Age | Commit message (Collapse) | Author |
|
- Clarify that FILE and SCP are disabled by default since 7.19.4
- Add that SMB and SMBS are disabled by default since 7.40.0
- Add CURLPROTO_SMBS to the list of protocols
|
|
Acknowledge that SSLv3 is also widely considered to be insecure.
Also, provide references for people who want to know more about why it's
insecure.
|
|
closes #376
|
|
Closes #360
|
|
New tool option --ssl-no-revoke.
New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.
Currently this option applies only to WinSSL where we have automatic
certificate revocation checking by default. According to the
ssl-compared chart there are other backends that have automatic checking
(NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
some later point.
Bug: https://github.com/bagder/curl/issues/264
Reported-by: zenden2k <zenden2k@gmail.com>
|
|
|
|
|
|
|
|
use \fI-style instead of .BR for references
|
|
|
|
|
|
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
* Add new curl options, --proxy-service-name and --service-name.
|
|
Add new option --data-raw which is almost the same as --data but does
not have a special interpretation of the @ character.
Prior to this change there was no (easy) way to pass the @ character as
the first character in POST data without it being interpreted as a
special character.
Bug: https://github.com/bagder/curl/issues/198
Reported-by: Jens Rantil
|
|
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
|
|
|
|
Bug: https://bugzilla.redhat.com/1195771
|
|
--path-as-is is the command line option
Added docs in curl.1 and CURLOPT_PATH_AS_IS.3
Added test in test 1241
|
|
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
|
|
|
|
Reported-by: Jon Seymour
|
|
|
|
Reported-by: Jon Seymour
|
|
|
|
|
|
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
|
|
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
|
|
|
|
|
|
This patch updates the documentation for the SMB/CIFS protocol.
|
|
|
|
|
|
|
|
|
|
Fixed the ability to use the current log-in credentials with DIGEST-MD5.
I had previously disabled this functionality in commit 607883f13c as I
couldn't get this to work under Windows 8, however, from testing HTTP
Digest authentication through Windows SSPI and then further testing of
this code I have found it works in Windows 7.
Some further investigation is required to see what the differences are
between Windows 7 and 8, but for now enable this functionality as the
code will return an error when AcquireCredentialsHandle() fails.
|
|
|
|
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).
Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
|
|
For private keys, use the first match from: user-specified key file
(if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa
Note that the previous code only looked for id_dsa files. id_rsa is
now generally preferred, as it supports larger key sizes.
For public keys, use the user-specified key file, if provided.
Otherwise, try to extract the public key from the private key file.
This means that passing --pubkey is typically no longer required,
and makes the key-handling behavior more like OpenSSH.
|
|
and separate the example URLs with newlines
|
|
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1414
Reported-by: teo8976
|
|
|
|
|
|
|
|
|
|
Reflect recent changes in SPNEGO and GSS-API code in the docs.
Update them with appropriate namings and remove visible spots for
GSS-Negotiate.
|
|
|
|
Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
|
|
|
|
...and removed ;OPTIONS from --user as that functionality was removed
in 7.34.0.
|
|
And clarify for curl that --proxy-header now must be used for headers
that are meant for a proxy, and they will not be included if the request
is not for a proxy.
|