| #
d1e7d919 |
| 26-Sep-2021 |
Mats Lindestam |
libssh2: add SHA256 fingerprint support
Added support for SHA256 fingerprint in command line curl and in
libcurl.
Closes #7646
|
| #
46d4373e |
| 23-Aug-2021 |
Daniel Stenberg |
setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
Since this option is also used for FTP, it needs to work to set for
applications even if hyper doesn't support it for HTTP. Verifie
setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
Since this option is also used for FTP, it needs to work to set for
applications even if hyper doesn't support it for HTTP. Verified by test
1137.
Updated docs to specify that the option doesn't work for HTTP when using
the hyper backend.
Closes #7614
show more ...
|
| #
de1004eb |
| 16-Jul-2021 |
Josh Soref |
cleanup: spell DoH with a lowercase o
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Closes #7413
|
| #
628ebd82 |
| 03-Jun-2021 |
Daniel Stenberg |
test269: disable for hyper
--ignore-content-length / CURLOPT_IGNORE_CONTENT_LENGTH doesn't work
with hyper.
Closes #7184
|
| #
8cc1fee5 |
| 31-May-2021 |
Laurent Dufresne |
setopt: fix incorrect comments
Closes #7157
|
| #
2864b00b |
| 24-May-2021 |
Orgad Shaneh |
setopt: streamline ssl option code
Make it use the same style as the code next to it
Closes #7123
|
| #
1763aceb |
| 06-May-2021 |
Daniel Stenberg |
http: limit the initial send amount to used upload buffer size
Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes,
but for the situations where a larger upload buffer
http: limit the initial send amount to used upload buffer size
Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes,
but for the situations where a larger upload buffer has been set, this
function can benefit from sending more bytes. With default size used,
this does the same as before.
Also changed the storage of the size to an 'unsigned int' as it is not
allowed to be set larger than 2M.
Also added cautions to the man pages about changing buffer sizes in
run-time.
Closes #7022
show more ...
|
|
Revision tags: curl-7_76_1, curl-7_76_0, curl-7_75_0, curl-7_74_0, curl-7_73_0, tiny-curl-7_72_0, curl-7_72_0 |
|
| #
77fc3859 |
| 13-Jul-2020 |
Gilles Vollant |
SSL: support in-memory CA certs for some backends
- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
SSL: support in-memory CA certs for some backends
- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
and Secure Transport (Apple) SSL backends.
Prior to this change PEM certificates could only be imported from a file
and not from memory.
Co-authored-by: moparisthebest@users.noreply.github.com
Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109
Closes https://github.com/curl/curl/pull/6662
show more ...
|
| #
54e74750 |
| 27-Feb-2021 |
Jay Satiro |
schannel: Disable auto credentials; add an option to enable it
- Disable auto credentials by default. This is a breaking change
for clients that are using it, wittingly or not.
schannel: Disable auto credentials; add an option to enable it
- Disable auto credentials by default. This is a breaking change
for clients that are using it, wittingly or not.
- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
to automatically locate and use a client certificate for
authentication, when requested by the server.
- New curl tool options --ssl-auto-client-cert and
--proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.
This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.
Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn
Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard
Closes https://github.com/curl/curl/pull/6673
show more ...
|
| #
063d3f3b |
| 19-Apr-2021 |
Daniel Stenberg |
tidy-up: make conditional checks more consistent
... remove '== NULL' and '!= 0'
Closes #6912
|
| #
d71ff2b9 |
| 08-Mar-2021 |
Daniel Stenberg |
hsts: enable by default
No longer considered experimental.
Closes #6700
|
| #
eff614fb |
| 22-Mar-2021 |
Daniel Stenberg |
vtls: refuse setting any SSL version
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
vtls: refuse setting any SSL version
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.
Closes #6773
show more ...
|
| #
520bd522 |
| 14-Apr-2021 |
Daniel Stenberg |
cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
the cookiejar from memory.
Reported-by: S
cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
the cookiejar from memory.
Reported-by: Stefan Karpinski
Fixes #6889
Closes #6891
show more ...
|
| #
95cbcec8 |
| 26-Mar-2021 |
Daniel Stenberg |
urldata: merge "struct DynamicStatic" into "struct UrlState"
Both were used for the same purposes and there was no logical separation
between them. Combined, this also saves 16 bytes in
urldata: merge "struct DynamicStatic" into "struct UrlState"
Both were used for the same purposes and there was no logical separation
between them. Combined, this also saves 16 bytes in less holes in my
test build.
Closes #6798
show more ...
|
| #
32a71333 |
| 11-Mar-2021 |
Daniel Stenberg |
setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper
Not supported.
Closes #6727
|
| #
70472a44 |
| 18-Feb-2021 |
Daniel Stenberg |
urldata: remove the _ORIG suffix from string names
It doesn't provide any useful info but only makes the names longer.
Closes #6624
|
| #
53022e18 |
| 11-Feb-2021 |
Jay Satiro |
doh: add options to disable ssl verification
- New libcurl options CURLOPT_DOH_SSL_VERIFYHOST,
CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the
same as their re
doh: add options to disable ssl verification
- New libcurl options CURLOPT_DOH_SSL_VERIFYHOST,
CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the
same as their respective counterparts.
- New curl tool options --doh-insecure and --doh-cert-status do the same
as their respective counterparts.
Prior to this change DOH SSL certificate verification settings for
verifyhost and verifypeer were supposed to be inherited respectively
from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug
were not. As a result DOH verification remained at the default, ie
enabled, and it was not possible to disable. This commit changes
behavior so that the DOH verification settings are independent and not
inherited.
Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676
Fixes https://github.com/curl/curl/issues/4578
Closes https://github.com/curl/curl/pull/6597
show more ...
|
| #
46620b97 |
| 12-Feb-2021 |
Daniel Stenberg |
http: use credentials from transfer, not connection
HTTP auth "accidentally" worked before this cleanup since the code would
always overwrite the connection credentials with the credenti
http: use credentials from transfer, not connection
HTTP auth "accidentally" worked before this cleanup since the code would
always overwrite the connection credentials with the credentials from
the most recent transfer and since HTTP auth is typically done first
thing, this has not been an issue. It was still wrong and subject to
possible race conditions or future breakage if the sequence of functions
would change.
The data.set.str[] strings MUST remain unmodified exactly as set by the
user, and the credentials to use internally are instead set/updated in
state.aptr.*
Added test 675 to verify different credentials used in two requests done
over a reused HTTP connection, which previously behaved wrongly.
Fixes #6542
Closes #6545
show more ...
|
| #
88dd1a8a |
| 11-Feb-2021 |
Daniel Stenberg |
urldata: don't touch data->set.httpversion at run-time
Rename it to 'httpwant' and make a cloned field in the state struct as
well for run-time updates.
Also: refuse non-support
urldata: don't touch data->set.httpversion at run-time
Rename it to 'httpwant' and make a cloned field in the state struct as
well for run-time updates.
Also: refuse non-supported HTTP versions. Verified with test 129.
Closes #6585
show more ...
|
| #
528f71c2 |
| 08-Feb-2021 |
Daniel Stenberg |
ftp: add 'list_only' to the transfer state struct
and rename it from 'ftp_list_only' since it is also used for SSH and
POP3. The state is updated internally for 'type=D' FTP URLs.
ftp: add 'list_only' to the transfer state struct
and rename it from 'ftp_list_only' since it is also used for SSH and
POP3. The state is updated internally for 'type=D' FTP URLs.
Added test case 1570 to verify.
Closes #6578
show more ...
|
| #
0c51036e |
| 08-Feb-2021 |
Daniel Stenberg |
ftp: never set data->set.ftp_append outside setopt
Since the set value then risks getting used like that when the easy
handle is reused by the application.
Also: renamed the str
ftp: never set data->set.ftp_append outside setopt
Since the set value then risks getting used like that when the easy
handle is reused by the application.
Also: renamed the struct field from 'ftp_append' to 'remote_append'
since it is also used for SSH protocols.
Closes #6579
show more ...
|
| #
457e864f |
| 04-Feb-2021 |
Daniel Stenberg |
urldata: fix build without HTTP and MQTT
Reported-by: Joseph Chen
Fixes #6562
Closes #6563
|
| #
796ce293 |
| 25-Jan-2021 |
Dmitry Wagin |
http: improve AWS HTTP v4 Signature auth
- Add support services without region and service prefixes in
the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
http: improve AWS HTTP v4 Signature auth
- Add support services without region and service prefixes in
the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
by providing region and service parameters via aws-sigv4 option.
- Add [:region[:service]] suffix to aws-sigv4 option;
- Fix memory allocation errors.
- Refactor memory management.
- Use Curl_http_method instead() STRING_CUSTOMREQUEST.
- Refactor canonical headers generating.
- Remove repeated sha256_to_hex() usage.
- Add some docs fixes.
- Add some codestyle fixes.
- Add overloaded strndup() for debug - curl_dbg_strndup().
- Update tests.
Closes #6524
show more ...
|
| #
e76b058f |
| 26-Jan-2021 |
Daniel Stenberg |
urldata: store ip version in a single byte
Closes #6534
|
| #
942cf12c |
| 19-Jan-2021 |
Daniel Stenberg |
urldata: make magic be the first struct field
By making the `magic` identifier the same size and at the same place
within the structs (easy, multi, share), libcurl will be able to more
urldata: make magic be the first struct field
By making the `magic` identifier the same size and at the same place
within the structs (easy, multi, share), libcurl will be able to more
reliably detect and safely error out if an application passes in the
wrong handle to APIs. Easier to detect and less likely to cause crashes
if done.
Such mixups can't be detected at compile-time due to them being
typedefed void pointers - unless `CURL_STRICTER` is defined.
Closes #6484
show more ...
|
