delta/curl.git/lib/doh.c, branch bagder/https-proxyu-req-http github.com: bagder/curl.git tls: add CURLOPT_SSL_EC_CURVES and --curves 2020-08-30T15:24:04+00:00 Michael Baentsch 57787676+baentsch@users.noreply.github.com 2020-08-29T12:09:24+00:00 ede125b7b7ca8fc5a1fe3d7c1aee6bff2ea0bf24 Closes #5892 
Closes #5892
doh: add error message for DOH_DNS_NAME_TOO_LONG 2020-08-26T20:51:29+00:00 Emil Engler me@emilengler.com 2020-08-26T11:33:42+00:00 a6a17662f22d1b00f89295086ea71ac73700f477 When this error code was introduced in b6a53fff6c1d07e8a9, it was forgotten to be added in the errors array and doh_strerror function. Closes #5863 
When this error code was introduced in b6a53fff6c1d07e8a9, it was
forgotten to be added in the errors array and doh_strerror function.

Closes #5863
doh: remove redundant cast 2020-07-21T18:00:29+00:00 Marcel Raad Marcel.Raad@teamviewer.com 2020-07-19T13:02:16+00:00 d746ff11073b5bbf8fff33b2eb7fe110ddf9fee8 Closes https://github.com/curl/curl/pull/5704 
Closes https://github.com/curl/curl/pull/5704
Curl_addrinfo: use one malloc instead of three 2020-06-08T14:10:53+00:00 Daniel Stenberg daniel@haxx.se 2020-06-06T21:10:18+00:00 54d3769761e5a842aefa9462cd0eaed00da400d0 To reduce the amount of allocations needed for creating a Curl_addrinfo struct, make a single larger malloc instead of three separate smaller ones. Closes #5533 
To reduce the amount of allocations needed for creating a Curl_addrinfo
struct, make a single larger malloc instead of three separate smaller
ones.

Closes #5533
hostip: on macOS avoid DoH when given a numerical IP address 2020-05-26T15:37:39+00:00 Daniel Stenberg daniel@haxx.se 2020-05-26T09:07:06+00:00 67d2802deabd179552bf957d344b7dd74cbb64d8 When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that numerical IP addresses still need to get "resolved" - but not with DoH. Reported-by: Viktor Szakats Fixes #5454 Closes #5459 
When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that
numerical IP addresses still need to get "resolved" - but not with DoH.

Reported-by: Viktor Szakats
Fixes #5454
Closes #5459
source cleanup: remove all custom typedef structs 2020-05-15T06:54:42+00:00 Daniel Stenberg daniel@haxx.se 2020-05-13T22:05:04+00:00 8df455479f8801bbebad8839fc96abbffa711603 - Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338 
 - Stick to a single unified way to use structs
 - Make checksrc complain on 'typedef struct {'
 - Allow them in tests, public headers and examples

 - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
   typedef different types/structs depending on build conditions.

Closes #5338
dynbuf: introduce internal generic dynamic buffer functions 2020-05-04T08:40:39+00:00 Daniel Stenberg daniel@haxx.se 2020-05-02T15:04:08+00:00 ed35d6590e72c23c568af1e3b8ac6e4e2d883888 A common set of functions instead of many separate implementations for creating buffers that can grow when appending data to them. Existing functionality has been ported over. In my early basic testing, the total number of allocations seem at roughly the same amount as before, possibly a few less. See docs/DYNBUF.md for a description of the API. Closes #5300 
A common set of functions instead of many separate implementations for
creating buffers that can grow when appending data to them. Existing
functionality has been ported over.

In my early basic testing, the total number of allocations seem at
roughly the same amount as before, possibly a few less.

See docs/DYNBUF.md for a description of the API.

Closes #5300
doh: Constify some input pointers 2020-04-28T05:56:34+00:00 Rikard Falkeborn rikard.falkeborn@gmail.com 2020-04-27T10:07:34+00:00 fc0e29dd57bb0dc7bbf4d0e5c9638b01f7b6afc6 Closes #5306 
Closes #5306
schannel: add "best effort" revocation check option 2020-03-18T07:23:39+00:00 Johannes Schindelin johannes.schindelin@gmx.de 2020-02-26T10:24:26+00:00 54504284918a4ba19bc7b1efb486a64629d376aa - Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and --ssl-revoke-best-effort to allow a "best effort" revocation check. A best effort revocation check ignores errors that the revocation check was unable to take place. The reasoning is described in detail below and discussed further in the PR. --- When running e.g. with Fiddler, the schannel backend fails with an unhelpful error message: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. Sadly, many enterprise users who are stuck behind MITM proxies suffer the very same problem. This has been discussed in plenty of issues: https://github.com/curl/curl/issues/3727, https://github.com/curl/curl/issues/264, for example. In the latter, a Microsoft Edge developer even made the case that the common behavior is to ignore issues when a certificate has no recorded distribution point for revocation lists, or when the server is offline. This is also known as "best effort" strategy and addresses the Fiddler issue. Unfortunately, this strategy was not chosen as the default for schannel (and is therefore a backend-specific behavior: OpenSSL seems to happily ignore the offline servers and missing distribution points). To maintain backward-compatibility, we therefore add a new flag (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option (`--ssl-revoke-best-effort`) to select the new behavior. Due to the many related issues Git for Windows and GitHub Desktop, the plan is to make this behavior the default in these software packages. The test 2070 was added to verify this behavior, adapted from 310. Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/4981 
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
  --ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

	Unknown error (0x80092012) - The revocation function was unable
	to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981
cleanup: fix typos and wording in docs and comments 2020-02-02T17:43:01+00:00 Pedro Monreal pmgdeb@gmail.co 2020-02-02T08:49:28+00:00 4b6fd29f1a0e5e71b1863b843324a7bdc800ef0a Closes #4869 Reviewed-by: Emil Engler and Daniel Gustafsson 
Closes #4869
Reviewed-by: Emil Engler and Daniel Gustafsson