aboutsummaryrefslogtreecommitdiff
path: root/src/tool_operate.c
AgeCommit message (Collapse)Author
2017-08-22curl: shorten and clean up CA cert verification error messageDaniel Stenberg
The previous message was just too long for ordinary people and it was encouraging users to use `--insecure` a little too easy. Based-on-work-by: Frank Denis Closes #1810 Closes #1817
2017-08-17CURL_SIZEOF_LONG: removed, use only SIZEOF_LONGDaniel Stenberg
2017-08-17ssh: add the ability to enable compression (for SCP/SFTP)Viktor Szakats
The required low-level logic was already available as part of `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] option.) This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` (boolean) and the new `curl` command-line option `--compressed-ssh` to request this `libssh2` feature. To have compression enabled, it is required that the SSH server supports a (zlib) compatible compression method and that `libssh2` was built with `zlib` support enabled. [1] https://www.libssh2.org/libssh2_session_flag.html Ref: https://github.com/curl/curl/issues/1732 Closes https://github.com/curl/curl/pull/1735
2017-06-28curl --socks5-{basic,gssapi}: control socks5 authKamil Dudka
Closes https://github.com/curl/curl/pull/1454
2017-06-21--request-target: instead of --strip-path-slashDaniel Stenberg
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH. This option instead provides the full "alternative" target to use in the request, instead of extracting the path from the URL. Test 1298 and 1299 updated accordingly. Idea-by: Evert Pot Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373 Closes #1593
2017-06-19http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASHDaniel Stenberg
... to enable sending "OPTIONS *" which wasn't possible previously. This option currently only works for HTTP. Added test cases 1298 + 1299 to verify Fixes #1280 Closes #1462
2017-06-16curl: prevent binary output spewed to terminalDaniel Stenberg
... unless "--output -" is used. Binary detection is done by simply checking for a binary zero in early data. Added test 1425 1426 to verify. Closes #1512
2017-05-06curl: remove tool_writeenv.[ch]Daniel Stenberg
... and USE_ENVIRONMENT and --environment. It was once added for RISC OS support and its platform specific behavior has been annoying ever since. Added in commit c3c8bbd3b2688da8e, mostly unchanged since then. Most probably not actually used for years. Closes #1463
2017-04-27tool_operate: use utimes instead of obsolescent utime when availableDan Fandrich
2017-04-25curl: set a 100K buffer size by defaultDaniel Stenberg
Test command 'time curl http://localhost/80GB -so /dev/null' on a Debian Linux. Before (middle performing run out 9): real 0m28.078s user 0m11.240s sys 0m12.876s After (middle performing run out 9) real 0m26.356s (93.9%) user 0m5.324s (47.4%) sys 0m8.368s (65.0%) Also, doing SFTP over a 200 millsecond latency link is now about 6 times faster. Closes #1446
2017-04-05tool_operate: fix MinGW compiler warningMarcel Raad
MinGW complains: tool_operate.c:197:15: error: comparison is always true due to limited range of data type [-Werror=type-limits] Fix this by only doing the comparison if 'long' is large enough to hold the constant it is compared with. Closes https://github.com/curl/curl/pull/1378
2017-04-05tool_operate: move filetime code to its own functionMarcel Raad
Ref: https://github.com/curl/curl/pull/1378
2017-03-16tool_operate: Fix showing HTTPS-Proxy options on CURLE_SSL_CACERTJay Satiro
- Show the HTTPS-proxy options on CURLE_SSL_CACERT if libcurl was built with HTTPS-proxy support. Prior to this change those options were shown only if an HTTPS-proxy was specified by --proxy, but that did not take into account environment variables such as http_proxy, https_proxy, etc. Follow-up to e1187c4. Bug: https://github.com/curl/curl/issues/1331 Reported-by: Nehal J Wani
2017-03-12url: add option CURLOPT_SUPPRESS_CONNECT_HEADERSDesmond O. Chang
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing proxy CONNECT response headers from the user callback functions CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION. - Add new tool option --suppress-connect-headers to expose CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT response headers from --dump-header and --include. Assisted-by: Jay Satiro Assisted-by: CarloCannas@users.noreply.github.com Closes https://github.com/curl/curl/pull/783
2017-03-08vtls: add options to specify range of enabled TLS versionsJozef Kralik
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as the --tls-max option of the curl tool. Closes https://github.com/curl/curl/pull/1166
2017-02-21url: Improve CURLOPT_PROXY_CAPATH error handlingJay Satiro
- Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option is not supported, which is the same as what we already do for CURLOPT_CAPATH. - Change the curl tool to handle CURLOPT_PROXY_CAPATH error CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the same as what we already do for CURLOPT_CAPATH. - Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the respective CAPATH option is not supported by the SSL library. Ref: https://github.com/curl/curl/pull/1257
2017-02-19string formatting: fix 4 printf-style format stringsMichael Kaufmann
2017-02-11tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERTJay Satiro
When CURLE_SSL_CACERT occurs the tool shows a lengthy error message to the user explaining possible solutions such as --cacert and --insecure. This change appends to that message similar options --proxy-cacert and --proxy-insecure when there's a specified HTTPS proxy. Closes https://github.com/curl/curl/issues/1258
2017-01-13unix_socket: add support for abstract unix domain socketIsaac Boukris
In addition to unix domain sockets, Linux also supports an abstract namespace which is independent of the filesystem. In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH internally, along with a flag to specify abstract socket. On non-supporting platforms, the abstract address will be interpreted as an empty string and fail gracefully. Also add new --abstract-unix-socket tool parameter. Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reported-by: Chungtsun Li (typeless) Reviewed-by: Daniel Stenberg Reviewed-by: Peter Wu Closes #1197 Fixes #1061
2017-01-13curl: reset the easy handle at --nextIsaac Boukris
So that only "global" options (verbose mostly) survive into the next transfer, and the others have to be set again unless default is fine.
2016-12-28tool_operate: Fix --remote-time incorrect times on WindowsJay Satiro
- Use Windows API SetFileTime to set the file time instead of utime. Avoid utime on Windows if possible because it may apply a daylight saving time offset to our UTC file time. Bug: https://curl.haxx.se/mail/archive-2016-11/0033.html Reported-by: Tim Closes https://github.com/curl/curl/pull/1121
2016-12-27curl: remove superfluous include fileDaniel Stenberg
The <netinet/tcp.h> is a leftover from the past when TCP socket options were set in this file. This include causes build issues on AIX 4.3. Reported-by: Kim Minjoong Closes #1178
2016-12-16preproxy: renamed what was added as SOCKS_PROXYDaniel Stenberg
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY Added the corresponding --preroxy command line option. Sets a SOCKS proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16curl: normal socks proxies still use CURLOPT_PROXYDaniel Stenberg
... the newly introduced CURLOPT_SOCKS_PROXY is special and should be asked for specially. (Needs new code.) Unified proxy type to a single variable in the config struct.
2016-12-16CURLOPT_SOCKS_PROXYTYPE: removedDaniel Stenberg
This was added as part of the SOCKS+HTTPS proxy merge but there's no need to support this as we prefer to have the protocol specified as a prefix instead.
2016-12-13checksrc: stricter no-space-before-paren enforcementDaniel Stenberg
In order to make the code style more uniform everywhere
2016-11-24checksrc: code style: use 'char *name' styleDaniel Stenberg
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-14curl: add --fail-earlyDaniel Stenberg
Exit with an error on the first transfer error instead of continuing to do the rest of the URLs. Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-11curl: Add --retry-connrefusedDaniel Hwang
to consider ECONNREFUSED as a transient error. Closes #1064
2016-10-31strcase: make the tool use curl_str[n]equal insteadDaniel Stenberg
As they are after all part of the public API. Saves space and reduces complexity. Remove the strcase defines from the curlx_ family. Suggested-by: Dan Fandrich Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
2016-10-31strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg
We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-10-31strcasecompare: is the new name for strequal()Daniel Stenberg
... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
2016-10-18curl: set INTERLEAVEDATA tooDaniel Stenberg
As otherwise the callback could be called with a NULL pointer when RTSP data is provided.
2016-10-16curl: do not set CURLOPT_SSLENGINEDEFAULT automaticallyDavid Woodhouse
There were bugs in the PKCS#11 engine, and fixing them triggers bugs in OpenSSL. Just don't get involved; there's no need to be making the engine methods the default anyway. https://github.com/OpenSC/libp11/pull/108 https://github.com/openssl/openssl/pull/1639 Merges #1042
2016-08-05CURLOPT_TCP_NODELAY: now enabled by defaultDaniel Stenberg
After a few wasted hours hunting down the reason for slowness during a TLS handshake that turned out to be because of TCP_NODELAY not being set, I think we have enough motivation to toggle the default for this option. We now enable TCP_NODELAY by default and allow applications to switch it off. This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be used to disable it. Thanks-to: Tim Rühsen Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
2016-05-31curl: fix -q [regression]Daniel Stenberg
This broke in 7.49.0 with commit e200034425a7625 Fixes #842
2016-05-01tool_cb_hdr: Fix --remote-header-name with schemeless URLJay Satiro
- Move the existing scheme check from tool_operate. In the case of --remote-header-name we want to parse Content-disposition for a filename, but only if the scheme is http or https. A recent adjustment 0dc4d8e was made to account for schemeless URLs however it's not 100% accurate. To remedy that I've moved the scheme check to the header callback, since at that point the library has already determined the scheme. Bug: https://github.com/curl/curl/issues/760 Reported-by: Kai Noda
2016-04-29curl -J: make it work even without http:// scheme on URLJay Satiro
It does open up a miniscule risk that one of the other protocols that libcurl could use would send back a Content-Disposition header and then curl would act on it even if not HTTP. A future mitigation for this risk would be to allow the callback to ask libcurl which protocol is being used. Verified with test 1312 Closes #760
2016-04-29curl: make --disable work as long form of -qDaniel Stenberg
To make the aliases list reflect reality.
2016-04-22curl: make --ftp-create-dirs retry on failureDaniel Stenberg
The underlying libcurl option used for this feature is CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir creation, but it was never set to do that by the command line tool. Now it does. Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html Reported-by: John Wanghui Help-by: Leif W
2016-04-19tool_operate: switch to inline checksrc ignoreDaniel Stenberg
2016-04-18tool: add --tcp-fastopen optionAlessandro Ghedini
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-09CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAMESteve Holme
As these two options provide identical functionality, the former for SOCK5 proxies and the latter for HTTP proxies, merged the two options together. As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of 7.49.0.
2016-04-03code: style updatesDaniel Stenberg
2016-03-28tool_operate: remove mixed declarationJay Satiro
This is a follow up to the previous commit.
2016-03-28curl: warn for --capath use if not supported by libcurlDaniel Stenberg
Closes #492
2016-02-23TFTP: add option to suppress TFTP option requests (Part 2)Jay Satiro
- Add tests. - Add an example to CURLOPT_TFTP_NO_OPTIONS.3. - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS. Bug: https://github.com/curl/curl/issues/481
2016-02-05tool_doswin: Improve sanitization processingJay Satiro
- Add unit test 1604 to test the sanitize_file_name function. - Use -DCURL_STATICLIB when building libcurltool for unit testing. - Better detection of reserved DOS device names. - New flags to modify sanitize behavior: SANITIZE_ALLOW_COLONS: Allow colons SANITIZE_ALLOW_PATH: Allow path separators and colons SANITIZE_ALLOW_RESERVED: Allow reserved device names SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - Restore sanitization of banned characters from user-specified outfile. Prior to this commit sanitization of a user-specified outfile was temporarily disabled in 2b6dadc because there was no way to allow path separators and colons through while replacing other banned characters. Now in such a case we call the sanitize function with SANITIZE_ALLOW_PATH which allows path separators and colons to pass through. Closes https://github.com/curl/curl/issues/624 Reported-by: Octavio Schroeder