| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Follow-up to a1f06f32b860, to make sure it can be handled separately
from plain gopher.
Closes #6418
|
| |
|
|
|
|
|
|
| |
We currently use both spellings the british "behaviour" and the american
"behavior". However "behavior" is more used in the project so I think
it's worth dropping the british name.
Closes #6395
|
| |
|
|
|
|
| |
This patch allow to call the v4 signature introduce in previous commit
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is a security process for HTTP.
It doesn't seems to be standard, but it is used by some cloud providers.
Aws:
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Outscale:
https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request
GCP (I didn't test that this code work with GCP though):
https://cloud.google.com/storage/docs/access-control/signing-urls-manually
most of the code is in lib/http_v4_signature.c
Information require by the algorithm:
- The URL
- Current time
- some prefix that are append to some of the signature parameters.
The data extracted from the URL are: the URI, the region,
the host and the API type
example:
https://api.eu-west-2.outscale.com/api/latest/ReadNets
~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
^ ^ ^
/ \ URI
API type region
Small description of the algorithm:
- make canonical header using content type, the host, and the date
- hash the post data
- make canonical_request using custom request, the URI,
the get data, the canonical header, the signed header
and post data hash
- hash canonical_request
- make str_to_sign using one of the prefix pass in parameter,
the date, the credential scope and the canonical_request hash
- compute hmac from date, using secret key as key.
- compute hmac from region, using above hmac as key
- compute hmac from api_type, using above hmac as key
- compute hmac from request_type, using above hmac as key
- compute hmac from str_to_sign using above hmac as key
- create Authorization header using above hmac, prefix pass in parameter,
the date, and above hash
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
Closes #5703
|
| | |
|
| | |
|
| |
|
|
| |
start over on the next release cycle
|
| |
|
|
|
|
|
| |
Changes are mainly reordering and adding of includes required
to compile with a more recent version of GCC.
Closes #6220
|
| |
|
|
| |
Follow-up from 4d2f8006777
|
| |
|
|
| |
Closes #6172
|
| | |
|
| |
|
|
|
|
|
|
| |
- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks
Closes #5896
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle
Closes #5896
|
| |
|
|
|
|
|
|
| |
Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported.
alt-svc support in curl is no longer considered experimental
Closes #5868
|
| |
|
|
| |
Started over for the journey to next release.
|
| |
|
|
| |
Closes #6028
|
| |
|
|
| |
Closes #5892
|
| |
|
|
|
|
| |
Validates that gcc-typecheck macros match the new option type API.
Closes #5873
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
const struct curl_easyoption *curl_easy_option_by_name(const char *name);
const struct curl_easyoption *curl_easy_option_by_id (CURLoption id);
const struct curl_easyoption *
curl_easy_option_next(const struct curl_easyoption *prev);
The purpose is to provide detailed enough information to allow for
example libcurl bindings to get option information at run-time about
what easy options that exist and what arguments they expect.
Assisted-by: Jeroen Ooms
Closes #5365
|
| |
|
|
|
|
| |
Replace the old fingerprint of the host with a new.
Closes #5685
|
| |
|
|
| |
The next release is now to become 7.73.0
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Failures clearly returned from a (SOCKS) proxy now causes this return
code. Previously the situation was not very clear as what would be
returned and when.
In addition: when this error code is returned, an application can use
CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then
returns a value from the new 'CURLproxycode' enum.
Closes #5770
|
| |
|
|
| |
... and version bumped to 7.72.1
|
| |
|
|
|
|
|
|
|
| |
CURLINFO_LASTONE should have been updated when
CURLINFO_EFFECTIVE_METHOD was added.
Reported-by: xwxbug@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/5711
|
| |
|
|
|
|
|
|
|
| |
... by adding support for a new dedicated return code.
Suggested-by: Jonathan Cardoso
Assisted-by: Erik Johansson
URL: https://curl.haxx.se/mail/lib-2020-06/0099.html
Closes #5636
|
| |
|
|
|
|
|
| |
Provide the HTTP method that was used on the latest request, which might
be relevant for users when there was one or more redirects involved.
Closes #5511
|
| |
|
|
|
|
|
| |
Reviewed-by: Marcel Raad
Reviewed-by: Marc Hörsken
Closes #5491
|
| |
|
|
| |
... and bumped to 7.72.0 as the next release version number
|
| |
|
|
|
|
|
|
|
| |
include zstd curl patch for Makefile.m32 from vszakats
and include Add CMake support for zstd from Peter Wu
Helped-by: Viktor Szakats
Helped-by: Peter Wu
Closes #5453
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).
Reported-by: coinhubs on github
Fixes #5598
Closes #5608
|
| | |
|
| |
|
|
|
|
|
|
| |
Instead of discussing if there's value or meaning (implied or not) in
the colors, let's use words without the same possibly negative
associations.
Closes #5546
|
| |
|
|
|
|
| |
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Closes https://github.com/curl/curl/pull/5452
|
| |
|
|
| |
Closes #5431
|
| |
|
|
|
|
| |
Reported-by: Billyzou0741326 on github
Fixes #5432
Closes #5436
|
| |
|
|
|
|
|
|
| |
The option number also needs to be less than CURLOPTTYPE_BLOB.
Follow-up to cac5374298
Reported-by: Jeroen Ooms
Bug: https://github.com/curl/curl/pull/5365#issuecomment-631084114
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces a generic way to provide binary data in setopt
options, called BLOBs.
This change introduces these new setopts:
CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB,
CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB.
Reviewed-by: Daniel Stenberg
Closes #5357
|
| |
|
|
|
|
|
|
|
|
|
| |
- Stick to a single unified way to use structs
- Make checksrc complain on 'typedef struct {'
- Allow them in tests, public headers and examples
- Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
typedef different types/structs depending on build conditions.
Closes #5338
|
| |
|
|
| |
And bumped next version to 7.71.0
|
| |
|
|
| |
Closes #4346
|
| |
|
|
| |
... and bumped curlver.h to 7.70.1
|
| |
|
|
|
|
| |
"routines with be invoked" -> "routines will be invoked"
Closes #5279
|
| |
|
|
| |
Closes #5173
|
| |
|
|
|
|
| |
Considered experimental and therefore we can do this.
Closes #5157
|
| |
|
|
|
|
|
|
| |
Suggested-by: Timothe Litt
URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
Reviewed-by: Jay Satiro
Closes #5150
|
| |
|
|
|
|
|
|
|
| |
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.
Removed three (mostly usesless) README files from docs/
Closes #5141
|
| |
|
|
| |
... and bumped curlver.h to 7.70.0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.
A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.
---
When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:
Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.
Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.
This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.
In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.
Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).
To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.
Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.
The test 2070 was added to verify this behavior, adapted from 310.
Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes https://github.com/curl/curl/pull/4981
|
| |
|
|
| |
bumped to 7.69.2
|
