aboutsummaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2014-07-16Remove all traces of FBOpenSSL SPNEGO supportDavid Woodhouse
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which allows client and server to negotiate the underlying mechanism which will actually be used to authenticate. This is *often* Kerberos, and can also be NTLM and other things. And to complicate matters, there are various different OIDs which can be used to specify the Kerberos mechanism too. A SPNEGO exchange will identify *which* GSSAPI mechanism is being used, and will exchange GSSAPI tokens which are appropriate for that mechanism. But this SPNEGO implementation just strips the incoming SPNEGO packet and extracts the token, if any. And completely discards the information about *which* mechanism is being used. Then we *assume* it was Kerberos, and feed the token into gss_init_sec_context() with the default mechanism (GSS_S_NO_OID for the mech_type argument). Furthermore... broken as this code is, it was never even *used* for input tokens anyway, because higher layers of curl would just bail out if the server actually said anything *back* to us in the negotiation. We assume that we send a single token to the server, and it accepts it. If the server wants to continue the exchange (as is required for NTLM and for SPNEGO to do anything useful), then curl was broken anyway. So the only bit which actually did anything was the bit in Curl_output_negotiate(), which always generates an *initial* SPNEGO token saying "Hey, I support only the Kerberos mechanism and this is its token". You could have done that by manually just prefixing the Kerberos token with the appropriate bytes, if you weren't going to do any proper SPNEGO handling. There's no need for the FBOpenSSL library at all. The sane way to do SPNEGO is just to *ask* the GSSAPI library to do SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context() is for. And then it should all Just Work™. That 'sane way' will be added in a subsequent patch, as will bug fixes for our failure to handle any exchange other than a single outbound token to the server which results in immediate success.
2014-07-10CURLOPT_UPLOAD: Corrected argument typeSteve Holme
2014-07-09FAQ: expand the thread-safe sectionDaniel Stenberg
... with a mention of *NOSIGNAL, based on talk in bug #1386
2014-07-05Update instances of some obsolete CURLOPTs to their new namesDan Fandrich
2014-07-03example: use correct type (long) for CURLOPT_FOLLOWLOCATIONDimitrios Siganos
2014-07-03Document type of argument for CURLOPT_FOLLOWLOCATION.Dimitrios Siganos
2014-07-03Document type of argument for CURLOPT_ERRORBUFFER.Dimitrios Siganos
2014-07-03Document type of argument for CURLOPT_COPYPOSTFIELDS.Dimitrios Siganos
2014-07-03Document type of argument for CURLOPT_ADDRESS_SCOPE.Dimitrios Siganos
2014-07-03curl.1: minor language fixDaniel Stenberg
Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
2014-07-02opts: fixed some CURLOPT references so they get turned into linksDan Fandrich
2014-07-01opts: Document the socket callback function parametersDan Fandrich
2014-06-28opts: Fixed some typosSteve Holme
2014-06-25curl_easy_setopt.3: fixed the error code for an unsupported optionDan Fandrich
2014-06-24opts: added some DEFAULT and RETURN VALUE sectionsDan Fandrich
2014-06-21libcurl docs: man page editsDaniel Stenberg
mainly to improve how the web versions render
2014-06-21curl_easy_setopt.3: fixed some typosDan Fandrich
2014-06-21lib man pages: update easy setopt option referencesDaniel Stenberg
... by using the "\fIopt(3)\fP" syntax they will be linked properly when the web version of the page is generated.
2014-06-21opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by defaultDaniel Stenberg
2014-06-21curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exceptionDaniel Stenberg
... to the always-copy-char *-argument. And fix some minor mistakes.
2014-06-21curl_easy_setopt.3: refer to the individual man pagesDaniel Stenberg
With all the new individual option man pages created, this now refers to each separate one instead of duplicaing the info. Also makes this page easier to overview.
2014-06-21opts: fixed mancheck for out-of-tree buildsDan Fandrich
2014-06-21curl_easy_setopt.3: shortenDaniel Stenberg
shorten descriptions, mostly refer to the separate descriptions
2014-06-21CURLOPT_DNS_LOCAL_IP4.3: better short descDaniel Stenberg
2014-06-20opts: document CURLE_OUT_OF_MEMORY among other return valuesDan Fandrich
2014-06-20opts: fixed some typosDan Fandrich
2014-06-20opts: various correctionsDaniel Stenberg
2014-06-20opts: add the rest of the optionsDaniel Stenberg
... and fixed mancheck to ignore obsolete options
2014-06-20opts: the final bunch of options as man pagesDaniel Stenberg
Now all current options have their own man pages.
2014-06-19opts: 37 additional man pagesDaniel Stenberg
2014-06-19CURLOPT_URL: move up the text from "Notes"Daniel Stenberg
2014-06-19ROADMAP: removed, now ROADMAP.mdDaniel Stenberg
2014-06-19ROADMAP.md: make it markdown formattedDaniel Stenberg
2014-06-19ROADMAP: initial commit of "curl the next few years"Daniel Stenberg
To be further discussed, debated and edited
2014-06-19opts: more man pagesDaniel Stenberg
2014-06-19CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T'Daniel Stenberg
2014-06-19opts: makefile now includes all current man pagesDaniel Stenberg
2014-06-19opts: 11 more man pagesDaniel Stenberg
2014-06-18opts: document CURLE_OUT_OF_MEMORY as RETURN VALUEDan Fandrich
2014-06-18opts: fixed a couple of typosDan Fandrich
2014-06-18opts: 16 more man pagesDaniel Stenberg
2014-06-18opts: more man pagesDaniel Stenberg
2014-06-18CURLOPT_READFUNCTION.3: add short descDaniel Stenberg
2014-06-18CURLOPT_LOW_SPEED_LIMIT.3: languageDaniel Stenberg
2014-06-18opts: 4 more man pagesDaniel Stenberg
2014-06-18opts: add all existing man pages to the distDaniel Stenberg
2014-06-18libcurl build: use correct dir when cd'ing to opts for pdf buildingDaniel Stenberg
2014-06-18opts: fixed a few typosDan Fandrich
2014-06-18opts: 29 more options as man pagesDaniel Stenberg
2014-06-17opts: 9 more options as separate man pagesDaniel Stenberg