aboutsummaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2014-09-10SSLCERTS: minor updatesDaniel Stenberg
Edited format to look better on the web, added a "it is about trust" section.
2014-09-10HISTORY: fix the 1998 title positionDaniel Stenberg
2014-09-10HISTORY: extended and now markdownDaniel Stenberg
2014-09-09SSLCERTS: converted to markdownDaniel Stenberg
Only minor edits to make it generate nice HTML output using markdown, as this document serves both in source release tarballs as on the web site. URL: http://curl.haxx.se/docs/sslcerts.html
2014-09-09ftp-wildcard.c: spell fixDaniel Stenberg
Reported-By: Frank Gevaerts
2014-09-08THANKS: synced with RELEASE-NOTES for 921a0c22a6fDaniel Stenberg
2014-09-08SECURITY: eh, make more sense!Daniel Stenberg
2014-09-08SECURITY: how to join the curl-security listDaniel Stenberg
2014-09-04MAIL-ETIQUETTE: "1.8 I posted, now what?"Daniel Stenberg
2014-09-03CURLOPT_CA*: better refering between *CAINFO and *CAPATHDaniel Stenberg
... and a minor wording edit
2014-09-03THANKS: added Dennis ClarkeDaniel Stenberg
Dennis Clarke from Blastwave.org for ensuring that nightly builds run smooth on Solaris!
2014-08-29getinfo-times: Typo fixedAskar Safin
2014-08-29libcurl.3: Typo fixedAskar Safin
2014-08-29curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlenDaniel Stenberg
2014-08-29curl.1: add an example for -HDaniel Stenberg
2014-08-28FAQ: mention -w in the 4.20 answer as wellDaniel Stenberg
2014-08-28FAQ: 4.20 curl doesn't return error for HTTP non-200 responsesDaniel Stenberg
2014-08-28CURLOPT_NOBODY.3: clarify this option is for downloadsDaniel Stenberg
When enabling CURLOPT_NOBODY, libcurl effectively switches off upload mode and will do a download (without a body). This is now better explained in this man page. Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html Reported-by: John Coffey
2014-08-26INTERNALS: nghttp2 must be 0.6.0 or laterDaniel Stenberg
2014-08-26THANKS: removed a few more duplicatesDan Fandrich
2014-08-25THANKS: added 52 missing contributorsDaniel Stenberg
I re-ran contributors.sh on all changes since 7.10 and I found these contributors who are mentioned in the commits but never were added to THANKS before! I also removed a couple of duplicates (mostly due to different spellings).
2014-08-23curl.1: clarify --limit-rate's effect on both directionsDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1414 Reported-by: teo8976
2014-08-23curl.1: mention the --post30x options within the --location descDaniel Stenberg
2014-08-22NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP authFrank Meier
Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed since NTLM requires multiple requests that re-use the same connection for the authentication to work Solution: Ignore the forbid reuse flag in case the NTLM authentication handshake is in progress, according to the NTLM state flag. Fixed known bug #77.
2014-08-18FAQ: some actually sometimes get paid...Daniel Stenberg
2014-08-16docs: Escaped single backslashSteve Holme
2014-08-16TODO: Updated following GSSAPI (Kerberos V5) additionsSteve Holme
Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other authentication mechanisms" following recent additions. Added SASL 14.2 GSSAPI via GSS-API libraries.
2014-08-16CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain informationSteve Holme
This repeats what has already been documented in both the curl manpage and CURLOPT_USERPWD documentation but is provided here for completeness as someone may not especially read the latter when using libcurl.
2014-08-16CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changesSteve Holme
Added information about Kerberos V5 requiring the domain part in the user name. Mentioned that the user name can be specified in UPN format, and not just in Down-Level Logon Name format, following the information added in commit 7679cb3fa8 reworking the exisitng information in the process.
2014-08-16docs: Added Kerberos V5 and NTLM domain information to --userSteve Holme
2014-08-16docs: Added Kerberos V5 to the --user SSPI current credentials usageSteve Holme
2014-08-11docs/SSLCERTS: update the section about NSS databaseKamil Dudka
Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html Reported-by: David Shaw
2014-08-09docs: Update SPNEGO and GSS-API related doc sectionsMichael Osipov
Reflect recent changes in SPNEGO and GSS-API code in the docs. Update them with appropriate namings and remove visible spots for GSS-Negotiate.
2014-08-07docs: Added Negotiate to the SSPI current credentials usage descriptionSteve Holme
2014-08-06TODO: HTTP Digest via Windows SSPISteve Holme
2014-08-06TODO: FTP GSSAPI via Windows SSPISteve Holme
2014-08-02CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling itDaniel Stenberg
2014-08-01FEATURES: minor updateDaniel Stenberg
2014-07-31CURLOPT_HEADEROPT.3: typo: do -> toMichael Wallner
2014-07-31curl_version_info.3: 'ssl_version_num' is always 0Daniel Stenberg
... and has been so since 2005
2014-07-31ssl: generalize how the ssl backend identifier is setDaniel Stenberg
Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS one which was missing previously.
2014-07-30opts: fixed some typosDan Fandrich
2014-07-30curl_tlsinfo -> curl_tlssessioninfoMichael Wallner
2014-07-29libcurl.m4: include the standard source headerDaniel Stenberg
... with permission from David Shaw
2014-07-24symbols: CURL_VERSION_GSSNEGOTIATE is deprecatedDaniel Stenberg
2014-07-23http2: more and better error checkingDaniel Stenberg
1 - fixes the warnings when built without http2 support 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2 basically when they are about http2 specific things.
2014-07-23symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0Daniel Stenberg
2014-07-19CURLOPT_CHUNK_BGN_FUNCTION: fix typoAlessandro Ghedini
2014-07-17THANKS: added new contributors from 7.37.1 announcementDaniel Stenberg
2014-07-16Remove all traces of FBOpenSSL SPNEGO supportDavid Woodhouse
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which allows client and server to negotiate the underlying mechanism which will actually be used to authenticate. This is *often* Kerberos, and can also be NTLM and other things. And to complicate matters, there are various different OIDs which can be used to specify the Kerberos mechanism too. A SPNEGO exchange will identify *which* GSSAPI mechanism is being used, and will exchange GSSAPI tokens which are appropriate for that mechanism. But this SPNEGO implementation just strips the incoming SPNEGO packet and extracts the token, if any. And completely discards the information about *which* mechanism is being used. Then we *assume* it was Kerberos, and feed the token into gss_init_sec_context() with the default mechanism (GSS_S_NO_OID for the mech_type argument). Furthermore... broken as this code is, it was never even *used* for input tokens anyway, because higher layers of curl would just bail out if the server actually said anything *back* to us in the negotiation. We assume that we send a single token to the server, and it accepts it. If the server wants to continue the exchange (as is required for NTLM and for SPNEGO to do anything useful), then curl was broken anyway. So the only bit which actually did anything was the bit in Curl_output_negotiate(), which always generates an *initial* SPNEGO token saying "Hey, I support only the Kerberos mechanism and this is its token". You could have done that by manually just prefixing the Kerberos token with the appropriate bytes, if you weren't going to do any proper SPNEGO handling. There's no need for the FBOpenSSL library at all. The sane way to do SPNEGO is just to *ask* the GSSAPI library to do SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context() is for. And then it should all Just Work™. That 'sane way' will be added in a subsequent patch, as will bug fixes for our failure to handle any exchange other than a single outbound token to the server which results in immediate success.