aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-12-01CONNECT: read responses one byte at a timeDaniel Stenberg
... so that it doesn't read data that is actually coming from the remote. 2xx responses have no body from the proxy, that data is from the peer. Fixes #1132
2016-12-01CONNECT: reject TE or CL in 2xx responsesDaniel Stenberg
A server MUST NOT send any Transfer-Encoding or Content-Length header fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section 4.3.6) Also fixes the three test cases that did this.
2016-12-01URL parser: reject non-numerical port numbersDaniel Stenberg
Test 1281 added to verify
2016-11-30runtests: made Servers: output be more consistent by removing OFFDan Fandrich
2016-11-30cyassl: fixed typo introduced in 4f8b1774Dan Fandrich
2016-11-30CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries properlyMichael Kaufmann
If a port number in a "connect-to" entry does not match, skip this entry instead of connecting to port 0. If a port number in a "connect-to" entry matches, use this entry and look no further. Reported-by: Jay Satiro Assisted-by: Jay Satiro, Daniel Stenberg Closes #1148
2016-11-29BUGS: describe bug handling processDaniel Stenberg
2016-11-28RELEASE-NOTES: synced with 19613fb3Daniel Stenberg
2016-11-28http2: check nghttp2_session_set_local_window_size existsJay Satiro
The function only exists since nghttp2 1.12.0. Bug: https://github.com/curl/curl/commit/a4d8888#commitcomment-19985676 Reported-by: Michael Kaufmann
2016-11-28http2: Fix crashes when parent stream gets abortedAnders Bakken
Closes #1125
2016-11-28cmdline-docs: more options converted and fixedDaniel Stenberg
Now all options are in the new system.
2016-11-28gen: include footer in mainpage outputDaniel Stenberg
2016-11-28lib1536: checksrc complianceJay Satiro
2016-11-28cmdline-opts: more command line options documentedDaniel Stenberg
Moved over to the new format
2016-11-28curl: remove --proxy-ssl* optionsDaniel Stenberg
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS proxy. Those protocols are insecure by design and deprecated.
2016-11-27CURLOPT_PROXY_*.3: polished some proxy option man pagesDaniel Stenberg
2016-11-26os400: support CURLOPT_PROXY_PINNEDPUBLICKEYPatrick Monnerat
Also define it in ILE/RPG binding.
2016-11-26curl_version_info: add CURL_VERSION_HTTPS_PROXYOkhin Vasilij
Closes #1142
2016-11-26tests: Add some testcases for recent new features.Frank Gevaerts
Add missing tests for CURLINFO_SCHEME, CURLINFO_PROTOCOL, %{scheme}, and %{http_version} closes #1143
2016-11-26curl_easy_reset: clear info for CULRINFO_PROTOCOL and CURLINFO_SCHEMEFrank Gevaerts
2016-11-25CURLOPT_PROXY_CAINFO.3: clarify proxy useDaniel Stenberg
2016-11-25CURLOPT_PROXY_CRLFILE.3: clarify https proxy and availabilityDaniel Stenberg
2016-11-25curl_easy_setopt.3: add CURLOPT_PROXY_PINNEDPUBLICKEYDaniel Stenberg
Follow-up to 4f8b17743d7c55a
2016-11-25docs: include all opts man pages in distDaniel Stenberg
Sorted the lists too. ... and include the new ones in the PDF and HTML generation targets
2016-11-25HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEYThomas Glanzmann
2016-11-25url: proxy: Use 443 as default port for https proxiesThomas Glanzmann
2016-11-25TODO: removed "HTTPS proxy"Daniel Stenberg
2016-11-25winbuild: add config option ENABLE_NGHTTP2Jan-E
Closes #1141
2016-11-24tool_urlglob: Improve sanity check in glob_rangeJay Satiro
Prior to this change we depended on errno if strtol could not perform a conversion. POSIX says EINVAL *may* be set. Some implementations like Microsoft's will not set it if there's no conversion. Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189
2016-11-24tool_help: Change description for --retry-connrefusedJay Satiro
Ref: https://github.com/curl/curl/pull/1064#issuecomment-260052409
2016-11-25os400: sync ILE/RPG bindingPatrick Monnerat
2016-11-24test1135: Fix curl_easy_duphandle prototype for code styleJay Satiro
Follow-up to dbadaeb which changed the style.
2016-11-24x509asn1: Restore the parameter check in Curl_getASN1ElementJay Satiro
- Restore the removed parts of the parameter check. Follow-up to 945f60e which altered the parameter check.
2016-11-25RELEASE-NOTES: update option countersDaniel Stenberg
2016-11-25add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}Frank Gevaerts
Adds access to the effectively used protocol/scheme to both libcurl and curl, both in string and numeric (CURLPROTO_*) form. Note that the string form will be uppercase, as it is just the internal string. As these strings are declared internally as const, and all other strings returned by curl_easy_getinfo() are de-facto const as well, string handling in getinfo.c got const-ified. Closes #1137
2016-11-25RELEASE-NOTES: synced with 63198a4750aebDaniel Stenberg
2016-11-25curl.1: the new --proxy options ship in 7.52.0Daniel Stenberg
2016-11-24checksrc: move open braces to comply with function declaration styleDaniel Stenberg
2016-11-24checksrc: detect wrongly placed open braces in func declarationsDaniel Stenberg
2016-11-24checksrc: white space edits to comply to stricter checksrcDaniel Stenberg
2016-11-24checksrc: verify ASTERISKNOSPACEDaniel Stenberg
Detects (char*) and 'char*foo' uses.
2016-11-24checksrc: code style: use 'char *name' styleDaniel Stenberg
2016-11-24checksrc: add ASTERISKSPACEDaniel Stenberg
Verifies a 'char *name' style, with no space after the asterisk.
2016-11-24openssl: remove dead codeDaniel Stenberg
Coverity CID 1394666
2016-11-24HTTPS-proxy: fixed mbedtls and polishingOkhin Vasilij
2016-11-24darwinssl: adopted to the HTTPS proxy changesDaniel Stenberg
It builds and runs all test cases. No adaptations for actual HTTPS proxy support has been made.
2016-11-24gtls: fix indent to silence compiler warningDaniel Stenberg
vtls/gtls.c: In function ‘Curl_gtls_data_pending’: vtls/gtls.c:1429:3: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if(conn->proxy_ssl[connindex].session && ^~ vtls/gtls.c:1433:5: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ return res;
2016-11-24mbedtls: Fix compile errorsThomas Glanzmann
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-24Declare endian read functions argument as a const pointer.Patrick Monnerat
This is done for all functions of the form Curl_read[136][624]_[lb]e.