Age | Commit message (Collapse) | Author |
|
Suggested-by: Eric Curtin
Improved-by: Dan Fandrich
Ref: #3680
Closes #3683
|
|
From a discussion in #3676
Suggested-by: Tim Rühsen
Closes #3682
|
|
Clarify the language and simplify.
Reported-by: Daniel Lublin
Closes #3658
|
|
|
|
clarify redir - "in absurdum" doesn't seem to make sense in this context
Closes #3631
|
|
Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alias.
Closes #3504
|
|
Reviewed-by: Daniel Gustafsson
Closes #3432
|
|
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
try-last so any non-wildcard entry is resolved first. If specified,
any host not matched by another CURLOPT_RESOLVE config will use this
as fallback.
Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
https://a.com https://b.com
This is probably quite similar to using:
--connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443
Closes #3406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.
For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.
Fixes #2873
Closes #3383
|
|
Reported-by: Tobias Lindgren
Pointed out in #3367
Closes #3368
|
|
The variable definition had a small typo making it declare another
variable then the intended.
Closes #3304
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Closes #3115
|
|
- for "--netrc", don't ignore the login/password specified with "--user",
only ignore the login/password in the URL.
This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set
Fixes #3213
Closes #3224
|
|
Fixes #3171
Closes #3172
|
|
- Advise user that --data-binary sends a default content type of
x-www-form-urlencoded, and to have the data treated as arbitrary
binary data by the server set the content-type header to octet-stream.
Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094
Closes https://github.com/curl/curl/pull/3085
|
|
add_subdicectory(...)
|
|
- replace tabs with spaces where possible
- remove line ending spaces
- remove double/triple newlines at EOF
- fix a non-UTF-8 character
- cleanup a few indentations/line continuations
in manual examples
Closes https://github.com/curl/curl/pull/3037
|
|
Closes #2994
|
|
... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9
Closes #2955
|
|
|
|
- Treat 408 request timeout as transient so that curl will retry the
request if --retry was used.
Closes #2925
|
|
There was a missing newline.
follow-up to a7ba60bb7250
|
|
Reported-by: Kirill Marchuk
Fixes #2773
Closes #2911
|
|
... to make make the files appear in distribution tarballs
Closes #2856
|
|
This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.
Acked-by: Nikos Mavrogiannopoulos
Closes #2333
|
|
... and not the other way around, which this previously said.
Reported-by: Vasiliy Faronov
Fixes #2723
Closes #2726
|
|
The code treated the set version as the *exact* version to require in
the TLS handshake, which is not what other TLS backends do and probably
not what most people expect either.
Reported-by: Andreas Olsson
Assisted-by: Gaurav Malhotra
Fixes #2691
Closes #2694
|
|
Reported-by: Andreas Olsson
Fixes #2692
Closes #2693
|
|
|
|
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes
libcurl reject URLs with a username in them.
Closes #2340
|
|
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.
curl: added --tls13-ciphers and --proxy-tls13-ciphers
Fixes #2435
Reported-by: zzq1015 on github
Closes #2607
|
|
|
|
--data, --form, and --ntlm were declared to be mutually exclusive with
non-existing options. --data and --form referred to --upload (which is
short for --upload-file and therefore did work, so this one was merely
a bit confusing), --ntlm referred to --negotiated instead of --negotiate.
Closes #2612
|
|
Almost all headers start with an uppercase letter, but some didn't.
|
|
It is enabled by default, so --no-styled-output will switch off the
detection/use of bold headers.
Closes #2538
|
|
...as there's also a version 2.
Closes #2579
|
|
Fixes #2515
Closes #2517
|
|
Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780
Closes https://github.com/curl/curl/pull/2504
|
|
Before:
-m, --max-time <time> Maximum time allowed for the transfer
After:
-m, --max-time <seconds> Maximum time allowed for the transfer
|
|
- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
from schannel.c have been moved to schannel.h to allow them to be
used in schannel_verify.c.
- Make verify_certificate functionality for Schannel available on
all versions of Windows instead of just Windows CE. verify_certificate
will be invoked on Windows CE or when the user specifies
CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.
- In verify_certificate, create a custom certificate chain engine that
exclusively trusts the certificate store backed by the CURLOPT_CAINFO
file.
- doc updates of --cacert/CAINFO support for schannel
- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
when available. This implements a TODO in schannel.c to improve
handling of multiple SANs in a certificate. In particular, all SANs
will now be searched instead of just the first name.
- Update tool_operate.c to not search for the curl-ca-bundle.crt file
when using Schannel to maintain backward compatibility. Previously,
any curl-ca-bundle.crt file found in that search would have been
ignored by Schannel. But, with CAINFO support, the file found by
that search would have been used as the certificate store and
could cause issues for any users that have curl-ca-bundle.crt in
the search path.
- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
SSL backend is Schannel. We allow setting CA location for schannel
only when explicitly specified by the user via CURLOPT_CAINFO /
--cacert.
- Add new test cases 3000 and 3001. These test cases check that the first
and last SAN, respectively, matches the connection hostname. New test
certificates have been added for these cases. For 3000, the certificate
prefix is Server-localhost-firstSAN and for 3001, the certificate
prefix is Server-localhost-secondSAN.
- Remove TODO 15.2 (Add support for custom server certificate
validation), this commit addresses it.
Closes https://github.com/curl/curl/pull/1325
|
|
Closes https://github.com/curl/curl/pull/2503
|
|
Reported-by: Dongliang Mu
Fixes #2410
|
|
Add --haproxy-protocol for the command line tool
Closes #2162
|
|
Bug: https://github.com/curl/curl/issues/2381
|
|
|
|
Detected using the `codespell` tool.
Also contains one URL protocol upgrade.
Closes https://github.com/curl/curl/pull/2334
|
|
|
|
- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy
eyeball timeout value.
- Add new optval macro CURL_HET_DEFAULT to represent the default happy
eyeballs timeout value (currently 200 ms).
- Add new tool option --happy-eyeballs-timeout-ms to expose
CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the
other -timeout options in the tool expect seconds not milliseconds.
Closes https://github.com/curl/curl/pull/2260
|
|
This enables users to preresolve but still take advantage of happy
eyeballs and trying multiple addresses if some are not connecting.
Ref: https://github.com/curl/curl/pull/2260
|
|
Bug: https://bugzilla.redhat.com/1542256
Closes #2306
|