diff options
author | Dmitry Wagin <dmitry.wagin@ya.ru> | 2021-01-25 17:02:09 +0300 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-01-30 23:48:22 +0100 |
commit | 796ce293defeeefb001bd8b76bbb75eb77a1ce0c (patch) | |
tree | 5de053a8198e191860a9bc7177c9788880e094a5 /docs/libcurl/opts | |
parent | 3c2210713e2427d567a6c44b83b3c9ac2a8577bc (diff) | |
download | curl-796ce293defeeefb001bd8b76bbb75eb77a1ce0c.tar.gz |
http: improve AWS HTTP v4 Signature auth
- Add support services without region and service prefixes in
the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
by providing region and service parameters via aws-sigv4 option.
- Add [:region[:service]] suffix to aws-sigv4 option;
- Fix memory allocation errors.
- Refactor memory management.
- Use Curl_http_method instead() STRING_CUSTOMREQUEST.
- Refactor canonical headers generating.
- Remove repeated sha256_to_hex() usage.
- Add some docs fixes.
- Add some codestyle fixes.
- Add overloaded strndup() for debug - curl_dbg_strndup().
- Update tests.
Closes #6524
Diffstat (limited to 'docs/libcurl/opts')
-rw-r--r-- | docs/libcurl/opts/CURLOPT_AWS_SIGV4.3 | 69 |
1 files changed, 42 insertions, 27 deletions
diff --git a/docs/libcurl/opts/CURLOPT_AWS_SIGV4.3 b/docs/libcurl/opts/CURLOPT_AWS_SIGV4.3 index 930a0cf2c..647565ba6 100644 --- a/docs/libcurl/opts/CURLOPT_AWS_SIGV4.3 +++ b/docs/libcurl/opts/CURLOPT_AWS_SIGV4.3 @@ -20,37 +20,47 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_AWS_SIGV4 3 "03 Jun 2020" "libcurl 7.72.0" "curl_easy_setopt options" +.TH CURLOPT_AWS_SIGV4 3 "03 Jun 2020" "libcurl 7.75.0" "curl_easy_setopt options" .SH NAME CURLOPT_AWS_SIGV4 \- V4 signature .SH SYNOPSIS .nf #include <curl/curl.h> -CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AWS_SIGV4, - char *providers_infos); +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AWS_SIGV4, char *param); +.fi .SH DESCRIPTION -provides AWS V4 signature authentication on HTTPS header - -The provider argument is a string that is merged to some authentication -parameters use by the algorithm. -It's used by "Algorithm", "date", "request type", "signed headers" arguments, - -NOTE: This call set CURLOPT_HTTPAUTH to CURLAUTH_AWS_SIGV4. -Calling CURLOPT_HTTPAUTH with CURLAUTH_AWS_SIGV4 is the same as calling -this with "aws:amz" in paramater. - -Example with "Test:Try", when curl will do the algorithm, it will Generate: -"TEST-HMAC-SHA256" for "Algorithm" -"x-try-date" and "X-Try-Date" for "date" -"test4_request" for "request type" +Provides AWS V4 signature authentication on HTTP(S) header. +.PP +Pass a char * that is the collection of specific arguments are used for +creating outgoing authentication headers. +The format of the param option is: +.IP provider1[:provider2[:region[:service]]] +.IP provider1,\ provider2 +The providers arguments are used for generating some authentication parameters +such as "Algorithm", "date", "request type" and "signed headers". +.IP region +The argument is a geographic area of a resources collection. +It is extracted from the host name specified in the URL if omitted. +.IP service +The argument is a function provided by a cloud. +It is extracted from the host name specified in the URL if omitted. +.PP +NOTE: This call set \fICURLOPT_HTTPAUTH(3)\fP to CURLAUTH_AWS_SIGV4. +Calling \fICURLOPT_HTTPAUTH(3)\fP with CURLAUTH_AWS_SIGV4 is the same +as calling this with "aws:amz" in parameter. +.PP +Example with "Test:Try", when curl will do the algorithm, it will generate +"TEST-HMAC-SHA256" for "Algorithm", "x-try-date" and "X-Try-Date" for "date", +"test4_request" for "request type", "SignedHeaders=content-type;host;x-try-date" for "signed headers" - +.PP If you use just "test", instead of "test:try", test will be use for every strings generated - .SH DEFAULT -NULL +By default, the value of this parameter is NULL. +Calling \fICURLOPT_HTTPAUTH(3)\fP with CURLAUTH_AWS_SIGV4 is the same +as calling this with "aws:amz" in parameter. .SH PROTOCOLS HTTP .SH EXAMPLE @@ -61,22 +71,27 @@ struct curl_slist *list = NULL; if(curl) { curl_easy_setopt(curl, CURLOPT_URL, - "https://api_type.region.example.com/uri"); + "https://service.region.example.com/uri"); + curl_easy_setopt(c, CURLOPT_AWS_SIGV4, "provider1:provider2"); + + /* service and region also could be set in CURLOPT_AWS_SIGV4 */ + /* + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/uri"); + curl_easy_setopt(c, CURLOPT_AWS_SIGV4, + "provider1:provider2:region:service"); + */ - curl_easy_setopt(c, CURLOPT_AWS_SIGV4, "xxx:yyy"); curl_easy_setopt(c, CURLOPT_USERPWD, "MY_ACCESS_KEY:MY_SECRET_KEY"); curl_easy_perform(curl); } .fi - .SH AVAILABILITY Added in 7.75.0 - .SH RETURN VALUE Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. - .SH NOTES -this option overrides the other auth types you might have set in CURL_HTTPAUTH which should be highlighted as this makes this auth method special. It could probably also be mentioned that this method can't be combined with other auth types. - +This option overrides the other auth types you might have set in CURL_HTTPAUTH +which should be highlighted as this makes this auth method special. +This method can't be combined with other auth types. .SH "SEE ALSO" .BR CURLOPT_HEADEROPT "(3), " CURLOPT_HTTPHEADER "(3), " |