aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-10-31curl_strequal: part of public API/ABI, needs to be keptDaniel Stenberg
These two public functions have been mentioned as deprecated since a very long time but since they are still part of the API and ABI we need to keep them around.
2016-10-31strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg
We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-10-31strcasecompare: is the new name for strequal()Daniel Stenberg
... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
2016-10-31range: reject char globs with missing end like '[L-]'Daniel Stenberg
... which previously would lead to out of boundary reads. Reported-by: Luật Nguyễn
2016-10-31glob_next_url: make sure to stay within the given output bufferDaniel Stenberg
2016-10-31range: prevent negative end number in a glob rangeDaniel Stenberg
CVE-2016-8620 Bug: https://curl.haxx.se/docs/adv_20161102F.html Reported-by: Luật Nguyễn
2016-10-18s/cURL/curlDaniel Stenberg
The tool was never called cURL, only the project. But even so, we have more and more over time switched to just use lower case.
2016-10-18curl: set INTERLEAVEDATA tooDaniel Stenberg
As otherwise the callback could be called with a NULL pointer when RTSP data is provided.
2016-10-16curl: do not set CURLOPT_SSLENGINEDEFAULT automaticallyDavid Woodhouse
There were bugs in the PKCS#11 engine, and fixing them triggers bugs in OpenSSL. Just don't get involved; there's no need to be making the engine methods the default anyway. https://github.com/OpenSC/libp11/pull/108 https://github.com/openssl/openssl/pull/1639 Merges #1042
2016-09-14curl: make --create-dirs on windows grok both forward and backward slashesDaniel Stenberg
Reported-by: Ryan Scott Fixes #1007
2016-09-07curl: whitelist use of strtok() in non-threaded contextDaniel Stenberg
2016-09-03tool_helpers.c: fix comment typo (#989)Mark Hamilton
2016-08-17curl: allow "pkcs11:" prefix for client certificatesDavid Woodhouse
RFC7512 provides a standard method to reference certificates in PKCS#11 tokens, by means of a URI starting 'pkcs11:'. We're working on fixing various applications so that whenever they would have been able to use certificates from a file, users can simply insert a PKCS#11 URI instead and expect it to work. This expectation is now a part of the Fedora packaging guidelines, for example. This doesn't work with cURL because of the way that the colon is used to separate the certificate argument from the passphrase. So instead of curl -E 'pkcs11:manufacturer=piv_II;id=%01' … I instead need to invoke cURL with the colon escaped, like this: curl -E 'pkcs11\:manufacturer=piv_II;id=%01' … This is suboptimal because we want *consistency* — the URI should be usable in place of a filename anywhere, without having strange differences for different applications. This patch therefore disables the processing in parse_cert_parameter() when the string starts with 'pkcs11:'. It means you can't pass a passphrase with an unescaped PKCS#11 URI, but there's no need to do so because RFC7512 allows a PIN to be given as a 'pin-value' attribute in the URI itself. Also, if users are already using RFC7512 URIs with the colon escaped as in the above example — even providing a passphrase for cURL to handling instead of using a pin-value attribute, that will continue to work because their string will start 'pkcs11\:' and won't match the check. What *does* break with this patch is the extremely unlikely case that a user has a file which is in the local directory and literally named just "pkcs11", and they have a passphrase on it. If that ever happened, the user would need to refer to it as './pkcs11:<passphrase>' instead.
2016-08-05CURLOPT_TCP_NODELAY: now enabled by defaultDaniel Stenberg
After a few wasted hours hunting down the reason for slowness during a TLS handshake that turned out to be because of TCP_NODELAY not being set, I think we have enough motivation to toggle the default for this option. We now enable TCP_NODELAY by default and allow applications to switch it off. This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be used to disable it. Thanks-to: Tim Rühsen Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
2016-06-03tool_urlglob: fix off-by-one error in glob_parse()Kamil Dudka
... causing SIGSEGV while parsing URL with too many globs. Minimal example: $ curl $(for i in $(seq 101); do printf '{a}'; done) Reported-by: Romain Coltel Bug: https://bugzilla.redhat.com/1340757
2016-06-01makefile.m32: add crypt32 for winssl buildsViktor Szakats
Dependency added by 6cabd78 Closes #849
2016-05-31curl: fix -q [regression]Daniel Stenberg
This broke in 7.49.0 with commit e200034425a7625 Fixes #842
2016-05-30http: add CURLINFO_HTTP_VERSION and %{http_version}Frank Gevaerts
Adds access to the effectively used http version to both libcurl and curl. Closes #799
2016-05-01tool_cb_hdr: Fix --remote-header-name with schemeless URLJay Satiro
- Move the existing scheme check from tool_operate. In the case of --remote-header-name we want to parse Content-disposition for a filename, but only if the scheme is http or https. A recent adjustment 0dc4d8e was made to account for schemeless URLs however it's not 100% accurate. To remedy that I've moved the scheme check to the header callback, since at that point the library has already determined the scheme. Bug: https://github.com/curl/curl/issues/760 Reported-by: Kai Noda
2016-04-29curl -J: make it work even without http:// scheme on URLJay Satiro
It does open up a miniscule risk that one of the other protocols that libcurl could use would send back a Content-Disposition header and then curl would act on it even if not HTTP. A future mitigation for this risk would be to allow the callback to ask libcurl which protocol is being used. Verified with test 1312 Closes #760
2016-04-29curl: show the long option version of -q in the -h listDaniel Stenberg
2016-04-29curl: remove "--socks" as "--socks5" turned 8Daniel Stenberg
In commit 2e42b0a2524 (Jan 2008) we made the option "--socks" deprecated and it has not been documented since. The more explicit socks options (like --socks4 or --socks5) should be used.
2016-04-29curl: remove --http-requestDaniel Stenberg
It was mentioned as deprecated already in commit ae1912cb0d4 from 1999. It has not been documented in this millennium.
2016-04-29curl: mention --ntlm-wb in -h listDaniel Stenberg
2016-04-29curl: -h output lacked --proxy-headerDaniel Stenberg
2016-04-29curl: use --telnet-option as documentedDaniel Stenberg
The code said "telnet-options" but no documentation ever said so. It worked fine since the code is fine with a unique match of the first part.
2016-04-29getparam: remove support for --ftpportDaniel Stenberg
It has been deprecated and undocumented since commit ad5ead8bed7 (Dec 2003). --ftp-port is the proper long option name.
2016-04-29curl: make --disable work as long form of -qDaniel Stenberg
To make the aliases list reflect reality.
2016-04-29aliases: remove trailing space from capath stringDaniel Stenberg
2016-04-29cmdline parse: only single letter options have single-letter stringsDaniel Stenberg
... moved around options so that parsing the code to find all single-letter options easier.
2016-04-22curl: make --ftp-create-dirs retry on failureDaniel Stenberg
The underlying libcurl option used for this feature is CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir creation, but it was never set to do that by the command line tool. Now it does. Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html Reported-by: John Wanghui Help-by: Leif W
2016-04-19src/checksrc.whitelist: removedDaniel Stenberg
2016-04-19tool_operate: switch to inline checksrc ignoreDaniel Stenberg
2016-04-18tool: add --tcp-fastopen optionAlessandro Ghedini
2016-04-18checksrc: pass on -D so the whitelists are found correctlyDaniel Stenberg
2016-04-18checksrc/makefile.am: use $top_srcdir to find source filesDaniel Stenberg
... to properly support out of source tree builds.
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-17makefile.vc6: use d suffix on debug objectDaniel Stenberg
To allow both release and debug builds in parallel. Reported-by: Rod Widdowson Fixes #769
2016-04-09CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAMESteve Holme
As these two options provide identical functionality, the former for SOCK5 proxies and the latter for HTTP proxies, merged the two options together. As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of 7.49.0.
2016-04-09url: Corrected comments following 9d89a0387Steve Holme
2016-04-08checksrc: Fix issue with the autobuilds not picking up the whitelistSteve Holme
2016-04-03lib/src: fix the checksrc invokeDaniel Stenberg
... now works correctly when invoke from the root makefile
2016-04-03code: style updatesDaniel Stenberg
2016-03-31http2: support "prior knowledge", no upgrade from HTTP/1.1Diego Bes
Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
2016-03-28tool_operate: remove mixed declarationJay Satiro
This is a follow up to the previous commit.
2016-03-28curl: warn for --capath use if not supported by libcurlDaniel Stenberg
Closes #492
2016-03-14curl: glob_range: no need to check unsigned variable for negativeDaniel Stenberg
cppcheck warned: [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n' is less than zero.
2016-03-05makefile.m32: add missing libs for static -winssl-ssh2 buildsViktor Szakats
Bug: https://github.com/curl/curl/pull/693
2016-03-05makefile.m32: fix to allow -ssh2-winssl combinationViktor Szakats
In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl (OpenSSL) option, with no way to override it with -winssl. Since both libssh2 and curl support using Windows's built-in SSL backend, modify the logic to allow that combination.
2016-03-01makefile.m32: allow to pass .dll/.exe-specific LDFLAGSViktor Szakats
using envvars `CURL_LDFLAG_EXTRAS_DLL` and `CURL_LDFLAG_EXTRAS_EXE` respectively. This is useful f.e. to pass ASLR-related extra options, that are required to make this feature work when using the mingw toolchain. Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985 Closes https://github.com/curl/curl/pull/689