aboutsummaryrefslogtreecommitdiff
path: root/docs/libcurl
AgeCommit message (Collapse)Author
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-15docs: the next release will be 7.52.0Kamil Dudka
2016-11-08curl_formadd.3: *_FILECONTENT and *_FILE need the file to be keptDaniel Stenberg
Reported-by: Frank Gevaerts
2016-11-07vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3Kamil Dudka
Fully implemented with the NSS backend only for now. Reviewed-by: Ray Satiro
2016-10-31unescape: avoid integer overflowDaniel Stenberg
CVE-2016-8622 Bug: https://curl.haxx.se/docs/adv_20161102H.html Reported-by: Cure53
2016-10-27CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2Jay Satiro
- Clarify that this option is only for HTTP/1.1 pipelining. Bug: https://github.com/curl/curl/issues/1059 Reported-by: Jeroen Ooms Assisted-by: Daniel Stenberg
2016-10-18s/cURL/curlDaniel Stenberg
The tool was never called cURL, only the project. But even so, we have more and more over time switched to just use lower case.
2016-10-10dist: remove PDF and HTML converted docs from the releasesDaniel Stenberg
2016-10-06CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)Rainer Müller
The 'userp' argument is unused in this example code.
2016-10-04CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is addedDaniel Stenberg
2016-09-22New libcurl option to keep sending on errorMichael Kaufmann
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether sending the request body shall be completed when the server responds early with an error status code. This is suitable for manual NTLM authentication. Reviewed-by: Jay Satiro Closes https://github.com/curl/curl/pull/904
2016-09-21docs: Remove that --proto is just used for initial retrievalJay Satiro
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not override protocols denied by --proto and CURLOPT_PROTOCOLS. - Add a test to enforce: --proto deny must override --proto-redir allow Closes https://github.com/curl/curl/pull/1031
2016-09-20curl_global_cleanup.3: don't unload the lib with sub threads runningDaniel Stenberg
Discussed in #997 Assisted-by: Jay Satiro
2016-09-18CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formattingJay Satiro
2016-09-07errors: new alias CURLE_WEIRD_SERVER_REPLY (8)Jay Satiro
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as more of a generic "failed to parse" introduce an alias without FTP in the name. Closes https://github.com/curl/curl/pull/975
2016-09-04speed caps: not based on average speeds anymoreOlivier Brunel
Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE & CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits with the cumulative average speed of the entire transfer; While this might work at times with good/constant connections, in other cases it can result to the limits simply being "ignored" for more than "short bursts" (as told in man page). Consider a download that goes on much slower than the limit for some time (because bandwidth is used elsewhere, server is slow, whatever the reason), then once things get better, curl would simply ignore the limit up until the average speed (since the beginning of the transfer) reached the limit. This could prove the limit useless to effectively avoid using the entire bandwidth (at least for quite some time). So instead, we now use a "moving starting point" as reference, and every time at least as much as the limit as been transferred, we can reset this starting point to the current position. This gets a good limiting effect that applies to the "current speed" with instant reactivity (in case of sudden speed burst). Closes #971
2016-09-01CURLMOPT_PIPELINING.3: languageDaniel Stenberg
2016-09-01CURLMOPT_PIPELINING.3: extended and clarifiedDaniel Stenberg
Especially in regards to the multiplexing part.
2016-08-28darwinssl: add documentation stating that the --cainfo option is intended ↵Nick Zitzmann
for backward compatibility only In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.
2016-08-19CURLMOPT_MAX_TOTAL_CONNECTIONS.3: mention it can also multiplexDaniel Stenberg
2016-08-15CURLOPT_PROXY.3: unsupported schemes cause errors nowDaniel Stenberg
Follow-up to a96319ebb9 (document the new behavior)
2016-08-09symbols-in-versions: add CURL_STRICTERDaniel Stenberg
Added in 5fce88aa8c12564
2016-08-05CURLOPT_TCP_NODELAY: now enabled by defaultDaniel Stenberg
After a few wasted hours hunting down the reason for slowness during a TLS handshake that turned out to be because of TCP_NODELAY not being set, I think we have enough motivation to toggle the default for this option. We now enable TCP_NODELAY by default and allow applications to switch it off. This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be used to disable it. Thanks-to: Tim Rühsen Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
2016-07-21docs: distribute the CURLINFO_HTTP_VERSION(3) man page, tooKamil Dudka
2016-07-14CURLMOPT_SOCKETFUNCTION.3: fix typoTimothy Polich
Closes https://github.com/curl/curl/pull/914
2016-06-29curl_global_init.3: improved formatting of the flagsDaniel Stenberg
2016-06-29curl_global_init.3: expand on the SSL and WIN32 bits purposeDaniel Stenberg
Reported-by: Richard Gray Bug: https://curl.haxx.se/mail/lib-2016-06/0136.html
2016-06-11CURLOPT_POSTFIELDS.3: Clarify what happens when set emptyJay Satiro
When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a zero-byte POST. Prior to this change it was documented as sending data from the read callback. This also changes the wording of what happens when empty or NULL so that it's hopefully easier to understand for people whose primary language isn't English. Bug: https://github.com/curl/curl/issues/862 Reported-by: Askar Safin
2016-06-09curl_multi_socket_action.3: Fix rewordingMichael Wallner
- Remove some erroneous text. Closes https://github.com/curl/curl/pull/865
2016-06-01libcurl-multi.3: fix small typoBenjamin Kircher
Closes #850
2016-06-01schannel: add CURLOPT_CERTINFO supportAndrew Kurushin
Closes #822
2016-05-30http: add CURLINFO_HTTP_VERSION and %{http_version}Frank Gevaerts
Adds access to the effectively used http version to both libcurl and curl. Closes #799
2016-05-29curl_share_setopt.3: Add min ver needed for ssl session lockJay Satiro
Bug: https://github.com/curl/curl/issues/826 Reported-by: Michael Wallner
2016-05-20libcurl.m4: Avoid obsolete warningAlexander Traud
Closes #821
2016-05-20CURLOPT_CONNECT_TO.3: user must not free the list prematurelyMichael Kaufmann
The connect-to list isn't copied so as long as the handle may be used for a transfer the list must be valid. Bug: https://github.com/curl/curl/pull/819 Reported-by: Michael Kaufmann
2016-05-19dist: include curl_multi_socket_all.3Jay Satiro
Closes https://github.com/curl/curl/pull/816
2016-05-17CURLOPT_RESOLVE.3: fix typoFrank Gevaerts
Closes #811
2016-05-17docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVEDaniel Stenberg
2016-05-17CURLOPT_HTTPPOST.3: the data needs to be around while in useDaniel Stenberg
2016-05-13libcurl-tlibcurl-thread: Update OpenSSL linksJay Satiro
Because the old OpenSSL link now redirects to their master documentation (currently 1.1.0), which does not document the required actions for OpenSSL <= 1.0.2.
2016-05-08libcurl-thread.3: openssl 1.1.0 is safe, and so is boringsslDaniel Stenberg
2016-05-02docs: unified man page references to use \fIDaniel Stenberg
2016-05-01CURLOPT_ACCEPT_ENCODING.3: Follow-up clarificationIsaac Boukris
Mention possible content-length mismatch with sum of bytes reported by write callbacks when auto decoding is enabled. See #785
2016-05-01CURLOPT_CONV_TO_NETWORK_FUNCTION.3: fix bad man page referenceDaniel Stenberg
2016-05-01CURLOPT_BUFFERSIZE.3: fix reference to CURLOPT_MAX_RECV_SPEED_LARGEDaniel Stenberg
2016-05-01curl_easy_pause.3: fix man page referenceDaniel Stenberg
2016-05-01opts: fix broken/bad referencesDaniel Stenberg
2016-05-01docs: fix bugs in CURLOPT_HTTP_VERSION.3 and CURLOPT_PIPEWAIT.3Michael Kaufmann
Closes #786
2016-05-01CURLOPT_ACCEPT_ENCODING.3: clarifiedDaniel Stenberg
As discussed in #785
2016-04-28CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availabilityJay Satiro
Bug: https://curl.haxx.se/mail/lib-2016-04/0126.html Reported-by: Bru Rom