summaryrefslogtreecommitdiff
path: root/src/tool_cfgable.h
Commit message (Collapse)AuthorAgeFilesLines
* tls: add CURLOPT_SSL_EC_CURVES and --curvesMichael Baentsch2020-08-301-0/+1
| | | | Closes #5892
* curl: add --output-dirDaniel Stenberg2020-08-241-0/+1
| | | | | | | | Works with --create-dirs and with -J Add test 3008, 3009, 3011, 3012 and 3013 to verify. Closes #5637
* source cleanup: remove all custom typedef structsDaniel Stenberg2020-05-151-6/+6
| | | | | | | | | | | - Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338
* tool: Add option --retry-all-errors to retry on any errorJay Satiro2020-05-121-0/+1
| | | | | | The "sledgehammer" of retrying. Closes https://github.com/curl/curl/pull/5185
* CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)Gilles Vollant2020-05-081-0/+2
| | | | Closes #4346
* schannel: add "best effort" revocation check optionJohannes Schindelin2020-03-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and --ssl-revoke-best-effort to allow a "best effort" revocation check. A best effort revocation check ignores errors that the revocation check was unable to take place. The reasoning is described in detail below and discussed further in the PR. --- When running e.g. with Fiddler, the schannel backend fails with an unhelpful error message: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. Sadly, many enterprise users who are stuck behind MITM proxies suffer the very same problem. This has been discussed in plenty of issues: https://github.com/curl/curl/issues/3727, https://github.com/curl/curl/issues/264, for example. In the latter, a Microsoft Edge developer even made the case that the common behavior is to ignore issues when a certificate has no recorded distribution point for revocation lists, or when the server is offline. This is also known as "best effort" strategy and addresses the Fiddler issue. Unfortunately, this strategy was not chosen as the default for schannel (and is therefore a backend-specific behavior: OpenSSL seems to happily ignore the offline servers and missing distribution points). To maintain backward-compatibility, we therefore add a new flag (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option (`--ssl-revoke-best-effort`) to select the new behavior. Due to the many related issues Git for Windows and GitHub Desktop, the plan is to make this behavior the default in these software packages. The test 2070 was added to verify this behavior, adapted from 310. Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/4981
* smtp: Allow RCPT TO command to fail for some recipientsPavel Volgarev2020-01-211-1/+2
| | | | | | | | Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS. Verified with the new tests 3002-3007 Closes #4816
* curl: two new command line options for etagsMaros Priputen2019-11-281-0/+2
| | | | | | | | --etag-compare and --etag-save Suggested-by: Paul Hoffman Fixes #4277 Closes #4543
* curl: add --parallel-immediateDaniel Stenberg2019-11-211-0/+1
| | | | | | | | | | | | | | | Starting with this change when doing parallel transfers, without this option set, curl will prefer to create new transfers multiplexed on an existing connection rather than creating a brand new one. --parallel-immediate can be set to tell curl to prefer to use new connections rather than to wait and try to multiplex. libcurl-wise, this means that curl will set CURLOPT_PIPEWAIT by default on parallel transfers. Suggested-by: Tom van der Woerdt Closes #4500
* curl: create easy handles on-demand and not ahead of timeDaniel Stenberg2019-10-021-3/+16
| | | | | | | | | | This should again enable crazy-large download ranges of the style [1-10000000] that otherwise easily ran out of memory starting in 7.66.0 when this new handle allocating scheme was introduced. Reported-by: Peter Sumatra Fixes #4393 Closes #4438
* CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directlyDaniel Stenberg2019-08-081-1/+0
| | | | | | | | | | | | Even though it cannot fall-back to a lower HTTP version automatically. The safer way to upgrade remains via CURLOPT_ALTSVC. CURLOPT_H3 no longer has any bits that do anything and might be removed before we remove the experimental label. Updated the curl tool accordingly to use "--http3". Closes #4197
* curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the toolSteve Holme2019-08-061-0/+1
| | | | | | | | | | | | Ref: https://github.com/curl/curl/issues/3653 Ref: https://github.com/curl/curl/pull/3790 NOTE: This commit was cherry-picked and is part of a series of commits that added the authzid feature for upcoming 7.66.0. The series was temporarily reverted in db8ec1f so that it would not ship in a 7.65.x patch release. Closes https://github.com/curl/curl/pull/4186
* HTTP3: initial (experimental) supportDaniel Stenberg2019-07-211-0/+1
| | | | | | | | | USe configure --with-ngtcp2 or --with-quiche Using either option will enable a HTTP3 build. Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me> Closes #3500
* curl: support parallel transfersDaniel Stenberg2019-07-201-5/+5
| | | | | | | | This is done by making sure each individual transfer is first added to a linked list as then they can be performed serially, or at will, in parallel. Closes #3804
* Revert all SASL authzid (new feature) commitsJay Satiro2019-05-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Revert all commits related to the SASL authzid feature since the next release will be a patch release, 7.65.1. Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined for the next release, assuming it would be a feature release 7.66.0. However instead the next release will be a patch release, 7.65.1 and will not contain any new features. After the patch release after the reverted commits can be restored by using cherry-pick: git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690 Details for all reverted commits: Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()." This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a. Revert "tests: Fix the line endings for the SASL alt-auth tests" This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221. Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples" This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75. Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool" This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817. Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID" This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.
* curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the toolSteve Holme2019-05-221-0/+1
|
* alt-svc: the curl command line bitsDaniel Stenberg2019-03-031-0/+1
|
* cli tool: fix mime post with --disable-libcurl-option configure optionPatrick Monnerat2019-02-191-1/+2
| | | | | | Reported-by: Marcel Raad Fixes #3576 Closes #3583
* cli tool: do not use mime.h private structures.Patrick Monnerat2019-02-111-3/+5
| | | | | | | | | | Option -F generates an intermediate representation of the mime structure that is used later to create the libcurl mime structure and generate the --libcurl statements. Reported-by: Daniel Stenberg Fixes #3532 Closes #3546
* http: added options for allowing HTTP/0.9 responsesDaniel Stenberg2018-12-211-0/+1
| | | | | | | | | | | | Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. For now, both the tool and library allow HTTP/0.9 by default. docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 months after the 7.64.0 release. The options are added already now so that applications/scripts can start using them already now. Fixes #2873 Closes #3383
* curl: fix --local-port integer overflowDaniel Stenberg2018-11-071-2/+2
| | | | | | | | | | The tool's local port command line range parser didn't check for integer overflows and could pass "weird" data to libcurl for this option. libcurl however, has a strict range check for the values so it rejects anything outside of the accepted range. Reported-by: Brian Carpenter Closes #3242
* curl: --doh-url addedDaniel Stenberg2018-09-061-0/+1
|
* option: disallow username in URLBjörn Stenberg2018-05-311-0/+1
| | | | | | | Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes libcurl reject URLs with a username in them. Closes #2340
* setopt: add TLS 1.3 ciphersuitesDaniel Stenberg2018-05-291-0/+2
| | | | | | | | | | Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS. curl: added --tls13-ciphers and --proxy-tls13-ciphers Fixes #2435 Reported-by: zzq1015 on github Closes #2607
* curl: added --styled-outputDaniel Stenberg2018-05-211-0/+1
| | | | | | | It is enabled by default, so --no-styled-output will switch off the detection/use of bold headers. Closes #2538
* curl: show headers in boldDaniel Stenberg2018-05-211-1/+1
| | | | | | | | | | | | | | | | | | The feature is only enabled if the output is believed to be a tty. -J: There's some minor differences and improvements in -J handling, as now J should work with -i and it actually creates a file first using the initial name and then *renames* that to the one found in Content-Disposition (if any). -i: only shows headers for HTTP transfers now (as documented). Previously it would also show for pieces of the transfer that were HTTP (for example when doing FTP over a HTTP proxy). -i: now shows trailers as well. Previously they were not shown at all. --libcurl: the CURLOPT_HEADER is no longer set, as the header output is now done in the header callback.
* checksrc: fix too long lineDaniel Stenberg2018-05-181-1/+1
| | | | follow-up to e05ad5d
* docs: mention HAproxy protocol "version 1"Aleks2018-05-181-1/+1
| | | | | | ...as there's also a version 2. Closes #2579
* CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocolLawrence Matthews2018-03-171-0/+1
| | | | | | Add --haproxy-protocol for the command line tool Closes #2162
* url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUTAnders Bakken2018-02-201-0/+2
| | | | | | | | | | | | | | - Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy eyeball timeout value. - Add new optval macro CURL_HET_DEFAULT to represent the default happy eyeballs timeout value (currently 200 ms). - Add new tool option --happy-eyeballs-timeout-ms to expose CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the other -timeout options in the tool expect seconds not milliseconds. Closes https://github.com/curl/curl/pull/2260
* time-cond: fix reading the file modification time on WindowsMichael Kaufmann2018-02-051-1/+1
| | | | | | | | On Windows, stat() may adjust the unix file time by a daylight saving time offset. Avoid this by calling GetFileTime() instead. Fixes #2164 Closes #2204
* curl: add --proxy-pinnedpubkeyDaniel Stenberg2018-01-301-1/+2
| | | | | | | To verify a proxy's public key. For when using HTTPS proxies. Fixes #2192 Closes #2268
* curl: speed up handling of many URLsDaniel Stenberg2017-11-041-0/+1
| | | | | | | | | | | | | | By properly keeping track of the last entry in the list of URLs/uploads to handle, curl now avoids many meaningless traverses of the list which speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K URLs). Added test 1291, to verify that it doesn't take ages - but we don't have any detection of "too slow" command in the test suite. Reported-by: arainchik on github Fixes #1959 Closes #2052
* mime: use in curl cli tool instead of form API.Patrick Monnerat2017-09-021-2/+2
| | | | | | Extended -F option syntax to support multipart mail messages. -F keyword headers= added to include custom headers in parts. Documentation upgraded.
* ssh: add the ability to enable compression (for SCP/SFTP)Viktor Szakats2017-08-171-0/+1
| | | | | | | | | | | | | | | | | | The required low-level logic was already available as part of `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] option.) This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` (boolean) and the new `curl` command-line option `--compressed-ssh` to request this `libssh2` feature. To have compression enabled, it is required that the SSH server supports a (zlib) compatible compression method and that `libssh2` was built with `zlib` support enabled. [1] https://www.libssh2.org/libssh2_session_flag.html Ref: https://github.com/curl/curl/issues/1732 Closes https://github.com/curl/curl/pull/1735
* curl --socks5-{basic,gssapi}: control socks5 authKamil Dudka2017-06-281-0/+1
| | | | Closes https://github.com/curl/curl/pull/1454
* --request-target: instead of --strip-path-slashDaniel Stenberg2017-06-211-1/+1
| | | | | | | | | | | | | | ... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH. This option instead provides the full "alternative" target to use in the request, instead of extracting the path from the URL. Test 1298 and 1299 updated accordingly. Idea-by: Evert Pot Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373 Closes #1593
* http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASHDaniel Stenberg2017-06-191-0/+1
| | | | | | | | | | | ... to enable sending "OPTIONS *" which wasn't possible previously. This option currently only works for HTTP. Added test cases 1298 + 1299 to verify Fixes #1280 Closes #1462
* curl: prevent binary output spewed to terminalDaniel Stenberg2017-06-161-0/+9
| | | | | | | | | ... unless "--output -" is used. Binary detection is done by simply checking for a binary zero in early data. Added test 1425 1426 to verify. Closes #1512
* curl: remove tool_writeenv.[ch]Daniel Stenberg2017-05-061-2/+1
| | | | | | | | | ... and USE_ENVIRONMENT and --environment. It was once added for RISC OS support and its platform specific behavior has been annoying ever since. Added in commit c3c8bbd3b2688da8e, mostly unchanged since then. Most probably not actually used for years. Closes #1463
* url: add option CURLOPT_SUPPRESS_CONNECT_HEADERSDesmond O. Chang2017-03-121-0/+2
| | | | | | | | | | | | | | - Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing proxy CONNECT response headers from the user callback functions CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION. - Add new tool option --suppress-connect-headers to expose CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT response headers from --dump-header and --include. Assisted-by: Jay Satiro Assisted-by: CarloCannas@users.noreply.github.com Closes https://github.com/curl/curl/pull/783
* vtls: add options to specify range of enabled TLS versionsJozef Kralik2017-03-081-0/+1
| | | | | | | This commit introduces the CURL_SSLVERSION_MAX_* constants as well as the --tls-max option of the curl tool. Closes https://github.com/curl/curl/pull/1166
* unix_socket: add support for abstract unix domain socketIsaac Boukris2017-01-131-0/+1
| | | | | | | | | | | | | | | | | | | | | In addition to unix domain sockets, Linux also supports an abstract namespace which is independent of the filesystem. In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH internally, along with a flag to specify abstract socket. On non-supporting platforms, the abstract address will be interpreted as an empty string and fail gracefully. Also add new --abstract-unix-socket tool parameter. Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reported-by: Chungtsun Li (typeless) Reviewed-by: Daniel Stenberg Reviewed-by: Peter Wu Closes #1197 Fixes #1061
* preproxy: renamed what was added as SOCKS_PROXYDaniel Stenberg2016-12-161-3/+1
| | | | | | | CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY Added the corresponding --preroxy command line option. Sets a SOCKS proxy to connect to _before_ connecting to a HTTP(S) proxy.
* curl: normal socks proxies still use CURLOPT_PROXYDaniel Stenberg2016-12-161-1/+1
| | | | | | | ... the newly introduced CURLOPT_SOCKS_PROXY is special and should be asked for specially. (Needs new code.) Unified proxy type to a single variable in the config struct.
* proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov2016-11-241-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
* curl: add --fail-earlyDaniel Stenberg2016-11-141-1/+1
| | | | | | | Exit with an error on the first transfer error instead of continuing to do the rest of the URLs. Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
* curl: Add --retry-connrefusedDaniel Hwang2016-11-111-0/+1
| | | | | | to consider ECONNREFUSED as a transient error. Closes #1064
* tool: add --tcp-fastopen optionAlessandro Ghedini2016-04-181-0/+1
|
* news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann2016-04-171-0/+1
| | | | | Makes curl connect to the given host+port instead of the host+port found in the URL.