aboutsummaryrefslogtreecommitdiff
path: root/src/tool_operate.c
AgeCommit message (Collapse)Author
2016-12-16preproxy: renamed what was added as SOCKS_PROXYDaniel Stenberg
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY Added the corresponding --preroxy command line option. Sets a SOCKS proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16curl: normal socks proxies still use CURLOPT_PROXYDaniel Stenberg
... the newly introduced CURLOPT_SOCKS_PROXY is special and should be asked for specially. (Needs new code.) Unified proxy type to a single variable in the config struct.
2016-12-16CURLOPT_SOCKS_PROXYTYPE: removedDaniel Stenberg
This was added as part of the SOCKS+HTTPS proxy merge but there's no need to support this as we prefer to have the protocol specified as a prefix instead.
2016-12-13checksrc: stricter no-space-before-paren enforcementDaniel Stenberg
In order to make the code style more uniform everywhere
2016-11-24checksrc: code style: use 'char *name' styleDaniel Stenberg
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-14curl: add --fail-earlyDaniel Stenberg
Exit with an error on the first transfer error instead of continuing to do the rest of the URLs. Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-11curl: Add --retry-connrefusedDaniel Hwang
to consider ECONNREFUSED as a transient error. Closes #1064
2016-10-31strcase: make the tool use curl_str[n]equal insteadDaniel Stenberg
As they are after all part of the public API. Saves space and reduces complexity. Remove the strcase defines from the curlx_ family. Suggested-by: Dan Fandrich Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
2016-10-31strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg
We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-10-31strcasecompare: is the new name for strequal()Daniel Stenberg
... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
2016-10-18curl: set INTERLEAVEDATA tooDaniel Stenberg
As otherwise the callback could be called with a NULL pointer when RTSP data is provided.
2016-10-16curl: do not set CURLOPT_SSLENGINEDEFAULT automaticallyDavid Woodhouse
There were bugs in the PKCS#11 engine, and fixing them triggers bugs in OpenSSL. Just don't get involved; there's no need to be making the engine methods the default anyway. https://github.com/OpenSC/libp11/pull/108 https://github.com/openssl/openssl/pull/1639 Merges #1042
2016-08-05CURLOPT_TCP_NODELAY: now enabled by defaultDaniel Stenberg
After a few wasted hours hunting down the reason for slowness during a TLS handshake that turned out to be because of TCP_NODELAY not being set, I think we have enough motivation to toggle the default for this option. We now enable TCP_NODELAY by default and allow applications to switch it off. This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be used to disable it. Thanks-to: Tim Rühsen Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
2016-05-31curl: fix -q [regression]Daniel Stenberg
This broke in 7.49.0 with commit e200034425a7625 Fixes #842
2016-05-01tool_cb_hdr: Fix --remote-header-name with schemeless URLJay Satiro
- Move the existing scheme check from tool_operate. In the case of --remote-header-name we want to parse Content-disposition for a filename, but only if the scheme is http or https. A recent adjustment 0dc4d8e was made to account for schemeless URLs however it's not 100% accurate. To remedy that I've moved the scheme check to the header callback, since at that point the library has already determined the scheme. Bug: https://github.com/curl/curl/issues/760 Reported-by: Kai Noda
2016-04-29curl -J: make it work even without http:// scheme on URLJay Satiro
It does open up a miniscule risk that one of the other protocols that libcurl could use would send back a Content-Disposition header and then curl would act on it even if not HTTP. A future mitigation for this risk would be to allow the callback to ask libcurl which protocol is being used. Verified with test 1312 Closes #760
2016-04-29curl: make --disable work as long form of -qDaniel Stenberg
To make the aliases list reflect reality.
2016-04-22curl: make --ftp-create-dirs retry on failureDaniel Stenberg
The underlying libcurl option used for this feature is CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir creation, but it was never set to do that by the command line tool. Now it does. Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html Reported-by: John Wanghui Help-by: Leif W
2016-04-19tool_operate: switch to inline checksrc ignoreDaniel Stenberg
2016-04-18tool: add --tcp-fastopen optionAlessandro Ghedini
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-09CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAMESteve Holme
As these two options provide identical functionality, the former for SOCK5 proxies and the latter for HTTP proxies, merged the two options together. As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of 7.49.0.
2016-04-03code: style updatesDaniel Stenberg
2016-03-28tool_operate: remove mixed declarationJay Satiro
This is a follow up to the previous commit.
2016-03-28curl: warn for --capath use if not supported by libcurlDaniel Stenberg
Closes #492
2016-02-23TFTP: add option to suppress TFTP option requests (Part 2)Jay Satiro
- Add tests. - Add an example to CURLOPT_TFTP_NO_OPTIONS.3. - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS. Bug: https://github.com/curl/curl/issues/481
2016-02-05tool_doswin: Improve sanitization processingJay Satiro
- Add unit test 1604 to test the sanitize_file_name function. - Use -DCURL_STATICLIB when building libcurltool for unit testing. - Better detection of reserved DOS device names. - New flags to modify sanitize behavior: SANITIZE_ALLOW_COLONS: Allow colons SANITIZE_ALLOW_PATH: Allow path separators and colons SANITIZE_ALLOW_RESERVED: Allow reserved device names SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - Restore sanitization of banned characters from user-specified outfile. Prior to this commit sanitization of a user-specified outfile was temporarily disabled in 2b6dadc because there was no way to allow path separators and colons through while replacing other banned characters. Now in such a case we call the sanitize function with SANITIZE_ALLOW_PATH which allows path separators and colons to pass through. Closes https://github.com/curl/curl/issues/624 Reported-by: Octavio Schroeder
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2016-02-01tool_operate: Don't sanitize --output path (Windows)Jay Satiro
Due to path separators being incorrectly sanitized in --output pathnames, eg -o c:\foo => c__foo This is a partial revert of 3017d8a until I write a proper fix. The remote-name will continue to be sanitized, but if the user specified an --output with string replacement (#1, #2, etc) that data is unsanitized until I finish a fix. Bug: https://github.com/bagder/curl/issues/624 Reported-by: Octavio Schroeder
2016-01-26curl: avoid local drive traversal when saving file (Windows)Ray Satiro
curl does not sanitize colons in a remote file name that is used as the local file name. This may lead to a vulnerability on systems where the colon is a special path character. Currently Windows/DOS is the only OS where this vulnerability applies. CVE-2016-0754 Bug: http://curl.haxx.se/docs/adv_20160127B.html
2015-12-15curl --expect100-timeout: addedDaniel Stenberg
This is the new command line option to set the value for the existing libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
2015-12-13curl: use 2TLS by defaultDaniel Stenberg
Make this the default for the curl tool (if built with HTTP/2 powers enabled) unless a specific HTTP version is requested on the command line. This should allow more users to get HTTP/2 powers without having to change anything.
2015-12-03curl: remove keepalive #ifdef checks done on libcurl's behalfDaniel Stenberg
They didn't match the ifdef logic used within libcurl anyway so they could indeed warn for the wrong case - plus the tool cannot know how the lib actually performs at that level.
2015-11-24Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-13curl: mark two more options strings for --libcurl outputDaniel Stenberg
2015-11-13cleanup: general removal of TODO (and similar) commentsDaniel Stenberg
They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
2015-11-09oauth2: Don't use XOAUTH2 in OAuth 2.0 variablesSteve Holme
2015-09-21tool_operate: Don't call easysrc cleanup unless --libcurlJay Satiro
- Review of 4d95491. The author changed it so easysrc only initializes when --libcurl but did not do the same for the call to easysrc cleanup. Ref: https://github.com/bagder/curl/issues/429
2015-09-20tool: generate easysrc only on --libcurlDaniel Lee Hwang
Code should only be generated when --libcurl is used. Bug: https://github.com/bagder/curl/issues/429 Reported-by: @greafhe, Jay Satiro Closes #429 Closes #442
2015-09-11curl: point out unnecessary uses of -X in verbose modeDaniel Stenberg
It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take down the tone a bit. It adds a warning for using -XHEAD on other methods becasue that may lead to a hanging connection.
2015-08-25curl: point out the conflicting HTTP methods if usedDaniel Stenberg
It isn't always clear to the user which options that cause the HTTP methods to conflict so by spelling them out it should hopefully be easier to understand why curl complains.
2015-08-22CURLOPT_DEFAULT_PROTOCOL: addedNathaniel Waisbrot
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default protocol for schemeless URLs. - Add new tool option --proto-default to expose CURLOPT_DEFAULT_PROTOCOL. In the case of schemeless URLs libcurl will behave in this way: When the option is used libcurl will use the supplied default. When the option is not used, libcurl will follow its usual plan of guessing from the hostname and falling back to 'http'.
2015-07-26comment: fix comment about adding new option supportDaniel Stenberg
2015-07-25tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPSJay Satiro
- Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option. Broken by me several days ago in 172b2be. https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html Reported-by: Dan Fandrich
2015-07-17SSL: Add an option to disable certificate revocation checksJay Satiro
New tool option --ssl-no-revoke. New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS. Currently this option applies only to WinSSL where we have automatic certificate revocation checking by default. According to the ssl-compared chart there are other backends that have automatic checking (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at some later point. Bug: https://github.com/bagder/curl/issues/264 Reported-by: zenden2k <zenden2k@gmail.com>
2015-06-18tool: always provide negotiate/kerberos optionsDaniel Stenberg
libcurl can still be built with it, even if the tool is not. Maintain independence!
2015-06-02checksrc: detect fopen() for text without the FOPEN_* macrosDaniel Stenberg
Follow-up to e8423f9ce150 with discussionis in https://github.com/bagder/curl/pull/258 This check scans for fopen() with a mode string without 'b' present, as it may indicate that an FOPEN_* define should rather be used.
2015-05-22curl: fix potential NULL dereferenceDaniel Stenberg
Coverity CID 1299428: Dereference after null check (FORWARD_NULL)
2015-04-28Negotiate: custom service names for SPNEGO.Linus Nielsen
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. * Add new curl options, --proxy-service-name and --service-name.