Age | Commit message (Collapse) | Author |
|
Certificates based on SHA-1 are being phased out[1].
So we should expect a rise in certificates based on SHA-2.
Adding SHA-384 as a valid signature algorithm.
[1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
|
|
|
|
|
|
ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a
Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if
struct sockaddr_in6 is not found in netinet/in.h.
Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more
platform checks even though POSIX requires a thread-safe getaddrinfo.
Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
Rather than always outputting an empty manual page for the '-M' option,
generate a full manual page as done by autotools. For simplicity in
CMake, always generate the gzipped page as it will not be used anyway
when zlib is not available.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
|
|
|
|
|
|
|
|
Reported-By: Luan Cestari
|
|
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).
Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
|
|
Improves it for low-latency cases (like the communication with
localhost)
|
|
For private keys, use the first match from: user-specified key file
(if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa
Note that the previous code only looked for id_dsa files. id_rsa is
now generally preferred, as it supports larger key sizes.
For public keys, use the user-specified key file, if provided.
Otherwise, try to extract the public key from the private key file.
This means that passing --pubkey is typically no longer required,
and makes the key-handling behavior more like OpenSSH.
|
|
|
|
and separate the example URLs with newlines
|
|
|
|
|
|
|
|
|
|
As we weren't using the correct phonetic description and doing it correctly
involves funny letters that I'm sure will cause problems for people in a text
document so I instead rephrased it and link to a WAV file with a person
actually saying 'curl'.
Reported-By: Dimitar Boevski
|
|
|
|
Reported-By: Jonathan Cardoso Machado
URL: http://curl.haxx.se/mail/lib-2014-09/0102.html
|
|
The former link was turned into a 404 at some point.
Reported-By: Askar Safin
|
|
It interprets them as italic indictors unless we backtick the word.
|
|
|
|
|
|
|
|
Added support for Kerberos 5 to the email protocols following the recent
additions in 7.38.0.
Removed Kerberos 4 as this has been gone for a while now.
|
|
krb4 has been dropped since a while now
|
|
Edited format to look better on the web, added a "it is about trust"
section.
|
|
|
|
|
|
Only minor edits to make it generate nice HTML output using markdown, as
this document serves both in source release tarballs as on the web site.
URL: http://curl.haxx.se/docs/sslcerts.html
|
|
Reported-By: Frank Gevaerts
|
|
|
|
|
|
|
|
|
|
... and a minor wording edit
|
|
Dennis Clarke from Blastwave.org for ensuring that nightly builds run
smooth on Solaris!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When enabling CURLOPT_NOBODY, libcurl effectively switches off upload
mode and will do a download (without a body). This is now better
explained in this man page.
Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html
Reported-by: John Coffey
|
|
|
|
|
|
I re-ran contributors.sh on all changes since 7.10 and I found these
contributors who are mentioned in the commits but never were added to
THANKS before!
I also removed a couple of duplicates (mostly due to different
spellings).
|