makefile.common).

Ref: https://github.com/curl/curl/pull/1288
2017-03-21 14:49:53 +01:00
Jay Satiro
f7b3914c55 CURLINFO_LOCAL_PORT.3: fix typo 2017-03-16 18:18:49 -04:00
Daniel Stenberg
49f7b13536 CURLINFO_LOCAL_PORT.3: added example 2017-03-16 23:05:22 +01:00
Desmond O. Chang
d2bcf1e3e2 url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing
  proxy CONNECT response headers from the user callback functions
  CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION.

- Add new tool option --suppress-connect-headers to expose
  CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT
  response headers from --dump-header and --include.

Assisted-by: Jay Satiro
Assisted-by: CarloCannas@users.noreply.github.com
Closes https://github.com/curl/curl/pull/783
2017-03-12 01:32:33 -05:00
Jozef Kralik
6448f98c18 vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.

Closes https://github.com/curl/curl/pull/1166
2017-03-08 15:54:07 +01:00
Steve Brokenshire
f5712ca277 Makefile.am: Remove distribution man pages when running 'make clean' 2017-03-07 23:27:31 +01:00
Jay Satiro
21512a015f CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors
.. also document that CURLE_NOT_BUILT_IN is a RETURN VALUE.

Ref: https://github.com/curl/curl/pull/1290
2017-03-04 16:07:28 -05:00
JDepooter
0966ab5bd4 darwinssl: Warn that disabling host verify also disables SNI
In DarwinSSL the SSLSetPeerDomainName function is used to enable both
sending SNI and verifying the host. When host verification is disabled
the function cannot be called, therefore SNI is disabled as well.

Closes https://github.com/curl/curl/pull/1240
2017-03-02 02:42:15 -05:00
Peter Wu
eac0dc6a3f docs: de-duplicate file lists in the Makefiles
Make use of macro substitution of suffix patterns to remove duplication
of manual names. This approach is portable according to
http://pubs.opengroup.org/onlinepubs/009695399/utilities/make.html

Closes https://github.com/curl/curl/pull/1287
2017-02-25 16:26:22 -05:00
Jay Satiro
b259646ea1 url: Improve CURLOPT_PROXY_CAPATH error handling
- Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option
  is not supported, which is the same as what we already do for
  CURLOPT_CAPATH.

- Change the curl tool to handle CURLOPT_PROXY_CAPATH error
  CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the
  same as what we already do for CURLOPT_CAPATH.

- Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the
  respective CAPATH option is not supported by the SSL library.

Ref: https://github.com/curl/curl/pull/1257
2017-02-21 22:24:40 -05:00
Daniel Stenberg
1dcf244721 CURLOPT_SSL_VERIFYPEER.3: also the https proxy version 2017-02-09 23:22:57 +01:00
Jay Satiro
423a93ce32 docs: Add more HTTPS proxy documentation
- Document HTTPS proxy type.

- Document --write-out %{proxy_ssl_verify_result}.

- Document SOCKS proxy + HTTP/HTTPS proxy combination.

HTTPS proxy support was added in 7.52.0 for OpenSSL, GnuTLS and NSS.

Ref: https://github.com/curl/curl/commit/cb4e2be
2017-02-06 03:13:42 -05:00
Richy Kim
6b7616690e CURLOPT_BUFFERSIZE: support enlarging receive buffer
Replace use of fixed macro BUFSIZE to define the size of the receive
buffer.  Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive
buffer size.  Upon setting, resize buffer if larger than the current
default size up to a MAX_BUFSIZE (512KB). This can benefit protocols
like SFTP.

Closes #1222
2017-01-19 23:38:04 +01:00
Isaac Boukris
1d786faee1 unix_socket: add support for abstract unix domain socket
In addition to unix domain sockets, Linux also supports an
abstract namespace which is independent of the filesystem.

In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET
option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH
internally, along with a flag to specify abstract socket.

On non-supporting platforms, the abstract address will be
interpreted as an empty string and fail gracefully.

Also add new --abstract-unix-socket tool parameter.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reported-by: Chungtsun Li (typeless)
Reviewed-by: Daniel Stenberg
Reviewed-by: Peter Wu
Closes #1197
Fixes #1061
2017-01-13 16:25:20 +01:00
Frank Gevaerts
dbd3793859 docs: Add note about libcurl copying strings to CURLOPT_* manpages
Closes #1169
2017-01-13 15:14:55 +01:00
Frank Gevaerts
d2b2c63852 CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char* 2017-01-13 15:14:38 +01:00
Dan Fandrich
bbee0d4eee wolfssl: support setting cipher list 2017-01-06 23:02:09 +01:00
Jay Satiro
4f2239c5ca docs/libcurl: TCP_KEEPALIVE start and interval default to 60
Since the TCP keep-alive options were added in 705f0f7 the start and
interval default values have been 60, but that wasn't documented.

Bug: https://curl.haxx.se/mail/lib-2017-01/0000.html
Reported-by: Praveen Pvs
2017-01-02 13:43:05 -05:00
Daniel Stenberg
209b230227 docs/ciphers: link to our own new page about ciphers
... as the former ones always go stale!
2016-12-25 11:01:17 +01:00
Michael Kaufmann
afff64dbcd curl_easy_recv: Improve documentation and example program
Follow-up to 82245ea: Fix the example program sendrecv.c (handle
CURLE_AGAIN, handle incomplete send). Improve the documentation
for curl_easy_recv() and curl_easy_send().

Reviewed-by: Frank Meier
Assisted-by: Jay Satiro

See https://github.com/curl/curl/pull/1134
2016-12-18 12:56:23 +01:00
Daniel Stenberg
c588840568 CURLINFO_SSL_VERIFYRESULT.3: language 2016-12-16 16:59:08 +01:00
Daniel Stenberg
b0fcb92f80 HTTPS-PROXY docs: update/polish 2016-12-16 16:57:39 +01:00
Daniel Stenberg
845522cadb preproxy: renamed what was added as SOCKS_PROXY
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY

Added the corresponding --preroxy command line option. Sets a SOCKS
proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16 16:04:23 +01:00
Daniel Stenberg
7907a2bec9 CURLOPT_SOCKS_PROXYTYPE: removed
This was added as part of the SOCKS+HTTPS proxy merge but there's no
need to support this as we prefer to have the protocol specified as a
prefix instead.
2016-12-16 15:10:19 +01:00
Daniel Stenberg
c67f842093 CURLOPT_PROXY_*.3: polished some proxy option man pages 2016-11-27 00:21:15 +01:00
Daniel Stenberg
3f7d9b9001 CURLOPT_PROXY_CAINFO.3: clarify proxy use 2016-11-25 16:40:32 +01:00
Daniel Stenberg
2527dd4378 CURLOPT_PROXY_CRLFILE.3: clarify https proxy and availability 2016-11-25 16:36:27 +01:00
Daniel Stenberg
9bfb00efc9 docs: include all opts man pages in dist
Sorted the lists too.

... and include the new ones in the PDF and HTML generation targets
2016-11-25 11:14:58 +01:00
Thomas Glanzmann
4f8b17743d HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY 2016-11-25 10:49:38 +01:00
Thomas Glanzmann
1232dbb8bd url: proxy: Use 443 as default port for https proxies 2016-11-25 10:01:58 +01:00
Frank Gevaerts
ba410f6c64 add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
Adds access to the effectively used protocol/scheme to both libcurl and
curl, both in string and numeric (CURLPROTO_*) form.

Note that the string form will be uppercase, as it is just the internal
string.

As these strings are declared internally as const, and all other strings
returned by curl_easy_getinfo() are de-facto const as well, string
handling in getinfo.c got const-ified.

Closes #1137
2016-11-25 00:45:18 +01:00
Okhin Vasilij
c6da05a5ec HTTPS-proxy: fixed mbedtls and polishing 2016-11-24 23:41:45 +01:00
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Kamil Dudka
cfd69c1339 docs: the next release will be 7.52.0 2016-11-15 12:21:00 +01:00
Kamil Dudka
6ad3add606 vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 11:52:07 +01:00
Jay Satiro
568037f6af CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
- Clarify that this option is only for HTTP/1.1 pipelining.

Bug: https://github.com/curl/curl/issues/1059
Reported-by: Jeroen Ooms

Assisted-by: Daniel Stenberg
2016-10-27 23:15:41 -04:00
Daniel Stenberg
0f1996321f s/cURL/curl
The tool was never called cURL, only the project. But even so, we have
more and more over time switched to just use lower case.
2016-10-18 13:59:54 +02:00
Daniel Stenberg
358fd32820 dist: remove PDF and HTML converted docs from the releases 2016-10-10 23:33:13 +02:00
Rainer Müller
c271b1c29a CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)
The 'userp' argument is unused in this example code.
2016-10-06 08:06:13 +02:00
Daniel Stenberg
15aefc6adc CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is added 2016-10-04 23:46:45 +02:00
Michael Kaufmann
e9e5366193 New libcurl option to keep sending on error
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.

This is suitable for manual NTLM authentication.

Reviewed-by: Jay Satiro

Closes https://github.com/curl/curl/pull/904
2016-09-22 22:22:31 +02:00
Jay Satiro
36e53ec6ff docs: Remove that --proto is just used for initial retrieval
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not
override protocols denied by --proto and CURLOPT_PROTOCOLS.

- Add a test to enforce: --proto deny must override --proto-redir allow

Closes https://github.com/curl/curl/pull/1031
2016-09-21 17:23:24 -04:00
Jay Satiro
6ee9ea5e70 CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting 2016-09-18 17:56:35 -04:00
Olivier Brunel
4b86113f5e speed caps: not based on average speeds anymore
Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE &
CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits
with the cumulative average speed of the entire transfer; While this
might work at times with good/constant connections, in other cases it
can result to the limits simply being "ignored" for more than "short
bursts" (as told in man page).

Consider a download that goes on much slower than the limit for some
time (because bandwidth is used elsewhere, server is slow, whatever the
reason), then once things get better, curl would simply ignore the limit
up until the average speed (since the beginning of the transfer) reached
the limit.  This could prove the limit useless to effectively avoid
using the entire bandwidth (at least for quite some time).

So instead, we now use a "moving starting point" as reference, and every
time at least as much as the limit as been transferred, we can reset
this starting point to the current position. This gets a good limiting
effect that applies to the "current speed" with instant reactivity (in
case of sudden speed burst).

Closes #971
2016-09-04 13:11:23 +02:00
Daniel Stenberg
4c44155cfe CURLMOPT_PIPELINING.3: language 2016-09-01 14:09:21 +02:00
Daniel Stenberg
a409b4b466 CURLMOPT_PIPELINING.3: extended and clarified
Especially in regards to the multiplexing part.
2016-09-01 14:08:01 +02:00
Nick Zitzmann
e171968ba3 darwinssl: add documentation stating that the --cainfo option is intended for backward compatibility only
In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.
2016-08-28 16:46:59 -05:00
Daniel Stenberg
2497c42172 CURLMOPT_MAX_TOTAL_CONNECTIONS.3: mention it can also multiplex 2016-08-19 09:40:40 +02:00
Daniel Stenberg
84e45f4b3a CURLOPT_PROXY.3: unsupported schemes cause errors now
Follow-up to a96319ebb9 (document the new behavior)
2016-08-15 14:49:26 +02:00
Daniel Stenberg
4732ca5724 CURLOPT_TCP_NODELAY: now enabled by default
After a few wasted hours hunting down the reason for slowness during a
TLS handshake that turned out to be because of TCP_NODELAY not being
set, I think we have enough motivation to toggle the default for this
option. We now enable TCP_NODELAY by default and allow applications to
switch it off.

This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be
used to disable it.

Thanks-to: Tim Rühsen
Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
2016-08-05 00:12:57 +02:00
Kamil Dudka
8b9ba132f0 docs: distribute the CURLINFO_HTTP_VERSION(3) man page, too 2016-07-21 13:06:17 +02:00
Timothy Polich
16fe3f6b0a CURLMOPT_SOCKETFUNCTION.3: fix typo
Closes https://github.com/curl/curl/pull/914
2016-07-14 02:58:59 -04:00
Jay Satiro
f77dfbc5fb CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a
zero-byte POST. Prior to this change it was documented as sending data
from the read callback.

This also changes the wording of what happens when empty or NULL so that
it's hopefully easier to understand for people whose primary language
isn't English.

Bug: https://github.com/curl/curl/issues/862
Reported-by: Askar Safin
2016-06-11 17:33:16 -04:00
Andrew Kurushin
6cabd78531 schannel: add CURLOPT_CERTINFO support
Closes #822
2016-06-01 08:50:01 +02:00
Frank Gevaerts
071c561394 http: add CURLINFO_HTTP_VERSION and %{http_version}
Adds access to the effectively used http version to both libcurl and
curl.

Closes #799
2016-05-30 22:58:51 +02:00
Michael Kaufmann
53ae37088c CURLOPT_CONNECT_TO.3: user must not free the list prematurely
The connect-to list isn't copied so as long as the handle may be used
for a transfer the list must be valid.

Bug: https://github.com/curl/curl/pull/819
Reported-by: Michael Kaufmann
2016-05-20 00:14:38 -04:00
Frank Gevaerts
5db313985e CURLOPT_RESOLVE.3: fix typo
Closes #811
2016-05-17 14:28:12 +02:00
Daniel Stenberg
ab5a68937b docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVE 2016-05-17 13:17:07 +02:00
Daniel Stenberg
d415bdb883 CURLOPT_HTTPPOST.3: the data needs to be around while in use 2016-05-17 11:08:10 +02:00
Daniel Stenberg
dac8ce9558 docs: unified man page references to use \fI 2016-05-02 09:09:59 +02:00
Isaac Boukris
7987f5cb14 CURLOPT_ACCEPT_ENCODING.3: Follow-up clarification
Mention possible content-length mismatch with sum of bytes reported
by write callbacks when auto decoding is enabled.

See #785
2016-05-01 23:27:01 +02:00
Daniel Stenberg
6485d4ee9d CURLOPT_CONV_TO_NETWORK_FUNCTION.3: fix bad man page reference 2016-05-01 23:24:09 +02:00
Daniel Stenberg
ea8694da41 CURLOPT_BUFFERSIZE.3: fix reference to CURLOPT_MAX_RECV_SPEED_LARGE 2016-05-01 23:24:09 +02:00
Daniel Stenberg
aba4727533 opts: fix broken/bad references 2016-05-01 16:41:04 +02:00
Michael Kaufmann
6940f4b52a docs: fix bugs in CURLOPT_HTTP_VERSION.3 and CURLOPT_PIPEWAIT.3
Closes #786
2016-05-01 13:32:49 +02:00
Daniel Stenberg
ffd0e6193f CURLOPT_ACCEPT_ENCODING.3: clarified
As discussed in #785
2016-05-01 13:29:11 +02:00
Jay Satiro
7028ed6d31 CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability
Bug: https://curl.haxx.se/mail/lib-2016-04/0126.html
Reported-by: Bru Rom
2016-04-28 16:48:38 -04:00
Jay Satiro
9f498de9a2 mbedtls: Fix session resume
This also fixes PolarSSL session resume.

Prior to this change the TLS session information wasn't properly
saved and restored for PolarSSL and mbedTLS.

Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html
Reported-by: Thomas Glanzmann

Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html
Reported-by: Moti Avrahami
2016-04-28 02:57:38 -04:00
Michael Kaufmann
f4298fcc6d opts: Fix some syntax errors in example code fragments
Fixes #779
2016-04-27 00:05:04 +02:00
Daniel Stenberg
e24e1c9cc6 CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0 2016-04-26 15:17:07 +02:00
33623d7196 PolarSSL: Implement public key pinning 2016-04-24 12:27:39 +02:00
Daniel Stenberg
8c8177a8a1 opts/Makefile.am: list all docs file one by one
... to make it easier to add lines in patches that won't just break all
other patches trying to add lines too.
2016-04-19 07:59:35 +02:00
Alessandro Ghedini
03de4e4b21 connect: implement TCP Fast Open for Linux
Closes #660
2016-04-18 23:21:50 +02:00
Alessandro Ghedini
dc68f2dab9 url: add CURLOPT_TCP_FASTOPEN option 2016-04-18 23:17:19 +02:00
Daniel Stenberg
26ec93dd6a opts: fix option references missing (section) 2016-04-18 00:02:29 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Steve Holme
ccf7a82605 CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
As these two options provide identical functionality, the former for
SOCK5 proxies and the latter for HTTP proxies, merged the two options
together.

As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
7.49.0.
2016-04-09 20:47:05 +01:00
Steve Holme
b43fb04516 docs: Added clarification following commit 9d89a0387 2016-04-08 21:45:08 +01:00
Steve Holme
9d89a03872 ftp/imap/pop3/smtp: Allow the service name to be overridden
Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5
authentication in FTP, IMAP, POP3 and SMTP.
2016-04-08 18:59:33 +01:00
Viktor Szakats
a24f71aac4 URLs: change http to https in many places
Closes #754
2016-04-06 11:58:34 +02:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Daniel Stenberg
213d3c7b0c http2: more documentation for prior knowledge 2016-03-31 22:23:15 +02:00
Daniel Stenberg
d532645afd build: use roffit 0.11 feature
... load file specified as argument.
2016-03-29 16:45:17 +02:00
Daniel Stenberg
5a9ea4b18c CURLMOPT_SOCKETFUNCTION.3: describe the 'what' argument 2016-03-27 23:50:36 +02:00