1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-05 17:15:04 -05:00
Commit Graph

3202 Commits

Author SHA1 Message Date
Alessandro Ghedini
d1cf5d5706 openssl: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.

Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
2015-01-22 23:25:23 +01:00
Daniel Stenberg
b2c01f02d5 CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0 2015-01-16 23:41:50 +01:00
Daniel Stenberg
14a6cfaddb opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile 2015-01-16 23:34:28 +01:00
Daniel Stenberg
a4065ebf1c copyright years: after OCSP stapling changes 2015-01-16 23:23:29 +01:00
Alessandro Ghedini
bd0c3b3c66 curl: add --cert-status option
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
2015-01-16 23:23:29 +01:00
Alessandro Ghedini
3af90a6e19 url: add CURLOPT_SSL_VERIFYSTATUS option
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
2015-01-16 23:23:29 +01:00
Daniel Stenberg
5e113a18c5 TheArtOfHttpScripting: skip the date at the top, we have git 2015-01-16 23:23:29 +01:00
Daniel Stenberg
5940e06f01 TheArtOfHttpScripting: phrase it TLS lib agnostic 2015-01-16 23:23:29 +01:00
Steve Holme
5c73cdef62 TODO: Added some SMB ideas 2015-01-16 22:22:28 +00:00
Daniel Stenberg
003076e17c THANKS: 14 new contributors from the 7.40.0 release notes 2015-01-08 09:57:19 +01:00
Steve Holme
4c8a053855 sepheaders.c: Applied curl oding standards 2014-12-31 11:20:41 +00:00
Julien Nabet
8a3c0fbed1 sepheaders.c: Fixed resource leak on failure 2014-12-31 11:14:22 +00:00
Daniel Stenberg
6d79722d78 TODO: 2.3 Better support for same name resolves 2014-12-28 16:30:03 +01:00
Steve Holme
e5a8a26bcb docs: Updated following the addition of SASL GSSAPI via GSS-API libraries
As this feature has been implemented for 7.40.0.
2014-12-27 12:08:15 +00:00
Steve Holme
a9eadc9f91 asiohiper.cpp: No need to initialise members of ConnInfo
...as calloc() automatically clears the area of memory with zeros.
2014-12-27 12:01:13 +00:00
Steve Holme
193ba7b46e asiohiper.cpp: Updated for curl coding standards
...with the exception of the start of block statement curly brackets.
2014-12-27 12:01:11 +00:00
Steve Holme
151ae59436 code/docs: Use correct case for IPv4 and IPv6
For consistency, as we seem to have a bit of a mixed bag, changed all
instances of ipv4 and ipv6 in comments and documentations to use the
correct case.
2014-12-27 11:31:55 +00:00
Steve Holme
1abe65d928 code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
2014-12-26 21:42:44 +00:00
Daniel Stenberg
5590a3f179 KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME 2014-12-15 22:30:27 +01:00
Jay Satiro
7b3afc952f opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and
CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one
that will be used.

Prior to this change that behavior was only noted in the
CURLOPT_TIMEOUT_MS doc.
2014-12-15 22:24:22 +01:00
Guenter Knauf
c0fc9066a9 synctime.c: added own user-agent string. 2014-12-13 15:02:30 +01:00
Guenter Knauf
157c9752d5 synctime.c: removed another timeserver URL.
worldtimeserver.com seems also no longer available.
2014-12-13 13:43:19 +01:00
Guenter Knauf
e98b7b1cb3 synctime.c: fixed timeserver URLs.
For getting the date header its not necessary to access special
pages or even CGI scripts - all pages including the main index
reply with the date header, therefore shortened URLs to domain.
Removed worldtime.com; added pool.ntp.org.
2014-12-13 13:38:37 +01:00
Daniel Stenberg
cd6c13c2b3 TODO: Cache negative name resolves
Worth exploring
2014-12-10 11:56:43 +01:00
Guenter Knauf
c3b85c12a9 synctime.c: fixed user-agent setting.
Some websites meanwhile refuse to reply to requests from ancient
browsers like IE6, therefore I've comment out this setting, but
also fixed the string to now fake IE8 if someone enables it.
2014-12-09 18:18:40 +01:00
Steve Holme
58b317c9da Makefile.inc: Added our standard header and updated file formatting 2014-12-06 19:53:44 +00:00
Guenter Knauf
ccfa139c71 build: updated dependencies in makefiles. 2014-12-05 14:54:25 +01:00
Jay Satiro
7b5ca30917 examples: remove sony.com from 10-at-a-time
Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR
for the sony website because it ends the connection when the request is
missing a user agent.
2014-12-04 14:27:44 -08:00
Peter Wu
4fd0add1cd opts: fix CURLOPT_UNIX_SOCKET_PATH formatting
Add .nf and .fi such that the code gets wrapped in a pre on the web.
Fixed grammar, fixed formatting of the "See also" items.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 06:52:09 -08:00
Daniel Stenberg
b216427e73 opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am 2014-12-03 18:42:45 -08:00
Daniel Stenberg
7853c1cfe6 curl.1: added --unix-socket 2014-12-04 02:52:19 +01:00
Peter Wu
970c22f970 libcurl: add UNIX domain sockets support
The ability to do HTTP requests over a UNIX domain socket has been
requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
discussion happened, no patch seems to get through. I decided to give it
a go since I need to test a nginx HTTP server which listens on a UNIX
domain socket.

One patch [3] seems to make it possible to use the
CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
Another person wrote a Go program which can do HTTP over a UNIX socket
for Docker[4] which uses a special URL scheme (though the name contains
cURL, it has no relation to the cURL library).

This patch considers support for UNIX domain sockets at the same level
as HTTP proxies / IPv6, it acts as an intermediate socket provider and
not as a separate protocol. Since this feature affects network
operations, a new feature flag was added ("unix-sockets") with a
corresponding CURL_VERSION_UNIX_SOCKETS macro.

A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
option enables UNIX domain sockets support for all requests on the
handle (replacing IP sockets and skipping proxies).

A new configure option (--enable-unix-sockets) and CMake option
(ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
deliberately did not mark this feature as advanced, this is a
feature/component that should easily be available.

 [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
 [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
 [2]: http://sourceforge.net/p/curl/feature-requests/53/
 [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
 [4]: https://github.com/Soulou/curl-unix-socket

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00
Dave Reisner
8ef77547d0 curl.1: fix trivial typo 2014-12-03 22:38:46 +01:00
Steve Holme
018b9d421a sasl_gssapi: Introduced GSS-API based SASL module
Added the initial version of curl_sasl_gssapi.c and updated the project
files in preparation for adding GSS-API based Kerberos V5 support.
2014-12-02 21:57:45 +00:00
Bill Nagel
96c3b1a1bb docs: Updated for the SMB protocol
This patch updates the documentation for the SMB/CIFS protocol.
2014-11-30 21:53:30 +00:00
Bill Nagel
557658776f smb: Added SMB protocol and port definitions
Added the necessary protocol and port definitions in order to support
SMB/CIFS.
2014-11-29 21:26:40 +00:00
Steve Holme
982a649aa5 docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion 2014-11-26 23:32:38 +00:00
Steve Holme
aa3e8dd3da CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols 2014-11-25 23:23:42 +00:00
Daniel Stenberg
0beda1a388 curl*3: added small examples
and some minor edits
2014-11-25 14:25:02 +01:00
Daniel Stenberg
7eb7f7c32d libcurl.3: fix formatting
refer to functions with the man page section properly
2014-11-25 11:56:43 +01:00
Daniel Stenberg
b486d1ce05 man pages: SEE ALSO curl_multi_wait 2014-11-25 11:48:56 +01:00
Daniel Stenberg
29aa9a37cc curl_multi_wait.3: clarify numfds being used if not NULL 2014-11-25 11:48:38 +01:00
Daniel Stenberg
bc860548c2 multi-single.c: switch to use curl_multi_wait
Makes the example much easier and straight-forward!
2014-11-25 11:45:38 +01:00
be1a505189 SSL: Add PEM format support for public key pinning 2014-11-24 19:30:09 +01:00
Brad Harder
416cd9ac11 CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option 2014-11-20 10:27:09 +01:00
Steve Holme
804e462305 multi-uv.c: Updated for curl coding standards 2014-11-19 20:15:32 +00:00
Jay Satiro
cb13fad733 examples: Wait recommended 100ms when no file descriptors are ready
Prior to this change when no file descriptors were ready on platforms
other than Windows the multi examples would sleep whatever was in
timeout, which may or may not have been less than the minimum
recommended value [1] of 100ms.

[1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html
2014-11-19 13:34:05 +01:00
Waldek Kozba
9406ab91a2 multi-uv.c: close the file handle after download 2014-11-19 13:28:48 +01:00
Jay Satiro
a607f8a20c examples: Don't call select() to sleep on windows
Windows does not support using select() for sleeping without a dummy
socket. Instead use Windows' Sleep() and sleep for 100ms which is the
minimum suggested value in the curl_multi_fdset() doc.

Prior to this change the multi examples would exit prematurely since
select() would error instead of sleeping when called without an fd.

Reported-by: Johan Lantz
Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html
2014-11-15 21:27:20 +01:00
Michael Osipov
d54b551f6c docs: Use consistent naming for Kerberos 2014-11-15 13:10:45 +00:00
Steve Holme
2e05db347e TODO: Lets support QOP options in GSSAPI authentication 2014-11-15 00:38:00 +00:00
Steve Holme
5d427004c6 INSTALL: Updated pre-processor references to the old VC6 project files
Reworked the two sections that discuss modifying the Visual Studio pre-
processor settings, and vc6libcurl.dsw/vc6libcurl.dsp, to remove the
project files references as they have been superseded by a more thorough
set of project files for VC6 through VC12, but to also give the correct
reference to this setting in later versions of Visual Studio.
2014-11-09 14:22:02 +00:00
Steve Holme
0106575728 INSTALL: Added email protocols to the "Disabling in Win32 builds" section 2014-11-09 13:35:08 +00:00
Steve Holme
7599143dcc version info: Added Kerberos V5 to the supported features 2014-11-07 10:55:14 +00:00
Steve Holme
338b641370 docs: Updated following the addition of SSPI based HTTP digest auth 2014-11-06 23:44:11 +00:00
Daniel Stenberg
9f59fb6d33 curl.1: show zone index use in a URL 2014-11-06 17:35:22 +01:00
Daniel Stenberg
68542e72a9 curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY
Reported-by: Christian Hägele
Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html
2014-11-06 10:15:52 +01:00
Daniel Stenberg
e5a4d1d9e5 THANKS-filter: added another Michał Górny version we've used 2014-11-05 23:14:32 +01:00
Daniel Stenberg
54c8728cd7 contributors.sh: filter common alternative name spellings
docs/THANKS-filter is a new filter file for converting contributor names
we get or have recorded in alternative formats to the one we already use
in THANKS. To help us show individual contributors using a single
presentation of their names.
2014-11-05 13:01:37 +01:00
Daniel Stenberg
08f10fcd02 THANKS: added missing contributor from 2012 2014-11-05 13:01:37 +01:00
Frank Gevaerts
5babaf7491 Remove duplicate names.
The removed names also appear as:
Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien
Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su,
S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder
2014-11-05 13:01:37 +01:00
Daniel Stenberg
ad63f8a53c THANKS: added two missing names and removed a duplicate
./contributors.sh found these extra ones that somehow had fallen
through the cracks and never gotten added here.

Reported-by: Frank Gevaerts
2014-11-05 11:28:59 +01:00
Daniel Stenberg
f222778489 THANKS: added names from 7.39.0 release notes 2014-11-05 09:42:55 +01:00
Steve Holme
5e873952b0 INSTALL: Consistent spacing in section headings, paragraphs and examples 2014-11-04 14:07:55 +00:00
Steve Holme
34f7a3a229 INSTALL: Corrected MIT Kerberos and Heimdal package names 2014-11-04 12:44:54 +00:00
Steve Holme
777c6e3c94 INSTALL: Use GSS-API rather than GSSAPI
As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to the SASL authentication mechanism.

...and minor rewording on the same paragraph.
2014-11-04 11:51:19 +00:00
Daniel Stenberg
fb24990211 opts-Makefile: put more man pages into dist and make hmtl+pdf 2014-11-04 10:40:07 +01:00
Daniel Stenberg
0320f6930d curl_multi_setopt.3: refer to stand-alone pages
... instead of duplicating info.
2014-11-04 10:37:09 +01:00
Daniel Stenberg
1b8977ff7c opts: more multi options as stand-alone man pages 2014-11-04 10:37:09 +01:00
Daniel Stenberg
a14ccfffb8 opts: made stand-alone man-pages for several multi options 2014-11-03 23:50:31 +01:00
Steve Holme
e7497c0c99 CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version number 2014-11-02 11:03:13 +00:00
Steve Holme
a419802c71 CURLOPT_SASL_IR.3: Added supported mechanism information
...and removed duplication of what protocols are supported from the
description text.
2014-11-02 11:03:11 +00:00
Steve Holme
2b535b3947 opts: Use common wording for MAIL related names 2014-11-02 11:03:09 +00:00
Steve Holme
7ba8e0bd01 opts: Use common wording for TLS user/password option names
...and revised the proxy wording a little as well.
2014-11-02 11:03:06 +00:00
Steve Holme
49ae8f8144 CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusing
...and corrected a related typo in curl_easy_setopt.3.
2014-11-02 11:03:04 +00:00
Steve Holme
e7da67f5d3 docs: Added mention of Kerberos for CURL_VERSION_SSPI
As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP,
POP3 and SMTP authentication since v7.38.0.
2014-11-02 01:00:29 +00:00
Steve Holme
569288b3bf CURL_VERSION_KERBEROS4: Mark as deprecated
Support for Kerberos V4 was removed in v7.33.0.
2014-11-02 00:50:16 +00:00
Steve Holme
795885f454 opts: Use common wording for user/password option names 2014-10-31 22:22:19 +00:00
Steve Holme
7d9c1ebd66 CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." text
As this is covered by the PROTOCOLS section and saves having to update
two parts of the document with the same information in future.
2014-10-31 13:14:14 +00:00
Steve Holme
3af962a993 CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPI
As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to an authentication mechanism.
2014-10-31 12:48:48 +00:00
Steve Holme
211ca5ff77 CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol list
Added missing IMAP to the protocol list.
2014-10-31 12:44:43 +00:00
Steve Holme
a9db36d1fd curl_easy_setopt.3: Fixed lots of typos 2014-10-30 22:40:05 +00:00
Steve Holme
acd90fcdc6 curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONS
...as this option affects more that just FTP.
2014-10-30 18:22:25 +00:00
Daniel Stenberg
006556713e CURLOPT_PINNEDPUBLICKEY.3: added details 2014-10-30 14:57:07 +01:00
Steve Holme
b274dedf1b CURLOPT_CUSTOMREQUEST.3: Fixed incomplete protocol list
Whilst the description included information about SMTP, the protocol
list only showed "TTP, FTP, IMAP, POP3".
2014-10-30 12:42:06 +00:00
Steve Holme
89cc9988c9 CURLOPT_DIRLISTONLY.3: Added information about the usage in POP3 2014-10-30 12:42:05 +00:00
Daniel Stenberg
e102478b3d opts: added some "SEE ALSO" references 2014-10-29 22:38:39 +01:00
Steve Holme
f7e24683c4 sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
Fixed the ability to use the current log-in credentials with DIGEST-MD5.
I had previously disabled this functionality in commit 607883f13c as I
couldn't get this to work under Windows 8, however, from testing HTTP
Digest authentication through Windows SSPI and then further testing of
this code I have found it works in Windows 7.

Some further investigation is required to see what the differences are
between Windows 7 and 8, but for now enable this functionality as the
code will return an error when AcquireCredentialsHandle() fails.
2014-10-29 14:24:38 +00:00
Daniel Stenberg
b790bdf46b TODO: consider supporting STAT 2014-10-28 22:31:48 +01:00
Jay Satiro
ec783dc142 SSL: Remove SSLv3 from SSL default due to POODLE attack
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.

- Update CURLOPT_SSLVERSION doc
2014-10-24 13:41:56 +02:00
Daniel Stenberg
e9bbe425d4 *.3: add/extend "SEE ALSO" sections 2014-10-24 09:22:38 +02:00
Daniel Stenberg
019c95f566 curl_easy_pause.3: minor wording edit 2014-10-24 09:16:06 +02:00
Daniel Stenberg
40be9a1c1d curl_getdate.3: provide a "SEE ALSO" section 2014-10-24 09:12:17 +02:00
Daniel Stenberg
bf769d09ec curl_global_init.3: minor formatting fix, add version info 2014-10-24 09:08:22 +02:00
Daniel Stenberg
e116d0a625 CURLOPT_RESOLVE.3: add an example 2014-10-23 14:34:41 +02:00
Daniel Stenberg
4cb7aa067c opts: provide more and updated examples 2014-10-21 13:40:38 +02:00
Daniel Stenberg
4111032511 CURLOPT_RANGE.3: works for SFTP as well
... and added a small example
2014-10-21 13:06:22 +02:00
Daniel Stenberg
50313059fc curl.1: edited for clarity 2014-10-21 11:57:13 +02:00
Daniel Stenberg
1de0823953 CURLOPT_SSLVERSION.3: provide an example 2014-10-21 11:10:03 +02:00
Daniel Stenberg
9069794e5e docs/libcurl/ABI: more markdown friendly 2014-10-21 10:43:12 +02:00
Daniel Stenberg
7b82b07fba docs: edited lots of libcurl docs for clarity 2014-10-21 10:26:40 +02:00
Daniel Stenberg
c857bb68ec opts: added examples 2014-10-21 08:58:24 +02:00
Daniel Stenberg
005f2adaaa HISTORY: two glimpses in 2014 2014-10-21 08:58:24 +02:00
Daniel Stenberg
c927c92086 httpcustomheader.c: make use of more CURLOPT_HTTPHEADER features
... and only do a single request for clarity.
2014-10-16 11:38:32 +02:00
Bruno Thomsen
3621045631 mk-ca-bundle: added SHA-384 signature algorithm
Certificates based on SHA-1 are being phased out[1].
So we should expect a rise in certificates based on SHA-2.
Adding SHA-384 as a valid signature algorithm.

[1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/

Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
2014-10-15 13:23:22 +02:00
Daniel Stenberg
89e543f383 CURLOPT_TLSAUTH_*.3: fix reference typos 2014-10-14 10:23:27 +02:00
Patrick Monnerat
265b9a2e49 vtls: remove QsoSSL 2014-10-13 16:33:47 +02:00
Peter Wu
aec7c5a87c cmake: enable IPv6 by default if available
ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a
Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if
struct sockaddr_in6 is not found in netinet/in.h.

Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more
platform checks even though POSIX requires a thread-safe getaddrinfo.

Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-13 11:21:03 +02:00
Peter Wu
b55502cdae cmake: build tool_hugehelp (ENABLE_MANUAL)
Rather than always outputting an empty manual page for the '-M' option,
generate a full manual page as done by autotools. For simplicity in
CMake, always generate the gzipped page as it will not be used anyway
when zlib is not available.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-12 14:11:42 +02:00
Daniel Stenberg
c6c22aeb44 SECURITY: slightly nicer markdown format 2014-10-10 10:50:23 +02:00
Daniel Stenberg
4f3ba55ed1 RELEASE-PROCEDURE: better markdown, more content 2014-10-10 10:39:01 +02:00
Daniel Stenberg
51f6702fe1 curl_multi_fdset.3: improved the formatting slightly 2014-10-09 13:41:13 +02:00
Daniel Stenberg
93b268ade0 curl_multi_fdset: explain the fd_set arguments 2014-10-09 13:17:27 +02:00
Daniel Stenberg
e0d269c0d8 curl_easy_getinfo.3: spell-fix
Reported-By: Luan Cestari
2014-10-07 15:48:37 +02:00
93e450793c SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
2014-10-07 14:44:19 +02:00
Waldek Kozba
b7d3338df2 multi-uv.c: call curl_multi_info_read() better
Improves it for low-latency cases (like the communication with
localhost)
2014-10-07 10:20:41 +02:00
Jeremy Lin
fa7d04fed4 ssh: improve key file search
For private keys, use the first match from: user-specified key file
(if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa

Note that the previous code only looked for id_dsa files. id_rsa is
now generally preferred, as it supports larger key sizes.

For public keys, use the user-specified key file, if provided.
Otherwise, try to extract the public key from the private key file.
This means that passing --pubkey is typically no longer required,
and makes the key-handling behavior more like OpenSSH.
2014-10-03 16:20:54 +02:00
Daniel Stenberg
b1c4c39c58 CURLOPT_HTTPHEADER.3: libcurl doesn't copy the whole list 2014-10-03 13:35:40 +02:00
Daniel Stenberg
69ce8a72f5 curl.1: mention quoting in the URL section
and separate the example URLs with newlines
2014-10-01 08:29:43 +02:00
Yousuke Kimoto
b10a838a7a CURLOPT_COOKIELIST: Added "RELOAD" command 2014-09-25 16:28:17 +02:00
Michael Wallner
9ee8efc63b CURLOPT_POSTREDIR.3: Added availability for CURL_REDIR_POST_303 2014-09-25 15:14:16 +02:00
Daniel Stenberg
3ef73d9a88 libcurl docs: improvements all over 2014-09-19 15:08:26 +02:00
Daniel Stenberg
9d49e4706e tutorial: signals aren't used for the threaded resolver 2014-09-19 12:54:19 +02:00
Daniel Stenberg
17932a8f7b FAQ: update the pronunciation section
As we weren't using the correct phonetic description and doing it correctly
involves funny letters that I'm sure will cause problems for people in a text
document so I instead rephrased it and link to a WAV file with a person
actually saying 'curl'.

Reported-By: Dimitar Boevski
2014-09-19 10:01:45 +02:00
Daniel Stenberg
841c9884b2 CURLOPT_COOKIE*: added more cross-references 2014-09-18 22:58:12 +02:00
Daniel Stenberg
30fc601e6c BINDINGS: add node-libcurl
Reported-By: Jonathan Cardoso Machado
URL: http://curl.haxx.se/mail/lib-2014-09/0102.html
2014-09-18 09:05:29 +02:00
Daniel Stenberg
06b27ea24c libcurl-tutorial.3: fix GnuTLS link to thread-safety guidelines
The former link was turned into a 404 at some point.

Reported-By: Askar Safin
2014-09-12 21:02:12 +02:00
Daniel Stenberg
748644b72d ROADMAP: markdown eats underscores
It interprets them as italic indictors unless we backtick the word.
2014-09-11 10:56:20 +02:00
Daniel Stenberg
110cf8bc9e ROADMAP: tiny formatting edit for nicer web output 2014-09-11 00:15:12 +02:00
Steve Holme
376f3c10de ROADMAP.md: Updated GSSAPI authentication following 7.38.0 additions 2014-09-10 22:51:07 +01:00
Steve Holme
ae975713c2 INTERNALS: Added email and updated Kerberos details 2014-09-10 22:11:49 +01:00
Steve Holme
ca2c12d353 FEATURES: Updated Kerberos details
Added support for Kerberos 5 to the email protocols following the recent
additions in 7.38.0.

Removed Kerberos 4 as this has been gone for a while now.
2014-09-10 22:11:46 +01:00
Daniel Stenberg
e3be3e69c0 LICENSE-MIXING: removed krb4 info
krb4 has been dropped since a while now
2014-09-10 10:38:31 +02:00
Daniel Stenberg
f213c0db09 SSLCERTS: minor updates
Edited format to look better on the web, added a "it is about trust"
section.
2014-09-10 10:13:04 +02:00
Daniel Stenberg
1ccfabb66d HISTORY: fix the 1998 title position 2014-09-10 00:40:11 +02:00
Daniel Stenberg
40bcd5447c HISTORY: extended and now markdown 2014-09-10 00:34:32 +02:00
Daniel Stenberg
4455f1f599 SSLCERTS: converted to markdown
Only minor edits to make it generate nice HTML output using markdown, as
this document serves both in source release tarballs as on the web site.

URL: http://curl.haxx.se/docs/sslcerts.html
2014-09-09 23:46:58 +02:00
Daniel Stenberg
9e6c3638e6 ftp-wildcard.c: spell fix
Reported-By: Frank Gevaerts
2014-09-09 11:10:18 +02:00
Daniel Stenberg
38ced24ad1 THANKS: synced with RELEASE-NOTES for 921a0c22a6 2014-09-08 10:26:32 +02:00
Daniel Stenberg
55f8b03948 SECURITY: eh, make more sense! 2014-09-08 10:00:18 +02:00
Daniel Stenberg
55d6cba5e1 SECURITY: how to join the curl-security list 2014-09-08 09:39:14 +02:00
Daniel Stenberg
4989695ec3 MAIL-ETIQUETTE: "1.8 I posted, now what?" 2014-09-04 08:57:28 +02:00
Daniel Stenberg
0b48d1c821 CURLOPT_CA*: better refering between *CAINFO and *CAPATH
... and a minor wording edit
2014-09-03 23:04:52 +02:00
Daniel Stenberg
9e50d8f8bc THANKS: added Dennis Clarke
Dennis Clarke from Blastwave.org for ensuring that nightly builds run
smooth on Solaris!
2014-09-03 22:08:25 +02:00
Askar Safin
2434a4e88d getinfo-times: Typo fixed 2014-08-29 16:41:17 +02:00
Askar Safin
c9a981778d libcurl.3: Typo fixed 2014-08-29 16:41:11 +02:00
Daniel Stenberg
367b784738 curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlen 2014-08-29 08:10:38 +02:00
Daniel Stenberg
7bff23b166 curl.1: add an example for -H 2014-08-29 08:07:47 +02:00
Daniel Stenberg
accbbd7dc3 FAQ: mention -w in the 4.20 answer as well 2014-08-28 11:42:00 +02:00
Daniel Stenberg
889de6b285 FAQ: 4.20 curl doesn't return error for HTTP non-200 responses 2014-08-28 11:39:39 +02:00
Daniel Stenberg
1d30f40950 CURLOPT_NOBODY.3: clarify this option is for downloads
When enabling CURLOPT_NOBODY, libcurl effectively switches off upload
mode and will do a download (without a body). This is now better
explained in this man page.

Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html
Reported-by: John Coffey
2014-08-28 00:11:09 +02:00
Daniel Stenberg
1cd5008bba INTERNALS: nghttp2 must be 0.6.0 or later 2014-08-26 23:05:26 +02:00
Dan Fandrich
d4a4a42cb3 THANKS: removed a few more duplicates 2014-08-26 00:38:17 +02:00
Daniel Stenberg
0072422576 THANKS: added 52 missing contributors
I re-ran contributors.sh on all changes since 7.10 and I found these
contributors who are mentioned in the commits but never were added to
THANKS before!

I also removed a couple of duplicates (mostly due to different
spellings).
2014-08-25 23:22:40 +02:00
Daniel Stenberg
a20da5523e curl.1: clarify --limit-rate's effect on both directions
Bug: http://curl.haxx.se/bug/view.cgi?id=1414
Reported-by: teo8976
2014-08-23 00:40:52 +02:00
Daniel Stenberg
5be48639b1 curl.1: mention the --post30x options within the --location desc 2014-08-23 00:00:00 +02:00
Frank Meier
63a0bd4270 NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed
since NTLM requires multiple requests that re-use the same connection
for the authentication to work

Solution: Ignore the forbid reuse flag in case the NTLM authentication
handshake is in progress, according to the NTLM state flag.

Fixed known bug #77.
2014-08-22 16:05:31 +02:00
Daniel Stenberg
b1341b3068 FAQ: some actually sometimes get paid... 2014-08-18 08:38:34 +02:00
Steve Holme
75be5a6681 docs: Escaped single backslash 2014-08-16 11:52:11 +01:00
Steve Holme
c4410c85ab TODO: Updated following GSSAPI (Kerberos V5) additions
Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other
authentication mechanisms" following recent additions.

Added SASL 14.2 GSSAPI via GSS-API libraries.
2014-08-16 11:42:04 +01:00
Steve Holme
97f6049bc2 CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain information
This repeats what has already been documented in both the curl manpage
and CURLOPT_USERPWD documentation but is provided here for completeness
as someone may not especially read the latter when using libcurl.
2014-08-16 10:46:57 +01:00
Steve Holme
29240cb5c1 CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changes
Added information about Kerberos V5 requiring the domain part in the
user name.

Mentioned that the user name can be specified in UPN format, and not
just in Down-Level Logon Name format, following the information
added in commit 7679cb3fa8 reworking the exisitng information in the
process.
2014-08-16 10:42:31 +01:00
Steve Holme
7679cb3fa8 docs: Added Kerberos V5 and NTLM domain information to --user 2014-08-16 10:37:16 +01:00
Steve Holme
0574196acb docs: Added Kerberos V5 to the --user SSPI current credentials usage 2014-08-16 10:16:05 +01:00
Kamil Dudka
cb1f18661a docs/SSLCERTS: update the section about NSS database
Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html
Reported-by: David Shaw
2014-08-11 16:49:54 +02:00
Michael Osipov
37f0e8a32c docs: Update SPNEGO and GSS-API related doc sections
Reflect recent changes in SPNEGO and GSS-API code in the docs.
Update them with appropriate namings and remove visible spots for
GSS-Negotiate.
2014-08-09 00:08:51 +01:00
Steve Holme
f719a97e12 docs: Added Negotiate to the SSPI current credentials usage description 2014-08-07 08:04:40 +01:00
Steve Holme
6c6983f477 TODO: HTTP Digest via Windows SSPI 2014-08-06 22:58:42 +01:00
Steve Holme
c399f6eeb2 TODO: FTP GSSAPI via Windows SSPI 2014-08-06 21:54:27 +01:00
Daniel Stenberg
e4f6adb023 CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it 2014-08-02 23:09:22 +02:00
Daniel Stenberg
8da2124060 FEATURES: minor update 2014-08-01 09:00:06 +02:00
Michael Wallner
7bb4c8cadb CURLOPT_HEADEROPT.3: typo: do -> to 2014-07-31 17:52:08 +02:00
Daniel Stenberg
0c23ec232b curl_version_info.3: 'ssl_version_num' is always 0
... and has been so since 2005
2014-07-31 12:27:15 +02:00
Daniel Stenberg
a439e438f3 ssl: generalize how the ssl backend identifier is set
Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
one which was missing previously.
2014-07-31 12:19:51 +02:00
Dan Fandrich
524bb823c9 opts: fixed some typos 2014-07-30 23:37:24 +02:00
Michael Wallner
df52f3500c curl_tlsinfo -> curl_tlssessioninfo 2014-07-30 11:11:29 +02:00
Daniel Stenberg
37faf55e17 libcurl.m4: include the standard source header
... with permission from David Shaw
2014-07-29 00:06:36 +02:00
Daniel Stenberg
821d4a1e55 symbols: CURL_VERSION_GSSNEGOTIATE is deprecated 2014-07-24 23:47:32 +02:00
Daniel Stenberg
81cd24adb8 http2: more and better error checking
1 - fixes the warnings when built without http2 support

2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
basically when they are about http2 specific things.
2014-07-23 09:23:56 +02:00
Daniel Stenberg
cc52d776dd symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0 2014-07-23 00:01:39 +02:00
Alessandro Ghedini
6f8046f7a4 CURLOPT_CHUNK_BGN_FUNCTION: fix typo 2014-07-19 21:27:38 +02:00
Daniel Stenberg
da172b0dde THANKS: added new contributors from 7.37.1 announcement 2014-07-17 13:18:46 +02:00
David Woodhouse
9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00
Steve Holme
f9b80cded7 CURLOPT_UPLOAD: Corrected argument type 2014-07-10 22:30:43 +01:00
Daniel Stenberg
6273b23a05 FAQ: expand the thread-safe section
... with a mention of *NOSIGNAL, based on talk in bug #1386
2014-07-09 22:07:36 -05:00
Dan Fandrich
3ae2b6cd7f Update instances of some obsolete CURLOPTs to their new names 2014-07-05 22:47:13 +02:00
Dimitrios Siganos
22eb00f937 example: use correct type (long) for CURLOPT_FOLLOWLOCATION 2014-07-03 22:47:28 +02:00
Dimitrios Siganos
afbd5f978e Document type of argument for CURLOPT_FOLLOWLOCATION. 2014-07-03 22:44:45 +02:00
Dimitrios Siganos
7441c6d7af Document type of argument for CURLOPT_ERRORBUFFER. 2014-07-03 22:44:45 +02:00
Dimitrios Siganos
3e0443239a Document type of argument for CURLOPT_COPYPOSTFIELDS. 2014-07-03 22:44:45 +02:00
Dimitrios Siganos
8b8cc85d8d Document type of argument for CURLOPT_ADDRESS_SCOPE. 2014-07-03 22:44:45 +02:00
Daniel Stenberg
97db9fb653 curl.1: minor language fix
Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
2014-07-03 22:37:43 +02:00
Dan Fandrich
1c1d9a3a86 opts: fixed some CURLOPT references so they get turned into links 2014-07-02 21:40:39 +02:00
Dan Fandrich
46a886cd48 opts: Document the socket callback function parameters 2014-07-01 08:12:11 +02:00
Steve Holme
1b6bc02fb9 opts: Fixed some typos 2014-06-28 12:40:06 +01:00
Dan Fandrich
057cc2e915 curl_easy_setopt.3: fixed the error code for an unsupported option 2014-06-25 22:33:32 +02:00
Dan Fandrich
d8287ca8bc opts: added some DEFAULT and RETURN VALUE sections 2014-06-24 00:00:34 +02:00
Daniel Stenberg
cf1f8d4528 libcurl docs: man page edits
mainly to improve how the web versions render
2014-06-21 23:52:06 +02:00
Dan Fandrich
c66c2dd755 curl_easy_setopt.3: fixed some typos 2014-06-21 20:43:04 +02:00
Daniel Stenberg
c7e491f9c2 lib man pages: update easy setopt option references
... by using the "\fIopt(3)\fP" syntax they will be linked properly when
the web version of the page is generated.
2014-06-21 20:21:47 +02:00
Daniel Stenberg
7d618c477f opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default 2014-06-21 20:03:35 +02:00
Daniel Stenberg
ac5b6f8082 curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception
... to the always-copy-char *-argument.

And fix some minor mistakes.
2014-06-21 19:46:45 +02:00
Daniel Stenberg
ecacdb3430 curl_easy_setopt.3: refer to the individual man pages
With all the new individual option man pages created, this now refers to
each separate one instead of duplicaing the info. Also makes this page
easier to overview.
2014-06-21 15:45:50 +02:00
Dan Fandrich
d4cc9db64d opts: fixed mancheck for out-of-tree builds 2014-06-21 11:22:04 +02:00
Daniel Stenberg
31b28a0942 curl_easy_setopt.3: shorten
shorten descriptions, mostly refer to the separate descriptions
2014-06-21 00:04:13 +02:00
Daniel Stenberg
25a975408e CURLOPT_DNS_LOCAL_IP4.3: better short desc 2014-06-21 00:04:13 +02:00
Dan Fandrich
c088f29b98 opts: document CURLE_OUT_OF_MEMORY among other return values 2014-06-20 23:43:46 +02:00
Dan Fandrich
59d5b4ce06 opts: fixed some typos 2014-06-20 23:31:06 +02:00
Daniel Stenberg
68d1bea5fc opts: various corrections 2014-06-20 01:10:34 +02:00
Daniel Stenberg
662f749cec opts: add the rest of the options
... and fixed mancheck to ignore obsolete options
2014-06-20 01:02:49 +02:00
Daniel Stenberg
290e1bbe0d opts: the final bunch of options as man pages
Now all current options have their own man pages.
2014-06-20 00:58:18 +02:00
Daniel Stenberg
a6cd174b2e opts: 37 additional man pages 2014-06-19 17:59:13 +02:00
Daniel Stenberg
fede49532d CURLOPT_URL: move up the text from "Notes" 2014-06-19 15:11:49 +02:00
Daniel Stenberg
49078ae363 ROADMAP: removed, now ROADMAP.md 2014-06-19 15:11:28 +02:00
Daniel Stenberg
42d199b1f1 ROADMAP.md: make it markdown formatted 2014-06-19 14:16:14 +02:00
Daniel Stenberg
00d84a2f3e ROADMAP: initial commit of "curl the next few years"
To be further discussed, debated and edited
2014-06-19 14:08:12 +02:00
Daniel Stenberg
c31e6d223a opts: more man pages 2014-06-19 13:53:13 +02:00
Daniel Stenberg
47311e4c7e CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T' 2014-06-19 08:40:51 +02:00
Daniel Stenberg
ba1d831cf1 opts: makefile now includes all current man pages 2014-06-19 00:08:18 +02:00
Daniel Stenberg
ae353b0b20 opts: 11 more man pages 2014-06-19 00:03:17 +02:00
Dan Fandrich
efbffa2fb7 opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE 2014-06-18 23:28:13 +02:00
Dan Fandrich
479675f23e opts: fixed a couple of typos 2014-06-18 23:07:08 +02:00
Daniel Stenberg
8fab76e8f3 opts: 16 more man pages 2014-06-18 14:40:26 +02:00
Daniel Stenberg
c3954ffb25 opts: more man pages 2014-06-18 13:18:58 +02:00
Daniel Stenberg
38bf85fd61 CURLOPT_READFUNCTION.3: add short desc 2014-06-18 11:55:13 +02:00
Daniel Stenberg
de6b89262e CURLOPT_LOW_SPEED_LIMIT.3: language 2014-06-18 11:54:42 +02:00
Daniel Stenberg
e34bdc3187 opts: 4 more man pages 2014-06-18 11:45:22 +02:00
Daniel Stenberg
1a876a37cf opts: add all existing man pages to the dist 2014-06-18 10:18:00 +02:00
Daniel Stenberg
082d5300db libcurl build: use correct dir when cd'ing to opts for pdf building 2014-06-18 10:15:07 +02:00
Dan Fandrich
455bfedc84 opts: fixed a few typos 2014-06-18 00:54:30 +02:00
Daniel Stenberg
38d517fcd4 opts: 29 more options as man pages 2014-06-18 00:30:02 +02:00
Daniel Stenberg
0890bb6a51 opts: 9 more options as separate man pages 2014-06-17 18:04:40 +02:00
Daniel Stenberg
0042557598 opts: 3 more options as man pages 2014-06-17 16:48:16 +02:00
Daniel Stenberg
d865376c1d opts: 7 more setopt options as individual man pages 2014-06-17 11:39:26 +02:00
Daniel Stenberg
0219d4e04e opts template: provide a filled in error code phrase 2014-06-17 11:38:51 +02:00
Daniel Stenberg
c522c7ba88 CURLOPT_SOCKOPTFUNCTION.3: clarify return code 2014-06-17 10:10:13 +02:00
Daniel Stenberg
89a2178bc9 CURLOPT_WRITEDATA.3: move version info to AVAILABILITY 2014-06-17 10:02:14 +02:00
Daniel Stenberg
5d746fc98c opts: 4 more options with stand-alone man pages 2014-06-17 09:54:58 +02:00
Daniel Stenberg
d8aa360058 CURLOPT_READFUNCTION.3: see also the seekfunction 2014-06-17 09:54:40 +02:00
Daniel Stenberg
a6882a3a49 CURLOPT_IOCTLFUNCTION.3: fill in short desc 2014-06-17 08:12:14 +02:00
Dan Fandrich
4a2da38bed CURLOPT_READDATA.3: fixed typo 2014-06-17 00:47:25 +02:00
Daniel Stenberg
b56dff79ad opts: initial makefile
with a bonus first rough 'mancheck' target to see which man pages that
are still missing
2014-06-17 00:29:02 +02:00
Daniel Stenberg
e029243727 CURLOPT_IOCTLFUNCTION.3: initial man page 2014-06-17 00:15:41 +02:00
Daniel Stenberg
bb71f1aa25 CURLOPT_WRITEFUNCTION: changed the order of some sentences
First explain the data then describe what the callback should return.
2014-06-17 00:02:22 +02:00
Daniel Stenberg
b203377df7 CURLOPT_WRITEFUNCTION.3: improved language
Suggestions-by: Jeff Pohlmeyer
2014-06-16 23:55:30 +02:00
Daniel Stenberg
28b698858c opts docs: 3 more options in their own man pages 2014-06-16 23:01:12 +02:00
Daniel Stenberg
7ad9cb12b2 template: a template for adding new option man pages
Inludes all the sections to consider.
2014-06-16 22:16:13 +02:00
Daniel Stenberg
a5e498b543 CURLOPT_WRITEFUNCTION: add RETURN VALUE and DEFAULT sections 2014-06-16 22:01:08 +02:00
Daniel Stenberg
e810ddbb70 CURLOPT_WRITEFUNCTION: initial man page 2014-06-16 20:27:37 +02:00
Daniel Stenberg
0761f17560 CURLOPT_WILDCARDMATCH: initial man page 2014-06-16 20:27:28 +02:00