aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2017-02-11tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERTJay Satiro
When CURLE_SSL_CACERT occurs the tool shows a lengthy error message to the user explaining possible solutions such as --cacert and --insecure. This change appends to that message similar options --proxy-cacert and --proxy-insecure when there's a specified HTTPS proxy. Closes https://github.com/curl/curl/issues/1258
2017-02-06cmdline-opts: Fixed build and test in out of source tree buildsDan Fandrich
2017-02-01OS400: Fix symbolsJay Satiro
- s/CURLOPT_SOCKS_PROXY/CURLOPT_PRE_PROXY Follow-up to 7907a2b and 845522c. - Fix incorrect id for CURLOPT_PROXY_PINNEDPUBLICKEY. - Add id for CURLOPT_ABSTRACT_UNIX_SOCKET. Bug: https://github.com/curl/curl/issues/1237 Reported-by: jonrumsey@users.noreply.github.com
2017-01-23VC: remove the makefile.vc6 build infraDaniel Stenberg
The winbuild/ build files is now the single MSVC makefile build choice. Closes #1215
2017-01-23docs/curl.1: generate from the cmdline-opts scriptDaniel Stenberg
2017-01-19*.rc: escape non-ASCII/non-UTF-8 character for clarityViktor Szakats
Closes https://github.com/curl/curl/pull/1217
2017-01-13unix_socket: add support for abstract unix domain socketIsaac Boukris
In addition to unix domain sockets, Linux also supports an abstract namespace which is independent of the filesystem. In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH internally, along with a flag to specify abstract socket. On non-supporting platforms, the abstract address will be interpreted as an empty string and fail gracefully. Also add new --abstract-unix-socket tool parameter. Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reported-by: Chungtsun Li (typeless) Reviewed-by: Daniel Stenberg Reviewed-by: Peter Wu Closes #1197 Fixes #1061
2017-01-13curl: reset the easy handle at --nextIsaac Boukris
So that only "global" options (verbose mostly) survive into the next transfer, and the others have to be set again unless default is fine.
2016-12-28tool_operate: Fix --remote-time incorrect times on WindowsJay Satiro
- Use Windows API SetFileTime to set the file time instead of utime. Avoid utime on Windows if possible because it may apply a daylight saving time offset to our UTC file time. Bug: https://curl.haxx.se/mail/archive-2016-11/0033.html Reported-by: Tim Closes https://github.com/curl/curl/pull/1121
2016-12-27curl: remove superfluous include fileDaniel Stenberg
The <netinet/tcp.h> is a leftover from the past when TCP socket options were set in this file. This include causes build issues on AIX 4.3. Reported-by: Kim Minjoong Closes #1178
2016-12-19tests: checksrc complianceJay Satiro
2016-12-17tool_getparam.c: make comments use the up-to-date option namesDaniel Stenberg
2016-12-16preproxy: renamed what was added as SOCKS_PROXYDaniel Stenberg
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY Added the corresponding --preroxy command line option. Sets a SOCKS proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16curl: normal socks proxies still use CURLOPT_PROXYDaniel Stenberg
... the newly introduced CURLOPT_SOCKS_PROXY is special and should be asked for specially. (Needs new code.) Unified proxy type to a single variable in the config struct.
2016-12-16CURLOPT_SOCKS_PROXYTYPE: removedDaniel Stenberg
This was added as part of the SOCKS+HTTPS proxy merge but there's no need to support this as we prefer to have the protocol specified as a prefix instead.
2016-12-14checksrc: warn for assignments within if() expressionsDaniel Stenberg
... they're already frowned upon in our source code style guide, this now enforces the rule harder.
2016-12-13checksrc: stricter no-space-before-paren enforcementDaniel Stenberg
In order to make the code style more uniform everywhere
2016-12-02curl: support zero-length argument strings in config filesDaniel Stenberg
... like 'user-agent = ""' Adjusted test 71 to verify.
2016-11-28curl: remove --proxy-ssl* optionsDaniel Stenberg
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS proxy. Those protocols are insecure by design and deprecated.
2016-11-26curl_version_info: add CURL_VERSION_HTTPS_PROXYOkhin Vasilij
Closes #1142
2016-11-24tool_urlglob: Improve sanity check in glob_rangeJay Satiro
Prior to this change we depended on errno if strtol could not perform a conversion. POSIX says EINVAL *may* be set. Some implementations like Microsoft's will not set it if there's no conversion. Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189
2016-11-24tool_help: Change description for --retry-connrefusedJay Satiro
Ref: https://github.com/curl/curl/pull/1064#issuecomment-260052409
2016-11-25add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}Frank Gevaerts
Adds access to the effectively used protocol/scheme to both libcurl and curl, both in string and numeric (CURLPROTO_*) form. Note that the string form will be uppercase, as it is just the internal string. As these strings are declared internally as const, and all other strings returned by curl_easy_getinfo() are de-facto const as well, string handling in getinfo.c got const-ified. Closes #1137
2016-11-24checksrc: white space edits to comply to stricter checksrcDaniel Stenberg
2016-11-24checksrc: code style: use 'char *name' styleDaniel Stenberg
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-16tool_help: Clarify --dump-header only writes received headersJay Satiro
2016-11-15curl: add --fail-early to help outputDaniel Stenberg
Fixes test 1139 failures Follow-up to f82bbe01c8835
2016-11-15glob: fix [a-c] globbing regressionDaniel Stenberg
Brought in ee4f76606cf Added test case 1280 to verify Reported-by: Dave Reisner Bug: https://github.com/curl/curl/commit/ee4f76606cfa4ee068bf28edd37c8dae7e8db317#commitcomment-19823146
2016-11-14curl: add --fail-earlyDaniel Stenberg
Exit with an error on the first transfer error instead of continuing to do the rest of the URLs. Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-11curl: Add --retry-connrefusedDaniel Hwang
to consider ECONNREFUSED as a transient error. Closes #1064
2016-11-07curl: introduce the --tlsv1.3 option to force TLS 1.3Kamil Dudka
Fully implemented with the NSS backend only for now. Reviewed-by: Ray Satiro
2016-11-07s/cURL/curlDaniel Stenberg
We're mostly saying just "curl" in lower case these days so here's a big cleanup to adapt to this reality. A few instances are left as the project could still formally be considered called cURL.
2016-11-05curl -w: added more decimal digits to timing countersMauro Rappa
Now showing microsecond resolution. Closes #1106
2016-11-02metalink: simplify the hex parsing functionDaniel Stenberg
... and now it avoids using the libcurl toupper() function
2016-10-31strcase: make the tool use curl_str[n]equal insteadDaniel Stenberg
As they are after all part of the public API. Saves space and reduces complexity. Remove the strcase defines from the curlx_ family. Suggested-by: Dan Fandrich Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
2016-10-31msvc builds: s/rawstr/strcaseDaniel Stenberg
Follow-up to 811a693b
2016-10-31curl_strequal: part of public API/ABI, needs to be keptDaniel Stenberg
These two public functions have been mentioned as deprecated since a very long time but since they are still part of the API and ABI we need to keep them around.
2016-10-31strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg
We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-10-31strcasecompare: is the new name for strequal()Daniel Stenberg
... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
2016-10-31range: reject char globs with missing end like '[L-]'Daniel Stenberg
... which previously would lead to out of boundary reads. Reported-by: Luật Nguyễn
2016-10-31glob_next_url: make sure to stay within the given output bufferDaniel Stenberg
2016-10-31range: prevent negative end number in a glob rangeDaniel Stenberg
CVE-2016-8620 Bug: https://curl.haxx.se/docs/adv_20161102F.html Reported-by: Luật Nguyễn
2016-10-18s/cURL/curlDaniel Stenberg
The tool was never called cURL, only the project. But even so, we have more and more over time switched to just use lower case.
2016-10-18curl: set INTERLEAVEDATA tooDaniel Stenberg
As otherwise the callback could be called with a NULL pointer when RTSP data is provided.
2016-10-16curl: do not set CURLOPT_SSLENGINEDEFAULT automaticallyDavid Woodhouse
There were bugs in the PKCS#11 engine, and fixing them triggers bugs in OpenSSL. Just don't get involved; there's no need to be making the engine methods the default anyway. https://github.com/OpenSC/libp11/pull/108 https://github.com/openssl/openssl/pull/1639 Merges #1042
2016-09-14curl: make --create-dirs on windows grok both forward and backward slashesDaniel Stenberg
Reported-by: Ryan Scott Fixes #1007
2016-09-07curl: whitelist use of strtok() in non-threaded contextDaniel Stenberg
2016-09-03tool_helpers.c: fix comment typo (#989)Mark Hamilton
2016-08-17curl: allow "pkcs11:" prefix for client certificatesDavid Woodhouse
RFC7512 provides a standard method to reference certificates in PKCS#11 tokens, by means of a URI starting 'pkcs11:'. We're working on fixing various applications so that whenever they would have been able to use certificates from a file, users can simply insert a PKCS#11 URI instead and expect it to work. This expectation is now a part of the Fedora packaging guidelines, for example. This doesn't work with cURL because of the way that the colon is used to separate the certificate argument from the passphrase. So instead of curl -E 'pkcs11:manufacturer=piv_II;id=%01' … I instead need to invoke cURL with the colon escaped, like this: curl -E 'pkcs11\:manufacturer=piv_II;id=%01' … This is suboptimal because we want *consistency* — the URI should be usable in place of a filename anywhere, without having strange differences for different applications. This patch therefore disables the processing in parse_cert_parameter() when the string starts with 'pkcs11:'. It means you can't pass a passphrase with an unescaped PKCS#11 URI, but there's no need to do so because RFC7512 allows a PIN to be given as a 'pin-value' attribute in the URI itself. Also, if users are already using RFC7512 URIs with the colon escaped as in the above example — even providing a passphrase for cURL to handling instead of using a pin-value attribute, that will continue to work because their string will start 'pkcs11\:' and won't match the check. What *does* break with this patch is the extremely unlikely case that a user has a file which is in the local directory and literally named just "pkcs11", and they have a passphrase on it. If that ever happened, the user would need to refer to it as './pkcs11:<passphrase>' instead.