aboutsummaryrefslogtreecommitdiff
path: root/src/tool_getparam.c
AgeCommit message (Collapse)Author
2017-08-07curl: detect and bail out early on parameter integer overflowsDaniel Stenberg
Make the number parser aware of the maximum limit curl accepts for a value and return an error immediately if larger, instead of running an integer overflow later. Fixes #1730 Closes #1736
2017-08-05getparameter: avoid returning uninitialized 'usedarg'Daniel Stenberg
Fixes #1728
2017-07-09tool_getparam: fix potentially uninitialized errJay Satiro
2017-06-28curl --socks5-{basic,gssapi}: control socks5 authKamil Dudka
Closes https://github.com/curl/curl/pull/1454
2017-06-26tool_getparam: fix memory leak on test 1147 OOM (torture tests)Jay Satiro
Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872 Reported-by: Dan Fandrich
2017-06-21--request-target: instead of --strip-path-slashDaniel Stenberg
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH. This option instead provides the full "alternative" target to use in the request, instead of extracting the path from the URL. Test 1298 and 1299 updated accordingly. Idea-by: Evert Pot Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373 Closes #1593
2017-06-19http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASHDaniel Stenberg
... to enable sending "OPTIONS *" which wasn't possible previously. This option currently only works for HTTP. Added test cases 1298 + 1299 to verify Fixes #1280 Closes #1462
2017-06-16curl: prevent binary output spewed to terminalDaniel Stenberg
... unless "--output -" is used. Binary detection is done by simply checking for a binary zero in early data. Added test 1425 1426 to verify. Closes #1512
2017-06-15curl: allow --header and --proxy-header read from fileDaniel Stenberg
So many headers can be provided as @filename. Suggested-by: Timothe Litt Closes #1486
2017-05-09tool: fix remaining -Wcast-qual warningsMarcel Raad
Avoid casting away low-level const.
2017-05-06curl: remove tool_writeenv.[ch]Daniel Stenberg
... and USE_ENVIRONMENT and --environment. It was once added for RISC OS support and its platform specific behavior has been annoying ever since. Added in commit c3c8bbd3b2688da8e, mostly unchanged since then. Most probably not actually used for years. Closes #1463
2017-05-04curl: fix warning "comma at end of enumerator list"Daniel Stenberg
2017-05-02curl: non-boolean command line args reject --no- prefixesDaniel Stenberg
... and instead properly respond with an error message to the user instead of silently ignoring. Fixes #1453 Closes #1458
2017-05-01tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONSJay Satiro
- Include tool_convert.h where needed. Bug: https://github.com/curl/curl/issues/1460 Reported-by: Gisle Vanem
2017-03-13Improve code readbilitySylvestre Ledru
... by removing the else branch after a return, break or continue. Closes #1310
2017-03-12url: add option CURLOPT_SUPPRESS_CONNECT_HEADERSDesmond O. Chang
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing proxy CONNECT response headers from the user callback functions CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION. - Add new tool option --suppress-connect-headers to expose CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT response headers from --dump-header and --include. Assisted-by: Jay Satiro Assisted-by: CarloCannas@users.noreply.github.com Closes https://github.com/curl/curl/pull/783
2017-03-08vtls: add options to specify range of enabled TLS versionsJozef Kralik
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as the --tls-max option of the curl tool. Closes https://github.com/curl/curl/pull/1166
2017-02-14curl: fix typo in time condition warning messageNick Draffen
The warning message had a typo. The argument long form is --time-cond not --timecond Closes #1263
2017-01-13unix_socket: add support for abstract unix domain socketIsaac Boukris
In addition to unix domain sockets, Linux also supports an abstract namespace which is independent of the filesystem. In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH internally, along with a flag to specify abstract socket. On non-supporting platforms, the abstract address will be interpreted as an empty string and fail gracefully. Also add new --abstract-unix-socket tool parameter. Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reported-by: Chungtsun Li (typeless) Reviewed-by: Daniel Stenberg Reviewed-by: Peter Wu Closes #1197 Fixes #1061
2016-12-17tool_getparam.c: make comments use the up-to-date option namesDaniel Stenberg
2016-12-16preproxy: renamed what was added as SOCKS_PROXYDaniel Stenberg
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY Added the corresponding --preroxy command line option. Sets a SOCKS proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16curl: normal socks proxies still use CURLOPT_PROXYDaniel Stenberg
... the newly introduced CURLOPT_SOCKS_PROXY is special and should be asked for specially. (Needs new code.) Unified proxy type to a single variable in the config struct.
2016-12-14checksrc: warn for assignments within if() expressionsDaniel Stenberg
... they're already frowned upon in our source code style guide, this now enforces the rule harder.
2016-12-13checksrc: stricter no-space-before-paren enforcementDaniel Stenberg
In order to make the code style more uniform everywhere
2016-11-28curl: remove --proxy-ssl* optionsDaniel Stenberg
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS proxy. Those protocols are insecure by design and deprecated.
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-14curl: add --fail-earlyDaniel Stenberg
Exit with an error on the first transfer error instead of continuing to do the rest of the URLs. Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-11curl: Add --retry-connrefusedDaniel Hwang
to consider ECONNREFUSED as a transient error. Closes #1064
2016-11-07curl: introduce the --tlsv1.3 option to force TLS 1.3Kamil Dudka
Fully implemented with the NSS backend only for now. Reviewed-by: Ray Satiro
2016-10-31strcase: make the tool use curl_str[n]equal insteadDaniel Stenberg
As they are after all part of the public API. Saves space and reduces complexity. Remove the strcase defines from the curlx_ family. Suggested-by: Dan Fandrich Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
2016-10-31strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg
We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-10-31strcasecompare: is the new name for strequal()Daniel Stenberg
... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
2016-08-17curl: allow "pkcs11:" prefix for client certificatesDavid Woodhouse
RFC7512 provides a standard method to reference certificates in PKCS#11 tokens, by means of a URI starting 'pkcs11:'. We're working on fixing various applications so that whenever they would have been able to use certificates from a file, users can simply insert a PKCS#11 URI instead and expect it to work. This expectation is now a part of the Fedora packaging guidelines, for example. This doesn't work with cURL because of the way that the colon is used to separate the certificate argument from the passphrase. So instead of curl -E 'pkcs11:manufacturer=piv_II;id=%01' … I instead need to invoke cURL with the colon escaped, like this: curl -E 'pkcs11\:manufacturer=piv_II;id=%01' … This is suboptimal because we want *consistency* — the URI should be usable in place of a filename anywhere, without having strange differences for different applications. This patch therefore disables the processing in parse_cert_parameter() when the string starts with 'pkcs11:'. It means you can't pass a passphrase with an unescaped PKCS#11 URI, but there's no need to do so because RFC7512 allows a PIN to be given as a 'pin-value' attribute in the URI itself. Also, if users are already using RFC7512 URIs with the colon escaped as in the above example — even providing a passphrase for cURL to handling instead of using a pin-value attribute, that will continue to work because their string will start 'pkcs11\:' and won't match the check. What *does* break with this patch is the extremely unlikely case that a user has a file which is in the local directory and literally named just "pkcs11", and they have a passphrase on it. If that ever happened, the user would need to refer to it as './pkcs11:<passphrase>' instead.
2016-04-29curl: remove "--socks" as "--socks5" turned 8Daniel Stenberg
In commit 2e42b0a2524 (Jan 2008) we made the option "--socks" deprecated and it has not been documented since. The more explicit socks options (like --socks4 or --socks5) should be used.
2016-04-29curl: remove --http-requestDaniel Stenberg
It was mentioned as deprecated already in commit ae1912cb0d4 from 1999. It has not been documented in this millennium.
2016-04-29curl: use --telnet-option as documentedDaniel Stenberg
The code said "telnet-options" but no documentation ever said so. It worked fine since the code is fine with a unique match of the first part.
2016-04-29getparam: remove support for --ftpportDaniel Stenberg
It has been deprecated and undocumented since commit ad5ead8bed7 (Dec 2003). --ftp-port is the proper long option name.
2016-04-29aliases: remove trailing space from capath stringDaniel Stenberg
2016-04-29cmdline parse: only single letter options have single-letter stringsDaniel Stenberg
... moved around options so that parsing the code to find all single-letter options easier.
2016-04-18tool: add --tcp-fastopen optionAlessandro Ghedini
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-09CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAMESteve Holme
As these two options provide identical functionality, the former for SOCK5 proxies and the latter for HTTP proxies, merged the two options together. As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of 7.49.0.
2016-04-03code: style updatesDaniel Stenberg
2016-03-31http2: support "prior knowledge", no upgrade from HTTP/1.1Diego Bes
Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
2016-02-23TFTP: add option to suppress TFTP option requests (Part 2)Jay Satiro
- Add tests. - Add an example to CURLOPT_TFTP_NO_OPTIONS.3. - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS. Bug: https://github.com/curl/curl/issues/481
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-12-15curl --expect100-timeout: addedDaniel Stenberg
This is the new command line option to set the value for the existing libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
2015-11-09oauth2: Don't use XOAUTH2 in OAuth 2.0 variablesSteve Holme
2015-11-09oauth2: Use OAuth 2.0 rather than XOAUTH2 in commentsSteve Holme
When referring to OAuth 2.0 we should use the official name rather the SASL mechanism name.
2015-08-25curl: point out the conflicting HTTP methods if usedDaniel Stenberg
It isn't always clear to the user which options that cause the HTTP methods to conflict so by spelling them out it should hopefully be easier to understand why curl complains.