curl/docs
Jay Satiro 54e7475016 schannel: Disable auto credentials; add an option to enable it
- Disable auto credentials by default. This is a breaking change
  for clients that are using it, wittingly or not.

- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
  to automatically locate and use a client certificate for
  authentication, when requested by the server.

- New curl tool options --ssl-auto-client-cert and
  --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.

This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.

Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn

Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard

Closes https://github.com/curl/curl/pull/6673
2021-04-22 16:53:37 -04:00
..
cmdline-opts schannel: Disable auto credentials; add an option to enable it 2021-04-22 16:53:37 -04:00
examples tidy-up: make conditional checks more consistent 2021-04-22 09:10:17 +02:00
libcurl schannel: Disable auto credentials; add an option to enable it 2021-04-22 16:53:37 -04:00
.gitignore gitignore: Ignore man page dist files 2017-03-07 23:27:31 +01:00
ALTSVC.md alt-svc: enable by default 2020-10-25 23:08:54 +01:00
BINDINGS.md BINDINGS: PureBasic, Net::Curl for perl and Nim 2019-09-29 22:39:31 +02:00
BUFREF.md bufref: buffer reference support 2021-04-22 09:05:53 +02:00
BUG-BOUNTY.md BUG-BOUNTY: removed the cooperation mention 2021-02-03 14:24:25 +01:00
BUGS.md BUGS: language polish 2021-02-18 08:47:27 +01:00
CHECKSRC.md checksrc: complain on == NULL or != 0 checks in conditions 2021-04-22 09:10:17 +02:00
CIPHERS.md curl.se: new home 2020-11-04 23:59:47 +01:00
CMakeLists.txt curl.se: new home 2020-11-04 23:59:47 +01:00
CODE_OF_CONDUCT.md docs: Update to secure URL versions 2017-09-04 14:08:54 +00:00
CODE_REVIEW.md docs: Fix some typos 2020-12-12 09:59:28 -08:00
CODE_STYLE.md CODE_STYLE.md: fix broken link to INTERNALS 2021-02-21 23:34:13 +01:00
CONTRIBUTE.md curl.se: new home 2020-11-04 23:59:47 +01:00
CURL-DISABLE.md hsts: enable by default 2021-04-19 08:22:16 +02:00
DEPRECATE.md polarssl: removed 2020-01-16 11:55:56 +01:00
DYNBUF.md docs: enable syntax highlighting in several docs files 2020-12-11 18:06:41 +01:00
ECH.md curl.se: new home 2020-11-04 23:59:47 +01:00
EXPERIMENTAL.md hsts: enable by default 2021-04-19 08:22:16 +02:00
FAQ vtls: initial implementation of rustls backend 2021-02-09 11:06:18 +01:00
FEATURES.md docs/FEATURE: convert to markdown 2020-10-15 15:47:38 +02:00
GOVERNANCE.md docs: change "web site" to "website" 2020-08-17 00:14:18 +02:00
HELP-US.md docs: Fix some typos 2020-12-12 09:59:28 -08:00
HISTORY.md HISTORY: add two 2021 events 2021-03-29 09:05:12 +02:00
HSTS.md hsts: add support for Strict-Transport-Security 2020-11-03 16:08:42 +01:00
HTTP-COOKIES.md curl.se: new home 2020-11-04 23:59:47 +01:00
HTTP2.md HTTP2: remove the outdated remark about multiplexing for the tool 2021-03-16 00:35:38 +01:00
HTTP3.md configure: provide --with-openssl, deprecate --with-ssl 2021-04-15 09:08:34 +02:00
HYPER.md misc: fix typos 2021-01-11 15:12:25 +01:00
INSTALL INSTALL: converted to markdown => INSTALL.md 2016-10-21 15:57:29 +02:00
INSTALL.cmake TLS naming: fix more Winssl and Darwinssl leftovers 2020-08-08 00:19:21 +02:00
INSTALL.md configure: provide --with-openssl, deprecate --with-ssl 2021-04-15 09:08:34 +02:00
INTERNALS.md language: s/behaviour/behavior/g 2021-01-02 23:35:59 +01:00
KNOWN_BUGS tool_getparam: replace (in-place) '%20' by '+' according to RFC1866 2021-04-15 13:45:12 +02:00
MAIL-ETIQUETTE curl.se: new home 2020-11-04 23:59:47 +01:00
MANUAL.md docs: fix FILE example url in --metalink documentation 2021-02-05 13:34:12 +01:00
MQTT.md docs/MQTT: remove outdated paaragraphs 2020-09-21 11:02:32 +02:00
Makefile.am bufref: buffer reference support 2021-04-22 09:05:53 +02:00
NEW-PROTOCOL.md docs: fix typos in NEW-PROTOCOL.md 2021-01-17 12:56:03 +01:00
PARALLEL-TRANSFERS.md docs: fix typos 2019-11-28 12:58:47 +01:00
README.md curl.se: new home 2020-11-04 23:59:47 +01:00
RELEASE-PROCEDURE.md RELEASE-PROCEDURE: remove old release dates, add new 2021-02-08 14:04:05 +01:00
ROADMAP.md ROADMAP: refreshed 2021-01-14 09:49:17 +01:00
RUSTLS.md docs: document version of crustls dependency 2021-03-21 00:16:32 +01:00
SECURITY-PROCESS.md SECURITY-PROCESS: disclose on hackerone 2020-12-03 22:29:34 +01:00
SSL-PROBLEMS.md docs: Fix typos 2021-02-25 09:28:00 +01:00
SSLCERTS.md curl.se: new home 2020-11-04 23:59:47 +01:00
THANKS THANKS: add names from 7.76.1 2021-04-13 14:32:30 +02:00
THANKS-filter mailmap: Jon Rumsey 2021-02-05 08:46:11 +01:00
TODO schannel: Disable auto credentials; add an option to enable it 2021-04-22 16:53:37 -04:00
TheArtOfHttpScripting.md docs: enable syntax highlighting in several docs files 2020-12-11 18:06:41 +01:00
URL-SYNTAX.md URL-SYNTAX: add gophers details 2020-12-15 12:58:19 +01:00
VERSIONS.md docs: enable syntax highlighting in several docs files 2020-12-11 18:06:41 +01:00
curl-config.1 curl.se: new home 2020-11-04 23:59:47 +01:00
mk-ca-bundle.1 curl.se: new home 2020-11-04 23:59:47 +01:00
options-in-versions schannel: Disable auto credentials; add an option to enable it 2021-04-22 16:53:37 -04:00

README.md

curl logo

Documentation

You'll find a mix of various documentation in this directory and subdirectories, using several different formats. Some of them are not ideal for reading directly in your browser.

If you'd rather see the rendered version of the documentation, check out the curl website's documentation section for general curl stuff or the libcurl section for libcurl related documentation.