Age | Commit message (Collapse) | Author |
|
...and revised the proxy wording a little as well.
|
|
...and corrected a related typo in curl_easy_setopt.3.
|
|
As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP,
POP3 and SMTP authentication since v7.38.0.
|
|
Support for Kerberos V4 was removed in v7.33.0.
|
|
|
|
As this is covered by the PROTOCOLS section and saves having to update
two parts of the document with the same information in future.
|
|
As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to an authentication mechanism.
|
|
Added missing IMAP to the protocol list.
|
|
|
|
...as this option affects more that just FTP.
|
|
|
|
Whilst the description included information about SMTP, the protocol
list only showed "TTP, FTP, IMAP, POP3".
|
|
|
|
|
|
Fixed the ability to use the current log-in credentials with DIGEST-MD5.
I had previously disabled this functionality in commit 607883f13c as I
couldn't get this to work under Windows 8, however, from testing HTTP
Digest authentication through Windows SSPI and then further testing of
this code I have found it works in Windows 7.
Some further investigation is required to see what the differences are
between Windows 7 and 8, but for now enable this functionality as the
code will return an error when AcquireCredentialsHandle() fails.
|
|
|
|
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.
- Update CURLOPT_SSLVERSION doc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
... and added a small example
|
|
|
|
|
|
|
|
|
|
|
|
|
|
... and only do a single request for clarity.
|
|
Certificates based on SHA-1 are being phased out[1].
So we should expect a rise in certificates based on SHA-2.
Adding SHA-384 as a valid signature algorithm.
[1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
|
|
|
|
|
|
ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a
Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if
struct sockaddr_in6 is not found in netinet/in.h.
Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more
platform checks even though POSIX requires a thread-safe getaddrinfo.
Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
Rather than always outputting an empty manual page for the '-M' option,
generate a full manual page as done by autotools. For simplicity in
CMake, always generate the gzipped page as it will not be used anyway
when zlib is not available.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
|
|
|
|
|
|
|
|
Reported-By: Luan Cestari
|
|
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).
Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
|
|
Improves it for low-latency cases (like the communication with
localhost)
|
|
For private keys, use the first match from: user-specified key file
(if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa
Note that the previous code only looked for id_dsa files. id_rsa is
now generally preferred, as it supports larger key sizes.
For public keys, use the user-specified key file, if provided.
Otherwise, try to extract the public key from the private key file.
This means that passing --pubkey is typically no longer required,
and makes the key-handling behavior more like OpenSSH.
|
|
|
|
and separate the example URLs with newlines
|
|
|
|
|
|
|
|
|