aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)Author
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-09bump: next version will be 7.52.0Daniel Stenberg
2016-11-07vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3Kamil Dudka
Fully implemented with the NSS backend only for now. Reviewed-by: Ray Satiro
2016-11-07s/cURL/curlDaniel Stenberg
We're mostly saying just "curl" in lower case these days so here's a big cleanup to adapt to this reality. A few instances are left as the project could still formally be considered called cURL.
2016-11-03bump: start working on 7.51.1Daniel Stenberg
2016-09-22New libcurl option to keep sending on errorMichael Kaufmann
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether sending the request body shall be completed when the server responds early with an error status code. This is suitable for manual NTLM authentication. Reviewed-by: Jay Satiro Closes https://github.com/curl/curl/pull/904
2016-09-07errors: new alias CURLE_WEIRD_SERVER_REPLY (8)Jay Satiro
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as more of a generic "failed to parse" introduce an alias without FTP in the name. Closes https://github.com/curl/curl/pull/975
2016-09-07bump: toward 7.51.0Daniel Stenberg
2016-08-09curl.h: make CURL_NO_OLDIES define CURL_STRICTERDaniel Stenberg
2016-08-03bump: start working toward 7.50.2Daniel Stenberg
2016-07-31include: revert 9adf3c4 and make public types void * againDaniel Stenberg
Many applications assume the actual contents of the public types and use that do for example forward declarations (saving them from including our public header) which then breaks when we switch from void * to a struct *. I'm not convinced we were wrong, but since this practise seems widespread enough I'm willing to (partly) step down. Now libcurl uses the struct itself when it is built and it allows applications to use the struct type if CURL_STRICTER is defined at the time of the #include. Reported-by: Peter Frühberger Fixes #926
2016-07-21bump: start working on 7.50.1Daniel Stenberg
2016-06-22internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg
2016-06-22headers: forward declare CURL, CURLM and CURLSH as structsDaniel Stenberg
Instead of typedef'ing to void, typedef to their corresponding actual struct names to allow compilers to type-check. Assisted-by: Reinhard Max
2016-05-30http: add CURLINFO_HTTP_VERSION and %{http_version}Frank Gevaerts
Adds access to the effectively used http version to both libcurl and curl. Closes #799
2016-05-30bump: start the journey toward 7.50.0Daniel Stenberg
2016-05-18bump: Start work on 7.49.1Steve Holme
2016-05-18curlbuild.h.dist: check __LP64__ as well to fix MIPS buildDaniel Stenberg
The preprocessor check that sets up the 32bit defines for non-configure builds didn't work properly for MIPS systems as __mips__ is defined for both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit. Reported-by: Tomas Jakobsson Fixes #813
2016-04-25curl.h: clarify curl_sslbackend for openssl clones and renamesDaniel Stenberg
2016-04-22curl.h: CURLOPT_CONNECT_TO sets a struct slist *, not a stringPatrick Monnerat
2016-04-18url: add CURLOPT_TCP_FASTOPEN optionAlessandro Ghedini
2016-04-18includes: avoid duplicate memory callback typdefs even harderDaniel Stenberg
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-11http2: Add handling stream level errorTatsuhiro Tsujikawa
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR by RST_STREAM, underlying TCP connection was dropped. This is undesirable since there may be other streams multiplexed and they are very much fine. This change introduce new error code CURLE_HTTP2_STREAM, which indicates stream error that only affects the relevant stream, and connection should be kept open. The existing CURLE_HTTP2 means connection error in general. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-09CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAMESteve Holme
As these two options provide identical functionality, the former for SOCK5 proxies and the latter for HTTP proxies, merged the two options together. As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of 7.49.0.
2016-04-03code: style updatesDaniel Stenberg
2016-04-027.49.0: next release versionDaniel Stenberg
2016-04-01curl.h: define CURL_DID_MEMORY_FUNC_TYPEDEFSDaniel Stenberg
So that we only do the extra typedefs in curl_memory.h when we really need to and avoid double typedefs. follow-up commit to 7218b52c49aeb1 Thanks-to: Steve Holme
2016-04-01curl/mprintf.h: remove support for _MPRINTF_REPLACEDaniel Stenberg
The define is not in our name space and is therefore not protected by our API promises. It was only really used by libcurl internals but was mostly erased from there already in 8aabbf5 (March 2015). This is supposedly the final death blow to that define from everywhere. As a side-effect, making sure _MPRINTF_REPLACE is gone and not used, I made the lib tests in tests/libtest/ use curl_printf.h for its redefine magic and then subsequently the use of sprintf() got banned in the tests as well (as it is in libcurl internals) and I then replaced them all with snprintf(). In the unlikely event that any users is actually using this define and gets sad by this change, it is very easily copied to the user's own code.
2016-03-31http2: support "prior knowledge", no upgrade from HTTP/1.1Diego Bes
Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
2016-03-23bump: work on 7.48.1Daniel Stenberg
2016-03-18bump: the coming release is 7.48.0Daniel Stenberg
2016-02-23getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSIONJay Satiro
The two options are almost the same, except in the case of OpenSSL: CURLINFO_TLS_SESSION OpenSSL session internals is SSL_CTX *. CURLINFO_TLS_SSL_PTR OpenSSL session internals is SSL *. For backwards compatibility we couldn't modify CURLINFO_TLS_SESSION to return an SSL pointer for OpenSSL. Also, add support for the 'internals' member to point to SSL object for the other backends axTLS, PolarSSL, Secure Channel, Secure Transport and wolfSSL. Bug: https://github.com/curl/curl/issues/234 Reported-by: dkjjr89@users.noreply.github.com Bug: https://curl.haxx.se/mail/lib-2015-09/0127.html Reported-by: Michael König
2016-02-23TFTP: add option to suppress TFTP option requests (Part 1)Michael Koenig
Some TFTP server implementations ignore the "TFTP Option extension" (RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing problems with libcurl. Another switch for curl_easy_setopt "CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from sending TFTP option requests to a server, avoiding many problems caused by faulty implementations. Bug: https://github.com/curl/curl/issues/481
2016-02-08bump: work toward the next releaseDaniel Stenberg
2016-02-03URLs: Change more haxx.se URLs from http: to https:Dan Fandrich
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2016-01-28bump: towards the next (7.47.1 ?)Daniel Stenberg
2015-12-15curlver: the pending release will become 7.47.0Daniel Stenberg
2015-12-13http: add libcurl option to allow HTTP/2 for HTTPS onlyDaniel Stenberg
... and stick to 1.1 for HTTP. This is in line with what browsers do and should have very little risk.
2015-12-07lwip: Fix compatibility issues with later versionsGisle Vanem
The name of the header guard in lwIP's <lwip/opt.h> has changed from '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015). Other fixes: - In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is used. - In memdebug.h, the 'socket' should be undefined first due to lwIP's lwip_socket() macro. - In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need special handling because they were undef'ed in memdebug.h. - In select.c we can't use preprocessor conditionals inside select if MSVC and select is a macro, as it is with lwIP. http://curl.haxx.se/mail/lib-2015-12/0023.html http://curl.haxx.se/mail/lib-2015-12/0024.html
2015-12-07version: Add flag CURL_VERSION_PSL for libpslGisle Vanem
2015-12-02bump: towards next releaseDaniel Stenberg
for all we know now, it might be called 7.46.1
2015-11-19curl.h: s/#defien/#define/Patrick Monnerat
2015-11-13typecheck-gcc.h: add missing slist-using optionsDaniel Stenberg
CURLOPT_RESOLVE and CURLOPT_PROXYHEADER were missing Also sorted the list.
2015-11-13typecheck-gcc.h: added CURLOPT_CLOSESOCKETDATADaniel Stenberg
... and sorted curl_is_cb_data_option alphabetically
2015-11-13typecheck-gcc.h: add some missing string typesDaniel Stenberg
Also sorted that list alphabetically
2015-11-13curl.h: introducing the STRINGPOINT aliasDaniel Stenberg
As an alias for OBJECTPOINT. Provided to allow us to grep for all string options easier.
2015-11-02formadd: support >2GB files on windowsDaniel Stenberg
Closes #425
2015-10-31curl.h: s/HTTPPOST_/CURL_HTTPOST_Daniel Stenberg
Fixes a name space pollution at the cost of programs using one of these defines will no longer compile. However, the vast majority of libcurl programs that do multipart formposts use curl_formadd() to build this list. Closes #506