aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-08-17curl: allow "pkcs11:" prefix for client certificatesDavid Woodhouse
RFC7512 provides a standard method to reference certificates in PKCS#11 tokens, by means of a URI starting 'pkcs11:'. We're working on fixing various applications so that whenever they would have been able to use certificates from a file, users can simply insert a PKCS#11 URI instead and expect it to work. This expectation is now a part of the Fedora packaging guidelines, for example. This doesn't work with cURL because of the way that the colon is used to separate the certificate argument from the passphrase. So instead of curl -E 'pkcs11:manufacturer=piv_II;id=%01' … I instead need to invoke cURL with the colon escaped, like this: curl -E 'pkcs11\:manufacturer=piv_II;id=%01' … This is suboptimal because we want *consistency* — the URI should be usable in place of a filename anywhere, without having strange differences for different applications. This patch therefore disables the processing in parse_cert_parameter() when the string starts with 'pkcs11:'. It means you can't pass a passphrase with an unescaped PKCS#11 URI, but there's no need to do so because RFC7512 allows a PIN to be given as a 'pin-value' attribute in the URI itself. Also, if users are already using RFC7512 URIs with the colon escaped as in the above example — even providing a passphrase for cURL to handling instead of using a pin-value attribute, that will continue to work because their string will start 'pkcs11\:' and won't match the check. What *does* break with this patch is the extremely unlikely case that a user has a file which is in the local directory and literally named just "pkcs11", and they have a passphrase on it. If that ever happened, the user would need to refer to it as './pkcs11:<passphrase>' instead.
2016-08-05CURLOPT_TCP_NODELAY: now enabled by defaultDaniel Stenberg
After a few wasted hours hunting down the reason for slowness during a TLS handshake that turned out to be because of TCP_NODELAY not being set, I think we have enough motivation to toggle the default for this option. We now enable TCP_NODELAY by default and allow applications to switch it off. This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be used to disable it. Thanks-to: Tim Rühsen Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
2016-06-03tool_urlglob: fix off-by-one error in glob_parse()Kamil Dudka
... causing SIGSEGV while parsing URL with too many globs. Minimal example: $ curl $(for i in $(seq 101); do printf '{a}'; done) Reported-by: Romain Coltel Bug: https://bugzilla.redhat.com/1340757
2016-06-01makefile.m32: add crypt32 for winssl buildsViktor Szakats
Dependency added by 6cabd78 Closes #849
2016-05-31curl: fix -q [regression]Daniel Stenberg
This broke in 7.49.0 with commit e200034425a7625 Fixes #842
2016-05-30http: add CURLINFO_HTTP_VERSION and %{http_version}Frank Gevaerts
Adds access to the effectively used http version to both libcurl and curl. Closes #799
2016-05-01tool_cb_hdr: Fix --remote-header-name with schemeless URLJay Satiro
- Move the existing scheme check from tool_operate. In the case of --remote-header-name we want to parse Content-disposition for a filename, but only if the scheme is http or https. A recent adjustment 0dc4d8e was made to account for schemeless URLs however it's not 100% accurate. To remedy that I've moved the scheme check to the header callback, since at that point the library has already determined the scheme. Bug: https://github.com/curl/curl/issues/760 Reported-by: Kai Noda
2016-04-29curl -J: make it work even without http:// scheme on URLJay Satiro
It does open up a miniscule risk that one of the other protocols that libcurl could use would send back a Content-Disposition header and then curl would act on it even if not HTTP. A future mitigation for this risk would be to allow the callback to ask libcurl which protocol is being used. Verified with test 1312 Closes #760
2016-04-29curl: show the long option version of -q in the -h listDaniel Stenberg
2016-04-29curl: remove "--socks" as "--socks5" turned 8Daniel Stenberg
In commit 2e42b0a2524 (Jan 2008) we made the option "--socks" deprecated and it has not been documented since. The more explicit socks options (like --socks4 or --socks5) should be used.
2016-04-29curl: remove --http-requestDaniel Stenberg
It was mentioned as deprecated already in commit ae1912cb0d4 from 1999. It has not been documented in this millennium.
2016-04-29curl: mention --ntlm-wb in -h listDaniel Stenberg
2016-04-29curl: -h output lacked --proxy-headerDaniel Stenberg
2016-04-29curl: use --telnet-option as documentedDaniel Stenberg
The code said "telnet-options" but no documentation ever said so. It worked fine since the code is fine with a unique match of the first part.
2016-04-29getparam: remove support for --ftpportDaniel Stenberg
It has been deprecated and undocumented since commit ad5ead8bed7 (Dec 2003). --ftp-port is the proper long option name.
2016-04-29curl: make --disable work as long form of -qDaniel Stenberg
To make the aliases list reflect reality.
2016-04-29aliases: remove trailing space from capath stringDaniel Stenberg
2016-04-29cmdline parse: only single letter options have single-letter stringsDaniel Stenberg
... moved around options so that parsing the code to find all single-letter options easier.
2016-04-22curl: make --ftp-create-dirs retry on failureDaniel Stenberg
The underlying libcurl option used for this feature is CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir creation, but it was never set to do that by the command line tool. Now it does. Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html Reported-by: John Wanghui Help-by: Leif W
2016-04-19src/checksrc.whitelist: removedDaniel Stenberg
2016-04-19tool_operate: switch to inline checksrc ignoreDaniel Stenberg
2016-04-18tool: add --tcp-fastopen optionAlessandro Ghedini
2016-04-18checksrc: pass on -D so the whitelists are found correctlyDaniel Stenberg
2016-04-18checksrc/makefile.am: use $top_srcdir to find source filesDaniel Stenberg
... to properly support out of source tree builds.
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-17makefile.vc6: use d suffix on debug objectDaniel Stenberg
To allow both release and debug builds in parallel. Reported-by: Rod Widdowson Fixes #769
2016-04-09CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAMESteve Holme
As these two options provide identical functionality, the former for SOCK5 proxies and the latter for HTTP proxies, merged the two options together. As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of 7.49.0.
2016-04-09url: Corrected comments following 9d89a0387Steve Holme
2016-04-08checksrc: Fix issue with the autobuilds not picking up the whitelistSteve Holme
2016-04-03lib/src: fix the checksrc invokeDaniel Stenberg
... now works correctly when invoke from the root makefile
2016-04-03code: style updatesDaniel Stenberg
2016-03-31http2: support "prior knowledge", no upgrade from HTTP/1.1Diego Bes
Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
2016-03-28tool_operate: remove mixed declarationJay Satiro
This is a follow up to the previous commit.
2016-03-28curl: warn for --capath use if not supported by libcurlDaniel Stenberg
Closes #492
2016-03-14curl: glob_range: no need to check unsigned variable for negativeDaniel Stenberg
cppcheck warned: [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n' is less than zero.
2016-03-05makefile.m32: add missing libs for static -winssl-ssh2 buildsViktor Szakats
Bug: https://github.com/curl/curl/pull/693
2016-03-05makefile.m32: fix to allow -ssh2-winssl combinationViktor Szakats
In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl (OpenSSL) option, with no way to override it with -winssl. Since both libssh2 and curl support using Windows's built-in SSL backend, modify the logic to allow that combination.
2016-03-01makefile.m32: allow to pass .dll/.exe-specific LDFLAGSViktor Szakats
using envvars `CURL_LDFLAG_EXTRAS_DLL` and `CURL_LDFLAG_EXTRAS_EXE` respectively. This is useful f.e. to pass ASLR-related extra options, that are required to make this feature work when using the mingw toolchain. Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985 Closes https://github.com/curl/curl/pull/689
2016-02-23TFTP: add option to suppress TFTP option requests (Part 2)Jay Satiro
- Add tests. - Add an example to CURLOPT_TFTP_NO_OPTIONS.3. - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS. Bug: https://github.com/curl/curl/issues/481
2016-02-20src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS supportViktor Szakats
Sync with lib/Makefile.m32 which already uses those variables. Bug: https://github.com/curl/curl/pull/670
2016-02-09tool_doswin: Support for literal path prefix \\?\Jay Satiro
For example something like --output \\?\C:\foo
2016-02-08tool_urlglob: Allow reserved dos device names (Windows)Jay Satiro
Allow --output to reserved dos device names without the device prefix for backwards compatibility. Example: --output NUL can be used instead of --output \\.\NUL Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863 Reported-by: Gisle Vanem
2016-02-08tool_operhlp: Check for backslashes in get_url_file_nameJay Satiro
Extract the filename from the last slash or backslash. Prior to this change backslashes could be part of the filename. This change needed for the curl tool built for Cygwin. Refer to the CYGWIN addendum in advisory 20160127B. Bug: https://curl.haxx.se/docs/adv_20160127B.html
2016-02-05tool_doswin: Use type SANITIZEcode in sanitize_file_nameJay Satiro
2016-02-05tool_doswin: Improve sanitization processingJay Satiro
- Add unit test 1604 to test the sanitize_file_name function. - Use -DCURL_STATICLIB when building libcurltool for unit testing. - Better detection of reserved DOS device names. - New flags to modify sanitize behavior: SANITIZE_ALLOW_COLONS: Allow colons SANITIZE_ALLOW_PATH: Allow path separators and colons SANITIZE_ALLOW_RESERVED: Allow reserved device names SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - Restore sanitization of banned characters from user-specified outfile. Prior to this commit sanitization of a user-specified outfile was temporarily disabled in 2b6dadc because there was no way to allow path separators and colons through while replacing other banned characters. Now in such a case we call the sanitize function with SANITIZE_ALLOW_PATH which allows path separators and colons to pass through. Closes https://github.com/curl/curl/issues/624 Reported-by: Octavio Schroeder
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2016-02-01tool_operate: Don't sanitize --output path (Windows)Jay Satiro
Due to path separators being incorrectly sanitized in --output pathnames, eg -o c:\foo => c__foo This is a partial revert of 3017d8a until I write a proper fix. The remote-name will continue to be sanitized, but if the user specified an --output with string replacement (#1, #2, etc) that data is unsanitized until I finish a fix. Bug: https://github.com/bagder/curl/issues/624 Reported-by: Octavio Schroeder
2016-01-28tool_doswin: silence unused function warningViktor Szakats
tool_doswin.c:185:14: warning: 'msdosify' defined but not used [-Wunused-function] Closes https://github.com/bagder/curl/pull/616
2016-01-26curl: avoid local drive traversal when saving file (Windows)Ray Satiro
curl does not sanitize colons in a remote file name that is used as the local file name. This may lead to a vulnerability on systems where the colon is a special path character. Currently Windows/DOS is the only OS where this vulnerability applies. CVE-2016-0754 Bug: http://curl.haxx.se/docs/adv_20160127B.html
2015-12-23Makefile.inc: s/curl_SOURCES/CURL_FILESDaniel Stenberg
This allows the root Makefile.am to include the Makefile.inc without causing automake to warn on it (variables named *_SOURCES are magic). curl_SOURCES is then instead assigned properly in src/Makefile.am only. Closes #577