Age | Commit message (Collapse) | Author |
|
|
|
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.
A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.
---
When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:
Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.
Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.
This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.
In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.
Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).
To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.
Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.
The test 2070 was added to verify this behavior, adapted from 310.
Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes https://github.com/curl/curl/pull/4981
|
|
- If an easy handle is owned by a multi different from the one specified
then return CURLM_BAD_EASY_HANDLE.
Prior to this change I assume user error could cause corruption.
Closes https://github.com/curl/curl/pull/5116
|
|
This commit adds support to generate JSON via the writeout feature:
-w "%{json}"
It leverages the existing infrastructure as much as possible. Thus,
generating the JSON on STDERR is possible by:
-w "%{stderr}%{json}"
This implements a variant of
https://github.com/curl/curl/wiki/JSON#--write-out-json.
Closes #4870
|
|
Closes #5081
|
|
- s/COFF/coff/
Some versions of windres do not recognize uppercase COFF as a valid
way to specify the COFF output format.
Reported-by: Steven Penny
Fixes https://github.com/curl/curl/issues/5099
Closes https://github.com/curl/curl/pull/5101
|
|
- --url man page section
- libcurl-security.3 gets the full text
- CURLOPT_URL.3
Reported-by: Tim Sedlmeyer
|
|
|
|
Follow-up to d0a7ee3 which fixed a bug in 7.66.0 that caused
CURL_LOCK_DATA_COOKIE to enable the easy handle's cookie engine.
Bug: https://curl.haxx.se/mail/lib-2020-03/0019.html
Reported-by: Felipe Gasper
Closes https://github.com/curl/curl/pull/5048
|
|
The 'web1913' database is now invalid, use 'gcide' instead.
|
|
Closes #3841
|
|
Assisted-by: Jay Satiro
Follow-up to 6357a19ff29dac04
Closes #5036
|
|
Now sorted case insensitive
|
|
Ref: https://github.com/curl/curl/pull/5016#issuecomment-593628582
|
|
- Tell the user to call curl_free() to free the pointer returned by
curl_getenv().
Prior to this change the user was directed to call free(), but that
would not work in cases where the library and application use separate C
runtimes and therefore have separate heap memory management.
Closes https://github.com/curl/curl/pull/5016
|
|
... also updated the HTTP3 build description for ngtcp2 accordingly.
|
|
Reviewed-by: Steve Holme
Closes #5005
|
|
Suggested-by: Kristian Mide
Closes #4941
|
|
To simplify our code and since earlier versions lack important function
calls libcurl needs to function correctly.
nghttp2 1.12.0 was relased on June 26, 2016.
Closes #4961
|
|
... so that we know we got the whole and not a partial line.
Also, changed the formatting of the fields away from a table again since
the table format requires a github-markdown tool version that we don't
run on the web server atm.
Reported-by: Sunny Bean
Fixes #4946
Closes #4947
|
|
to be in sync with the description above
Reported-by: Joonas Kuorilehto
Fixes #4943
Closes #4945
|
|
|
|
Removes two entries from KNOWN_BUGS.
Closes #4907
|
|
Prior to this change the example would try to import cookies from stdin,
which wasn't what was intended.
Reported-by: 3dyd@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/4930
|
|
Closes #4452
|
|
Closes #4108
|
|
Reported-by: Dan Jacobson
Fixes #4766
Closes #4916
|
|
Assisted-by: Jay Satiro
Reported-by: Craig Andrews
Fixes #4909
Closes #4910
|
|
The alt-svc cache survives a call to curl_easy_reset fine, but the file
name to use for saving the cache was cleared. Now the alt-svc cache has
a copy of the file name to survive handle resets.
Added test 1908 to verify.
Reported-by: Craig Andrews
Fixes #4898
Closes #4902
|
|
|
|
We've tried to uphold this already but let's make it official by
publicly stating this is the way we do it.
Closes #4877
|
|
Reported-by: James Fuller
|
|
Closes #4869
Reviewed-by: Emil Engler and Daniel Gustafsson
|
|
|
|
Reported-by: Mischa Salle
Bug: https://curl.haxx.se/mail/lib-2020-01/0070.html
Closes #4862
|
|
Not from generic non-GET to GET.
Reported-by: Andrius Merkys
Ref: #4859
Closes #4861
|
|
... so that the subsequent logic below can use a single known define to know
when built on Windows (as we don't define WIN32 anymore).
Follow-up to 1adebe7886ddf20b
Reported-by: crazydef on github
Assisted-by: Marcel Raad
Fixes #4854
Closes #4855
|
|
- Removed from global_init since it isn't thread-safe. The symbol will
still remain to not break compiles, it just won't have any effect going
forward.
- make the internals NOT loop on EINTR (the opposite from previously).
It only risks returning from the select/poll/wait functions early, and that
should be risk-free.
Closes #4840
|
|
Closes #4843
|
|
- Copy CURLOPT_SSL_OPTIONS.3 description to CURLOPT_PROXY_SSL_OPTIONS.3.
Prior to this change CURLSSLOPT_NO_PARTIALCHAIN was missing from the
CURLOPT_PROXY_SSL_OPTIONS description.
|
|
Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.
Verified with the new tests 3002-3007
Closes #4816
|
|
It is superfluous and could even be misleading.
Bug: https://curl.haxx.se/mail/archive-2020-01/0016.html
Reported-by: Mike Norton
Closes #4832
|
|
Mentioned: https://curl.haxx.se/mail/lib-2020-01/0050.html
Closes #4814
|
|
I'd like to see this happen.
|
|
As detailed in DEPRECATE.md, the polarssl support is now removed after
having been disabled for 6 months and nobody has missed it.
The threadlock files used by mbedtls are renamed to an 'mbedtls' prefix
instead of the former 'polarssl' and the common functions that
previously were shared between mbedtls and polarssl and contained the
name 'polarssl' have now all been renamed to instead say 'mbedtls'.
Closes #4825
|
|
... and refer to that file from from CURLOPT_COOKIEFILE.3 and
CURLOPT_COOKIELIST.3
Assisted-by: Jay Satiro
Reported-by: bsammon on github
Fixes #4805
Closes #4806
|
|
- Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection
errors.
Prior to this change CURLE_FAILED_INIT was used, but that was not
correct.
Closes https://github.com/curl/curl/pull/4754
|
|
- Add new error CURLM_BAD_FUNCTION_ARGUMENT and return that error when
curl_multi_wait/poll is passed timeout param < 0.
Prior to this change passing a negative value to curl_multi_wait/poll
such as -1 could cause the function to wait forever.
Reported-by: hamstergene@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/4763
Closes https://github.com/curl/curl/pull/4765
|
|
...requires some rearranging of the setup of CURLOPT_ and CURLMOPT_
enums.
|
|
Closes #4080
|