aboutsummaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2018-04-18schannel: add support for CURLOPT_CAINFODan McNulty
- Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
2018-04-17docs: fix typosJakub Wilk
Closes https://github.com/curl/curl/pull/2503
2018-04-17schannel: add client certificate authenticationArchangel_SDY
Users can now specify a client certificate in system certificates store explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` Closes #2376
2018-04-15checksrc: Fix typoDaniel Gustafsson
Fix typo in "semicolon" spelling and remove stray tab character. Closes https://github.com/curl/curl/pull/2498
2018-04-15all: Refactor malloc+memset to use callocDaniel Gustafsson
When a zeroed out allocation is required, use calloc() rather than malloc() followed by an explicit memset(). The result will be the same, but using calloc() everywhere increases consistency in the codebase and avoids the risk of subtle bugs when code is injected between malloc and memset by accident. Closes https://github.com/curl/curl/pull/2497
2018-04-07examples/sftpuploadresmue: Fix Windows large file seekJay Satiro
- Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows. - Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print curl_off_t. Caught by Marc's CI builds.
2018-04-06RELEASE-NOTES: syncedDaniel Stenberg
2018-03-31docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_TJay Satiro
- Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf. For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar. Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html Reported-by: David L.
2018-03-27TODO: connection cache sharing is now supporteDaniel Stenberg
2018-03-24gitignore: ignore more generated filesDaniel Stenberg
2018-03-21CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some textDaniel Stenberg
Reported-by: Michal Trybus Fixes #2400
2018-03-21TODO: expand ~/ in config filesDaniel Stenberg
Closes #2317
2018-03-20cookie.d: mention that "-" as filename means stdinDaniel Stenberg
Reported-by: Dongliang Mu Fixes #2410
2018-03-20CURLINFO_COOKIELIST.3: made the example not leak memoryDaniel Stenberg
Reported-by: Muz Dima
2018-03-20examples/hiperfifo: checksrc complianceJay Satiro
2018-03-17resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSESRick Deist
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request shuffling of IP addresses returned for a hostname when there is more than one. This is useful when the application knows that a round robin approach is appropriate and is willing to accept the consequences of potentially discarding some preference order returned by the system's implementation. Closes #1694
2018-03-17add_handle/easy_perform: clear errorbuffer on start if setDaniel Stenberg
To offer applications a more defined behavior, we clear the buffer as early as possible. Assisted-by: Jay Satiro Fixes #2190 Closes #2377
2018-03-17CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocolLawrence Matthews
Add --haproxy-protocol for the command line tool Closes #2162
2018-03-17curl_version_info.3: fix ssl_version descriptionDaniel Stenberg
Reported-by: Vincas Razma Fixes #2364
2018-03-16examples/hiperfifo.c: improvedPhilip Prindeville
* use member struct event’s instead of pointers to alloc’d struct events * simplify the cases for the mcode_or_die() function via macros; * make multi_timer_cb() actually do what the block comment says it should; * accept a “stop” command on the FIFO to shut down the service; * use cleaner notation for unused variables than the (void) hack; * allow following redirections (304’s);
2018-03-16cleanup: misc typos in strings and commentsluz.paz
Found via `codespell` Closes #2389
2018-03-15user-agent.d:: mention --proxy-header as wellDaniel Stenberg
Bug: https://github.com/curl/curl/issues/2381
2018-03-14SECURITY-PROCESS: mention how we write/add advisoriesDaniel Stenberg
2018-03-13release: 7.59.0Daniel Stenberg
2018-03-13CURLOPT_COOKIEFILE.3: "-" as file name means stdinDaniel Stenberg
Reported-by: Aron Bergman Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html [ci skip]
2018-03-12FAQ: fix a broken URL [ci skip]Viktor Szakats
2018-03-12credits: Viktor prefers without accentDaniel Stenberg
2018-03-12BUGS: updated link to security processDaniel Stenberg
2018-03-11docs/SECURITY.md -> docs/SECURITY-PROCESS.mdDaniel Stenberg
2018-03-11SECURITY.md: call it the security processDaniel Stenberg
2018-03-09SECURITY: distros' max embargo time is 14 days nowDaniel Stenberg
2018-03-05THANKS + mailmap: remove duplicates, fixup full namesDaniel Stenberg
2018-03-04RELEASE-NOTES/THANKS: synced with cc1d4c505Daniel Stenberg
2018-03-04curl.1: mention how to add numerical IP addresses in NO_PROXYDaniel Stenberg
2018-03-04CURLOPT_NOPROXY.3: mention how to list numerical IPv6 addressesDaniel Stenberg
2018-03-04build: get CFLAGS (including -werror) used for examples and testsDaniel Stenberg
... so that the CI and more detects compiler warnings/errors properly! Closes #2337
2018-02-26docs/MANUAL: formfind.pl is not accessible on the site anymoreDaniel Stenberg
Fixes #2342
2018-02-23spelling fixesViktor Szakats
Detected using the `codespell` tool. Also contains one URL protocol upgrade. Closes https://github.com/curl/curl/pull/2334
2018-02-23TODO: remove "sha-256 digest", added in 2b5b37cb9109e7c2Daniel Stenberg
2018-02-23curl_share_setopt.3: connection cache is shared within multi handlesDaniel Stenberg
2018-02-22form.d: rephrased somewhat, added two example command linesDaniel Stenberg
2018-02-21url: Add option CURLOPT_RESOLVER_START_FUNCTIONFrancisco Sedano
- Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that will be called every time before a new resolve request is started (ie before a host is resolved) with a pointer to backend-specific resolver data. Currently this is only useful for ares. - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to pass to the resolver start callback. Closes https://github.com/curl/curl/pull/2311
2018-02-21lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MSJay Satiro
- In keeping with the naming of our other connect timeout options rename CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS. This change adds the _MS suffix since the option expects milliseconds. This is more intuitive for our users since other connect timeout options that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS, CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS. The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms. Follow-up to 2427d94 which added the lib and tool option yesterday. Ref: https://github.com/curl/curl/pull/2260
2018-02-21RELEASE-NOTES: synced with 2427d94c6Daniel Stenberg
2018-02-20url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUTAnders Bakken
- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy eyeball timeout value. - Add new optval macro CURL_HET_DEFAULT to represent the default happy eyeballs timeout value (currently 200 ms). - Add new tool option --happy-eyeballs-timeout-ms to expose CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the other -timeout options in the tool expect seconds not milliseconds. Closes https://github.com/curl/curl/pull/2260
2018-02-20TODO: warning if curl version is not in sync with libcurl versionDaniel Stenberg
2018-02-20CURLOPT_RESOLVE: Add support for multiple IP addresses per entryAnders Bakken
This enables users to preresolve but still take advantage of happy eyeballs and trying multiple addresses if some are not connecting. Ref: https://github.com/curl/curl/pull/2260
2018-02-20examples/sftpuploadresume: resume upload via CURLOPT_APPENDSergio Borghese
URL: https://curl.haxx.se/mail/lib-2018-02/0072.html
2018-02-18TODO: "Support in-memory certs/ca certs/keys"Daniel Stenberg
removed SSLKEYLOGFILE support (fixed) removed "consider SSL patches" (outdated) Closes #2310
2018-02-16CURLOPT_HEADER.3: clarify problems with different data sizesDaniel Stenberg