Age | Commit message (Collapse) | Author |
|
Some aspects have already been implemented over the years.
15.1 Client certificates are now supported:
- System stores via e35b0256eb34f1fe562e3e2a2615beb50a391c52
- PKCS#12 files via 0fdf96512613574591f501d63fe49495ba40e1d5
15.2 Ciphers can now be specified through:
- Algorithms via 9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28
Reviewed-by: Daniel Stenberg and Marcel Raad
Closes #5358
|
|
Closes #4346
|
|
|
|
|
|
|
|
Closes #5335
|
|
A common set of functions instead of many separate implementations for
creating buffers that can grow when appending data to them. Existing
functionality has been ported over.
In my early basic testing, the total number of allocations seem at
roughly the same amount as before, possibly a few less.
See docs/DYNBUF.md for a description of the API.
Closes #5300
|
|
Closes #5325
|
|
This example has repeatedly been reported to contain bugs, and as users
copy and paste code from this into production, I now deem it better to
not provide the example at all.
Closes #5090
Closes #5322
|
|
Closes #5320
|
|
It was fixed in 9a2cbf3
Closes #5319
|
|
Closes #5287
|
|
|
|
|
|
Closes #5292
|
|
Closes #5285
|
|
Closes #5271
|
|
GnuTLS 3.1.10 added new functions we want to use. That version was
released on Mar 22, 2013. Removing support for older versions also
greatly simplifies the code.
Ref: #5271
Closes #5276
|
|
This fixes the error: 'for' loop initial declaration used outside C99
mode by declaring the loop increment variable in the beginning of the
block instead of inside the for loop.
Fixes #5254
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
I was a bit surprised by the `80`: first thought: what's HTTP doing
here? ;)
Closes #5236
|
|
- Add threaded resolver cleanup and GSSAPI for FTP to the TODO list of
known blocking operations.
- New known bugs entry 'Blocking socket operations in non-blocking API'
that directs to the TODO's list of known blocking operations.
Ref: https://github.com/curl/curl/pull/5214#issuecomment-612488021
Reported-by: Marc Hoersken
Closes https://github.com/curl/curl/pull/5216
|
|
Closes #5173
|
|
Closes #5203
|
|
Suggested-by: Michael Osipov
Assisted-by: Jay Satiro
Bug: https://github.com/curl/curl/issues/5182#issuecomment-611638008
Closes #5217
|
|
Closes #5192
|
|
|
|
Closes #5175
|
|
Fixed with #5170 (commit 23a870f2fd041278)
|
|
In libcurl, CURLINFO_CONDITION_UNMET is used to avoid writing to the
output file if the server did not transfered a file based on time
condition. In the same manner, getting a 304 HTTP response back from the
server, for example after passing a custom If-Match-* header, also
fulfill this condition.
Fixes #5181
Closes #5183
|
|
Closes #5102
|
|
|
|
Currently, the TLS backend used by vquic/ngtcp2.c is selected at compile
time. Therefore OpenSSL support needs to be explicitly disabled.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Closes #5148
|
|
Fixes #5171
|
|
Some shells do globbing of their own unless the URL is quoted, so maybe
encourage this.
Co-authored-by: Jay Satiro
Closes #5160
|
|
Considered experimental and therefore we can do this.
Closes #5157
|
|
Closes #4578
Closes #4579
|
|
Closes #4592
|
|
Closes #4654
|
|
|
|
Closes #5125
|
|
Suggested-by: Timothe Litt
URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
Reviewed-by: Jay Satiro
Closes #5150
|
|
Prior to this change the documentation erroneously said use
CURLOPT_CAPATH to set a CA cert file.
Bug: https://curl.haxx.se/mail/lib-2020-03/0121.html
Reported-by: Timothe Litt
Closes https://github.com/curl/curl/pull/5151
|
|
Previously it rendered the page from files matching "*.d" in the correct
directory, which worked fine in git builds when the files were added but
made it easy to forget adding the files to the dist.
Now, only man page sections listed in DPAGES in Makefile.inc will be
used, thus "forcing" us to update this to get the man page right and get
it included in the dist at the same time.
Ref: #5146
Closes #5149
|
|
Reported-by: Maksim Stsepanenka
Reviewed-by: Jat Satiro
Closes #5146
|
|
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.
Removed three (mostly usesless) README files from docs/
Closes #5141
|
|
since nghttp2_session_set_local_window_size is needed
Closes #5140
|
|
|
|
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.
A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.
---
When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:
Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.
Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.
This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.
In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.
Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).
To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.
Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.
The test 2070 was added to verify this behavior, adapted from 310.
Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes https://github.com/curl/curl/pull/4981
|
|
- If an easy handle is owned by a multi different from the one specified
then return CURLM_BAD_EASY_HANDLE.
Prior to this change I assume user error could cause corruption.
Closes https://github.com/curl/curl/pull/5116
|
|
This commit adds support to generate JSON via the writeout feature:
-w "%{json}"
It leverages the existing infrastructure as much as possible. Thus,
generating the JSON on STDERR is possible by:
-w "%{stderr}%{json}"
This implements a variant of
https://github.com/curl/curl/wiki/JSON#--write-out-json.
Closes #4870
|