| #
abff1833 |
| 06-Sep-2018 |
Daniel Stenberg |
setopt: add CURLOPT_DOH_URL
Closes #2668
|
|
Revision tags: curl-7_61_0 |
|
| #
8541d02c |
| 28-May-2018 |
Patrick Monnerat |
psl: use latest psl and refresh it periodically
The latest psl is cached in the multi or share handle. It is refreshed
before use after 72 hours.
New share lock CURL_LOCK_DATA_PSL co
psl: use latest psl and refresh it periodically
The latest psl is cached in the multi or share handle. It is refreshed
before use after 72 hours.
New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing.
If the latest psl is not available, the builtin psl is used.
Reported-by: Yaakov Selkowitz
Fixes #2553
Closes #2601
show more ...
|
|
Revision tags: curl-7_60_0, curl-7_59_0, curl-7_58_0, curl-7_57_0, curl-7_56_1, curl-7_56_0, curl-7_55_1, curl-7_55_0, curl-7_54_1, curl-7_54_0 |
|
| #
89963002 |
| 10-Mar-2017 |
Dan McNulty |
schannel: add support for CURLOPT_CAINFO
- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
f
schannel: add support for CURLOPT_CAINFO
- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
from schannel.c have been moved to schannel.h to allow them to be
used in schannel_verify.c.
- Make verify_certificate functionality for Schannel available on
all versions of Windows instead of just Windows CE. verify_certificate
will be invoked on Windows CE or when the user specifies
CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.
- In verify_certificate, create a custom certificate chain engine that
exclusively trusts the certificate store backed by the CURLOPT_CAINFO
file.
- doc updates of --cacert/CAINFO support for schannel
- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
when available. This implements a TODO in schannel.c to improve
handling of multiple SANs in a certificate. In particular, all SANs
will now be searched instead of just the first name.
- Update tool_operate.c to not search for the curl-ca-bundle.crt file
when using Schannel to maintain backward compatibility. Previously,
any curl-ca-bundle.crt file found in that search would have been
ignored by Schannel. But, with CAINFO support, the file found by
that search would have been used as the certificate store and
could cause issues for any users that have curl-ca-bundle.crt in
the search path.
- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
SSL backend is Schannel. We allow setting CA location for schannel
only when explicitly specified by the user via CURLOPT_CAINFO /
--cacert.
- Add new test cases 3000 and 3001. These test cases check that the first
and last SAN, respectively, matches the connection hostname. New test
certificates have been added for these cases. For 3000, the certificate
prefix is Server-localhost-firstSAN and for 3001, the certificate
prefix is Server-localhost-secondSAN.
- Remove TODO 15.2 (Add support for custom server certificate
validation), this commit addresses it.
Closes https://github.com/curl/curl/pull/1325
show more ...
|
| #
e04417d9 |
| 29-Jan-2018 |
Max Dymond |
Curl_range: commonize FTP and FILE range handling
Closes #2205
|
| #
4272a0b0 |
| 28-Jan-2018 |
Daniel Stenberg |
curl_ctype: private is*() type macros and functions
... since the libc provided one are locale dependent in a way we don't
want. Also, the "native" isalnum() (for example) works differen
curl_ctype: private is*() type macros and functions
... since the libc provided one are locale dependent in a way we don't
want. Also, the "native" isalnum() (for example) works differently on
different platforms which caused test 1307 failures on macos only.
Closes #2269
show more ...
|
| #
c92d2e14 |
| 23-Oct-2017 |
Nikos Mavrogiannopoulos |
Added support for libssh SSH SCP back-end
libssh is an alternative library to libssh2.
https://www.libssh.org/
That patch set also introduces support for ECDSA
ed25519 keys,
Added support for libssh SSH SCP back-end
libssh is an alternative library to libssh2.
https://www.libssh.org/
That patch set also introduces support for ECDSA
ed25519 keys, as well as gssapi authentication.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
show more ...
|
| #
aa7668b9 |
| 10-Nov-2017 |
Daniel Stenberg |
setopt: split out curl_easy_setopt() to its own file
... to make url.c smaller.
Closes #1944
|
| #
2b5b37cb |
| 30-Sep-2017 |
Florin |
auth: add support for RFC7616 - HTTP Digest access authentication
Signed-off-by: Florin <petriuc.florin@gmail.com>
|
| #
ce0881ed |
| 02-Sep-2017 |
Patrick Monnerat |
mime: new MIME API.
Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.
|
|
Revision tags: curl-7_53_1, curl-7_53_0, curl-7_52_1, curl-7_52_0 |
|
| #
f682156a |
| 11-Nov-2016 |
Daniel Stenberg |
Curl_rand: fixed and moved to rand.c
Now Curl_rand() is made to fail if it cannot get the necessary random
level.
Changed the proto of Curl_rand() slightly to provide a number o
Curl_rand: fixed and moved to rand.c
Now Curl_rand() is made to fail if it cannot get the necessary random
level.
Changed the proto of Curl_rand() slightly to provide a number of ints at
once.
Moved out from vtls, since it isn't a TLS function and vtls provides
Curl_ssl_random() for this to use.
Discussion: https://curl.haxx.se/mail/lib-2016-11/0119.html
show more ...
|
|
Revision tags: curl-7_51_0 |
|
| #
811a693b |
| 30-Sep-2016 |
Daniel Stenberg |
strcasecompare: all case insensitive string compares ignore locale now
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
|
| #
502acba2 |
| 30-Sep-2016 |
Daniel Stenberg |
strcasecompare: is the new name for strequal()
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
strcasecompare: is the new name for strequal()
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
show more ...
|
|
Revision tags: curl-7_50_3, curl-7_50_2, curl-7_50_1, curl-7_50_0 |
|
| #
6df916d7 |
| 29-May-2016 |
Steve Holme |
loadlibrary: Only load system DLLs from the system directory
Inspiration provided by: Daniel Stenberg and Ray Satiro
Bug: https://curl.haxx.se/docs/adv_20160530.html
Ref: W
loadlibrary: Only load system DLLs from the system directory
Inspiration provided by: Daniel Stenberg and Ray Satiro
Bug: https://curl.haxx.se/docs/adv_20160530.html
Ref: Windows DLL hijacking with curl, CVE-2016-4802
show more ...
|
|
Revision tags: curl-7_49_1, curl-7_49_0 |
|
| #
f0bdd72c |
| 27-Mar-2016 |
Steve Holme |
http_ntlm: Renamed from curl_ntlm.[c|h]
Renamed the header and source files for this module as they are HTTP
specific and as such, they should use the naming convention as other
HTTP
http_ntlm: Renamed from curl_ntlm.[c|h]
Renamed the header and source files for this module as they are HTTP
specific and as such, they should use the naming convention as other
HTTP authentication source files do - this revert commit 260ee6b7bf.
Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind
code needs separating from the HTTP protocol and migrating into the
vauth directory, thus adding support for Winbind to the SASL based
protocols such as IMAP, POP3 and SMTP.
show more ...
|
|
Revision tags: curl-7_48_0 |
|
| #
4adee194 |
| 13-Mar-2016 |
Steve Holme |
http_negotiate: Combine GSS-API and SSPI source files
As the GSS-API and SSPI based source files are no longer library/API
specific, following the extraction of that authentication code
http_negotiate: Combine GSS-API and SSPI source files
As the GSS-API and SSPI based source files are no longer library/API
specific, following the extraction of that authentication code to the
vauth directory, combine these files rather than maintain two separate
versions.
show more ...
|
| #
6d6f9ca1 |
| 13-Mar-2016 |
Steve Holme |
vauth: Moved the Negotiate authentication code to the new vauth directory
Part 2 of 2 - Moved the GSS-API based Negotiate authentication code.
|
| #
ad5e9bfd |
| 13-Mar-2016 |
Steve Holme |
vauth: Moved the Negotiate authentication code to the new vauth directory
Part 1 of 2 - Moved the SSPI based Negotiate authentication code.
|
| #
7d2a5a05 |
| 13-Mar-2016 |
Steve Holme |
vauth: Updated the copyright year after recent changes
As most of this work was performed in 2015 but not pushed until 2016
updated the copyright year to reflect the public facing change
vauth: Updated the copyright year after recent changes
As most of this work was performed in 2015 but not pushed until 2016
updated the copyright year to reflect the public facing changes.
show more ...
|
|
Revision tags: curl-7_47_1, curl-7_47_0, curl-7_46_0, curl-7_45_0 |
|
| #
70e56939 |
| 12-Sep-2015 |
Steve Holme |
vauth: Moved the OAuth 2.0 authentication code to the new vauth directory
|
| #
6012fa5a |
| 12-Sep-2015 |
Steve Holme |
vauth: Moved the NTLM authentication code to the new vauth directory
|
| #
e1dca8a1 |
| 12-Sep-2015 |
Steve Holme |
vauth: Moved the Kerberos V5 authentication code to the new vauth directory
|
| #
51358a3f |
| 12-Sep-2015 |
Steve Holme |
vauth: Moved the DIGEST authentication code to the new vauth directory
|
| #
ec5b8dc6 |
| 12-Sep-2015 |
Steve Holme |
vauth: Moved the CRAM-MD5 authentication code to the new vauth directory
|
| #
6101e358 |
| 12-Sep-2015 |
Steve Holme |
vauth: Moved the ClearText authentication code to the new vauth directory
|
| #
685fee38 |
| 12-Sep-2015 |
Steve Holme |
vauth: Moved Curl_sasl_build_spn() to create the initial vauth source files
|
