aboutsummaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2019-01-02docs: mention potential leak in curl_slist_appendDaniel Gustafsson
When a non-empty list is appended to, and used as the returnvalue, the list pointer can leak in case of an allocation failure in the curl_slist_append() call. This is correctly handled in curl code usage but we weren't explicitly pointing it out in the API call documentation. Fix by extending the RETURNVALUE manpage section and example code. Closes #3424 Reported-by: dnivras on github Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-01-01THANKS: dedupe more namesDaniel Stenberg
Researched-by: Tae Wong
2018-12-31THANKS: added missing names from year <= 2000Daniel Stenberg
Due to a report of a missing name in THANKS I manually went through an old CHANGES.0 file and added many previously missing names here.
2018-12-30THANKS: dedupe Guenter KnaufDaniel Stenberg
Reported-by: Tae Wong
2018-12-30THANKS: missing name from the 6.3.1 release!Daniel Stenberg
2018-12-27hostip: support wildcard hostsClaes Jakobsson
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are try-last so any non-wildcard entry is resolved first. If specified, any host not matched by another CURLOPT_RESOLVE config will use this as fallback. Example send a.com to 10.0.0.1 and everything else to 10.0.0.2: curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \ https://a.com https://b.com This is probably quite similar to using: --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443 Closes #3406 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-25FAQ: remove mention of sourceforge for githubDaniel Gustafsson
The project bug tracker is no longer hosted at sourceforge but is now hosted on the curl Github page. Update the FAQ to reflect. Closes #3410 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-21http: added options for allowing HTTP/0.9 responsesDaniel Stenberg
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. For now, both the tool and library allow HTTP/0.9 by default. docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 months after the 7.64.0 release. The options are added already now so that applications/scripts can start using them already now. Fixes #2873 Closes #3383
2018-12-14TODO: Windows: set attribute 'archive' for completed downloadsDaniel Stenberg
Closes #3354
2018-12-14http: minor whitespace cleanup from f464535bDaniel Stenberg
2018-12-14http: Implement trailing headers for chunked transfersAyoub Boudhar
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION options that allow a callback based approach to sending trailing headers with chunked transfers. The test server (sws) was updated to take into account the detection of the end of transfer in the case of trailing headers presence. Test 1591 checks that trailing headers can be sent using libcurl. Closes #3350
2018-12-13cookies: leave secure cookies aloneDaniel Gustafsson
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-13docs: fix the --tls-max descriptionDaniel Stenberg
Reported-by: Tobias Lindgren Pointed out in #3367 Closes #3368
2018-12-12THANKS: from the curl 7.62.0 cycleDaniel Stenberg
2018-12-11documentation: curl_formadd field and file names are now escapedPatrick Monnerat
Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition header without special processing: this may lead to invalid RFC 822 quoted-strings. 7.56.0 introduces escaping of backslashes and double quotes in these names: mention it in the documentation. Reported-by: daboul on github Closes #3361
2018-12-03checksrc: add COPYRIGHTYEAR checkDaniel Gustafsson
Forgetting to bump the year in the copyright clause when hacking has been quite common among curl developers, but a traditional checksrc check isn't a good fit as it would penalize anyone hacking on January 1st (among other things). This adds a more selective COPYRIGHTYEAR check which intends to only cover the currently hacked on changeset. The check for updated copyright year is currently not enforced on all files but only on files edited and/or committed locally. This is due to the amount of files which aren't updated with their correct copyright year at the time of their respective commit. To further avoid running this expensive check for every developer, it adds a new local override mode for checksrc where a .checksrc file can be used to turn on extended warnings locally. Closes #3303 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-03CHECKSRC.md: document more warningsDaniel Stenberg
Closes #3335 [ci skip]
2018-11-30SECURITY-PROCESS: bountygraph shuts downDaniel Stenberg
This backpedals back the documents to the state before bountygraph. Closes #3311
2018-11-29TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entryDaniel Gustafsson
Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option making it a manual code-edit operation to turn it back on. The removal process has thus started and is now documented in docs/DEPRECATE.md so remove from the TODO to avoid anyone looking for something to pick up spend cycles on an already in-progress entry. Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-26cmdline-opts/gen.pl: define the correct varnameDaniel Gustafsson
The variable definition had a small typo making it declare another variable then the intended. Closes #3304 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-23CURLOPT_WRITEFUNCTION.3: spell out that it gets called many timesDaniel Stenberg
2018-11-23snprintf: renamed and we now only use msnprintf()Daniel Stenberg
The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
2018-11-22host names: allow trailing dot in name resolve, then strip itTobias Hintze
Delays stripping of trailing dots to after resolving the hostname. Fixes #3022 Closes #3222
2018-11-22CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and descriptionUnknownShadow200
Closes #3295
2018-11-20examples/ephiperfifo: report error when epoll_ctl failsRomain Fliedel
2018-11-19docs: add more description to unified ssl error codesHan Han
2018-11-11docs: expanded on some CURLU detailsDaniel Stenberg
2018-11-09HISTORY: add some milestonesDaniel Stenberg
Added a few of the more notable milestones in curl history that were missing. Primarily more recent ones but I also noted some older that could be worth mentioning. [ci skip] Closes #3257
2018-11-09KNOWN_BUGS: add --proxy-any connection issueDaniel Gustafsson
Add the identified issue with --proxy-any and proxy servers which advertise authentication schemes other than the supported one. Closes #876 Closes #3250 Reported-by: NTMan on Github Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-09setopt: add CURLOPT_CURLUJim Fuller
Allows an application to pass in a pre-parsed URL via a URL handle. Closes #3227
2018-11-09docs: ESCape "\n" codesGisle Vanem
Groff / Troff will display a: printaf("Errno: %ld\n", error); as: printf("Errno: %ld0, error); when a "\n" is not escaped. Use "\\n" instead. Closes #3246
2018-11-07More "\n" ESCapingGisle Vanem
2018-11-07curl: add %{stderr} and %{stdout} for --write-outFrank Gevaerts
Closes #3115
2018-11-07winssl: be consistent in Schannel capitalizationDaniel Gustafsson
The productname from Microsoft is "Schannel", but in infof/failf reporting we use "schannel". This removes different versions. Closes #3243 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-07TODO: Have the URL API offer IDN decodingDaniel Stenberg
Similar to how URL decoding/encoding is done, we could have URL functions to convert IDN host names to punycode. Suggested-by: Alexey Melnichuk Closes #3232
2018-11-07urlapi: only skip encoding the first '=' with APPENDQUERY setDaniel Stenberg
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip encoding the first to better allow "name=content" for any content. Reported-by: Alexey Melnichuk Fixes #3231 Closes #3231
2018-11-05netrc: don't ignore the login name specified with "--user"Michael Kaufmann
- for "--netrc", don't ignore the login/password specified with "--user", only ignore the login/password in the URL. This restores the netrc behaviour of curl 7.61.1 and earlier. - fix the documentation of CURL_NETRC_REQUIRED - improve the detection of login/password changes when reading .netrc - don't read .netrc if both login and password are already set Fixes #3213 Closes #3224
2018-11-05TODO: 2.6 multi upkeepDaniel Stenberg
Closes #3199
2018-11-04symbols-in-versions: add missing CURLU_ symbolsDaniel Stenberg
...and fix symbol-scan.pl to also scan urlapi.h Reported-by: Alexey Melnichuk Fixes #3226 Closes #3230
2018-11-01axtls: removedDaniel Stenberg
As has been outlined in the DEPRECATE.md document, the axTLS code has been disabled for 6 months and is hereby removed. Use a better supported TLS library! Assisted-by: Daniel Gustafsson Closes #3194
2018-11-01schannel: make CURLOPT_CERTINFO support using Issuer chainmarcosdiazr
Closes #3197
2018-10-30THANKS: 7.62.0 statusDaniel Stenberg
2018-10-30vtls: add MesaLink to curl_sslbackend enumDaniel Gustafsson
MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the backend was never added to the curl_sslbackend enum in curl/curl.h. This adds the new backend to the enum and updates the relevant docs. Closes #3195 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-27RELEASE-PROCEDURE: adjust the release datesDaniel Stenberg
See: https://curl.haxx.se/mail/lib-2018-10/0107.html
2018-10-27docs/CIPHERS: fix the TLS 1.3 cipher namesDaniel Stenberg
... picked straight from the OpenSSL man page: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html Reported-by: Ricky-Tigg on github Bug: #3178
2018-10-26docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 dateDaniel Stenberg
... I'm moving it up one week due to travels. The rest stays.
2018-10-26curl.1: --ipv6 mutexes ipv4 (fixed typo)Alexey Eremikhin
Fixes #3171 Closes #3172
2018-10-23CIPHERS.md: Mention the options used to set TLS 1.3 ciphersJay Satiro
Closes https://github.com/curl/curl/pull/3159
2018-10-20docs/BUG-BOUNTY: the sponsors actually decide the amountDaniel Stenberg
Retract the previous approach as the sponsors will be the ones to set the final amounts. Closes #3152 [ci skip]
2018-10-17docs/SECURITY-PROCESS: the hackerone IBB program drops curlDaniel Stenberg
... now there's only BountyGraph.