aboutsummaryrefslogtreecommitdiff
path: root/src/tool_help.c
AgeCommit message (Collapse)Author
2015-04-22nss: implement public key pinning for NSS backendKamil Dudka
Bug: https://bugzilla.redhat.com/1195771
2015-03-24CURLOPT_PATH_AS_IS: addedDaniel Stenberg
--path-as-is is the command line option Added docs in curl.1 and CURLOPT_PATH_AS_IS.3 Added test in test 1241
2015-03-20curl: add --false-start optionAlessandro Ghedini
2015-01-16help: add --cert-status to --help outputDaniel Stenberg
2014-12-26code/docs: Use Unix rather than UNIX to avoid use of the trademarkSteve Holme
Use Unix when generically writing about Unix based systems as UNIX is the trademark and should only be used in a particular product's name.
2014-12-25tool_help: Use camel case for UNIX sockets feature outputSteve Holme
In line with the other features listed in the --version output, capitalise the UNIX socket feature.
2014-12-04tool: add --unix-socket optionPeter Wu
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04libcurl: add UNIX domain sockets supportPeter Wu
The ability to do HTTP requests over a UNIX domain socket has been requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a discussion happened, no patch seems to get through. I decided to give it a go since I need to test a nginx HTTP server which listens on a UNIX domain socket. One patch [3] seems to make it possible to use the CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket. Another person wrote a Go program which can do HTTP over a UNIX socket for Docker[4] which uses a special URL scheme (though the name contains cURL, it has no relation to the cURL library). This patch considers support for UNIX domain sockets at the same level as HTTP proxies / IPv6, it acts as an intermediate socket provider and not as a separate protocol. Since this feature affects network operations, a new feature flag was added ("unix-sockets") with a corresponding CURL_VERSION_UNIX_SOCKETS macro. A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This option enables UNIX domain sockets support for all requests on the handle (replacing IP sockets and skipping proxies). A new configure option (--enable-unix-sockets) and CMake option (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I deliberately did not mark this feature as advanced, this is a feature/component that should easily be available. [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/ [2]: http://sourceforge.net/p/curl/feature-requests/53/ [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html [4]: https://github.com/Soulou/curl-unix-socket Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-24SSL: Add PEM format support for public key pinningmoparisthebest
2014-11-15tool: Removed krb4 from the supported featuresSteve Holme
Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33, so would not be output with --version, removed krb4 from the supported features output.
2014-11-15tool: Use Kerberos for supported featuresMichael Osipov
2014-11-07curl_tool: Added krb5 to the supported featuresSteve Holme
2014-10-07SSL: implement public key pinningmoparisthebest
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
2014-08-19help output: minor whitespace editsDaniel Stenberg
Should've been amended in the previous commit but wasn't due to a mistake.
2014-08-19help output: use ≥2 spaces between option and descriptionZearin
... and some other cleanups
2014-07-23docs: Improve inline GSS-API naming in code documentationMichael Osipov
2014-07-23curl.h/features: Deprecate GSS-Negotiate macros due to bad namingMichael Osipov
- Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE - CURL_VERSION_GSSNEGOTIATE is deprecated which is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and CURUL_VERSION_SPNEGO now. - Remove display of feature 'GSS-Negotiate'
2014-07-23configure/features: Add feature and version info for GSS-API and SPNEGOMichael Osipov
2014-07-16Remove all traces of FBOpenSSL SPNEGO supportDavid Woodhouse
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which allows client and server to negotiate the underlying mechanism which will actually be used to authenticate. This is *often* Kerberos, and can also be NTLM and other things. And to complicate matters, there are various different OIDs which can be used to specify the Kerberos mechanism too. A SPNEGO exchange will identify *which* GSSAPI mechanism is being used, and will exchange GSSAPI tokens which are appropriate for that mechanism. But this SPNEGO implementation just strips the incoming SPNEGO packet and extracts the token, if any. And completely discards the information about *which* mechanism is being used. Then we *assume* it was Kerberos, and feed the token into gss_init_sec_context() with the default mechanism (GSS_S_NO_OID for the mech_type argument). Furthermore... broken as this code is, it was never even *used* for input tokens anyway, because higher layers of curl would just bail out if the server actually said anything *back* to us in the negotiation. We assume that we send a single token to the server, and it accepts it. If the server wants to continue the exchange (as is required for NTLM and for SPNEGO to do anything useful), then curl was broken anyway. So the only bit which actually did anything was the bit in Curl_output_negotiate(), which always generates an *initial* SPNEGO token saying "Hey, I support only the Kerberos mechanism and this is its token". You could have done that by manually just prefixing the Kerberos token with the appropriate bytes, if you weren't going to do any proper SPNEGO handling. There's no need for the FBOpenSSL library at all. The sane way to do SPNEGO is just to *ask* the GSSAPI library to do SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context() is for. And then it should all Just Work™. That 'sane way' will be added in a subsequent patch, as will bug fixes for our failure to handle any exchange other than a single outbound token to the server which results in immediate success.
2014-05-07tool_help: Fixed missing --login-options optionSteve Holme
...and removed ;OPTIONS from --user as that functionality was removed in 7.34.0.
2014-02-26tool_getparam: Added initial support for --next/-:Steve Holme
Added initial support for --next/-: which will be used to replace the rather confusing : command line operation what was used for the URL specific options prototype.
2014-02-25tool_help: Moved --no-alpn and --no-npn to be listed alphabeticallySteve Holme
...and added the HTTP suffix as these options are only used for HTTP2 based connections.
2014-02-22tool_getparam: Moved version information into separate function in tool_helpSteve Holme
2014-02-22tool_operhlp: Consolidated engine output code into tool_helpSteve Holme
2014-02-22tool_operate: Moved list engines into separate function in tool_helpSteve Holme
2014-02-10NPN/ALPN: allow disabling via command lineFabian Frank
when using --http2 one can now selectively disable NPN or ALPN with --no-alpn and --no-npn. for now honored with NSS only. TODO: honor this option with GnuTLS and OpenSSL
2014-02-07--help: add missing --tlsv1.x optionsDaniel Stenberg
2014-01-30http2: call it "HTTP 2" and not 2.0Daniel Stenberg
The minor version will be dropped for HTTP 2 so it will make sense to avoid using it in option names etc.
2013-11-03tool_help: Updated --list-only description to include POP3Steve Holme
2013-10-26tool_help: Added login options to --user descriptionSteve Holme
2013-10-26tool_help: Added clarity to the --oauth2-bearer optionSteve Holme
...as XOAUTH2 is the extended (or non-standard) SASL identifier and OAuth 2 is the protocol name (and version).
2013-10-13curl: fix --oauth2-bearer in the --help outputDaniel Stenberg
After the option rename in 5df04bfafd1
2013-09-20pop3: Added basic SASL XOAUTH2 supportSteve Holme
Added the ability to use an XOAUTH2 bearer token [RFC6750] with POP3 for authentication using RFC6749 "OAuth 2.0 Authorization Framework". The bearer token is expected to be valid for the user specified in conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has an advertised auth mechanism of "XOAUTH2", the user and access token are formatted as a base64 encoded string and sent to the server as "AUTH XOAUTH2 <bearer token>".
2013-09-20curl: Added clarification to the --mail options in the --help outputSteve Holme
... that these options apply to SMTP only.
2013-09-12curl: Add support for various DNS binding options.Ben Greear
(Passed on to c-ares.) Allows something like this: curl --dns-interface sta8 --dns-ipv4-addr 8.8.1.111 --interface sta8 \ --localaddr 8.8.1.111 --dns-servers 8.8.8.1 www.google.com Signed-off-by: Ben Greear <greearb@candelatech.com>
2013-09-04curl: add --http1.1 and --http2.0 optionsDaniel Stenberg
2013-08-26curl: added --bearer option to helpKyle L. Huff
Added the --bearer option to the help output
2013-08-14--help: fix the --sasl-ir in the help outputDaniel Stenberg
2013-04-27sasl-ir: Added --sasl-ir option to curl command line toolSteve Holme
2013-04-04--engine: spellfix the help messageDaniel Stenberg
Reported by: Fredrik Thulin
2013-01-06Revert changes relative to lib/*.[ch] recent renamingYang Tse
This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2012-12-28build: make use of 76 lib/*.h renamed filesYang Tse
76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
2012-06-21curl: Made --metalink option toggle Metalink functionalityTatsuhiro Tsujikawa
In this change, --metalink option no longer takes argument. If it is specified, given URIs are processed as Metalink XML file. If given URIs are remote (e.g., http URI), curl downloads it first. Regardless URI is local file (e.g., file URI scheme) or remote, Metalink XML file is not written to local file system and the received data is fed into Metalink XML parser directly. This means with --metalink option, filename related options like -O and -o are ignored. Usage examples: $ curl --metalink http://example.org/foo.metalink This will download foo.metalink and parse it and then download the URI described there. $ curl --metalink file://foo.metalink This will parse local file foo.metalink and then download the URI described there.
2012-05-26Add --metalink to --helpant
2012-04-06curl tool: use configuration files from lib directoryYang Tse
Configuration files such as curl_config.h and all config-*.h no longer exist nor are generated/copied into 'src' directory, now these only exist in 'lib' directory from where curl tool sources uses them. Additionally old src/setup.h has been refactored into src/tool_setup.h which now pulls lib/setup.h The possibility of a makefile needing an include path adjustment exists.
2012-04-05curl: add --post303 to set the CURL_REDIR_POST_303 optionDaniel Stenberg
2012-02-16curl: Added support for --mail-authSteve Holme
Added an extra command-line argument to support the optional AUTH parameter in SMTPs MAIL FROM command.
2012-02-13configure: add option disable --libcurl outputColin Hogben
2012-02-09nss: add support for the CURLSSLOPT_ALLOW_BEAST optionKamil Dudka
... and fix some typos from the 62d15f1 commit.
2012-02-09--ssl-allow-beast addedDaniel Stenberg
This new option tells curl to not work around a security flaw in the SSL3 and TLS1.0 protocols. It uses the new libcurl option CURLOPT_SSL_OPTIONS with the CURLSSLOPT_ALLOW_BEAST bit set.