Age | Commit message (Collapse) | Author |
|
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).
Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
|
|
For private keys, use the first match from: user-specified key file
(if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa
Note that the previous code only looked for id_dsa files. id_rsa is
now generally preferred, as it supports larger key sizes.
For public keys, use the user-specified key file, if provided.
Otherwise, try to extract the public key from the private key file.
This means that passing --pubkey is typically no longer required,
and makes the key-handling behavior more like OpenSSH.
|
|
and separate the example URLs with newlines
|
|
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1414
Reported-by: teo8976
|
|
|
|
|
|
|
|
|
|
Reflect recent changes in SPNEGO and GSS-API code in the docs.
Update them with appropriate namings and remove visible spots for
GSS-Negotiate.
|
|
|
|
Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
|
|
|
|
...and removed ;OPTIONS from --user as that functionality was removed
in 7.34.0.
|
|
And clarify for curl that --proxy-header now must be used for headers
that are meant for a proxy, and they will not be included if the request
is not for a proxy.
|
|
|
|
|
|
Added initial support for --next/-: which will be used to replace the
rather confusing : command line operation what was used for the URL
specific options prototype.
|
|
... and mention the --tlsv1.[0-2] options in the --tslv1 entry
Reported-by: Hubert Kario
|
|
when using --http2 one can now selectively disable NPN or ALPN with
--no-alpn and --no-npn. for now honored with NSS only.
TODO: honor this option with GnuTLS and OpenSSL
|
|
The minor version will be dropped for HTTP 2 so it will make sense to
avoid using it in option names etc.
|
|
... it could be misleading a reader into thinking it _has_ to be encoded.
|
|
...also added as KNOWN_BUG #87 with reference to bug #1294
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1297
Reported-by: Michael Osipov
|
|
|
|
Otherwise a NOOP operation would be performed which a) only returns a
single line response and not a multiline response where -I needs to be
used, and b) provides an inconsistent user experience compared to that
of the POP3 and IMAP protocols.
|
|
* Added SMTP section to --request
* Expanded --mail-rcpt to describe the usage when using the verify and
expand commands.
|
|
|
|
|
|
Additionally corrected typos in --oauth2-bearer protocol list.
|
|
I noted a missing text for exit-code 89 in docs/curl.1
|
|
|
|
|
|
The option '--bearer' might be slightly ambiguous in name. It doesn't
create any conflict that I am aware of at the moment, however, OAUTH v2
is not the only authentication mechanism which uses "bearer" tokens.
Reported-by: Kyle L. Huff
URL: http://curl.haxx.se/mail/lib-2013-10/0064.html
|
|
|
|
Added missing information, from curl 7.31.0, regarding the use of the
optional login options that may be specified as part of --user.
For example:
--user 'user:password;auth=NTLM' in IMAP, POP3 and SMTP protocols.
|
|
|
|
Added the ability to use an XOAUTH2 bearer token [RFC6750] with POP3 for
authentication using RFC6749 "OAuth 2.0 Authorization Framework".
The bearer token is expected to be valid for the user specified in
conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
an advertised auth mechanism of "XOAUTH2", the user and access token are
formatted as a base64 encoded string and sent to the server as
"AUTH XOAUTH2 <bearer token>".
|
|
URL: http://curl.haxx.se/bug/view.cgi?id=1279
Suggested-by: Jerry Krinock
|
|
|
|
I also documented the fact that the OpenSSL engine also supports them.
|
|
|
|
|
|
|
|
Implement wrappers around strtod to convert the user argument to a
double with sane error checking. Use this to allow --max-time and
--connect-timeout to accept decimal values instead of strictly integers.
The manpage is updated to make mention of this feature and,
additionally, forewarn that the actual timeout of the operation can
vary in its precision (particularly as the value increases in its
decimal precision).
|
|
|
|
This reverts commit 3a0e931fc715a80004958794a96b12cf90503f99 because
the documentation of --time-cond was duplicated by mistake.
Reported by: Dave Reisner
|
|
|
|
|
|
|