summaryrefslogtreecommitdiff
path: root/include/curl/curl.h
Commit message (Collapse)AuthorAgeFilesLines
* mime: use percent-escaping for multipart form field and file namesPatrick Monnerat2021-11-151-0/+6
| | | | | | | | | | | | | | | | | | Until now, form field and file names where escaped using the backslash-escaping algorithm defined for multipart mails. This commit replaces this with the percent-escaping method for URLs. As this may introduce incompatibilities with server-side applications, a new libcurl option CURLOPT_MIME_OPTIONS with bitmask CURLMIMEOPT_FORMESCAPE is introduced to revert to legacy use of backslash-escaping. This is controlled by new cli tool option --form-escape. New tests and documentation are provided for this feature. Reported by: Ryan Sleevi Fixes #7789 Closes #7805
* CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuseJeffrey Tolar2021-10-061-1/+6
| | | | | | | | | ... and close connections that are too old instead of reusing them. By default, this behavior is disabled. Bug: https://curl.se/mail/lib-2021-09/0058.html Closes #7751
* misc: fix a few issues on MidnightBSDLucas Holt2021-10-051-2/+3
| | | | Closes #7812
* CURLOPT_PREREQFUNCTION: add new callbackMax Dymond2021-09-271-0/+21
| | | | | | | | | | | | | | Triggered before a request is made but after a connection is set up Changes: - callback: Update docs and callback for pre-request callback - Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION, - Add redirect test and callback failure test - Note that the function may be called multiple times on a redirection - Disable new 2086 test due to Windows weirdness Closes #7477
* libssh2: add SHA256 fingerprint supportMats Lindestam2021-09-261-0/+3
| | | | | | | Added support for SHA256 fingerprint in command line curl and in libcurl. Closes #7646
* mailing lists: move from cool.haxx.se to lists.haxx.seDaniel Stenberg2021-08-301-3/+0
|
* cleanup: spell DoH with a lowercase oJosh Soref2021-07-161-3/+3
| | | | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> Closes #7413
* curl.h: include sys/select.h for NuttX RTOSXiang Xiao2021-06-221-1/+1
| | | | Closes #7287
* curl.h: remove the execution bitBin Meng2021-06-221-0/+0
| | | | | | | | | | | | The execution bit of curl.h file was wrongly added: commit 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7") and should be removed. Follow-up to 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7") Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Closes #7286
* curl.h: <sys/select.h> is supported by VxWorks7Bin Lan2021-06-221-1/+2
| | | | Closes #7285
* CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntaxDaniel Stenberg2021-06-021-1/+4
| | | | | | | | | For options that pass in lists or strings that are subsequently parsed and must be correct. This broadens the scope for the option previously known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still provided as a #define for existing applications. Closes #7175
* CURLOPT_IPRESOLVE: preventing wrong IP version from being usedLucas Clemente Vella2021-05-201-5/+5
| | | | | | | | | | | | | | | | | | | In some situations, it was possible that a transfer was setup to use an specific IP version, but due do DNS caching or connection reuse, it ended up using a different IP version from requested. This commit changes the effect of CURLOPT_IPRESOLVE from simply restricting address resolution to preventing the wrong connection type being used, when choosing a connection from the pool, and to restricting what addresses could be used when establishing a new connection. It is important that all addresses versions are resolved, even if not used in that transfer in particular, because the result is cached, and could be useful for a different transfer with a different CURLOPT_IPRESOLVE setting. Closes #6853
* SSL: support in-memory CA certs for some backendsGilles Vollant2021-05-051-0/+8
| | | | | | | | | | | | | | | | | - New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to specify in-memory PEM certificates for OpenSSL, Schannel (Windows) and Secure Transport (Apple) SSL backends. Prior to this change PEM certificates could only be imported from a file and not from memory. Co-authored-by: moparisthebest@users.noreply.github.com Ref: https://github.com/curl/curl/pull/4679 Ref: https://github.com/curl/curl/pull/5677 Ref: https://github.com/curl/curl/pull/6109 Closes https://github.com/curl/curl/pull/6662
* CURLcode: add CURLE_SSL_CLIENTCERTejanchivdorj2021-05-031-0/+1
| | | | | | | | | | When a TLS server requests a client certificate during handshake and none can be provided, libcurl now returns this new error code CURLE_SSL_CLIENTCERT Only supported by Secure Transport and OpenSSL for TLS 1.3 so far. Closes #6721
* version: add gsasl_version to curl_version_info_dataMartin Halle2021-04-221-1/+5
| | | | | | | | - Add gsasl_version string and bump to CURLVERSION_TENTH. Ref: https://curl.se/mail/lib-2021-04/0003.html Closes https://github.com/curl/curl/pull/6843
* schannel: Disable auto credentials; add an option to enable itJay Satiro2021-04-221-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Disable auto credentials by default. This is a breaking change for clients that are using it, wittingly or not. - New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl to automatically locate and use a client certificate for authentication, when requested by the server. - New curl tool options --ssl-auto-client-cert and --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT. This option is only supported for Schannel (the native Windows SSL library). Prior to this change Schannel would, with no notification to the client, attempt to locate a client certificate and send it to the server, when requested by the server. Since the server can request any certificate that supports client authentication in the OS certificate store it could be a privacy violation and unexpected. Fixes https://github.com/curl/curl/issues/2262 Reported-by: Jeroen Ooms Assisted-by: Wes Hinsley Assisted-by: Rich FitzJohn Ref: https://curl.se/mail/lib-2021-02/0066.html Reported-by: Morten Minde Neergaard Closes https://github.com/curl/curl/pull/6673
* http: add support to read and store the referrer headerViktor Szakats2021-02-191-1/+2
| | | | | | | | | - add CURLINFO_REFERER libcurl option - add --write-out '%{referer}' command-line option - extend --xattr command-line option to fill user.xdg.referrer.url extended attribute with the referrer (if there was any) Closes #6591
* doh: add options to disable ssl verificationJay Satiro2021-02-141-0/+9
| | | | | | | | | | | | | | | | | | | | | | - New libcurl options CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the same as their respective counterparts. - New curl tool options --doh-insecure and --doh-cert-status do the same as their respective counterparts. Prior to this change DOH SSL certificate verification settings for verifyhost and verifypeer were supposed to be inherited respectively from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug were not. As a result DOH verification remained at the default, ie enabled, and it was not possible to disable. This commit changes behavior so that the DOH verification settings are independent and not inherited. Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676 Fixes https://github.com/curl/curl/issues/4578 Closes https://github.com/curl/curl/pull/6597
* gsasl: provide CURL_VERSION_GSASL if built-inDaniel Stenberg2021-02-111-0/+1
| | | | | | To let applications know the feature is available. Closes #6592
* vtls: initial implementation of rustls backendJacob Hoffman-Andrews2021-02-091-1/+2
| | | | | | | | | | | | | | | | | This adds a new TLS backend, rustls. It uses the C-to-rustls bindings from https://github.com/abetterinternet/crustls. Rustls is at https://github.com/ctz/rustls/. There is still a fair bit to be done, like sending CloseNotify on connection shutdown, respecting CAPATH, and properly indicating features like "supports TLS 1.3 ciphersuites." But it works well enough to make requests and receive responses. Blog post for context: https://www.abetterinternet.org/post/memory-safe-curl/ Closes #6350
* http: improve AWS HTTP v4 Signature authDmitry Wagin2021-01-301-2/+2
| | | | | | | | | | | | | | | | | | - Add support services without region and service prefixes in the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc) by providing region and service parameters via aws-sigv4 option. - Add [:region[:service]] suffix to aws-sigv4 option; - Fix memory allocation errors. - Refactor memory management. - Use Curl_http_method instead() STRING_CUSTOMREQUEST. - Refactor canonical headers generating. - Remove repeated sha256_to_hex() usage. - Add some docs fixes. - Add some codestyle fixes. - Add overloaded strndup() for debug - curl_dbg_strndup(). - Update tests. Closes #6524
* curl.h: add CURLPROTO_GOPHERS as own protocol identifierDaniel Stenberg2021-01-061-0/+1
| | | | | | | Follow-up to a1f06f32b860, to make sure it can be handled separately from plain gopher. Closes #6418
* language: s/behaviour/behavior/gEmil Engler2021-01-021-2/+2
| | | | | | | | We currently use both spellings the british "behaviour" and the american "behavior". However "behavior" is more used in the project so I think it's worth dropping the british name. Closes #6395
* http: introduce AWS HTTP v4 SignatureMatthias Gatto2020-12-211-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is a security process for HTTP. It doesn't seems to be standard, but it is used by some cloud providers. Aws: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Outscale: https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request GCP (I didn't test that this code work with GCP though): https://cloud.google.com/storage/docs/access-control/signing-urls-manually most of the code is in lib/http_v4_signature.c Information require by the algorithm: - The URL - Current time - some prefix that are append to some of the signature parameters. The data extracted from the URL are: the URI, the region, the host and the API type example: https://api.eu-west-2.outscale.com/api/latest/ReadNets ~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ^ ^ ^ / \ URI API type region Small description of the algorithm: - make canonical header using content type, the host, and the date - hash the post data - make canonical_request using custom request, the URI, the get data, the canonical header, the signed header and post data hash - hash canonical_request - make str_to_sign using one of the prefix pass in parameter, the date, the credential scope and the canonical_request hash - compute hmac from date, using secret key as key. - compute hmac from region, using above hmac as key - compute hmac from api_type, using above hmac as key - compute hmac from request_type, using above hmac as key - compute hmac from str_to_sign using above hmac as key - create Authorization header using above hmac, prefix pass in parameter, the date, and above hash Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> Closes #5703
* version: include hyper versionDaniel Stenberg2020-12-181-1/+4
|
* curl: add compatibility for Amiga and GCC 6.5Oliver Urbann2020-11-201-1/+1
| | | | | | | Changes are mainly reordering and adding of includes required to compile with a more recent version of GCC. Closes #6220
* curl.se: new homeDaniel Stenberg2020-11-041-2/+2
| | | | Closes #6172
* hsts: add read/write callbacksDaniel Stenberg2020-11-031-0/+35
| | | | | | | | - read/write callback options - man pages for the 4 new setopts - test 1915 verifies the callbacks Closes #5896
* hsts: add support for Strict-Transport-SecurityDaniel Stenberg2020-11-031-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | - enable in the build (configure) - header parsing - host name lookup - unit tests for the above - CI build - CURL_VERSION_HSTS bit - curl_version_info support - curl -V output - curl-config --features - CURLOPT_HSTS_CTRL - man page for CURLOPT_HSTS_CTRL - curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl) - man page for --hsts - save cache to disk - load cache from disk - CURLOPT_HSTS - man page for CURLOPT_HSTS - added docs/HSTS.md - fixed --version docs - adjusted curl_easy_duphandle Closes #5896
* alt-svc: enable by defaultDaniel Stenberg2020-10-251-2/+0
| | | | | | | | Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported. alt-svc support in curl is no longer considered experimental Closes #5868
* tls: add CURLOPT_SSL_EC_CURVES and --curvesMichael Baentsch2020-08-301-0/+6
| | | | Closes #5892
* options: API for meta-data about easy optionsDaniel Stenberg2020-08-271-38/+49
| | | | | | | | | | | | | | | | const struct curl_easyoption *curl_easy_option_by_name(const char *name); const struct curl_easyoption *curl_easy_option_by_id (CURLoption id); const struct curl_easyoption * curl_easy_option_next(const struct curl_easyoption *prev); The purpose is to provide detailed enough information to allow for example libcurl bindings to get option information at run-time about what easy options that exist and what arguments they expect. Assisted-by: Jeroen Ooms Closes #5365
* sftp: add the option CURLKHSTAT_FINE_REPLACEMichael Musset2020-08-241-0/+1
| | | | | | Replace the old fingerprint of the host with a new. Closes #5685
* CURLE_PROXY: new error codeDaniel Stenberg2020-08-241-1/+45
| | | | | | | | | | | | Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
* curl.h: update CURLINFO_LASTONEJay Satiro2020-07-231-1/+1
| | | | | | | | | CURLINFO_LASTONE should have been updated when CURLINFO_EFFECTIVE_METHOD was added. Reported-by: xwxbug@users.noreply.github.com Fixes https://github.com/curl/curl/issues/5711
* CURLINFO_EFFECTIVE_METHOD: addedDaniel Stenberg2020-07-141-4/+1
| | | | | | | Provide the HTTP method that was used on the latest request, which might be relevant for users when there was one or more redirects involved. Closes #5511
* windows: add unicode to feature listViktor Szakats2020-07-141-0/+2
| | | | | | | Reviewed-by: Marcel Raad Reviewed-by: Marc Hörsken Closes #5491
* content_encoding: add zstd decoding supportGilles Vollant2020-07-121-2/+8
| | | | | | | | | include zstd curl patch for Makefile.m32 from vszakats and include Add CMake support for zstd from Peter Wu Helped-by: Viktor Szakats Helped-by: Peter Wu Closes #5453
* terminology: call them null-terminated stringsDaniel Stenberg2020-06-281-3/+3
| | | | | | | | | | | Updated terminology in docs, comments and phrases to refer to C strings as "null-terminated". Done to unify with how most other C oriented docs refer of them and what users in general seem to prefer (based on a single highly unscientific poll on twitter). Reported-by: coinhubs on github Fixes #5598 Closes #5608
* setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherencyGilles Vollant2020-05-231-0/+4
| | | | Closes #5431
* setopt: support certificate options in memory with struct curl_blobGilles Vollant2020-05-151-0/+8
| | | | | | | | | | | | | This change introduces a generic way to provide binary data in setopt options, called BLOBs. This change introduces these new setopts: CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB, CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB. Reviewed-by: Daniel Stenberg Closes #5357
* source cleanup: remove all custom typedef structsDaniel Stenberg2020-05-151-6/+8
| | | | | | | | | | | - Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338
* CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)Gilles Vollant2020-05-081-0/+4
| | | | Closes #4346
* curl.h: update comment typoBrian Bergeron2020-04-221-1/+1
| | | | | | "routines with be invoked" -> "routines will be invoked" Closes #5279
* mqtt: add new experimental protocolBjorn Stenberg2020-04-141-0/+1
| | | | Closes #5173
* curl.h: remnove CURL_VERSION_ESNI. Never supported nor documentedDaniel Stenberg2020-03-291-2/+0
| | | | | | Considered experimental and therefore we can do this. Closes #5157
* version: add 'cainfo' and 'capath' to version info structDaniel Stenberg2020-03-271-1/+9
| | | | | | | | Suggested-by: Timothe Litt URL: https://curl.haxx.se/mail/lib-2020-03/0090.html Reviewed-by: Jay Satiro Closes #5150
* schannel: add "best effort" revocation check optionJohannes Schindelin2020-03-181-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and --ssl-revoke-best-effort to allow a "best effort" revocation check. A best effort revocation check ignores errors that the revocation check was unable to take place. The reasoning is described in detail below and discussed further in the PR. --- When running e.g. with Fiddler, the schannel backend fails with an unhelpful error message: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. Sadly, many enterprise users who are stuck behind MITM proxies suffer the very same problem. This has been discussed in plenty of issues: https://github.com/curl/curl/issues/3727, https://github.com/curl/curl/issues/264, for example. In the latter, a Microsoft Edge developer even made the case that the common behavior is to ignore issues when a certificate has no recorded distribution point for revocation lists, or when the server is offline. This is also known as "best effort" strategy and addresses the Fiddler issue. Unfortunately, this strategy was not chosen as the default for schannel (and is therefore a backend-specific behavior: OpenSSL seems to happily ignore the offline servers and missing distribution points). To maintain backward-compatibility, we therefore add a new flag (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option (`--ssl-revoke-best-effort`) to select the new behavior. Due to the many related issues Git for Windows and GitHub Desktop, the plan is to make this behavior the default in these software packages. The test 2070 was added to verify this behavior, adapted from 310. Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/4981
* curl.h: define CURL_WIN32 on windowsDaniel Stenberg2020-01-271-5/+14
| | | | | | | | | | | | ... so that the subsequent logic below can use a single known define to know when built on Windows (as we don't define WIN32 anymore). Follow-up to 1adebe7886ddf20b Reported-by: crazydef on github Assisted-by: Marcel Raad Fixes #4854 Closes #4855
* smtp: Allow RCPT TO command to fail for some recipientsPavel Volgarev2020-01-211-0/+3
| | | | | | | | Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS. Verified with the new tests 3002-3007 Closes #4816