aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-28curl: remove --proxy-ssl* optionsDaniel Stenberg
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS proxy. Those protocols are insecure by design and deprecated.
2016-11-27CURLOPT_PROXY_*.3: polished some proxy option man pagesDaniel Stenberg
2016-11-26os400: support CURLOPT_PROXY_PINNEDPUBLICKEYPatrick Monnerat
Also define it in ILE/RPG binding.
2016-11-26curl_version_info: add CURL_VERSION_HTTPS_PROXYOkhin Vasilij
Closes #1142
2016-11-26tests: Add some testcases for recent new features.Frank Gevaerts
Add missing tests for CURLINFO_SCHEME, CURLINFO_PROTOCOL, %{scheme}, and %{http_version} closes #1143
2016-11-26curl_easy_reset: clear info for CULRINFO_PROTOCOL and CURLINFO_SCHEMEFrank Gevaerts
2016-11-25CURLOPT_PROXY_CAINFO.3: clarify proxy useDaniel Stenberg
2016-11-25CURLOPT_PROXY_CRLFILE.3: clarify https proxy and availabilityDaniel Stenberg
2016-11-25curl_easy_setopt.3: add CURLOPT_PROXY_PINNEDPUBLICKEYDaniel Stenberg
Follow-up to 4f8b17743d7c55a
2016-11-25docs: include all opts man pages in distDaniel Stenberg
Sorted the lists too. ... and include the new ones in the PDF and HTML generation targets
2016-11-25HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEYThomas Glanzmann
2016-11-25url: proxy: Use 443 as default port for https proxiesThomas Glanzmann
2016-11-25TODO: removed "HTTPS proxy"Daniel Stenberg
2016-11-25winbuild: add config option ENABLE_NGHTTP2Jan-E
Closes #1141
2016-11-24tool_urlglob: Improve sanity check in glob_rangeJay Satiro
Prior to this change we depended on errno if strtol could not perform a conversion. POSIX says EINVAL *may* be set. Some implementations like Microsoft's will not set it if there's no conversion. Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189
2016-11-24tool_help: Change description for --retry-connrefusedJay Satiro
Ref: https://github.com/curl/curl/pull/1064#issuecomment-260052409
2016-11-25os400: sync ILE/RPG bindingPatrick Monnerat
2016-11-24test1135: Fix curl_easy_duphandle prototype for code styleJay Satiro
Follow-up to dbadaeb which changed the style.
2016-11-24x509asn1: Restore the parameter check in Curl_getASN1ElementJay Satiro
- Restore the removed parts of the parameter check. Follow-up to 945f60e which altered the parameter check.
2016-11-25RELEASE-NOTES: update option countersDaniel Stenberg
2016-11-25add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}Frank Gevaerts
Adds access to the effectively used protocol/scheme to both libcurl and curl, both in string and numeric (CURLPROTO_*) form. Note that the string form will be uppercase, as it is just the internal string. As these strings are declared internally as const, and all other strings returned by curl_easy_getinfo() are de-facto const as well, string handling in getinfo.c got const-ified. Closes #1137
2016-11-25RELEASE-NOTES: synced with 63198a4750aebDaniel Stenberg
2016-11-25curl.1: the new --proxy options ship in 7.52.0Daniel Stenberg
2016-11-24checksrc: move open braces to comply with function declaration styleDaniel Stenberg
2016-11-24checksrc: detect wrongly placed open braces in func declarationsDaniel Stenberg
2016-11-24checksrc: white space edits to comply to stricter checksrcDaniel Stenberg
2016-11-24checksrc: verify ASTERISKNOSPACEDaniel Stenberg
Detects (char*) and 'char*foo' uses.
2016-11-24checksrc: code style: use 'char *name' styleDaniel Stenberg
2016-11-24checksrc: add ASTERISKSPACEDaniel Stenberg
Verifies a 'char *name' style, with no space after the asterisk.
2016-11-24openssl: remove dead codeDaniel Stenberg
Coverity CID 1394666
2016-11-24HTTPS-proxy: fixed mbedtls and polishingOkhin Vasilij
2016-11-24darwinssl: adopted to the HTTPS proxy changesDaniel Stenberg
It builds and runs all test cases. No adaptations for actual HTTPS proxy support has been made.
2016-11-24gtls: fix indent to silence compiler warningDaniel Stenberg
vtls/gtls.c: In function ‘Curl_gtls_data_pending’: vtls/gtls.c:1429:3: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if(conn->proxy_ssl[connindex].session && ^~ vtls/gtls.c:1433:5: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ return res;
2016-11-24mbedtls: Fix compile errorsThomas Glanzmann
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-24Declare endian read functions argument as a const pointer.Patrick Monnerat
This is done for all functions of the form Curl_read[136][624]_[lb]e.
2016-11-24Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.Patrick Monnerat
See CRL-01-006.
2016-11-22url: Fix conn reuse for local ports and interfacesJay Satiro
- Fix connection reuse for when the proposed new conn 'needle' has a specified local port but does not have a specified device interface. Bug: https://curl.haxx.se/mail/lib-2016-11/0137.html Reported-by: bjt3[at]hotmail.com
2016-11-21rand: pass in number of randoms as an unsigned argumentDaniel Stenberg
2016-11-20rand: Fix potentially uninitialized result warningJay Satiro
2016-11-19vtls: fix build warningsMarcel Raad
Fix warnings about conversions from long to time_t in openssl.c and schannel.c. Follow-up to de4de4e3c7c
2016-11-18lib: fix compiler warnings after de4de4e3c7cMarcel Raad
Visual C++ now complains about implicitly casting time_t (64-bit) to long (32-bit). Fix this by changing some variables from long to time_t, or explicitly casting to long where the public interface would be affected. Closes #1131
2016-11-17Don't mix unix domain sockets with regular onesIsaac Boukris
When reusing a connection, make sure the unix domain socket option matches.
2016-11-17tests: Fix HTTP2-Settings header for huge window sizeJay Satiro
Follow-up to a4d8888. Changing the window size in that commit resulted in a different HTTP2-Settings upgrade header, causing test 1800 to fail.
2016-11-16http2: Use huge HTTP/2 windowsJay Satiro
- Improve performance by using a huge HTTP/2 window size. Bug: https://github.com/curl/curl/issues/1102 Reported-by: afrind@users.noreply.github.com Assisted-by: Tatsuhiro Tsujikawa
2016-11-16cmdline-docs: more conversionDaniel Stenberg
2016-11-16gen: support 'protos'Daniel Stenberg
and warn on unrecognized lines
2016-11-16gen: support 'single' to make an individual page man pageDaniel Stenberg
2016-11-16cmdline-docs: more options converted overDaniel Stenberg
2016-11-16gen: support 'redirect'Daniel Stenberg
... and warn for too long --help lines