curl/docs/libcurl/symbols-in-versions, branch gemini-meta cURL mirror with patches applied setopt: support certificate options in memory with struct curl_blob 2020-05-15T11:03:59+00:00 Gilles Vollant info@winimage.com 2020-05-15T08:47:46+00:00 cac5374298b3e79405bbdabe38941227c73a4c96 This change introduces a generic way to provide binary data in setopt options, called BLOBs. This change introduces these new setopts: CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB, CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB. Reviewed-by: Daniel Stenberg Closes #5357 
This change introduces a generic way to provide binary data in setopt
options, called BLOBs.

This change introduces these new setopts:

CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB,
CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB.

Reviewed-by: Daniel Stenberg
Closes #5357
CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl) 2020-05-08T13:55:04+00:00 Gilles Vollant info@winimage.com 2019-09-13T09:24:00+00:00 148534db57dda611cf8516e92e4d6e35fc1e5074 Closes #4346 
Closes #4346
mqtt: add new experimental protocol 2020-04-14T11:03:40+00:00 Bjorn Stenberg bjorn@haxx.se 2020-04-14T09:19:12+00:00 2522903b792ac5a802f780df60dc4647c58e2477 Closes #5173 
Closes #5173
curl.h: remnove CURL_VERSION_ESNI. Never supported nor documented 2020-03-29T21:28:49+00:00 Daniel Stenberg daniel@haxx.se 2020-03-27T23:00:27+00:00 93fafb93dbd3a5c27ef9a497256df86f9a6670f8 Considered experimental and therefore we can do this. Closes #5157 
Considered experimental and therefore we can do this.

Closes #5157
version: add 'cainfo' and 'capath' to version info struct 2020-03-27T08:04:27+00:00 Daniel Stenberg daniel@haxx.se 2020-03-26T12:05:03+00:00 6de756c9b1de34b7a1b1d6cd978ca75f3b1d719b Suggested-by: Timothe Litt URL: https://curl.haxx.se/mail/lib-2020-03/0090.html Reviewed-by: Jay Satiro Closes #5150 
Suggested-by: Timothe Litt
URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
Reviewed-by: Jay Satiro

Closes #5150
schannel: add "best effort" revocation check option 2020-03-18T07:23:39+00:00 Johannes Schindelin johannes.schindelin@gmx.de 2020-02-26T10:24:26+00:00 54504284918a4ba19bc7b1efb486a64629d376aa - Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and --ssl-revoke-best-effort to allow a "best effort" revocation check. A best effort revocation check ignores errors that the revocation check was unable to take place. The reasoning is described in detail below and discussed further in the PR. --- When running e.g. with Fiddler, the schannel backend fails with an unhelpful error message: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. Sadly, many enterprise users who are stuck behind MITM proxies suffer the very same problem. This has been discussed in plenty of issues: https://github.com/curl/curl/issues/3727, https://github.com/curl/curl/issues/264, for example. In the latter, a Microsoft Edge developer even made the case that the common behavior is to ignore issues when a certificate has no recorded distribution point for revocation lists, or when the server is offline. This is also known as "best effort" strategy and addresses the Fiddler issue. Unfortunately, this strategy was not chosen as the default for schannel (and is therefore a backend-specific behavior: OpenSSL seems to happily ignore the offline servers and missing distribution points). To maintain backward-compatibility, we therefore add a new flag (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option (`--ssl-revoke-best-effort`) to select the new behavior. Due to the many related issues Git for Windows and GitHub Desktop, the plan is to make this behavior the default in these software packages. The test 2070 was added to verify this behavior, adapted from 310. Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/4981 
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
  --ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

	Unknown error (0x80092012) - The revocation function was unable
	to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981
polarssl: remove more references and mentions 2020-03-05T06:57:45+00:00 Daniel Stenberg daniel@haxx.se 2020-03-04T13:50:11+00:00 52d302ed64822347de132e50027aaa35f23b145b Assisted-by: Jay Satiro Follow-up to 6357a19ff29dac04 Closes #5036 
Assisted-by: Jay Satiro
Follow-up to 6357a19ff29dac04
Closes #5036
curl.h: define CURL_WIN32 on windows 2020-01-27T12:02:28+00:00 Daniel Stenberg daniel@haxx.se 2020-01-27T10:37:33+00:00 8bd863f97b6c79f561bc063e634cecdf4badf776 ... so that the subsequent logic below can use a single known define to know when built on Windows (as we don't define WIN32 anymore). Follow-up to 1adebe7886ddf20b Reported-by: crazydef on github Assisted-by: Marcel Raad Fixes #4854 Closes #4855 
... so that the subsequent logic below can use a single known define to know
when built on Windows (as we don't define WIN32 anymore).

Follow-up to 1adebe7886ddf20b

Reported-by: crazydef on github
Assisted-by: Marcel Raad
Fixes #4854
Closes #4855
smtp: Allow RCPT TO command to fail for some recipients 2020-01-21T09:40:19+00:00 Pavel Volgarev pvolgarev@google.com 2020-01-14T22:22:38+00:00 4a4609bf3c812afc65f700b4b7e673cc76ade1bf Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS. Verified with the new tests 3002-3007 Closes #4816 
Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.

Verified with the new tests 3002-3007

Closes #4816
ngtcp2: Add an error code for QUIC connection errors 2020-01-11T23:19:32+00:00 Emil Engler me@emilengler.com 2019-12-24T10:17:16+00:00 cbb5429001084df4e71ebd95dbf748c3c302c9f7 - Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection errors. Prior to this change CURLE_FAILED_INIT was used, but that was not correct. Closes https://github.com/curl/curl/pull/4754 
- Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection
  errors.

Prior to this change CURLE_FAILED_INIT was used, but that was not
correct.

Closes https://github.com/curl/curl/pull/4754