| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
... and close connections that are too old instead of reusing them.
By default, this behavior is disabled.
Bug: https://curl.se/mail/lib-2021-09/0058.html
Closes #7751
|
|
|
|
| |
Closes #7812
|
|
|
|
|
|
|
|
| |
Follow-up to a517378de58358a
To make test 1912 happy again
Closes #7799
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Triggered before a request is made but after a connection is set up
Changes:
- callback: Update docs and callback for pre-request callback
- Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION,
- Add redirect test and callback failure test
- Note that the function may be called multiple times on a redirection
- Disable new 2086 test due to Windows weirdness
Closes #7477
|
|
|
|
|
|
|
|
|
|
| |
Add curl_url_strerror() to convert CURLUcode into readable string and
facilitate easier troubleshooting in programs using URL API.
Extend CURLUcode with CURLU_LAST for iteration in unit tests.
Update man pages with a mention of new function.
Update example code and tests with new functionality where it fits.
Closes #7605
|
|
|
|
|
|
|
| |
Added support for SHA256 fingerprint in command line curl and in
libcurl.
Closes #7646
|
|
|
|
| |
Bumped curlver to 7.80.0-dev
|
|
|
|
| |
and bump to 7.79.1
|
| |
|
|
|
|
| |
and bump curlver to 7.79.0 for next release
|
|
|
|
| |
bumped to 7.78.1 for next release
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Closes #7413
|
|
|
|
| |
Closes #7287
|
|
|
|
|
|
|
|
|
|
|
|
| |
The execution bit of curl.h file was wrongly added:
commit 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
and should be removed.
Follow-up to 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Closes #7286
|
|
|
|
| |
Closes #7285
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They were never officially allowed and slipped in only due to sloppy
parsing. Spaces (ascii 32) should be correctly encoded (to %20) before
being part of a URL.
The new flag bit CURLU_ALLOW_SPACE when a full URL is set, makes libcurl
allow spaces.
Updated test 1560 to verify.
Closes #7073
|
|
|
|
| |
... and bump to version 7.78.0 for the next planned release.
|
|
|
|
|
|
|
|
|
| |
For options that pass in lists or strings that are subsequently parsed
and must be correct. This broadens the scope for the option previously
known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still
provided as a #define for existing applications.
Closes #7175
|
|
|
|
| |
... and bump to 7.77.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some situations, it was possible that a transfer was setup to
use an specific IP version, but due do DNS caching or connection
reuse, it ended up using a different IP version from requested.
This commit changes the effect of CURLOPT_IPRESOLVE from simply
restricting address resolution to preventing the wrong connection
type being used, when choosing a connection from the pool, and
to restricting what addresses could be used when establishing
a new connection.
It is important that all addresses versions are resolved, even if
not used in that transfer in particular, because the result is
cached, and could be useful for a different transfer with a
different CURLOPT_IPRESOLVE setting.
Closes #6853
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
and Secure Transport (Apple) SSL backends.
Prior to this change PEM certificates could only be imported from a file
and not from memory.
Co-authored-by: moparisthebest@users.noreply.github.com
Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109
Closes https://github.com/curl/curl/pull/6662
|
|
|
|
|
|
|
|
|
|
| |
When a TLS server requests a client certificate during handshake and
none can be provided, libcurl now returns this new error code
CURLE_SSL_CLIENTCERT
Only supported by Secure Transport and OpenSSL for TLS 1.3 so far.
Closes #6721
|
|
|
|
|
|
|
|
| |
- Add gsasl_version string and bump to CURLVERSION_TENTH.
Ref: https://curl.se/mail/lib-2021-04/0003.html
Closes https://github.com/curl/curl/pull/6843
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Disable auto credentials by default. This is a breaking change
for clients that are using it, wittingly or not.
- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
to automatically locate and use a client certificate for
authentication, when requested by the server.
- New curl tool options --ssl-auto-client-cert and
--proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.
This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.
Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn
Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard
Closes https://github.com/curl/curl/pull/6673
|
|
|
|
| |
and bumped curlver to 7.77.0
|
|
|
|
|
|
|
|
| |
... and not values.
Reported-by: locpyl-tidnyd on github
Fixes #6818
Closes #6819
|
|
|
|
| |
and bumped to 7.76.1
|
|
|
|
|
|
|
|
|
| |
- add CURLINFO_REFERER libcurl option
- add --write-out '%{referer}' command-line option
- extend --xattr command-line option to fill user.xdg.referrer.url extended
attribute with the referrer (if there was any)
Closes #6591
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- New libcurl options CURLOPT_DOH_SSL_VERIFYHOST,
CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the
same as their respective counterparts.
- New curl tool options --doh-insecure and --doh-cert-status do the same
as their respective counterparts.
Prior to this change DOH SSL certificate verification settings for
verifyhost and verifypeer were supposed to be inherited respectively
from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug
were not. As a result DOH verification remained at the default, ie
enabled, and it was not possible to disable. This commit changes
behavior so that the DOH verification settings are independent and not
inherited.
Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676
Fixes https://github.com/curl/curl/issues/4578
Closes https://github.com/curl/curl/pull/6597
|
|
|
|
| |
bumped the version to 7.76.0
|
|
|
|
|
|
| |
To let applications know the feature is available.
Closes #6592
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new TLS backend, rustls. It uses the C-to-rustls bindings
from https://github.com/abetterinternet/crustls.
Rustls is at https://github.com/ctz/rustls/.
There is still a fair bit to be done, like sending CloseNotify on
connection shutdown, respecting CAPATH, and properly indicating features
like "supports TLS 1.3 ciphersuites." But it works well enough to make
requests and receive responses.
Blog post for context:
https://www.abetterinternet.org/post/memory-safe-curl/
Closes #6350
|
|
|
|
| |
... and bump pending version to 7.75.1 (for now)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add support services without region and service prefixes in
the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
by providing region and service parameters via aws-sigv4 option.
- Add [:region[:service]] suffix to aws-sigv4 option;
- Fix memory allocation errors.
- Refactor memory management.
- Use Curl_http_method instead() STRING_CUSTOMREQUEST.
- Refactor canonical headers generating.
- Remove repeated sha256_to_hex() usage.
- Add some docs fixes.
- Add some codestyle fixes.
- Add overloaded strndup() for debug - curl_dbg_strndup().
- Update tests.
Closes #6524
|
|
|
|
|
|
|
| |
Follow-up to a1f06f32b860, to make sure it can be handled separately
from plain gopher.
Closes #6418
|
|
|
|
|
|
|
|
| |
We currently use both spellings the british "behaviour" and the american
"behavior". However "behavior" is more used in the project so I think
it's worth dropping the british name.
Closes #6395
|
|
|
|
|
|
| |
This patch allow to call the v4 signature introduce in previous commit
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is a security process for HTTP.
It doesn't seems to be standard, but it is used by some cloud providers.
Aws:
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Outscale:
https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request
GCP (I didn't test that this code work with GCP though):
https://cloud.google.com/storage/docs/access-control/signing-urls-manually
most of the code is in lib/http_v4_signature.c
Information require by the algorithm:
- The URL
- Current time
- some prefix that are append to some of the signature parameters.
The data extracted from the URL are: the URI, the region,
the host and the API type
example:
https://api.eu-west-2.outscale.com/api/latest/ReadNets
~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
^ ^ ^
/ \ URI
API type region
Small description of the algorithm:
- make canonical header using content type, the host, and the date
- hash the post data
- make canonical_request using custom request, the URI,
the get data, the canonical header, the signed header
and post data hash
- hash canonical_request
- make str_to_sign using one of the prefix pass in parameter,
the date, the credential scope and the canonical_request hash
- compute hmac from date, using secret key as key.
- compute hmac from region, using above hmac as key
- compute hmac from api_type, using above hmac as key
- compute hmac from request_type, using above hmac as key
- compute hmac from str_to_sign using above hmac as key
- create Authorization header using above hmac, prefix pass in parameter,
the date, and above hash
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
Closes #5703
|
| |
|
| |
|
|
|
|
| |
start over on the next release cycle
|
|
|
|
|
|
|
| |
Changes are mainly reordering and adding of includes required
to compile with a more recent version of GCC.
Closes #6220
|
|
|
|
| |
Follow-up from 4d2f8006777
|
|
|
|
| |
Closes #6172
|
| |
|
|
|
|
|
|
|
|
| |
- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks
Closes #5896
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle
Closes #5896
|
|
|
|
|
|
|
|
| |
Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported.
alt-svc support in curl is no longer considered experimental
Closes #5868
|
|
|
|
| |
Started over for the journey to next release.
|