aboutsummaryrefslogtreecommitdiff
path: root/packages
AgeCommit message (Collapse)Author
2017-03-12url: add option CURLOPT_SUPPRESS_CONNECT_HEADERSDesmond O. Chang
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing proxy CONNECT response headers from the user callback functions CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION. - Add new tool option --suppress-connect-headers to expose CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT response headers from --dump-header and --include. Assisted-by: Jay Satiro Assisted-by: CarloCannas@users.noreply.github.com Closes https://github.com/curl/curl/pull/783
2017-03-08vtls: add options to specify range of enabled TLS versionsJozef Kralik
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as the --tls-max option of the curl tool. Closes https://github.com/curl/curl/pull/1166
2017-02-01OS400: Fix symbolsJay Satiro
- s/CURLOPT_SOCKS_PROXY/CURLOPT_PRE_PROXY Follow-up to 7907a2b and 845522c. - Fix incorrect id for CURLOPT_PROXY_PINNEDPUBLICKEY. - Add id for CURLOPT_ABSTRACT_UNIX_SOCKET. Bug: https://github.com/curl/curl/issues/1237 Reported-by: jonrumsey@users.noreply.github.com
2016-11-26os400: support CURLOPT_PROXY_PINNEDPUBLICKEYPatrick Monnerat
Also define it in ILE/RPG binding.
2016-11-25os400: sync ILE/RPG bindingPatrick Monnerat
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-07vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3Kamil Dudka
Fully implemented with the NSS backend only for now. Reviewed-by: Ray Satiro
2016-11-07s/cURL/curlDaniel Stenberg
We're mostly saying just "curl" in lower case these days so here's a big cleanup to adapt to this reality. A few instances are left as the project could still formally be considered called cURL.
2016-10-31strcase: fix the remaining rawstr usersDaniel Stenberg
2016-09-22New libcurl option to keep sending on errorMichael Kaufmann
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether sending the request body shall be completed when the server responds early with an error status code. This is suitable for manual NTLM authentication. Reviewed-by: Jay Satiro Closes https://github.com/curl/curl/pull/904
2016-09-07errors: new alias CURLE_WEIRD_SERVER_REPLY (8)Jay Satiro
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as more of a generic "failed to parse" introduce an alias without FTP in the name. Closes https://github.com/curl/curl/pull/975
2016-08-02os400: define BUILDING_LIBCURL in make script.Patrick Monnerat
2016-07-25os400: minimum supported OS version: V6R1M0.Patrick Monnerat
Do not log compilation informational messages.
2016-06-22internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg
2016-06-16os400: add new definitions to ILE/RPG binding.Patrick Monnerat
2016-05-30loadlibrary: Only load system DLLs from the system directorySteve Holme
Inspiration provided by: Daniel Stenberg and Ray Satiro Bug: https://curl.haxx.se/docs/adv_20160530.html Ref: Windows DLL hijacking with curl, CVE-2016-4802
2016-04-22os400: upgrade ILE/RPG bindingPatrick Monnerat
2016-04-11http2: Add handling stream level errorTatsuhiro Tsujikawa
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR by RST_STREAM, underlying TCP connection was dropped. This is undesirable since there may be other streams multiplexed and they are very much fine. This change introduce new error code CURLE_HTTP2_STREAM, which indicates stream error that only affects the relevant stream, and connection should be kept open. The existing CURLE_HTTP2 means connection error in general. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-03-27http_ntlm: Renamed from curl_ntlm.[c|h]Steve Holme
Renamed the header and source files for this module as they are HTTP specific and as such, they should use the naming convention as other HTTP authentication source files do - this revert commit 260ee6b7bf. Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind code needs separating from the HTTP protocol and migrating into the vauth directory, thus adding support for Winbind to the SASL based protocols such as IMAP, POP3 and SMTP.
2016-03-26http_negotiate: Combine GSS-API and SSPI source filesSteve Holme
As the GSS-API and SSPI based source files are no longer library/API specific, following the extraction of that authentication code to the vauth directory, combine these files rather than maintain two separate versions.
2016-03-26vauth: Moved the Negotiate authentication code to the new vauth directorySteve Holme
Part 2 of 2 - Moved the GSS-API based Negotiate authentication code.
2016-03-26vauth: Moved the Negotiate authentication code to the new vauth directorySteve Holme
Part 1 of 2 - Moved the SSPI based Negotiate authentication code.
2016-03-25build: Corrected typos from commit 70e56939aaSteve Holme
2016-03-25vauth: Moved the OAuth 2.0 authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved the NTLM authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved the Kerberos V5 authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved the DIGEST authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved the CRAM-MD5 authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved the ClearText authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved Curl_sasl_build_spn() to create the initial vauth source filesSteve Holme
2016-02-24os400: Fix ILE/RPG definition of CURLOPT_TFTP_NO_OPTIONSPatrick Monnerat
2016-02-23getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSIONJay Satiro
The two options are almost the same, except in the case of OpenSSL: CURLINFO_TLS_SESSION OpenSSL session internals is SSL_CTX *. CURLINFO_TLS_SSL_PTR OpenSSL session internals is SSL *. For backwards compatibility we couldn't modify CURLINFO_TLS_SESSION to return an SSL pointer for OpenSSL. Also, add support for the 'internals' member to point to SSL object for the other backends axTLS, PolarSSL, Secure Channel, Secure Transport and wolfSSL. Bug: https://github.com/curl/curl/issues/234 Reported-by: dkjjr89@users.noreply.github.com Bug: https://curl.haxx.se/mail/lib-2015-09/0127.html Reported-by: Michael König
2016-02-23TFTP: add option to suppress TFTP option requests (Part 1)Michael Koenig
Some TFTP server implementations ignore the "TFTP Option extension" (RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing problems with libcurl. Another switch for curl_easy_setopt "CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from sending TFTP option requests to a server, avoiding many problems caused by faulty implementations. Bug: https://github.com/curl/curl/issues/481
2016-02-08os400: sync ILE/RPG definitions with latest public header files.Patrick Monnerat
2016-02-03URLs: Change more haxx.se URLs from http: to https:Dan Fandrich
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-12-07os400: define CURL_VERSION_PSL in ILE/RPG bindingPatrick Monnerat
2015-11-19os400: synchronize ILE/RPG header filePatrick Monnerat
2015-11-19os400: Provide options for libssh2 use in compile scripts. Adjust README.Patrick Monnerat
2015-11-05os400: adjust specific code to support new options.Patrick Monnerat
2015-08-24os400: include new options in wrappers and update ILE/RPG binding.Patrick Monnerat
2015-07-21os400: ebcdic wrappers for new functions. Upgrade ILE/RPG bindings.Patrick Monnerat
2015-07-01OpenVMS: VMS Software, Inc now the supplier.John Malmberg
setup-vms.h: Symbol case fixups submitted by Michael Steve build_gnv_curl_pcsi_desc.com: VSI aka as VMS Software, is now the supplier of new versions of VMS. The install kit needs to accept VSI as a producer.
2015-05-14build: removed bundles.c from make filesDan Fandrich
This file was removed in commit fd137786
2015-05-05OS400: Add SPNEGO service name options to ILE/RPG binding.Patrick Monnerat
2015-04-28Negotiate: custom service names for SPNEGO.Linus Nielsen
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. * Add new curl options, --proxy-service-name and --service-name.
2015-03-24os400: define new options in ILE/RPG binding.Patrick Monnerat
2015-03-16Bug #149: Deletion of unnecessary checks before calls of the function "free"Markus Elfring
The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-05openssl: remove all uses of USE_SSLEAYDaniel Stenberg
SSLeay was the name of the library that was subsequently turned into OpenSSL many moons ago (1999). curl does not work with the old SSLeay library since years. This is now reflected by only using USE_OPENSSL in code that depends on OpenSSL.
2015-02-15By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]"Nick Zitzmann