aboutsummaryrefslogtreecommitdiff
path: root/docs/libcurl/opts
AgeCommit message (Collapse)Author
2018-04-23CURLOPT_SSLCERT.3: improve WinSSL-specific usage infoArchangel_SDY
Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780 Closes https://github.com/curl/curl/pull/2504
2018-04-18schannel: add support for CURLOPT_CAINFODan McNulty
- Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
2018-04-17docs: fix typosJakub Wilk
Closes https://github.com/curl/curl/pull/2503
2018-04-17schannel: add client certificate authenticationArchangel_SDY
Users can now specify a client certificate in system certificates store explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` Closes #2376
2018-03-31docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_TJay Satiro
- Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf. For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar. Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html Reported-by: David L.
2018-03-21CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some textDaniel Stenberg
Reported-by: Michal Trybus Fixes #2400
2018-03-20CURLINFO_COOKIELIST.3: made the example not leak memoryDaniel Stenberg
Reported-by: Muz Dima
2018-03-17resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSESRick Deist
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request shuffling of IP addresses returned for a hostname when there is more than one. This is useful when the application knows that a round robin approach is appropriate and is willing to accept the consequences of potentially discarding some preference order returned by the system's implementation. Closes #1694
2018-03-17add_handle/easy_perform: clear errorbuffer on start if setDaniel Stenberg
To offer applications a more defined behavior, we clear the buffer as early as possible. Assisted-by: Jay Satiro Fixes #2190 Closes #2377
2018-03-17CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocolLawrence Matthews
Add --haproxy-protocol for the command line tool Closes #2162
2018-03-13CURLOPT_COOKIEFILE.3: "-" as file name means stdinDaniel Stenberg
Reported-by: Aron Bergman Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html [ci skip]
2018-03-04CURLOPT_NOPROXY.3: mention how to list numerical IPv6 addressesDaniel Stenberg
2018-02-23spelling fixesViktor Szakats
Detected using the `codespell` tool. Also contains one URL protocol upgrade. Closes https://github.com/curl/curl/pull/2334
2018-02-21url: Add option CURLOPT_RESOLVER_START_FUNCTIONFrancisco Sedano
- Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that will be called every time before a new resolve request is started (ie before a host is resolved) with a pointer to backend-specific resolver data. Currently this is only useful for ares. - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to pass to the resolver start callback. Closes https://github.com/curl/curl/pull/2311
2018-02-21lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MSJay Satiro
- In keeping with the naming of our other connect timeout options rename CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS. This change adds the _MS suffix since the option expects milliseconds. This is more intuitive for our users since other connect timeout options that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS, CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS. The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms. Follow-up to 2427d94 which added the lib and tool option yesterday. Ref: https://github.com/curl/curl/pull/2260
2018-02-20url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUTAnders Bakken
- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy eyeball timeout value. - Add new optval macro CURL_HET_DEFAULT to represent the default happy eyeballs timeout value (currently 200 ms). - Add new tool option --happy-eyeballs-timeout-ms to expose CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the other -timeout options in the tool expect seconds not milliseconds. Closes https://github.com/curl/curl/pull/2260
2018-02-20CURLOPT_RESOLVE: Add support for multiple IP addresses per entryAnders Bakken
This enables users to preresolve but still take advantage of happy eyeballs and trying multiple addresses if some are not connecting. Ref: https://github.com/curl/curl/pull/2260
2018-02-16CURLOPT_HEADER.3: clarify problems with different data sizesDaniel Stenberg
2018-02-16CURLOPT_HEADERFUNCTION.3: fix typo from d939226813Daniel Stenberg
Reported-by: Erik Johansson Bug: https://github.com/curl/curl/commit/d9392268131c1b8d18dec3fa30e0bded833a5db7#commitcomment-27607495
2018-02-16CURLOPT_HEADERFUNCTION.3: mention folded headersDaniel Stenberg
2018-01-30time: support > year 2038 time stamps for system with 32bit longDaniel Stenberg
... with the introduction of CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T. Fixes #2238 Closes #2264
2018-01-25GSKit: restore pinnedpubkey functionalitymoparisthebest
inadvertently removed in 283babfaf8d8f3bab9d3c63cea94eb0b84e79c37 Closes #2263
2018-01-25SChannel/WinSSL: Implement public key pinningmoparisthebest
Closes #1429
2018-01-23docs: fix man page syntax to make test 1140 OK againDaniel Stenberg
2018-01-22http: prevent custom Authorization headers in redirectsDaniel Stenberg
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how curl already handles Authorization headers created internally. Note: this changes behavior slightly, for the sake of reducing mistakes. Added test 317 and 318 to verify. Reported-by: Craig de Stigter Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
2018-01-15CURLOPT_TCP_NODELAY.3: fix typorouzier
Closes #2239
2018-01-13setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ valuesJay Satiro
Broken since f121575 (precedes 7.56.1). Bug: https://github.com/curl/curl/issues/2225 Reported-by: cmfrolick@users.noreply.github.com Closes https://github.com/curl/curl/pull/2227
2017-12-26examples/cacertinmem: ignore cert-already-exists errorJay Satiro
- Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback since it's possible the cert may have already been loaded by libcurl. - Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc. Instead have it direct the reader to this cacertinmem.c example. - Fix the CA certificate to use the right CA for example.com, Digicert. Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html Reported-by: Thomas van Hesteren Closes https://github.com/curl/curl/pull/2182
2017-12-13CURLOPT_READFUNCTION.3: refer to argument with correct nameDaniel Stenberg
Bug: #2175 [ci skip]
2017-12-11CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-referenceDaniel Stenberg
2017-12-09CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVEDaniel Stenberg
2017-12-08CURLOPT_PRIVATE.3: fix grammarrichardthe3rd
- Change "never does nothing" double-negative to "never does anything". Closes https://github.com/curl/curl/pull/2168
2017-11-17resolve: allow IP address within [] bracketsDaniel Stenberg
... so that IPv6 addresses can be passed like they can for connect-to and how they're used in URLs. Added test 1324 to verify Reported-by: Alex Malinovich Fixes #2087 Closes #2091
2017-10-28auth: Added test cases for RFC7616Florin
Updated docs to include support for RFC7616 Signed-off-by: Florin <petriuc.florin@gmail.com> Closes #1934
2017-10-16setopt: avoid integer overflows when setting millsecond valuesDaniel Stenberg
... that are multiplied by 1000 when stored. For 32 bit long systems, the max value accepted (2147483 seconds) is > 596 hours which is unlikely to ever be set by a legitimate application - and previously it didn't work either, it just caused undefined behavior. Also updated the man pages for these timeout options to mention the return code. Closes #1938
2017-10-09CURLOPT_XFERINFODATA.3: fix duplicate see alsoDaniel Stenberg
2017-10-09CURLOPT_NOPROGRESS.3: also refer to xferinfofunctionDaniel Stenberg
2017-09-28docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MSMichael Kaufmann
Closes #1922
2017-09-28docs: clarify the use of environment variables for proxyMichael Kaufmann
Closes #1921
2017-09-15docs: clarify the CURLOPT_INTERLEAVE* options behaviorDaniel Stenberg
2017-09-10mbedtls: enable CA path processingJay Satiro
CA path processing was implemented when mbedtls.c was added to libcurl in fe7590f, but it was never enabled. Bug: https://github.com/curl/curl/issues/1877 Reported-by: SBKarr@users.noreply.github.com
2017-09-04docs: curl_mime_*.3 man page formatting editsDaniel Stenberg
2017-09-02mime: new MIME API.Patrick Monnerat
Available in HTTP, SMTP and IMAP. Deprecates the FORM API. See CURLOPT_MIMEPOST. Lib code and associated documentation.
2017-08-24CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWDDaniel Stenberg
2017-08-17CURLOPT_SSH_COMPRESSION.3: enable with 1LDaniel Stenberg
(leaves other values reserved for the future)
2017-08-17ssh: add the ability to enable compression (for SCP/SFTP)Viktor Szakats
The required low-level logic was already available as part of `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] option.) This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` (boolean) and the new `curl` command-line option `--compressed-ssh` to request this `libssh2` feature. To have compression enabled, it is required that the SSH server supports a (zlib) compatible compression method and that `libssh2` was built with `zlib` support enabled. [1] https://www.libssh2.org/libssh2_session_flag.html Ref: https://github.com/curl/curl/issues/1732 Closes https://github.com/curl/curl/pull/1735
2017-08-12docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT descriptionAlessandro Ghedini
2017-08-12docs: fix typo stuct -> structAlessandro Ghedini
2017-08-09make install: add 8 missing man pages to the installationDaniel Stenberg
2017-08-02CURLOPT_NETRC.3: fix typo in 7e48aa386156f9c2Daniel Stenberg
Reported-by: Viktor Szakats