aboutsummaryrefslogtreecommitdiff
path: root/lib/urldata.h
AgeCommit message (Collapse)Author
2009-07-20- Claes Jakobsson improved the support for client certificates handlingKamil Dudka
in NSS-powered libcurl. Now the client certificates can be selected automatically by a NSS built-in hook. Additionally pre-login to all PKCS11 slots is no more performed. It used to cause problems with HW tokens. - Fixed reference counting for NSS client certificates. Now the PEM reader module should be always properly unloaded on Curl_nss_cleanup(). If the unload fails though, libcurl will try to reuse the already loaded instance.
2009-06-16- When doing non-anonymous ftp via http proxies and the password is notMichal Marek
provided in the url, add it there (squid needs this).
2009-06-08- Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcountDaniel Stenberg
issue with client certs that caused issues like segfaults. http://curl.haxx.se/mail/lib-2009-05/0316.html
2009-05-11Internal cleanup: KEEP_WRITE and KEEP_READ are now called KEEP_SEND andDaniel Stenberg
KEEP_RECV to better match the general terminology: receive and send is what we do from the (remote) servers. We read and write from and to the local fs.
2009-04-24- Kamil Dudka fixed another NSS-related leak when client certs were used.Daniel Stenberg
2009-04-13- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turnedDaniel Stenberg
out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue is found in Redhat's bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=453612 There are still memory leaks present, but they seem to have other reasons.
2009-03-02- David Kierznowski notified us about a security flawDaniel Stenberg
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in which previous libcurl versions (by design) can be tricked to access an arbitrary local/different file instead of a remote one when CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release together this the addition of two new setopt options for controlling this new behavior: o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option excludes the FILE and SCP protocols and thus you nee to explicitly allow them in your app if you really want that behavior. o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch using the primary URL option. This is useful if you want to allow a user or other outsiders control what URL to pass to libcurl and yet not allow all protocols libcurl may have been built to support.
2009-02-20- Linus Nielsen Feltzing reported and helped me repeat and fix a problem withDaniel Stenberg
FTP with the multi interface: when a transfer fails, like when aborted by a write callback, the control connection was wrongly closed and thus not re-used properly. This change is also an attempt to cleanup the code somewhat in this area, as now the FTP code attempts to keep (better) track on pending responses necessary to get read in ftp_done().
2009-02-17- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 forDaniel Stenberg
plain FTP connections, and it will then allow MKD to fail once and retry the CWD afterwards. This is especially useful if you're doing many simultanoes connections against the same server and they all have this option enabled, as then CWD may first fail but then another connection does MKD before this connection and thus MKD fails but trying CWD works! The numbers can (should?) now be set with the convenience enums now called CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY. Tests has proven that if you're making an application that uploads a set of files to an ftp server, you will get a noticable gain in speed if you're using multiple connections and this option will be then be very useful.
2009-02-11- CURLINFO_CONDITION_UNMET was added to allow an application to get to know ifDaniel Stenberg
the condition in the previous request was unmet. This is typically a time condition set with CURLOPT_TIMECONDITION and was previously not possible to reliably figure out. From bug report #2565128 (http://curl.haxx.se/bug/view.cgi?id=2565128)
2009-01-29Introduced curl_sspi.c and curl_sspi.h for the implementation of functionsYang Tse
Curl_sspi_global_init() and Curl_sspi_global_cleanup() which previously were named Curl_ntlm_global_init() and Curl_ntlm_global_cleanup() in http_ntlm.c Also adjusted socks_sspi.c to remove the link-time dependency on the Windows SSPI library using it now in the same way as it was done in http_ntlm.c.
2009-01-28- Markus Moeller introduced two new options to libcurl:Daniel Stenberg
CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-26- Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an appDaniel Stenberg
to set desired block size to use for TFTP transfers instead of the default 512 bytes.
2009-01-25- Craig A West brought CURLOPT_NOPROXY and the corresponding --noproxy option.Daniel Stenberg
They basically offer the same thing the NO_PROXY environment variable only offered previously: list a set of host names that shall not use the proxy even if one is specified.
2009-01-13spell-checked a bunch of commentsDaniel Stenberg
2009-01-07Created a CURLMIN macro to match CURLMAXDan Fandrich
2008-12-19- Using the libssh2 0.19 function libssh2_session_block_directions(), libcurlDaniel Stenberg
now has an improved ability to do right when the multi interface (both "regular" and multi_socket) is used for SCP and SFTP transfers. This should result in (much) less busy-loop situations and thus less CPU usage with no speed loss.
2008-12-10- Internet Explorer had a broken HTTP digest authentication before v7 andDaniel Stenberg
there are servers "out there" that relies on the client doing this broken Digest authentication. Apache even comes with an option to work with such broken clients. The difference is only for URLs that contain a query-part (a '?'-letter and text to the right of it). libcurl now supports this quirk, and you enable it by setting the CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH options. They are thus individually controlled to server and proxy.
2008-12-08- Christian Krause filed bug #2221237Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2221237) that identified an infinite loop during GSS authentication given some specific conditions. With his patience and great feedback I managed to narrow down the problem and eventually fix it although I can't test any of this myself!
2008-12-02explain the two *channel_inuse fields somewhat betterDaniel Stenberg
2008-11-03- Bug #2218480 (http://curl.haxx.se/bug/view.cgi?id=2218480) pointed out aDaniel Stenberg
problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL pointer read. I also took the opportunity to clean up this logic (storing of the connection's IP address) somewhat as we had it stored in two different places and ways previously and they are now unified.
2008-11-03fix length of longest IPv6 address stringYang Tse
2008-10-25Added experimental support for zlib and OpenSSL on Symbian OS.Dan Fandrich
2008-10-17remove some spurious line-endingsYang Tse
2008-10-16- Igor Novoseltsev added CURLOPT_PROXYUSER and CURLOPT_PROXYPASSWORD that thenDaniel Stenberg
make CURLOPT_PROXYUSERPWD sort of deprecated. The primary motive for adding these new options is that they have no problems with the colon separator that the CURLOPT_PROXYUSERPWD option does.
2008-10-08- Igor Novoseltsev brought a patch that introduced two new options toDaniel Stenberg
curl_easy_setopt: CURLOPT_USERNAME and CURLOPT_PASSWORD that sort of deprecates the good old CURLOPT_USERPWD since they allow applications to set the user name and password independently and perhaps more importantly allow both to contain colon(s) which CURLOPT_USERPWD doesn't fully support.
2008-09-05Improved the logic the decides whether to use HTTP 1.1 features or not in aDan Fandrich
request. Detect cases where an upload must be sent chunked and the server supports only HTTP 1.0 and return CURLE_UPLOAD_FAILED.
2008-09-05- Martin Drasar provided the CURLOPT_POSTREDIR patch. It renamesDaniel Stenberg
CURLOPT_POST301 (but adds a define for backwards compatibility for you who don't define CURL_NO_OLDIES). This option allows you to now also change the libcurl behavior for a HTTP response 302 after a POST to not use GET in the subsequent request (when CURLOPT_FOLLOWLOCATION is enabled). I edited the patch somewhat before commit. The curl tool got a matching --post302 option. Test case 1076 was added to verify this.
2008-09-05- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. ByDaniel Stenberg
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS or FTPS), libcurl will gather lots of server certificate info and that info can then get extracted by a client after the request has completed with curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing helped me test and smoothen out this feature. Unfortunately, this feature currently only works with libcurl built to use OpenSSL. This feature was sponsored by networking4all.com - thanks!
2008-09-04Made some variables constDan Fandrich
2008-08-17Adjust usage of conditional definition of USE_OPENSSLYang Tse
2008-07-30- Phil Blundell added the CURLOPT_SCOPE option, as well as adjusted the URLDaniel Stenberg
parser to allow numerical IPv6-addresses to be specified with the scope given, as per RFC4007 - with a percent letter that itself needs to be URL escaped. For example, for an address of fe80::1234%1 the HTTP URL is: "http://[fe80::1234%251]/"
2008-07-30Fixed --use-ascii to properly convert text files on Symbian OS, MS-DOSDan Fandrich
and OS/2.
2008-07-03Introcuding a new timestamp for curl_easy_getinfo():Daniel Stenberg
CURLINFO_APPCONNECT_TIME. This is set with the "application layer" handshake/connection is completed (typically SSL, TLS or SSH). By using this you can figure out the application layer's own connect time. You can extract the time stamp using curl's -w option and the new variable named 'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar.
2008-06-06- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, forDaniel Stenberg
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, forDaniel Stenberg
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06- Added CURLINFO_PRIMARY_IP as a new information retrievable withDaniel Stenberg
curl_easy_getinfo. It returns a pointer to a string with the most recently used IP address. Modified test case 500 to also verify this feature. The implementing of this feature was sponsored by Lenny Rachitsky at NeuStar.
2008-04-30- To make it easier for applications that want lots of magic stuff done onDaniel Stenberg
redirections and thus cannot use CURLOPT_FOLLOWLOCATION easily, we now introduce the new CURLINFO_REDIRECT_URL option that lets applications extract the URL libcurl would've redirected to if it had been told to. This then enables the application to continue to that URL as it thinks is suitable, without having to re-implement the magic of creating the new URL from the Location: header etc. Test 1029 verifies it.
2008-03-13Change the confusing two variables for the expect 100 continue stuff intoDaniel Stenberg
a single state variable to make the code easier to follow and understand.
2008-02-20- Based on initial work done by Gautam Kachroo to address a bug, we now keepDaniel Stenberg
better control at the exact state of the connection's SSL status so that we know exactly when it has completed the SSL negotiation or not so that there won't be accidental re-uses of connections that are wrongly believed to be in SSL-completed-negotiate state.
2008-02-20- We no longer support setting the CURLOPT_URL option from inside a callbackDaniel Stenberg
such as the CURLOPT_SSL_CTX_FUNCTION one treat that as if it was a Location: following. The patch that introduced this feature was done for 7.11.0, but this code and functionality has been broken since about 7.15.4 (March 2006) with the introduction of non-blocking OpenSSL "connects". It was a hack to begin with and since it doesn't work and hasn't worked correctly for a long time and nobody has even noticed, I consider it a very suitable subject for plain removal. And so it was done.
2008-02-03- Dmitry Kurochkin cleaned up the pipelining code and removed the need for andDaniel Stenberg
use of the "is_in_pipeline" struct field.
2008-01-31- Dmitry Kurochkin moved several struct fields from the connectdata struct toDaniel Stenberg
the SingleRequest one to make pipelining better. It is a bit tricky to keep them in the right place, to keep things related to the actual request or to the actual connection in the right place.
2008-01-21Dmitry Kurochkin removed the cancelled state for pipelining, as we agreedDaniel Stenberg
that it is bad anyway. Starting now, removing a handle that is in used in a pipeline will break the pipeline - it'll be set back up again but still...
2008-01-16Dmitry Kurochkin worked a lot on improving the HTTP Pipelining support thatDaniel Stenberg
previously had a number of flaws, perhaps most notably when an application fired up N transfers at once as then they wouldn't pipeline at all that nicely as anyone would think... Test case 530 was also updated to take the improved functionality into account.
2008-01-15Woops, partly revert my previous commit and do it slightly differently instead.Daniel Stenberg
The signalling of that a global DNS cache is wanted is done by setting the option but the setting of the internal variable that it is in use must not be done until it finally actually gets used! NOTE and WARNING: I noticed that you can't actually switch off the global dns cache with CURLOPT_DNS_USE_GLOBAL_CACHE but you couldn't do that previously either and the option is very clearly and loudly documented as DO NOTE USE so I won't bother to fix this bug now.
2008-01-15I made the torture test on test 530 go through. This was actually due toDaniel Stenberg
silly code left from when we switched to let the multi handle "hold" the dns cache when using the multi interface... Of course this only triggered when a certain function call returned error at the correct moment.
2008-01-14Trying GnuTLS and OpenSSL together fails to compile in not soGisle Vanem
obvious ways. Give an explicit error.
2008-01-10Georg Lippitsch brought CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA to allowDaniel Stenberg
libcurl to seek in a given input stream. This is particularly important when doing upload resumes when there's already a huge part of the file present remotely. Before, and still if this callback isn't used, libcurl will read and through away the entire file up to the point to where the resuming begins (which of course can be a slow opereration depending on file size, I/O bandwidth and more). This new function will also be preferred to get used instead of the CURLOPT_IOCTLFUNCTION for seeking back in a stream when doing multi-stage HTTP auth with POST/PUT.
2008-01-08Introducing curl_easy_pause() and new magic return codes for both the readDaniel Stenberg
and the write callbacks that now can make a connection's reading and/or writing get paused.