aboutsummaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2018-12-13cookies: leave secure cookies aloneDaniel Gustafsson
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-13docs: fix the --tls-max descriptionDaniel Stenberg
Reported-by: Tobias Lindgren Pointed out in #3367 Closes #3368
2018-12-12THANKS: from the curl 7.62.0 cycleDaniel Stenberg
2018-12-11documentation: curl_formadd field and file names are now escapedPatrick Monnerat
Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition header without special processing: this may lead to invalid RFC 822 quoted-strings. 7.56.0 introduces escaping of backslashes and double quotes in these names: mention it in the documentation. Reported-by: daboul on github Closes #3361
2018-12-03checksrc: add COPYRIGHTYEAR checkDaniel Gustafsson
Forgetting to bump the year in the copyright clause when hacking has been quite common among curl developers, but a traditional checksrc check isn't a good fit as it would penalize anyone hacking on January 1st (among other things). This adds a more selective COPYRIGHTYEAR check which intends to only cover the currently hacked on changeset. The check for updated copyright year is currently not enforced on all files but only on files edited and/or committed locally. This is due to the amount of files which aren't updated with their correct copyright year at the time of their respective commit. To further avoid running this expensive check for every developer, it adds a new local override mode for checksrc where a .checksrc file can be used to turn on extended warnings locally. Closes #3303 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-03CHECKSRC.md: document more warningsDaniel Stenberg
Closes #3335 [ci skip]
2018-11-30SECURITY-PROCESS: bountygraph shuts downDaniel Stenberg
This backpedals back the documents to the state before bountygraph. Closes #3311
2018-11-29TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entryDaniel Gustafsson
Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option making it a manual code-edit operation to turn it back on. The removal process has thus started and is now documented in docs/DEPRECATE.md so remove from the TODO to avoid anyone looking for something to pick up spend cycles on an already in-progress entry. Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-26cmdline-opts/gen.pl: define the correct varnameDaniel Gustafsson
The variable definition had a small typo making it declare another variable then the intended. Closes #3304 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-23CURLOPT_WRITEFUNCTION.3: spell out that it gets called many timesDaniel Stenberg
2018-11-23snprintf: renamed and we now only use msnprintf()Daniel Stenberg
The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
2018-11-22host names: allow trailing dot in name resolve, then strip itTobias Hintze
Delays stripping of trailing dots to after resolving the hostname. Fixes #3022 Closes #3222
2018-11-22CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and descriptionUnknownShadow200
Closes #3295
2018-11-20examples/ephiperfifo: report error when epoll_ctl failsRomain Fliedel
2018-11-19docs: add more description to unified ssl error codesHan Han
2018-11-11docs: expanded on some CURLU detailsDaniel Stenberg
2018-11-09HISTORY: add some milestonesDaniel Stenberg
Added a few of the more notable milestones in curl history that were missing. Primarily more recent ones but I also noted some older that could be worth mentioning. [ci skip] Closes #3257
2018-11-09KNOWN_BUGS: add --proxy-any connection issueDaniel Gustafsson
Add the identified issue with --proxy-any and proxy servers which advertise authentication schemes other than the supported one. Closes #876 Closes #3250 Reported-by: NTMan on Github Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-09setopt: add CURLOPT_CURLUJim Fuller
Allows an application to pass in a pre-parsed URL via a URL handle. Closes #3227
2018-11-09docs: ESCape "\n" codesGisle Vanem
Groff / Troff will display a: printaf("Errno: %ld\n", error); as: printf("Errno: %ld0, error); when a "\n" is not escaped. Use "\\n" instead. Closes #3246
2018-11-07More "\n" ESCapingGisle Vanem
2018-11-07curl: add %{stderr} and %{stdout} for --write-outFrank Gevaerts
Closes #3115
2018-11-07winssl: be consistent in Schannel capitalizationDaniel Gustafsson
The productname from Microsoft is "Schannel", but in infof/failf reporting we use "schannel". This removes different versions. Closes #3243 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-07TODO: Have the URL API offer IDN decodingDaniel Stenberg
Similar to how URL decoding/encoding is done, we could have URL functions to convert IDN host names to punycode. Suggested-by: Alexey Melnichuk Closes #3232
2018-11-07urlapi: only skip encoding the first '=' with APPENDQUERY setDaniel Stenberg
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip encoding the first to better allow "name=content" for any content. Reported-by: Alexey Melnichuk Fixes #3231 Closes #3231
2018-11-05netrc: don't ignore the login name specified with "--user"Michael Kaufmann
- for "--netrc", don't ignore the login/password specified with "--user", only ignore the login/password in the URL. This restores the netrc behaviour of curl 7.61.1 and earlier. - fix the documentation of CURL_NETRC_REQUIRED - improve the detection of login/password changes when reading .netrc - don't read .netrc if both login and password are already set Fixes #3213 Closes #3224
2018-11-05TODO: 2.6 multi upkeepDaniel Stenberg
Closes #3199
2018-11-04symbols-in-versions: add missing CURLU_ symbolsDaniel Stenberg
...and fix symbol-scan.pl to also scan urlapi.h Reported-by: Alexey Melnichuk Fixes #3226 Closes #3230
2018-11-01axtls: removedDaniel Stenberg
As has been outlined in the DEPRECATE.md document, the axTLS code has been disabled for 6 months and is hereby removed. Use a better supported TLS library! Assisted-by: Daniel Gustafsson Closes #3194
2018-11-01schannel: make CURLOPT_CERTINFO support using Issuer chainmarcosdiazr
Closes #3197
2018-10-30THANKS: 7.62.0 statusDaniel Stenberg
2018-10-30vtls: add MesaLink to curl_sslbackend enumDaniel Gustafsson
MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the backend was never added to the curl_sslbackend enum in curl/curl.h. This adds the new backend to the enum and updates the relevant docs. Closes #3195 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-27RELEASE-PROCEDURE: adjust the release datesDaniel Stenberg
See: https://curl.haxx.se/mail/lib-2018-10/0107.html
2018-10-27docs/CIPHERS: fix the TLS 1.3 cipher namesDaniel Stenberg
... picked straight from the OpenSSL man page: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html Reported-by: Ricky-Tigg on github Bug: #3178
2018-10-26docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 dateDaniel Stenberg
... I'm moving it up one week due to travels. The rest stays.
2018-10-26curl.1: --ipv6 mutexes ipv4 (fixed typo)Alexey Eremikhin
Fixes #3171 Closes #3172
2018-10-23CIPHERS.md: Mention the options used to set TLS 1.3 ciphersJay Satiro
Closes https://github.com/curl/curl/pull/3159
2018-10-20docs/BUG-BOUNTY: the sponsors actually decide the amountDaniel Stenberg
Retract the previous approach as the sponsors will be the ones to set the final amounts. Closes #3152 [ci skip]
2018-10-17docs/SECURITY-PROCESS: the hackerone IBB program drops curlDaniel Stenberg
... now there's only BountyGraph.
2018-10-15INSTALL: mention mesalink in TLS sectionDaniel Gustafsson
Commit 57348eb97d1b8fc3742e02c6587d2d02ff592da5 added support for the MesaLink vtls backend, but missed updating the TLS section containing supported backends in the docs. Closes #3134 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-12replace rawgit links [ci skip]Viktor Szakats
Ref: https://rawgit.com/ "RawGit has reached the end of its useful life" Ref: https://news.ycombinator.com/item?id=18202481 Closes https://github.com/curl/curl/pull/3131
2018-10-12docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018Daniel Stenberg
[ci skip]
2018-10-10docs: add "see also" links for SSL optionsMichael Kaufmann
- link TLS 1.2 and TLS 1.3 options - link proxy and non-proxy options Closes #3121
2018-10-09docs/DEPRECATE: minor reformat to render nicer on webDaniel Stenberg
2018-10-09CURLOPT_SSL_VERIFYSTATUS: Fix typoDaniel Gustafsson
Changes s/OSCP/OCSP/ and bumps the copyright year due to the change.
2018-10-08TODO: fixed 'API for URL parsing/splitting'Daniel Stenberg
2018-10-08KNOWN_BUGS: Fix various typosDaniel Gustafsson
Closes #3112 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-08spelling fixes [ci skip]Viktor Szakats
as detected by codespell 1.14.0 Closes https://github.com/curl/curl/pull/3114 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-10-08docs/BUG-BOUNTY: proposed additional docsDaniel Stenberg
Bug bounty explainer. See https://bountygraph.com/programs/curl Closes #3067
2018-10-07TODO: add LD_PRELOAD support on macOSDaniel Gustafsson
Add DYLD_INSERT_LIBRARIES support to the TODO list. Reported in #2394.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-08 14:55:06 +0000