| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
... and close connections that are too old instead of reusing them.
By default, this behavior is disabled.
Bug: https://curl.se/mail/lib-2021-09/0058.html
Closes #7751
|
|
|
|
|
|
|
|
|
|
| |
Add curl_url_strerror() to convert CURLUcode into readable string and
facilitate easier troubleshooting in programs using URL API.
Extend CURLUcode with CURLU_LAST for iteration in unit tests.
Update man pages with a mention of new function.
Update example code and tests with new functionality where it fits.
Closes #7605
|
|
|
|
|
|
|
|
| |
Looks like the declaration of cpp shoule be const char ** and return
null if convert_version_info_string fails.
Fixes #7134
Closes #7135
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
and Secure Transport (Apple) SSL backends.
Prior to this change PEM certificates could only be imported from a file
and not from memory.
Co-authored-by: moparisthebest@users.noreply.github.com
Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109
Closes https://github.com/curl/curl/pull/6662
|
|
|
|
|
|
|
|
| |
- Add gsasl_version string and bump to CURLVERSION_TENTH.
Ref: https://curl.se/mail/lib-2021-04/0003.html
Closes https://github.com/curl/curl/pull/6843
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Disable auto credentials by default. This is a breaking change
for clients that are using it, wittingly or not.
- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
to automatically locate and use a client certificate for
authentication, when requested by the server.
- New curl tool options --ssl-auto-client-cert and
--proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.
This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.
Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn
Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard
Closes https://github.com/curl/curl/pull/6673
|
|
|
|
| |
CURLVERSION_HEIGHTH -> CURLVERSION_EIGHTH
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New functions curl_easy_option_by_name_ccsid() and
curl_easy_option_get_name_ccsid() allows accessing metadata in alternate
character encoding.
This commit also updates curl_version_info_ccsid() to handle info version 9
and adds recent definitions to the ILE/RPG include file.
Documentation updated accordingly.
Reviewed-by: Jon Rumsey
Closes #6574
|
|
|
|
|
|
|
|
|
| |
- add CURLINFO_REFERER libcurl option
- add --write-out '%{referer}' command-line option
- extend --xattr command-line option to fill user.xdg.referrer.url extended
attribute with the referrer (if there was any)
Closes #6591
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- New libcurl options CURLOPT_DOH_SSL_VERIFYHOST,
CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the
same as their respective counterparts.
- New curl tool options --doh-insecure and --doh-cert-status do the same
as their respective counterparts.
Prior to this change DOH SSL certificate verification settings for
verifyhost and verifypeer were supposed to be inherited respectively
from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug
were not. As a result DOH verification remained at the default, ie
enabled, and it was not possible to disable. This commit changes
behavior so that the DOH verification settings are independent and not
inherited.
Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676
Fixes https://github.com/curl/curl/issues/4578
Closes https://github.com/curl/curl/pull/6597
|
|
|
|
|
|
|
|
| |
chkstrings fails because a new string option that could require codepage
conversion has been added.
Closes #6561
Fixes #6560
|
|
|
|
|
|
|
|
| |
Add 'struct' to cast and declaration of cfcdata to fix compilation
error.
Fixes #6292
Closes #6297
|
|
|
|
| |
Closes #6172
|
|
|
|
|
|
|
| |
... and make sure 'make checksrc' in the root dir also verifies the
packages/OS400 sources.
Closes https://github.com/curl/curl/pull/6085
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the OS400 build and also an incorrect entry for
CURLINFO_APPCONNECT_TIME_T where it was treated as
CURLINFO_STARTTRANSFER_TIME_T.
Reported-by: Jon Rumsey
Fixes https://github.com/curl/curl/issues/6083
Closes https://github.com/curl/curl/pull/6084
|
|
|
|
|
|
|
| |
Reviewed-by: Marcel Raad
Reviewed-by: Marc Hörsken
Closes #5491
|
|
|
|
| |
Closes #5325
|
|
|
|
|
|
|
|
|
| |
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.
Removed three (mostly usesless) README files from docs/
Closes #5141
|
|
|
|
|
|
| |
Fixes build.
Closes #5132
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.
A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.
---
When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:
Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.
Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.
This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.
In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.
Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).
To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.
Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.
The test 2070 was added to verify this behavior, adapted from 310.
Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes https://github.com/curl/curl/pull/4981
|
|
|
|
|
|
|
| |
... and check for inconsistencies for OS400 at build time with the new
chkstrings tool.
Closes #4822
|
|
|
|
|
|
|
|
|
|
| |
- Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection
errors.
Prior to this change CURLE_FAILED_INIT was used, but that was not
correct.
Closes https://github.com/curl/curl/pull/4754
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add new error CURLM_BAD_FUNCTION_ARGUMENT and return that error when
curl_multi_wait/poll is passed timeout param < 0.
Prior to this change passing a negative value to curl_multi_wait/poll
such as -1 could cause the function to wait forever.
Reported-by: hamstergene@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/4763
Closes https://github.com/curl/curl/pull/4765
|
|
|
|
|
| |
Bug: https://github.com/curl/curl/pull/4754#issuecomment-569126922
Reported-by: Emil Engler
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for CURLSSLOPT_NO_PARTIALCHAIN in CURLOPT_PROXY_SSL_OPTIONS
and OS400 package spec.
Also I added the option to the NameValue list in the tool even though it
isn't exposed as a command-line option (...yet?). (NameValue stringizes
the option name for the curl cmd -> libcurl source generator)
Follow-up to 564d88a which added CURLSSLOPT_NO_PARTIALCHAIN.
Ref: https://github.com/curl/curl/pull/4655
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds curl_multi_wakeup() which was previously in the TODO
list under the curl_multi_unblock name.
On some platforms and with some configurations this feature might not be
available or can fail, in these cases a new error code
(CURLM_WAKEUP_FAILURE) is returned from curl_multi_wakeup().
Fixes #4418
Closes #4608
|
|
|
|
| |
Closes #4410
|
|
|
|
|
|
|
|
|
| |
As libcurl now uses these 2 system functions, wrappers are needed on os400
to convert returned AF_UNIX sockaddrs to ascii.
This is a follow-up to commit 7fb54ef.
See also #4037.
Closes #4214
|
|
|
|
|
|
|
|
|
|
|
| |
Double-underscored or underscore plus uppercase letter at least.
... as they're claimed to be reserved.
Reported-by: patnyb on github
Fixes #4254
Closes #4255
|
|
|
|
|
|
| |
There's no use for this anymore and it was never in a release.
Closes #4206
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ref: https://github.com/curl/curl/issues/3653
Ref: https://github.com/curl/curl/pull/3790
NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.
Closes https://github.com/curl/curl/pull/4186
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.
Fixes #3653
Closes #3790
NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.
Closes https://github.com/curl/curl/pull/4186
|
|
|
|
|
|
| |
Follow-up to 3af0e76 which added experimental H3 support.
Closes https://github.com/curl/curl/pull/4185
|
|
|
|
|
|
|
|
| |
Use it in curl_easy_setopt_ccsid().
Reported-by: jonrumsey on github
Fixes #3833
Closes #4028
|
|
|
|
|
|
| |
Reduce variable scopes and remove redundant variable stores.
Closes https://github.com/curl/curl/pull/3975
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Revert all commits related to the SASL authzid feature since the next
release will be a patch release, 7.65.1.
Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined
for the next release, assuming it would be a feature release 7.66.0.
However instead the next release will be a patch release, 7.65.1 and
will not contain any new features.
After the patch release after the reverted commits can be restored by
using cherry-pick:
git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690
Details for all reverted commits:
Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()."
This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a.
Revert "tests: Fix the line endings for the SASL alt-auth tests"
This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221.
Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples"
This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75.
Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool"
This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817.
Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID"
This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.
Fixed #3653
Closes #3790
|
| |
|
|
|
|
|
|
| |
(and make the code style comply)
Fixes #3833
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- remove unused variables
- declare conditionally used variables conditionally
- suppress unused variable warnings in the CMake tests
- remove dead variable stores
- consistently use WIN32 macro to detect Windows
Closes https://github.com/curl/curl/pull/3739
|
|
|
|
|
|
|
|
|
|
|
| |
Follow-up to 520f0b4 which added Alt-Svc support and enabled it by
default for OS400. Since the feature is experimental, it should be
disabled by default.
Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332
Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html
Closes https://github.com/curl/curl/pull/3688
|
|
|
|
|
| |
Although experimental, enable it in the platform config file.
Upgrade ILE/RPG binding.
|
|
|
|
|
|
| |
See https://github.com/curl/curl/issues/3453#issuecomment-453054458
Reported-by: jonrumsey on github
|
|
|
|
|
| |
Reported-by: jonrumsey on github
Closes #3453
|
|
|
|
|
|
| |
- Trailer function support.
- http 0.9 option.
- curl_easy_upkeep.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Curl_slist_append_nodup() returns NULL when it fails to create a new
item for the specified list, and since the coding here reassigned the
new list on top of the old list it would result in a dangling pointer
and lost memory. Also, in case we hit an allocation failure at some
point during the conversion, with allocation succeeding again on the
subsequent call(s) we will return a truncated list around the malloc
failure point. Fix by assigning to a temporary list pointer, which can
be checked (which is the common pattern for slist appending), and free
all the resources on allocation failure.
Closes #3372
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
| |
Closes #3291
|
| |
|