Commit Graph

22 Commits

Author SHA1 Message Date
Viktor Szakats
22652a5a4c
curl: add options for safe/no CA bundle search (Windows)
Add `CURL_CA_SEARCH_SAFE` build-time option to enable CA bundle search
in the `curl` tool directory. The lookup method was already used to find
`.curlrc` and `_curlrc` (on Windows). On Windows it overrides the unsafe
default `SearchPath()` method.

Enable with:
- cmake: `-DCURL_CA_SEARCH_SAFE=ON`
- autotools: `--enable-ca-search-safe`
- raw: `CPPFLAGS=-DCURL_CA_SEARCH_SAFE`

On Windows, before this patch the whole `PATH` was searched for
a CA bundle. `PATH` may contain unwanted or world-writable locations,
including the current directory. Searching them all is convenient to
pick up any CA bundle, but not secure.

The Muldersoft curl distro implements such CA search via a custom
patch for Windows:
cd652d4792/patch/curl_tool_doswin.diff (L50)

MSYS2/mingw-w64 distro has also been rolling a patch solving this:
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/0001-Make-cURL-relocatable.patch
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/pathtools.c

Also add option to fully disable Windows CA search:
- cmake: `-DCURL_DISABLE_CA_SEARCH=ON`
- autotools: `--disable-ca-search`
- raw: `CPPFLAGS=-DCURL_DISABLE_CA_SEARCH`.

Both options are considered EXPERIMENTAL, with possible incompatible
changes or even (partial) removal in the future, depending on feedback.

An alternative, secure option is to embed the CA bundle into the binary.

Safe search can be extended to other platforms if necessary or useful,
by using `_NSGetExecutablePath()` (macOS),
`/proc/self/exe` (Linux/Cygwin), or `argv[0]`.

Closes #14582
2024-09-22 18:17:25 +02:00
Daniel Stenberg
69b50017a4
docs/SSLCERTS: rewrite
cleanup, modernize, refresh

Remove libcurl solutions, only do curl command lines.

Closes #14616
2024-08-21 07:48:57 +02:00
Viktor Szakats
f81f351b9a
tidy-up: OS names
Use these words and casing more consistently across text, comments and
one curl tool output:
AIX, ALPN, ANSI, BSD, Cygwin, Darwin, FreeBSD, GitHub, HP-UX, Linux,
macOS, MS-DOS, MSYS, MinGW, NTLM, POSIX, Solaris, UNIX, Unix, Unicode,
WINE, WebDAV, Win32, winbind, WinIDN, Windows, Windows CE, Winsock.

Mostly OS names and a few more.

Also a couple of other minor text fixups.

Closes #14360
2024-08-04 19:17:45 +02:00
Viktor Szakats
dace891e38
tidy-up: use consistent casing for Windows directories
C:\Windows\System32

Closes #13832
2024-05-30 14:40:12 +02:00
Daniel Stenberg
86d33001e4
reuse: add copyright + license info to individual docs/*.md files
Instead of use 'docs/*.md' in dep5. For clarity and avoiding a wide-
matching wildcard.

+ Remove mention of old files from .reuse/dep5
+ add info to .github/dependabot.yml
+ make scripts/copyright.pl warn on non-matching patterns

Closes #13245
2024-03-31 12:01:18 +02:00
Daniel Stenberg
6e494a2390
docs: more language cleanups
- present tense
- avoid bad words

Closes #13003
2024-02-27 16:19:43 +01:00
Daniel Stenberg
2097a095c9
docs: use present tense
avoid "will", detect "will" as a bad word in the CI

Also line wrapped a bunch of paragraphs

Closes #13001
2024-02-27 09:47:21 +01:00
Daniel Stenberg
eefcc1bda4
docs: introduce "curldown" for libcurl man page format
curldown is this new file format for libcurl man pages. It is markdown
inspired with differences:

- Each file has a set of leading headers with meta-data
- Supports a small subset of markdown
- Uses .md file extensions for editors/IDE/GitHub to treat them nicely
- Generates man pages very similar to the previous ones
- Generates man pages that still convert nicely to HTML on the website
- Detects and highlights mentions of curl symbols automatically (when
  their man page section is specified)

tools:

- cd2nroff: converts from curldown to nroff man page
- nroff2cd: convert an (old) nroff man page to curldown
- cdall: convert many nroff pages to curldown versions
- cd2cd: verifies and updates a curldown to latest curldown

This setup generates .3 versions of all the curldown versions at build time.

CI:

Since the documentation is now technically markdown in the eyes of many
things, the CI runs many more tests and checks on this documentation,
including proselint, link checkers and tests that make sure we capitalize the
first letter after a period...

Closes #12730
2024-01-23 00:29:02 +01:00
Daniel Stenberg
9034a16d97
docs: mention env vars not used by schannel
Ref: #12704

Co-authored-by: Jay Satiro <raysatiro@yahoo.com>

Closes #12711
2024-01-16 11:02:13 +01:00
Daniel Stenberg
7c8bae0d9c
nss: remove support for this TLS library
Closes #11459
2023-07-29 23:44:28 +02:00
Daniel Stenberg
fd1ce3d4b0
docs: spellfixes
Pointed by the new CI job
2022-09-21 15:20:08 +02:00
Benjamin Loison
ff021cb216
docs: correct missing uppercase in Markdown files
To detect these typos I used:

```
clear && grep -rn '\. [a-z]' . | uniq | grep -v '\. lib' | grep -v '[0-9]\. [a-z]' | grep -v '\.\. [a-z]' | grep -v '\. curl' | grep -v 'e.g. [a-z]' | grep -v 'eg. [a-z]' | grep -v '\etc. [a-z]' | grep -v 'i.e\. [a-z]' | grep --color=always '\. [a-z]' | grep '\.md'
```

Closes #9474
2022-09-12 09:10:43 +02:00
Antoine Pietri
b341b7675b
docs: grammar proofread, typo fixes
(Partially automated) proofread of most of the documentation, leading to
various typo fixes.

Closes #8353
2022-01-30 12:06:05 +01:00
Daniel Stenberg
76d6e719d9
docs: address proselint nits
- avoid exclamation marks
- use consistent number of spaces after periods: one
- avoid clichés
- avoid using 'very'

Closes #8060
2021-11-26 14:27:07 +01:00
Daniel Stenberg
a28464ae77
docs: reduce/avoid English contractions
You're => You are
Hasn't => Has not
Doesn't => Does not
Don't => Do not
You'll => You will
etc

Closes #7930
2021-11-07 23:16:27 +01:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Dan Kenigsberg
c77f6fd1cb
docs: SSLCERTS: fix English syntax
Signed-off-by: Dan Kenigsberg <danken@redhat.com>

Closes #5876
2020-08-28 13:39:09 +02:00
Daniel Stenberg
2429f45a97
TLS naming: fix more Winssl and Darwinssl leftovers
The CMake option is now called CMAKE_USE_SCHANNEL

The winbuild flag is USE_SCHANNEL

The CI jobs and build scripts only use the new names and the new name
options

Tests now require 'Schannel' (when necessary)

Closes #5795
2020-08-08 00:19:21 +02:00
Jay Satiro
0d0537aeae SSLCERTS.md: Fix example code for setting CA cert file
Prior to this change the documentation erroneously said use
CURLOPT_CAPATH to set a CA cert file.

Bug: https://curl.haxx.se/mail/lib-2020-03/0121.html
Reported-by: Timothe Litt

Closes https://github.com/curl/curl/pull/5151
2020-03-26 18:46:15 -04:00
Daniel Stenberg
9dad3bd665
SSLCERTS: improve the openssl command line
... for extracting certs from a live HTTPS server to make a cacerts.pem
from them.
2018-08-20 14:05:28 +02:00
Daniel Stenberg
c5357b7b99 SSLCERTS.md: mention HTTPS proxies and their separate options 2017-03-16 23:00:24 +01:00
Daniel Stenberg
615a12cbad SSLCERTS.md: renamed to markdown extension 2016-08-09 12:03:46 +02:00