summaryrefslogtreecommitdiff
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuseJeffrey Tolar2021-10-061-1/+6
| | | | | | | | | ... and close connections that are too old instead of reusing them. By default, this behavior is disabled. Bug: https://curl.se/mail/lib-2021-09/0058.html Closes #7751
* misc: fix a few issues on MidnightBSDLucas Holt2021-10-051-2/+3
| | | | Closes #7812
* typecheck-gcc.h: add CURLOPT_PREREQDATA awarenessDaniel Stenberg2021-09-301-0/+1
| | | | | | | | Follow-up to a517378de58358a To make test 1912 happy again Closes #7799
* CURLOPT_PREREQFUNCTION: add new callbackMax Dymond2021-09-271-0/+21
| | | | | | | | | | | | | | Triggered before a request is made but after a connection is set up Changes: - callback: Update docs and callback for pre-request callback - Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION, - Add redirect test and callback failure test - Note that the function may be called multiple times on a redirection - Disable new 2086 test due to Windows weirdness Closes #7477
* urlapi: add curl_url_strerror()i-ky2021-09-271-1/+8
| | | | | | | | | | Add curl_url_strerror() to convert CURLUcode into readable string and facilitate easier troubleshooting in programs using URL API. Extend CURLUcode with CURLU_LAST for iteration in unit tests. Update man pages with a mention of new function. Update example code and tests with new functionality where it fits. Closes #7605
* libssh2: add SHA256 fingerprint supportMats Lindestam2021-09-262-0/+4
| | | | | | | Added support for SHA256 fingerprint in command line curl and in libcurl. Closes #7646
* RELEASE-NOTES: syncedDaniel Stenberg2021-09-231-4/+4
| | | | Bumped curlver to 7.80.0-dev
* RELEASE-NOTES: syncedDaniel Stenberg2021-09-161-3/+3
| | | | and bump to 7.79.1
* mailing lists: move from cool.haxx.se to lists.haxx.seDaniel Stenberg2021-08-301-3/+0
|
* RELEASE-NOTES: syncedDaniel Stenberg2021-07-291-4/+4
| | | | and bump curlver to 7.79.0 for next release
* RELEASE-NOTES: syncedDaniel Stenberg2021-07-251-3/+3
| | | | bumped to 7.78.1 for next release
* misc: copyright year range updatesDaniel Stenberg2021-07-191-1/+1
|
* cleanup: spell DoH with a lowercase oJosh Soref2021-07-161-3/+3
| | | | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> Closes #7413
* curl.h: include sys/select.h for NuttX RTOSXiang Xiao2021-06-221-1/+1
| | | | Closes #7287
* curl.h: remove the execution bitBin Meng2021-06-221-0/+0
| | | | | | | | | | | | The execution bit of curl.h file was wrongly added: commit 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7") and should be removed. Follow-up to 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7") Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Closes #7286
* curl.h: <sys/select.h> is supported by VxWorks7Bin Lan2021-06-221-1/+2
| | | | Closes #7285
* curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACEDaniel Stenberg2021-06-151-0/+1
| | | | | | | | | | | | | They were never officially allowed and slipped in only due to sloppy parsing. Spaces (ascii 32) should be correctly encoded (to %20) before being part of a URL. The new flag bit CURLU_ALLOW_SPACE when a full URL is set, makes libcurl allow spaces. Updated test 1560 to verify. Closes #7073
* RELEASE-NOTES: syncedDaniel Stenberg2021-06-151-4/+4
| | | | ... and bump to version 7.78.0 for the next planned release.
* CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntaxDaniel Stenberg2021-06-021-1/+4
| | | | | | | | | For options that pass in lists or strings that are subsequently parsed and must be correct. This broadens the scope for the option previously known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still provided as a #define for existing applications. Closes #7175
* RELEASE-NOTES: syncedDaniel Stenberg2021-05-261-3/+3
| | | | ... and bump to 7.77.1
* CURLOPT_IPRESOLVE: preventing wrong IP version from being usedLucas Clemente Vella2021-05-201-5/+5
| | | | | | | | | | | | | | | | | | | In some situations, it was possible that a transfer was setup to use an specific IP version, but due do DNS caching or connection reuse, it ended up using a different IP version from requested. This commit changes the effect of CURLOPT_IPRESOLVE from simply restricting address resolution to preventing the wrong connection type being used, when choosing a connection from the pool, and to restricting what addresses could be used when establishing a new connection. It is important that all addresses versions are resolved, even if not used in that transfer in particular, because the result is cached, and could be useful for a different transfer with a different CURLOPT_IPRESOLVE setting. Closes #6853
* SSL: support in-memory CA certs for some backendsGilles Vollant2021-05-051-0/+8
| | | | | | | | | | | | | | | | | - New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to specify in-memory PEM certificates for OpenSSL, Schannel (Windows) and Secure Transport (Apple) SSL backends. Prior to this change PEM certificates could only be imported from a file and not from memory. Co-authored-by: moparisthebest@users.noreply.github.com Ref: https://github.com/curl/curl/pull/4679 Ref: https://github.com/curl/curl/pull/5677 Ref: https://github.com/curl/curl/pull/6109 Closes https://github.com/curl/curl/pull/6662
* CURLcode: add CURLE_SSL_CLIENTCERTejanchivdorj2021-05-031-0/+1
| | | | | | | | | | When a TLS server requests a client certificate during handshake and none can be provided, libcurl now returns this new error code CURLE_SSL_CLIENTCERT Only supported by Secure Transport and OpenSSL for TLS 1.3 so far. Closes #6721
* version: add gsasl_version to curl_version_info_dataMartin Halle2021-04-221-1/+5
| | | | | | | | - Add gsasl_version string and bump to CURLVERSION_TENTH. Ref: https://curl.se/mail/lib-2021-04/0003.html Closes https://github.com/curl/curl/pull/6843
* schannel: Disable auto credentials; add an option to enable itJay Satiro2021-04-221-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Disable auto credentials by default. This is a breaking change for clients that are using it, wittingly or not. - New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl to automatically locate and use a client certificate for authentication, when requested by the server. - New curl tool options --ssl-auto-client-cert and --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT. This option is only supported for Schannel (the native Windows SSL library). Prior to this change Schannel would, with no notification to the client, attempt to locate a client certificate and send it to the server, when requested by the server. Since the server can request any certificate that supports client authentication in the OS certificate store it could be a privacy violation and unexpected. Fixes https://github.com/curl/curl/issues/2262 Reported-by: Jeroen Ooms Assisted-by: Wes Hinsley Assisted-by: Rich FitzJohn Ref: https://curl.se/mail/lib-2021-02/0066.html Reported-by: Morten Minde Neergaard Closes https://github.com/curl/curl/pull/6673
* RELEASE-NOTES: syncedDaniel Stenberg2021-04-151-4/+4
| | | | and bumped curlver to 7.77.0
* typecheck-gcc: make the ssl-ctx-cb check use SSL_CTX pointersDaniel Stenberg2021-04-071-6/+6
| | | | | | | | ... and not values. Reported-by: locpyl-tidnyd on github Fixes #6818 Closes #6819
* RELEASE-NOTES: syncedDaniel Stenberg2021-04-041-3/+3
| | | | and bumped to 7.76.1
* http: add support to read and store the referrer headerViktor Szakats2021-02-191-1/+2
| | | | | | | | | - add CURLINFO_REFERER libcurl option - add --write-out '%{referer}' command-line option - extend --xattr command-line option to fill user.xdg.referrer.url extended attribute with the referrer (if there was any) Closes #6591
* doh: add options to disable ssl verificationJay Satiro2021-02-141-0/+9
| | | | | | | | | | | | | | | | | | | | | | - New libcurl options CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the same as their respective counterparts. - New curl tool options --doh-insecure and --doh-cert-status do the same as their respective counterparts. Prior to this change DOH SSL certificate verification settings for verifyhost and verifypeer were supposed to be inherited respectively from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug were not. As a result DOH verification remained at the default, ie enabled, and it was not possible to disable. This commit changes behavior so that the DOH verification settings are independent and not inherited. Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676 Fixes https://github.com/curl/curl/issues/4578 Closes https://github.com/curl/curl/pull/6597
* RELEASE-NOTES: syncedDaniel Stenberg2021-02-121-4/+4
| | | | bumped the version to 7.76.0
* gsasl: provide CURL_VERSION_GSASL if built-inDaniel Stenberg2021-02-111-0/+1
| | | | | | To let applications know the feature is available. Closes #6592
* vtls: initial implementation of rustls backendJacob Hoffman-Andrews2021-02-091-1/+2
| | | | | | | | | | | | | | | | | This adds a new TLS backend, rustls. It uses the C-to-rustls bindings from https://github.com/abetterinternet/crustls. Rustls is at https://github.com/ctz/rustls/. There is still a fair bit to be done, like sending CloseNotify on connection shutdown, respecting CAPATH, and properly indicating features like "supports TLS 1.3 ciphersuites." But it works well enough to make requests and receive responses. Blog post for context: https://www.abetterinternet.org/post/memory-safe-curl/ Closes #6350
* RELEASE-NOTES: syncedDaniel Stenberg2021-02-041-5/+5
| | | | ... and bump pending version to 7.75.1 (for now)
* http: improve AWS HTTP v4 Signature authDmitry Wagin2021-01-301-2/+2
| | | | | | | | | | | | | | | | | | - Add support services without region and service prefixes in the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc) by providing region and service parameters via aws-sigv4 option. - Add [:region[:service]] suffix to aws-sigv4 option; - Fix memory allocation errors. - Refactor memory management. - Use Curl_http_method instead() STRING_CUSTOMREQUEST. - Refactor canonical headers generating. - Remove repeated sha256_to_hex() usage. - Add some docs fixes. - Add some codestyle fixes. - Add overloaded strndup() for debug - curl_dbg_strndup(). - Update tests. Closes #6524
* curl.h: add CURLPROTO_GOPHERS as own protocol identifierDaniel Stenberg2021-01-061-0/+1
| | | | | | | Follow-up to a1f06f32b860, to make sure it can be handled separately from plain gopher. Closes #6418
* language: s/behaviour/behavior/gEmil Engler2021-01-021-2/+2
| | | | | | | | We currently use both spellings the british "behaviour" and the american "behavior". However "behavior" is more used in the project so I think it's worth dropping the british name. Closes #6395
* http: Make the call to v4 signatureMatthias Gatto2020-12-211-0/+1
| | | | | | This patch allow to call the v4 signature introduce in previous commit Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
* http: introduce AWS HTTP v4 SignatureMatthias Gatto2020-12-211-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is a security process for HTTP. It doesn't seems to be standard, but it is used by some cloud providers. Aws: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Outscale: https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request GCP (I didn't test that this code work with GCP though): https://cloud.google.com/storage/docs/access-control/signing-urls-manually most of the code is in lib/http_v4_signature.c Information require by the algorithm: - The URL - Current time - some prefix that are append to some of the signature parameters. The data extracted from the URL are: the URI, the region, the host and the API type example: https://api.eu-west-2.outscale.com/api/latest/ReadNets ~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ^ ^ ^ / \ URI API type region Small description of the algorithm: - make canonical header using content type, the host, and the date - hash the post data - make canonical_request using custom request, the URI, the get data, the canonical header, the signed header and post data hash - hash canonical_request - make str_to_sign using one of the prefix pass in parameter, the date, the credential scope and the canonical_request hash - compute hmac from date, using secret key as key. - compute hmac from region, using above hmac as key - compute hmac from api_type, using above hmac as key - compute hmac from request_type, using above hmac as key - compute hmac from str_to_sign using above hmac as key - create Authorization header using above hmac, prefix pass in parameter, the date, and above hash Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> Closes #5703
* version: include hyper versionDaniel Stenberg2020-12-181-1/+4
|
* RELEASE-NOTES: syncedDaniel Stenberg2020-12-161-4/+4
|
* RELEASE-NOTES: syncedDaniel Stenberg2020-12-091-3/+3
| | | | start over on the next release cycle
* curl: add compatibility for Amiga and GCC 6.5Oliver Urbann2020-11-201-1/+1
| | | | | | | Changes are mainly reordering and adding of includes required to compile with a more recent version of GCC. Closes #6220
* copyright: fix year rangesDaniel Stenberg2020-11-054-4/+4
| | | | Follow-up from 4d2f8006777
* curl.se: new homeDaniel Stenberg2020-11-0412-13/+13
| | | | Closes #6172
* curlver: bumped to 7.74.0Daniel Stenberg2020-11-031-4/+4
|
* hsts: add read/write callbacksDaniel Stenberg2020-11-032-0/+38
| | | | | | | | - read/write callback options - man pages for the 4 new setopts - test 1915 verifies the callbacks Closes #5896
* hsts: add support for Strict-Transport-SecurityDaniel Stenberg2020-11-031-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | - enable in the build (configure) - header parsing - host name lookup - unit tests for the above - CI build - CURL_VERSION_HSTS bit - curl_version_info support - curl -V output - curl-config --features - CURLOPT_HSTS_CTRL - man page for CURLOPT_HSTS_CTRL - curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl) - man page for --hsts - save cache to disk - load cache from disk - CURLOPT_HSTS - man page for CURLOPT_HSTS - added docs/HSTS.md - fixed --version docs - adjusted curl_easy_duphandle Closes #5896
* alt-svc: enable by defaultDaniel Stenberg2020-10-251-2/+0
| | | | | | | | Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported. alt-svc support in curl is no longer considered experimental Closes #5868
* RELEASE-NOTES: syncedDaniel Stenberg2020-10-151-3/+3
| | | | Started over for the journey to next release.