Age | Commit message (Collapse) | Author |
|
Closes #2252
|
|
- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
from schannel.c have been moved to schannel.h to allow them to be
used in schannel_verify.c.
- Make verify_certificate functionality for Schannel available on
all versions of Windows instead of just Windows CE. verify_certificate
will be invoked on Windows CE or when the user specifies
CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.
- In verify_certificate, create a custom certificate chain engine that
exclusively trusts the certificate store backed by the CURLOPT_CAINFO
file.
- doc updates of --cacert/CAINFO support for schannel
- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
when available. This implements a TODO in schannel.c to improve
handling of multiple SANs in a certificate. In particular, all SANs
will now be searched instead of just the first name.
- Update tool_operate.c to not search for the curl-ca-bundle.crt file
when using Schannel to maintain backward compatibility. Previously,
any curl-ca-bundle.crt file found in that search would have been
ignored by Schannel. But, with CAINFO support, the file found by
that search would have been used as the certificate store and
could cause issues for any users that have curl-ca-bundle.crt in
the search path.
- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
SSL backend is Schannel. We allow setting CA location for schannel
only when explicitly specified by the user via CURLOPT_CAINFO /
--cacert.
- Add new test cases 3000 and 3001. These test cases check that the first
and last SAN, respectively, matches the connection hostname. New test
certificates have been added for these cases. For 3000, the certificate
prefix is Server-localhost-firstSAN and for 3001, the certificate
prefix is Server-localhost-secondSAN.
- Remove TODO 15.2 (Add support for custom server certificate
validation), this commit addresses it.
Closes https://github.com/curl/curl/pull/1325
|
|
|
|
Closes #2317
|
|
Found via `codespell`
Closes #2389
|
|
|
|
|
|
removed SSLKEYLOGFILE support (fixed)
removed "consider SSL patches" (outdated)
Closes #2310
|
|
Also expanded the CURL_REFUSE_CLEARTEXT section with more ideas.
|
|
|
|
Closes #1603
|
|
Closes #2302
|
|
Closes #1888
|
|
|
|
An idea that popped up in discussions on twitter.
|
|
|
|
Suggested-by: Rainer Canavan
Closes #2126
|
|
Closes #1455
|
|
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.
Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.
Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
|
|
This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.
New test 230 checks this feature.
Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead
|
|
Closes #2002
|
|
|
|
|
|
Closes #1572
|
|
|
|
... to enable sending "OPTIONS *" which wasn't possible previously.
This option currently only works for HTTP.
Added test cases 1298 + 1299 to verify
Fixes #1280
Closes #1462
|
|
|
|
... also updated the CURLOPT_PREQUOTE.3 man page to mention the correct
protocol support.
Closes #1514
|
|
... unless "--output -" is used. Binary detection is done by simply
checking for a binary zero in early data.
Added test 1425 1426 to verify.
Closes #1512
|
|
... since commit 73a2fcea0b
|
|
|
|
maketgz now runs scripts/updatemanpages.pl to update the man pages .TH
section to use the current date and curl/libcurl version.
(TODO Section 3.1)
Closes #1058
|
|
|
|
Closes #1280
|
|
|
|
|
|
Closes #1264
|
|
It isn't easily solved, but with some thinking someone could probably
come up with a working approach?
Closes #1241
|
|
Support is trickling in already.
|
|
Implemented since curl-7_36_0-130-g8868a22
Reported-by: Fahim Chandurwala
|
|
By supporting this, subsequent connects would load a lot less data from
disk.
Closes #1110
|
|
Closes #1200
|
|
Even though it is called --fail-early
|
|
Closes #1139
|
|
|
|
|
|
- Improve performance by using a huge HTTP/2 window size.
Bug: https://github.com/curl/curl/issues/1102
Reported-by: afrind@users.noreply.github.com
Assisted-by: Tatsuhiro Tsujikawa
|
|
We're mostly saying just "curl" in lower case these days so here's a big
cleanup to adapt to this reality. A few instances are left as the
project could still formally be considered called cURL.
|
|
|
|
|