aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)Author
2014-10-07SSL: implement public key pinningmoparisthebest
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
2014-09-10bump: on the 7.38.1-DEV train now!Daniel Stenberg
2014-07-31ssl: generalize how the ssl backend identifier is setDaniel Stenberg
Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS one which was missing previously.
2014-07-28curl.h: bring back CURLE_OBSOLETE16Anthon Pang
Removing defines, even obsolete ones that haven't been used for a very long time, still break a lot of applications. Bug: https://github.com/bagder/curl/pull/106
2014-07-23http2: more and better error checkingDaniel Stenberg
1 - fixes the warnings when built without http2 support 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2 basically when they are about http2 specific things.
2014-07-23curl.h/features: Deprecate GSS-Negotiate macros due to bad namingMichael Osipov
- Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE - CURL_VERSION_GSSNEGOTIATE is deprecated which is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and CURUL_VERSION_SPNEGO now. - Remove display of feature 'GSS-Negotiate'
2014-07-23configure/features: Add feature and version info for GSS-API and SPNEGOMichael Osipov
2014-06-18curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETExDan Fandrich
This is consistent with the existing obsolete error code naming convention.
2014-06-17curl.h: moved two really old deprecated symbolsDaniel Stenberg
... from the CINIT() enum
2014-06-17curl.h: reverse the enum/define setup for old symbolsDaniel Stenberg
We now provide the "real" names in the CINIT() macro setup for CURLOPT_* symbols, and we provide backwards compatibility defines for the old symbols as defines instead of vice versa. This allows us to better use the CINIT() list to check for existing and current option names.
2014-06-16curlbuild: fix GCC build on SPARC systems without configure scriptMAN-AT-ARMS
2014-05-21bump: Start working on the next releaseSteve Holme
2014-04-04CURLOPT_HEADEROPT: addedDaniel Stenberg
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER is actually used or not.
2014-04-04CURLOPT_PROXYHEADER: set headers for proxy-onlyDaniel Stenberg
Includes docs and new test cases: 1525, 1526 and 1527 Co-written-by: Vijay Panghal
2014-03-26bump: start the 7.37.0 raceDaniel Stenberg
2014-02-13transfer: make Expect: 100-continue timeout configurable.Tiit Pikma
Replaced the #define CURL_TIMEOUT_EXPECT_100 in transfer.c with the CURLOPT_EXPECT_100_TIMEOUT_MS option to make the timeout configurable.
2014-02-11version: next release will become 7.36.0Daniel Stenberg
2014-02-10NPN/ALPN: allow disabling via command lineFabian Frank
when using --http2 one can now selectively disable NPN or ALPN with --no-alpn and --no-npn. for now honored with NSS only. TODO: honor this option with GnuTLS and OpenSSL
2014-01-29bump: start working on 7.35.1Daniel Stenberg
2014-01-02Bumped copyright year to 2014Steve Holme
2013-12-17bump: start working on the next releaseDaniel Stenberg
2013-12-14login options: remove the ;[options] support from CURLOPT_USERPWDDaniel Stenberg
To avoid the regression when users pass in passwords containing semi- colons, we now drop the ability to set the login options with the same options. Support for login options in CURLOPT_USERPWD was added in 7.31.0. Test case 83 was modified to verify that colons and semi-colons can be used as part of the password when using -u (CURLOPT_USERPWD). Bug: http://curl.haxx.se/bug/view.cgi?id=1311 Reported-by: Petr Bahula Assisted-by: Steve Holme Signed-off-by: Daniel Stenberg <daniel@haxx.se>
2013-12-06curl.h: <sys/select.h> for OpenBSDChristian Weisgerber
curl.h should also include <sys/select.h> on OpenBSD to reliably pull in select(). Typically, including <sys/time.h> will be enough, but not if strict standards-compliance is requested (e.g. by defining _XOPEN_SOURCE).
2013-11-30curl_easy_getinfo: Post CURLINFO_TLS_SESSION tidy upSteve Holme
1) Renamed curl_tlsinfo to curl_tlssessioninfo as discussed on the mailing list. 2) Renamed curl_ssl_backend to curl_sslbackend so it doesn't follow our function naming convention. 3) Updated sessioninfo.c example accordingly.
2013-11-21curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internalsChristian Grothoff
Added new API for returning a SSL backend type and pointer, in order to allow access to the TLS internals, that may then be used to obtain X509 certificate information for example.
2013-11-12curl_easy_setopt: Added the ability to set the login options separatelySteve Holme
Rather than set the authentication options as part of the login details specified in the URL, or via the older CURLOPT_USERPWD option, added a new libcurl option to allow the login options to be set separately.
2013-11-11bump: next release will be 7.34.0Daniel Stenberg
Due to all the news and changes.
2013-10-20cmake: unbreak for non-Windows platformsDaniel Stenberg
Patch-by: Oliver Kuckertz Bug: http://curl.haxx.se/bug/view.cgi?id=1292
2013-10-15SSL: protocol version can be specified more preciselyGergely Nagy
CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, CURL_SSLVERSION_TLSv1_2 enum values are added to force exact TLS version (CURL_SSLVERSION_TLSv1 means TLS 1.x). axTLS: axTLS only supports TLS 1.0 and 1.1 but it cannot be set that only one of these should be used, so we don't allow the new enum values. darwinssl: Added support for the new enum values. SChannel: Added support for the new enum values. CyaSSL: Added support for the new enum values. Bug: The original CURL_SSLVERSION_TLSv1 value enables only TLS 1.0 (it did the same before this commit), because CyaSSL cannot be configured to use TLS 1.0-1.2. GSKit: GSKit doesn't seem to support TLS 1.1 and TLS 1.2, so we do not allow those values. Bugfix: There was a typo that caused wrong SSL versions to be passed to GSKit. NSS: TLS minor version cannot be set, so we don't allow the new enum values. QsoSSL: TLS minor version cannot be set, so we don't allow the new enum values. OpenSSL: Added support for the new enum values. Bugfix: The original CURL_SSLVERSION_TLSv1 value enabled only TLS 1.0, now it enables 1.0-1.2. Command-line tool: Added command line options for the new values.
2013-10-14bump: start working on 7.33.1Daniel Stenberg
2013-09-12libcurl: New options to bind DNS to local interfaces or IP addressesKim Vandry
2013-09-04curl.h: add CURL_VERSION_HTTP2 as a featureDaniel Stenberg
It isn't added as a separate protocol as HTTP2 will be done over HTTP:// URLs that can be upgraded to HTTP2 if the server supports it as well.
2013-09-04curl.h: added CURL_HTTP_VERSION_2_0Daniel Stenberg
Initial library considerations documented in lib/README.http2
2013-08-28bump: next release is 7.33.0 due to added featuresDaniel Stenberg
2013-08-25options: added basic SASL XOAUTH2 supportKyle L. Huff
Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the option CURLOPT_XOAUTH2_BEARER for authentication using RFC6749 "OAuth 2.0 Authorization Framework".
2013-08-22curl.h: name space pollution by "enum type"Daniel Stenberg
Renamed to "enum curl_khtype" now. Will break compilation for programs that rely on the enum name. Bug: https://github.com/bagder/curl/pull/76 Reported-by: Shawn Landden
2013-08-20CURLM_ADDED_ALREADY: new error codeDaniel Stenberg
Doing curl_multi_add_handle() on an easy handle that is already added to a multi handle now returns this error code. It previously returned CURLM_BAD_EASY_HANDLE for this condition.
2013-08-12version number: bump to 7.32.1 for nowDaniel Stenberg
Start working on the next version and up some counters.
2013-07-18CURLOPT_XFERINFOFUNCTION: introducing a new progress callbackDaniel Stenberg
CURLOPT_XFERINFOFUNCTION is now the preferred progress callback function and CURLOPT_PROGRESSFUNCTION is considered deprecated. This new callback uses pure 'curl_off_t' arguments to pass on full resolution sizes. It otherwise retains the same characteristics: the same call rate, the same meanings for the arguments and the return code is used the same way. The progressfunc.c example is updated to show how to use the new callback for newer libcurls while supporting the older one if built with an older libcurl or even built with a newer libcurl while running with an older.
2013-06-22bump: start working towards what most likely will become 7.32.0Daniel Stenberg
2013-04-27bump versionDaniel Stenberg
Since we're adding new stuff, the next release will bump the minor version and we're looking forward to 7.31.0
2013-04-27sasl-ir: Added CURLOPT_SASL_IR to enable/disable the SASL initial responseSteve Holme
2013-04-12bump: start working towards next releaseDaniel Stenberg
2013-03-13Multiple pipelines and limiting the number of connections.Linus Nielsen Feltzing
Introducing a number of options to the multi interface that allows for multiple pipelines to the same host, in order to optimize the balance between the penalty for opening new connections and the potential pipelining latency. Two new options for limiting the number of connections: CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections to the same host. When adding a handle that exceeds this limit, that handle will be put in a pending state until another handle is finished, so we can reuse the connection. CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total. When adding a handle that exceeds this limit, that handle will be put in a pending state until another handle is finished. The free connection will then be reused, if possible, or closed if the pending handle can't reuse it. Several new options for pipelining: CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a pipeline is "full" when a connection is to be reused, a new connection will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it. If not, the handle will be put in a pending state until a connection is ready (either free or a pipe got shorter). CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not be reused if it is currently processing a transfer with a content length that is larger than this. CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not be reused if it is currently processing a chunk larger than this. CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow pipelining. CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow pipelining. See the curl_multi_setopt() man page for details.
2013-03-12curl_global_init: accept the CURL_GLOBAL_ACK_EINTR flagZdenek Pavlas
The flag can be used in pycurl-based applications where using the multi interface would not be acceptable because of the performance lost caused by implementing the select() loop in python. Bug: http://curl.haxx.se/bug/view.cgi?id=1168 Downstream Bug: https://bugzilla.redhat.com/919127
2013-03-12curl.h: stricter CURL_EXTERN linkage decorations logicYang Tse
No API change involved. Info: http://curl.haxx.se/mail/lib-2013-02/0234.html
2013-03-08curlbuild.h.dist: enhance non-configure GCC ABI detection logicYang Tse
GCC specific adjustments: - check __ILP32__ before 32 and 64bit processor architectures in order to detect ILP32 programming model on 64 bit processors which, of course, also support LP64 programming model, when using gcc 4.7 or newer. - keep 32bit processor architecture checks in order to support gcc versions older than 4.7 which don't define __ILP32__ - check __LP64__ for gcc 3.3 and newer, while keeping 64bit processor architecture checks for older versions which don't define __LP64__
2013-03-08curlbuild.h.dist: fix GCC build on ARM systems without configure scriptYang Tse
Bug: http://curl.haxx.se/bug/view.cgi?id=1205 Reported by: technion
2013-03-07version bump: the next release will be 7.30.0Daniel Stenberg
2013-03-07checksrc: ban unsafe functionsDaniel Stenberg
The list of unsafe functions currently consists of sprintf, vsprintf, strcat, strncat and gets. Subsequently, some existing code needed updating to avoid warnings on this.