1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-18 15:35:03 -05:00
Commit Graph

155 Commits

Author SHA1 Message Date
Daniel Stenberg
fecec1d8ae
curl: add --proxy-pinnedpubkey
To verify a proxy's public key. For when using HTTPS proxies.

Fixes #2192
Closes #2268
2018-01-30 08:00:31 +01:00
Gisle Vanem
859ac36021 tool_getparam: Support size modifiers for --max-filesize
- Move the size modifier detection code from limit-rate to its own
  function so that it can also be used with max-filesize.

Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc.

For example --max-filesize 1G

Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html

Closes https://github.com/curl/curl/pull/2179
2017-12-26 02:01:48 -05:00
Daniel Stenberg
ee8016b3de curl: speed up handling of many URLs
By properly keeping track of the last entry in the list of URLs/uploads
to handle, curl now avoids many meaningless traverses of the list which
speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K
URLs).

Added test 1291, to verify that it doesn't take ages - but we don't have
any detection of "too slow" command in the test suite.

Reported-by: arainchik on github
Fixes #1959
Closes #2052
2017-11-04 20:56:26 +01:00
Daniel Stenberg
e5743f08e7
code style: use spaces around pluses 2017-09-11 09:29:50 +02:00
Daniel Stenberg
6b84438d9a
code style: use spaces around equals signs 2017-09-11 09:29:50 +02:00
Patrick Monnerat
fec7a858b8 mime: use in curl cli tool instead of form API.
Extended -F option syntax to support multipart mail messages.
-F keyword headers= added to include custom headers in parts.
Documentation upgraded.
2017-09-02 18:17:33 +01:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00
Daniel Stenberg
ff50fe0348
strtoofft: reduce integer overflow risks globally
... make sure we bail out on overflows.

Reported-by: Brian Carpenter
Closes #1758
2017-08-14 23:33:41 +02:00
Daniel Stenberg
5c7455fe76 curl: detect and bail out early on parameter integer overflows
Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.

Fixes #1730
Closes #1736
2017-08-07 09:38:45 +02:00
Daniel Stenberg
d6c8def82a getparameter: avoid returning uninitialized 'usedarg'
Fixes #1728
2017-08-05 11:52:27 +02:00
Jay Satiro
17da675002 tool_getparam: fix potentially uninitialized err 2017-07-09 12:04:42 -04:00
Kamil Dudka
ce2c3ebda2 curl --socks5-{basic,gssapi}: control socks5 auth
Closes https://github.com/curl/curl/pull/1454
2017-06-28 08:03:00 +02:00
Jay Satiro
922f800603 tool_getparam: fix memory leak on test 1147 OOM (torture tests)
Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872
Reported-by: Dan Fandrich
2017-06-26 01:05:02 -04:00
Daniel Stenberg
9b167fd090 --request-target: instead of --strip-path-slash
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH.

This option instead provides the full "alternative" target to use in the
request, instead of extracting the path from the URL.

Test 1298 and 1299 updated accordingly.

Idea-by: Evert Pot
Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373

Closes #1593
2017-06-21 23:39:10 +02:00
Daniel Stenberg
b778ae4c5e http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH
... to enable sending "OPTIONS *" which wasn't possible previously.

This option currently only works for HTTP.

Added test cases 1298 + 1299 to verify

Fixes #1280
Closes #1462
2017-06-19 16:39:22 +02:00
Daniel Stenberg
5385450afd curl: prevent binary output spewed to terminal
... unless "--output -" is used. Binary detection is done by simply
checking for a binary zero in early data.

Added test 1425 1426 to verify.

Closes #1512
2017-06-16 23:38:13 +02:00
Daniel Stenberg
84b9458837 curl: allow --header and --proxy-header read from file
So many headers can be provided as @filename.

Suggested-by: Timothe Litt

Closes #1486
2017-06-15 11:09:40 +02:00
Marcel Raad
4dc8499494
tool: fix remaining -Wcast-qual warnings
Avoid casting away low-level const.
2017-05-09 19:20:28 +02:00
Daniel Stenberg
a8e388dd10 curl: remove tool_writeenv.[ch]
... and USE_ENVIRONMENT and --environment. It was once added for RISC OS
support and its platform specific behavior has been annoying ever
since. Added in commit c3c8bbd3b2, mostly unchanged since
then. Most probably not actually used for years.

Closes #1463
2017-05-06 23:13:08 +02:00
Daniel Stenberg
ff10852158 curl: fix warning "comma at end of enumerator list" 2017-05-04 15:49:38 +02:00
Daniel Stenberg
913c3c8f54 curl: non-boolean command line args reject --no- prefixes
... and instead properly respond with an error message to the user
instead of silently ignoring.

Fixes #1453
Closes #1458
2017-05-02 23:09:54 +02:00
Jay Satiro
5b13619da4 tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS
- Include tool_convert.h where needed.

Bug: https://github.com/curl/curl/issues/1460
Reported-by: Gisle Vanem
2017-05-01 14:48:45 -04:00
Sylvestre Ledru
66de563482 Improve code readbility
... by removing the else branch after a return, break or continue.

Closes #1310
2017-03-13 23:11:45 +01:00
Desmond O. Chang
d2bcf1e3e2 url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing
  proxy CONNECT response headers from the user callback functions
  CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION.

- Add new tool option --suppress-connect-headers to expose
  CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT
  response headers from --dump-header and --include.

Assisted-by: Jay Satiro
Assisted-by: CarloCannas@users.noreply.github.com
Closes https://github.com/curl/curl/pull/783
2017-03-12 01:32:33 -05:00
Jozef Kralik
6448f98c18 vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.

Closes https://github.com/curl/curl/pull/1166
2017-03-08 15:54:07 +01:00
Nick Draffen
690935390c curl: fix typo in time condition warning message
The warning message had a typo. The argument long form is --time-cond
not --timecond

Closes #1263
2017-02-14 22:50:15 +01:00
Isaac Boukris
1d786faee1 unix_socket: add support for abstract unix domain socket
In addition to unix domain sockets, Linux also supports an
abstract namespace which is independent of the filesystem.

In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET
option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH
internally, along with a flag to specify abstract socket.

On non-supporting platforms, the abstract address will be
interpreted as an empty string and fail gracefully.

Also add new --abstract-unix-socket tool parameter.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reported-by: Chungtsun Li (typeless)
Reviewed-by: Daniel Stenberg
Reviewed-by: Peter Wu
Closes #1197
Fixes #1061
2017-01-13 16:25:20 +01:00
Daniel Stenberg
de0cd5e55a tool_getparam.c: make comments use the up-to-date option names 2016-12-17 23:49:11 +01:00
Daniel Stenberg
845522cadb preproxy: renamed what was added as SOCKS_PROXY
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY

Added the corresponding --preroxy command line option. Sets a SOCKS
proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16 16:04:23 +01:00
Daniel Stenberg
642398c651 curl: normal socks proxies still use CURLOPT_PROXY
... the newly introduced CURLOPT_SOCKS_PROXY is special and should be
asked for specially. (Needs new code.)

Unified proxy type to a single variable in the config struct.
2016-12-16 15:34:14 +01:00
Daniel Stenberg
1c3e8bbfed checksrc: warn for assignments within if() expressions
... they're already frowned upon in our source code style guide, this
now enforces the rule harder.
2016-12-14 01:29:44 +01:00
Daniel Stenberg
b228d2952b checksrc: stricter no-space-before-paren enforcement
In order to make the code style more uniform everywhere
2016-12-13 23:39:11 +01:00
Daniel Stenberg
720ea577dc curl: remove --proxy-ssl* options
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS
proxy. Those protocols are insecure by design and deprecated.
2016-11-28 00:07:45 +01:00
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Daniel Stenberg
f82bbe01c8 curl: add --fail-early
Exit with an error on the first transfer error instead of continuing to
do the rest of the URLs.

Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-14 08:35:40 +01:00
Daniel Hwang
cdfda3ee82 curl: Add --retry-connrefused
to consider ECONNREFUSED as a transient error.

Closes #1064
2016-11-11 10:00:54 +01:00
Kamil Dudka
a110a03b43 curl: introduce the --tlsv1.3 option to force TLS 1.3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 12:07:11 +01:00
Daniel Stenberg
95bd2b3e7f strcase: make the tool use curl_str[n]equal instead
As they are after all part of the public API. Saves space and reduces
complexity. Remove the strcase defines from the curlx_ family.

Suggested-by: Dan Fandrich
Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
2016-10-31 21:51:19 +01:00
Daniel Stenberg
811a693b80 strcasecompare: all case insensitive string compares ignore locale now
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
Daniel Stenberg
502acba2af strcasecompare: is the new name for strequal()
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
2016-10-31 08:46:35 +01:00
David Woodhouse
01f69232b0 curl: allow "pkcs11:" prefix for client certificates
RFC7512 provides a standard method to reference certificates in PKCS#11
tokens, by means of a URI starting 'pkcs11:'.

We're working on fixing various applications so that whenever they would
have been able to use certificates from a file, users can simply insert
a PKCS#11 URI instead and expect it to work. This expectation is now a
part of the Fedora packaging guidelines, for example.

This doesn't work with cURL because of the way that the colon is used
to separate the certificate argument from the passphrase. So instead of

   curl -E 'pkcs11:manufacturer=piv_II;id=%01' …

I instead need to invoke cURL with the colon escaped, like this:

   curl -E 'pkcs11\:manufacturer=piv_II;id=%01' …

This is suboptimal because we want *consistency* — the URI should be
usable in place of a filename anywhere, without having strange
differences for different applications.

This patch therefore disables the processing in parse_cert_parameter()
when the string starts with 'pkcs11:'. It means you can't pass a
passphrase with an unescaped PKCS#11 URI, but there's no need to do so
because RFC7512 allows a PIN to be given as a 'pin-value' attribute in
the URI itself.

Also, if users are already using RFC7512 URIs with the colon escaped as
in the above example — even providing a passphrase for cURL to handling
instead of using a pin-value attribute, that will continue to work
because their string will start 'pkcs11\:' and won't match the check.

What *does* break with this patch is the extremely unlikely case that a
user has a file which is in the local directory and literally named
just "pkcs11", and they have a passphrase on it. If that ever happened,
the user would need to refer to it as './pkcs11:<passphrase>' instead.
2016-08-17 11:35:16 +02:00
Daniel Stenberg
ce7826f613 curl: remove "--socks" as "--socks5" turned 8
In commit 2e42b0a252 (Jan 2008) we made the option "--socks" deprecated
and it has not been documented since. The more explicit socks options
(like --socks4 or --socks5) should be used.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
d0f42e5273 curl: remove --http-request
It was mentioned as deprecated already in commit ae1912cb0d from
1999. It has not been documented in this millennium.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
10ea631390 curl: use --telnet-option as documented
The code said "telnet-options" but no documentation ever said so. It
worked fine since the code is fine with a unique match of the first
part.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
d6fa190503 getparam: remove support for --ftpport
It has been deprecated and undocumented since commit ad5ead8bed (Dec
2003). --ftp-port is the proper long option name.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
b499973c7b aliases: remove trailing space from capath string 2016-04-29 00:31:37 +02:00
Daniel Stenberg
388c6b5e75 cmdline parse: only single letter options have single-letter strings
... moved around options so that parsing the code to find all
single-letter options easier.
2016-04-29 00:31:37 +02:00
Alessandro Ghedini
d49087f6bc tool: add --tcp-fastopen option 2016-04-18 23:17:19 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Steve Holme
ccf7a82605 CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
As these two options provide identical functionality, the former for
SOCK5 proxies and the latter for HTTP proxies, merged the two options
together.

As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
7.49.0.
2016-04-09 20:47:05 +01:00