aboutsummaryrefslogtreecommitdiff
path: root/lib/urldata.h
AgeCommit message (Collapse)Author
2014-10-13vtls: remove QsoSSLPatrick Monnerat
2014-10-07SSL: implement public key pinningmoparisthebest
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
2014-08-14urldata.h: Fixed compilation warnings from commit 3ec253532eSteve Holme
warning: extra tokens at end of #endif directive
2014-08-14urldata: Introduced a GSSAPI (Kerberos V5) data structureSteve Holme
Added a kerberos5data structure which is similar in nature to the ntlmdata and negotiatedata structures.
2014-08-09http_negotiate_sspi: Use a dynamic buffer for SPN generationSteve Holme
Updated to use a dynamic buffer for the SPN generation via the recently introduced Curl_sasl_build_spn() function rather than a fixed buffer of 1024 characters, which should have been more than enough, but by using the new function removes the need for another variable sname to do the wide character conversion in Unicode builds.
2014-08-08ntlm: Fixed hard coded buffer for SSPI based auth packet generationSteve Holme
Given the SSPI package info query indicates a token size of 2888 bytes, and as with the Winbind code and commit 9008f3d56, use a dynamic buffer for the Type-1 and Type-3 message generation rather than a fixed buffer of 1024 bytes.
2014-08-06http_negotiate_sspi: Fixed specific username and password not workingSteve Holme
Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html Reported-by: Leonardo Rosati
2014-07-23docs: Improve inline GSS-API naming in code documentationMichael Osipov
2014-07-23curl.h/features: Deprecate GSS-Negotiate macros due to bad namingMichael Osipov
- Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE - CURL_VERSION_GSSNEGOTIATE is deprecated which is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and CURUL_VERSION_SPNEGO now. - Remove display of feature 'GSS-Negotiate'
2014-07-23HTTP: Remove checkprefix("GSS-Negotiate")Michael Osipov
That auth mech has never existed neither on MS nor on Unix side. There is only Negotiate over SPNEGO.
2014-07-04nss: make the list of CRL items globalKamil Dudka
Otherwise NSS could use an already freed item for another connection.
2014-07-04nss: fix a memory leak when CURLOPT_CRLFILE is usedKamil Dudka
2014-05-28gnutls: don't use deprecated type names anymoreAlessandro Ghedini
2014-05-22bits.close: introduce connection close trackingDaniel Stenberg
Make all code use connclose() and connkeep() when changing the "close state" for a connection. These two macros take a string argument with an explanation, and debug builds of curl will include that in the debug output. Helps tracking connection re-use/close issues.
2014-05-15timers: fix timer regression involving redirects / reconnectsDaniel Stenberg
In commit 0b3750b5c23c25f (released in 7.36.0) we fixed a timeout issue but instead broke the timings. To fix this, I introduce a new timestamp to use for the timeouts and restored the previous timestamp and timestamp position so that the old timer functionality is restored. In addition to that, that change also broke connection timeouts for when more than one connect was used (as it would then count the total time from the first connect and not for the most recent one). Now Curl_timeleft() has been modified so that it checks against different start times depending on which timeout it checks. Test 1303 is updated accordingly. Bug: http://curl.haxx.se/mail/lib-2014-05/0147.html Reported-by: Ryan Braud
2014-04-26INFILESIZE: fields in UserDefined must not be changed run-timeDaniel Stenberg
set.infilesize in this case was modified in several places, which could lead to repeated requests using the same handle to get unintendent/wrong consequences based on what the previous request did!
2014-04-23handler: make 'protocol' always specified as a single bitDaniel Stenberg
This makes the findprotocol() function work as intended so that libcurl can properly be restricted to not support HTTP while still supporting HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS bits in the protocol field. This fixes --proto and --proto-redir for most SSL protocols. This is done by adding a few new convenience defines that groups HTTP and HTTPS, FTP and FTPS etc that should then be used when the code wants to check for both protocols at once. PROTO_FAMILY_[protocol] style. Bug: https://github.com/bagder/curl/pull/97 Reported-by: drizzt
2014-04-22nss: implement non-blocking SSL handshakeKamil Dudka
2014-04-04CURLOPT_HEADEROPT: addedDaniel Stenberg
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER is actually used or not.
2014-04-04CURLOPT_PROXYHEADER: set headers for proxy-onlyDaniel Stenberg
Includes docs and new test cases: 1525, 1526 and 1527 Co-written-by: Vijay Panghal
2014-04-01urldata: spellfix commentDaniel Stenberg
Reported-by: Melissa
2014-03-31http2: remove _DRAFT09 from the NPN_HTTP2 enumDaniel Stenberg
We're progressing throught drafts so there's no point in having a fixed one in a symbol that'll survive.
2014-03-25url: Fixed connection re-use when using different log-in credentialsSteve Holme
In addition to FTP, other connection based protocols such as IMAP, POP3, SMTP, SCP, SFTP and LDAP require a new connection when different log-in credentials are specified. Fixed the detection logic to include these other protocols. Bug: http://curl.haxx.se/docs/adv_20140326A.html
2014-03-18polarssl: break compatibility with version older than 1.3.Gaël PORTAY
Remove all #ifdef/else/endif macros that ensure compatibility with polarssl version previous than 1.3.
2014-03-17polarssl: fix compilationhasufell
Rename x509_cert to x509_crt and add "compat-1.2.h" include. This would still need some more thorough conversion in order to drop "compat-1.2.h" include.
2014-03-05remote_port: allow connect to port 0Daniel Stenberg
Port number zero is perfectly allowed to connect to. I moved to storing the remote port number in an int so that -1 means undefined and 0-65535 can be used for legitimate port numbers.
2014-02-13transfer: make Expect: 100-continue timeout configurable.Tiit Pikma
Replaced the #define CURL_TIMEOUT_EXPECT_100 in transfer.c with the CURLOPT_EXPECT_100_TIMEOUT_MS option to make the timeout configurable.
2014-02-10NPN/ALPN: allow disabling via command lineFabian Frank
when using --http2 one can now selectively disable NPN or ALPN with --no-alpn and --no-npn. for now honored with NSS only. TODO: honor this option with GnuTLS and OpenSSL
2014-01-30openssl: set up hooks with to perform NPNFabian Frank
NPN is what is available in the wild today to negotiate SPDY or HTTP/2.0 connections. It is expected to be replaced by ALPN in the future. If HTTP/2.0 is negotiated, this is indicated for the entire connection and http.c is expected to initialize itself for HTTP/2.0 instead of HTTP/1.1. see: http://technotes.googlecode.com/git/nextprotoneg.html http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
2014-01-29ntlm: Added support for NTLMv2Prash Dush
2014-01-29http2: handle 101 responses and switch to HTTP2Daniel Stenberg
2013-11-30curl_easy_getinfo: Post CURLINFO_TLS_SESSION tidy upSteve Holme
1) Renamed curl_tlsinfo to curl_tlssessioninfo as discussed on the mailing list. 2) Renamed curl_ssl_backend to curl_sslbackend so it doesn't follow our function naming convention. 3) Updated sessioninfo.c example accordingly.
2013-11-21curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internalsChristian Grothoff
Added new API for returning a SSL backend type and pointer, in order to allow access to the TLS internals, that may then be used to obtain X509 certificate information for example.
2013-10-27Add "Happy Eyeballs" for IPv4/IPv6.Björn Stenberg
This patch invokes two socket connect()s nearly simultaneously, and the socket that is first connected "wins" and is subsequently used for the connection. The other is terminated. There is a very slight IPv4 preference, in that if both sockets connect simultaneously IPv4 is checked first and thus will win.
2013-09-07http2: actually init nghttp2 and send HTTP2-Settings properlyDaniel Stenberg
2013-08-25options: added basic SASL XOAUTH2 supportKyle L. Huff
Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the option CURLOPT_XOAUTH2_BEARER for authentication using RFC6749 "OAuth 2.0 Authorization Framework".
2013-08-25FTP: remove krb4 supportDaniel Stenberg
We've announced this pending removal for a long time and we've repeatedly asked if anyone would care or if anyone objects. Nobody has objected. It has probably not even been working for a good while since nobody has tested/used this code recently. The stuff in krb4.h that was generic enough to be used by other sources is now present in security.h
2013-08-20url: handle arbitrary-length username and password before '@'Jonathan Nieder
libcurl quietly truncates usernames, passwords, and options from before an '@' sign in a URL to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters to fit in fixed-size buffers on the stack. Allocate a buffer large enough to fit the parsed fields on the fly instead to support longer passwords. After this change, there are no more uses of MAX_CURL_OPTIONS_LENGTH left, so stop defining that constant while at it. The hardcoded max username and password length constants, on the other hand, are still used in HTTP proxy credential handling (which this patch doesn't touch). Reported-by: Colby Ranger
2013-08-12SessionHandle: the protocol specific pointer is now a void *Daniel Stenberg
All protocol handler structs are now opaque (void *) in the SessionHandle struct and moved in the request-specific sub-struct 'SingleRequest'. The intension is to keep the protocol specific knowledge in their own dedicated source files [protocol].c etc. There's some "leakage" where this policy is violated, to be addressed at a later point in time.
2013-08-12urldata: clean up the use of the protocol specific structsDaniel Stenberg
1 - always allocate the struct in protocol->setup_connection. Some protocol handlers had to get this function added. 2 - always free at the end of a request. This is also an attempt to keep less memory in the handle after it is completed.
2013-08-06FTP: when EPSV gets a 229 but fails to connect, retry with PASVDaniel Stenberg
This is a regression as this logic used to work. It isn't clear when it broke, but I'm assuming in 7.28.0 when we went all-multi internally. This likely never worked with the multi interface. As the failed connection is detected once the multi state has reached DO_MORE, the Curl_do_more() function was now expanded somewhat so that the ftp_do_more() function can request to go "back" to the previous state when it makes another attempt - using PASV. Added test case 1233 to verify this fix. It has the little issue that it assumes no service is listening/accepting connections on port 1... Reported-by: byte_bucket in the #curl IRC channel
2013-08-03multi: remove data->state.current_conn struct fieldDaniel Stenberg
Not needed
2013-08-03multi: remove the one_easy struct fieldDaniel Stenberg
Since the merge of SessionHandle with Curl_one_easy, this indirection isn't used anymore.
2013-08-03multi: rename all Curl_one_easy to SessionHandleDaniel Stenberg
2013-08-03multi: remove the multi_pos struct fieldDaniel Stenberg
Since Curl_one_easy is really a SessionHandle now, this indirection doesn't exist anymore.
2013-08-03multi: remove easy_handle struct fieldDaniel Stenberg
It isn't needed anymore
2013-08-03multi: remove 'Curl_one_easy' struct, phase 1Daniel Stenberg
The motivation for having a separate struct that keep track of an easy handle when using the multi handle was removed when we switched to always using the multi interface internally. Now they were just two separate struct that was always allocated for each easy handle. This first step just moves the Curl_one_easy struct members into the SessionHandle struct and hides this somehow (== keeps the source code changes to a minimum) by defining Curl_one_easy to SessionHandle The biggest changes in this commit are: 1 - the linked list of easy handles had to be changed somewhat due to the new struct layout. This made the main linked list pointer get renamed to 'easyp' and there's also a new pointer to the last node, called easylp. It is no longer circular but ends with ->next pointing to NULL. New nodes are still added last. 2 - easy->state is now called easy->mstate to avoid name collision
2013-07-18CURLOPT_XFERINFOFUNCTION: introducing a new progress callbackDaniel Stenberg
CURLOPT_XFERINFOFUNCTION is now the preferred progress callback function and CURLOPT_PROGRESSFUNCTION is considered deprecated. This new callback uses pure 'curl_off_t' arguments to pass on full resolution sizes. It otherwise retains the same characteristics: the same call rate, the same meanings for the arguments and the return code is used the same way. The progressfunc.c example is updated to show how to use the new callback for newer libcurls while supporting the older one if built with an older libcurl or even built with a newer libcurl while running with an older.
2013-07-15OS400: new SSL backend GSKitPatrick Monnerat
2013-06-12axtls: now done non-blockingEric Hu