aboutsummaryrefslogtreecommitdiff
path: root/docs/libcurl
AgeCommit message (Collapse)Author
2018-04-18schannel: add support for CURLOPT_CAINFODan McNulty
- Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
2018-04-17docs: fix typosJakub Wilk
Closes https://github.com/curl/curl/pull/2503
2018-04-17schannel: add client certificate authenticationArchangel_SDY
Users can now specify a client certificate in system certificates store explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` Closes #2376
2018-03-31docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_TJay Satiro
- Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf. For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar. Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html Reported-by: David L.
2018-03-21CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some textDaniel Stenberg
Reported-by: Michal Trybus Fixes #2400
2018-03-20CURLINFO_COOKIELIST.3: made the example not leak memoryDaniel Stenberg
Reported-by: Muz Dima
2018-03-17resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSESRick Deist
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request shuffling of IP addresses returned for a hostname when there is more than one. This is useful when the application knows that a round robin approach is appropriate and is willing to accept the consequences of potentially discarding some preference order returned by the system's implementation. Closes #1694
2018-03-17add_handle/easy_perform: clear errorbuffer on start if setDaniel Stenberg
To offer applications a more defined behavior, we clear the buffer as early as possible. Assisted-by: Jay Satiro Fixes #2190 Closes #2377
2018-03-17CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocolLawrence Matthews
Add --haproxy-protocol for the command line tool Closes #2162
2018-03-17curl_version_info.3: fix ssl_version descriptionDaniel Stenberg
Reported-by: Vincas Razma Fixes #2364
2018-03-13CURLOPT_COOKIEFILE.3: "-" as file name means stdinDaniel Stenberg
Reported-by: Aron Bergman Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html [ci skip]
2018-03-04CURLOPT_NOPROXY.3: mention how to list numerical IPv6 addressesDaniel Stenberg
2018-02-23spelling fixesViktor Szakats
Detected using the `codespell` tool. Also contains one URL protocol upgrade. Closes https://github.com/curl/curl/pull/2334
2018-02-23curl_share_setopt.3: connection cache is shared within multi handlesDaniel Stenberg
2018-02-21url: Add option CURLOPT_RESOLVER_START_FUNCTIONFrancisco Sedano
- Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that will be called every time before a new resolve request is started (ie before a host is resolved) with a pointer to backend-specific resolver data. Currently this is only useful for ares. - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to pass to the resolver start callback. Closes https://github.com/curl/curl/pull/2311
2018-02-21lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MSJay Satiro
- In keeping with the naming of our other connect timeout options rename CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS. This change adds the _MS suffix since the option expects milliseconds. This is more intuitive for our users since other connect timeout options that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS, CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS. The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms. Follow-up to 2427d94 which added the lib and tool option yesterday. Ref: https://github.com/curl/curl/pull/2260
2018-02-20url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUTAnders Bakken
- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy eyeball timeout value. - Add new optval macro CURL_HET_DEFAULT to represent the default happy eyeballs timeout value (currently 200 ms). - Add new tool option --happy-eyeballs-timeout-ms to expose CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the other -timeout options in the tool expect seconds not milliseconds. Closes https://github.com/curl/curl/pull/2260
2018-02-20CURLOPT_RESOLVE: Add support for multiple IP addresses per entryAnders Bakken
This enables users to preresolve but still take advantage of happy eyeballs and trying multiple addresses if some are not connecting. Ref: https://github.com/curl/curl/pull/2260
2018-02-16CURLOPT_HEADER.3: clarify problems with different data sizesDaniel Stenberg
2018-02-16CURLOPT_HEADERFUNCTION.3: fix typo from d939226813Daniel Stenberg
Reported-by: Erik Johansson Bug: https://github.com/curl/curl/commit/d9392268131c1b8d18dec3fa30e0bded833a5db7#commitcomment-27607495
2018-02-16CURLOPT_HEADERFUNCTION.3: mention folded headersDaniel Stenberg
2018-02-15TODO fixed: Detect when called from within callbacksBjörn Stenberg
Closes #2302
2018-02-13libcurl-security.3: separate file:// sectionDaniel Stenberg
... just to make it more apparent. Even if it repeats some pieces of information.
2018-02-13libcurl-security.3: the http://192.168.0.1/my_router_config caseDaniel Stenberg
Mentioned-By: Rich Moore
2018-02-13libcurl-security.3: mention the URL standards problems tooDaniel Stenberg
2018-02-13libcurl-security.3: split out from libcurl-tutorial.3Daniel Stenberg
To make more accessible. Merged in some new language from "URLs are dangerous things" as discussed on the mailing list a few days ago: Bug: https://curl.haxx.se/mail/lib-2018-02/0013.html
2018-01-30time: support > year 2038 time stamps for system with 32bit longDaniel Stenberg
... with the introduction of CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T. Fixes #2238 Closes #2264
2018-01-27docs: fix typos in man pagesAlessandro Ghedini
Closes https://github.com/curl/curl/pull/2266
2018-01-25GSKit: restore pinnedpubkey functionalitymoparisthebest
inadvertently removed in 283babfaf8d8f3bab9d3c63cea94eb0b84e79c37 Closes #2263
2018-01-25parsedate: fix date parsing for systems with 32 bit longDaniel Stenberg
Make curl_getdate() handle dates before 1970 as well (returning negative values). Make test 517 test dates for 64 bit time_t. This fixes bug (3) mentioned in #2238 Closes #2250
2018-01-25SChannel/WinSSL: Implement public key pinningmoparisthebest
Closes #1429
2018-01-23docs: fix man page syntax to make test 1140 OK againDaniel Stenberg
2018-01-22http: prevent custom Authorization headers in redirectsDaniel Stenberg
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how curl already handles Authorization headers created internally. Note: this changes behavior slightly, for the sake of reducing mistakes. Added test 317 and 318 to verify. Reported-by: Craig de Stigter Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
2018-01-20libcurl-env.3: first takeDaniel Stenberg
2018-01-15CURLOPT_TCP_NODELAY.3: fix typorouzier
Closes #2239
2018-01-14mime: clone mime tree upon easy handle duplication.Patrick Monnerat
A mime tree attached to an easy handle using CURLOPT_MIMEPOST is strongly bound to the handle: there is a pointer to the easy handle in each item of the mime tree and following the parent pointer list of mime items ends in a dummy part stored within the handle. Because of this binding, a mime tree cannot be shared between different easy handles, thus it needs to be cloned upon easy handle duplication. There is no way for the caller to get the duplicated mime tree handle: it is then set to be automatically destroyed upon freeing the new easy handle. New test 654 checks proper mime structure duplication/release. Add a warning note in curl_mime_data_cb() documentation about sharing user data between duplicated handles. Closes #2235
2018-01-14docs: comment about CURLE_READ_ERROR returned by curl_mime_filedataPatrick Monnerat
2018-01-13setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ valuesJay Satiro
Broken since f121575 (precedes 7.56.1). Bug: https://github.com/curl/curl/issues/2225 Reported-by: cmfrolick@users.noreply.github.com Closes https://github.com/curl/curl/pull/2227
2018-01-07scripts: allow all perl scripts to be run directlyJay Satiro
- Enable execute permission (chmod +x) - Change interpreter to /usr/bin/env perl Closes https://github.com/curl/curl/pull/2222
2017-12-29curl_version_info.3: call the argument 'age'Daniel Stenberg
Reported-by: Pete Lomax Bug: https://curl.haxx.se/mail/lib-2017-12/0074.html
2017-12-26examples/cacertinmem: ignore cert-already-exists errorJay Satiro
- Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback since it's possible the cert may have already been loaded by libcurl. - Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc. Instead have it direct the reader to this cacertinmem.c example. - Fix the CA certificate to use the right CA for example.com, Digicert. Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html Reported-by: Thomas van Hesteren Closes https://github.com/curl/curl/pull/2182
2017-12-13CURLOPT_READFUNCTION.3: refer to argument with correct nameDaniel Stenberg
Bug: #2175 [ci skip]
2017-12-11CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-referenceDaniel Stenberg
2017-12-09CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVEDaniel Stenberg
2017-12-08CURLOPT_PRIVATE.3: fix grammarrichardthe3rd
- Change "never does nothing" double-negative to "never does anything". Closes https://github.com/curl/curl/pull/2168
2017-12-05conncache: only allow multiplexing within same multi handleDaniel Stenberg
Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing only get additional transfers added to them if the existing connection is held by the same multi or easy handle. libcurl does not support doing HTTP/2 streams in different threads using a shared connection. Closes #2152
2017-12-01symbols-in-versions: added new symbols with 7.56.3 versionNikos Mavrogiannopoulos
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-11-27libcurl-share.3: the connection cache is shareable nowDaniel Stenberg
2017-11-27global_init: ignore CURL_GLOBAL_SSL's absenseDaniel Stenberg
This bit is no longer used. It is not clear what it meant for users to "init the TLS" in a world with different TLS backends and since the introduction of multissl, libcurl didn't properly work if inited without this bit set. Not a single user responded to the call for users of it: https://curl.haxx.se/mail/lib-2017-11/0072.html Reported-by: Evgeny Grin Assisted-by: Jay Satiro Fixes #2089 Fixes #2083 Closes #2107
2017-11-17resolve: allow IP address within [] bracketsDaniel Stenberg
... so that IPv6 addresses can be passed like they can for connect-to and how they're used in URLs. Added test 1324 to verify Reported-by: Alex Malinovich Fixes #2087 Closes #2091