1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-04 16:45:06 -05:00
curl/docs
Matthias Gatto 08e8455ddd
http: introduce AWS HTTP v4 Signature
It is a security process for HTTP.

It doesn't seems to be standard, but it is used by some cloud providers.

Aws:
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Outscale:
https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request
GCP (I didn't test that this code work with GCP though):
https://cloud.google.com/storage/docs/access-control/signing-urls-manually

most of the code is in lib/http_v4_signature.c

Information require by the algorithm:
- The URL
- Current time
-  some prefix that are append to some of the signature parameters.

The data extracted from the URL are: the URI, the region,
the host and the API type

example:
https://api.eu-west-2.outscale.com/api/latest/ReadNets
        ~~~ ~~~~~~~~               ~~~~~~~~~~~~~~~~~~~
        ^       ^                          ^
       /         \                        URI
   API type     region

Small description of the algorithm:
- make canonical header using content type, the host, and the date
- hash the post data
- make canonical_request using custom request, the URI,
  the get data, the canonical header, the signed header
  and post data hash
- hash canonical_request
- make str_to_sign using one of the prefix pass in parameter,
  the date, the credential scope and the canonical_request hash
- compute hmac from date, using secret key as key.
- compute hmac from region, using above hmac as key
- compute hmac from api_type, using above hmac as key
- compute hmac from request_type, using above hmac as key
- compute hmac from str_to_sign using above hmac as key
- create Authorization header using above hmac, prefix pass in parameter,
  the date, and above hash

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>

Closes #5703
2020-12-21 16:27:50 +01:00
..
cmdline-opts curl: add --create-file-mode [mode] 2020-12-21 10:52:41 +01:00
examples examples: remove superfluous asterisk uses 2020-12-16 09:24:16 +01:00
libcurl http: introduce AWS HTTP v4 Signature 2020-12-21 16:27:50 +01:00
.gitignore gitignore: Ignore man page dist files 2017-03-07 23:27:31 +01:00
ALTSVC.md alt-svc: enable by default 2020-10-25 23:08:54 +01:00
BINDINGS.md BINDINGS: PureBasic, Net::Curl for perl and Nim 2019-09-29 22:39:31 +02:00
BUG-BOUNTY.md BUG-BOUNTY: minor language update 2020-12-15 08:57:07 +01:00
BUGS.md curl.se: new home 2020-11-04 23:59:47 +01:00
CHECKSRC.md src: Consistently spell whitespace without whitespace 2020-09-30 21:10:14 +02:00
CIPHERS.md curl.se: new home 2020-11-04 23:59:47 +01:00
CMakeLists.txt curl.se: new home 2020-11-04 23:59:47 +01:00
CODE_OF_CONDUCT.md docs: Update to secure URL versions 2017-09-04 14:08:54 +00:00
CODE_REVIEW.md docs: Fix some typos 2020-12-12 09:59:28 -08:00
CODE_STYLE.md docs: enable syntax highlighting in several docs files 2020-12-11 18:06:41 +01:00
CONTRIBUTE.md curl.se: new home 2020-11-04 23:59:47 +01:00
curl-config.1 curl.se: new home 2020-11-04 23:59:47 +01:00
CURL-DISABLE.md alt-svc: enable by default 2020-10-25 23:08:54 +01:00
DEPRECATE.md polarssl: removed 2020-01-16 11:55:56 +01:00
DYNBUF.md docs: enable syntax highlighting in several docs files 2020-12-11 18:06:41 +01:00
ECH.md curl.se: new home 2020-11-04 23:59:47 +01:00
EXPERIMENTAL.md hsts: add support for Strict-Transport-Security 2020-11-03 16:08:42 +01:00
FAQ docs: Fix some typos 2020-12-12 09:59:28 -08:00
FEATURES.md docs/FEATURE: convert to markdown 2020-10-15 15:47:38 +02:00
GOVERNANCE.md docs: change "web site" to "website" 2020-08-17 00:14:18 +02:00
HELP-US.md docs: Fix some typos 2020-12-12 09:59:28 -08:00
HISTORY.md HISTORY: the new domain 2020-11-04 23:59:53 +01:00
HSTS.md hsts: add support for Strict-Transport-Security 2020-11-03 16:08:42 +01:00
HTTP2.md docs: Fix some typos 2020-12-12 09:59:28 -08:00
HTTP3.md http3: use the master branch of GnuTLS for testing 2020-11-22 16:40:05 +01:00
HTTP-COOKIES.md curl.se: new home 2020-11-04 23:59:47 +01:00
HYPER.md docs: add HYPER.md 2020-12-18 09:58:03 +01:00
INSTALL INSTALL: converted to markdown => INSTALL.md 2016-10-21 15:57:29 +02:00
INSTALL.cmake TLS naming: fix more Winssl and Darwinssl leftovers 2020-08-08 00:19:21 +02:00
INSTALL.md docs: enable syntax highlighting in several docs files 2020-12-11 18:06:41 +01:00
INTERNALS.md docs: Fix some typos 2020-12-12 09:59:28 -08:00
KNOWN_BUGS KNOWN_BUGS: Remote recursive folder creation with SFTP 2020-12-20 22:49:59 +01:00
MAIL-ETIQUETTE curl.se: new home 2020-11-04 23:59:47 +01:00
Makefile.am docs: add HYPER.md 2020-12-18 09:58:03 +01:00
MANUAL.md docs: enable syntax highlighting in several docs files 2020-12-11 18:06:41 +01:00
mk-ca-bundle.1 curl.se: new home 2020-11-04 23:59:47 +01:00
MQTT.md docs/MQTT: remove outdated paaragraphs 2020-09-21 11:02:32 +02:00
NEW-PROTOCOL.md NEW-PROTOCOL: document what needs to be done to add one 2020-12-01 10:18:46 +01:00
options-in-versions curl: add --create-file-mode [mode] 2020-12-21 10:52:41 +01:00
PARALLEL-TRANSFERS.md docs: fix typos 2019-11-28 12:58:47 +01:00
README.md curl.se: new home 2020-11-04 23:59:47 +01:00
RELEASE-PROCEDURE.md RELEASE-PROCEDURE.md: add more future release dates 2020-08-17 10:44:10 +02:00
ROADMAP.md curl.se: new home 2020-11-04 23:59:47 +01:00
SECURITY-PROCESS.md SECURITY-PROCESS: disclose on hackerone 2020-12-03 22:29:34 +01:00
SSL-PROBLEMS.md curl.se: new home 2020-11-04 23:59:47 +01:00
SSLCERTS.md curl.se: new home 2020-11-04 23:59:47 +01:00
THANKS RELEASE-NOTES: synced 2020-12-09 07:38:24 +01:00
THANKS-filter THANKS-filter: ignore autobuild links 2020-11-09 10:15:15 +01:00
TheArtOfHttpScripting.md docs: enable syntax highlighting in several docs files 2020-12-11 18:06:41 +01:00
TODO TODO: alt-svc should fallback if alt-svc doesn't work 2020-12-18 23:39:22 +01:00
URL-SYNTAX.md URL-SYNTAX: add gophers details 2020-12-15 12:58:19 +01:00
VERSIONS.md docs: enable syntax highlighting in several docs files 2020-12-11 18:06:41 +01:00

curl logo

Documentation

You'll find a mix of various documentation in this directory and subdirectories, using several different formats. Some of them are not ideal for reading directly in your browser.

If you'd rather see the rendered version of the documentation, check out the curl website's documentation section for general curl stuff or the libcurl section for libcurl related documentation.