Capabilities of sasl module are extended to exchange messages in binary
as an alternative to base64.
If http authentication flags have been set, those are used as sasl
default preferred mechanisms.
Closes#6930
Wyatt OʼDay reported in #7385 that mbedTLS isn't backwards compatible
and curl no longer builds with it. Document the need to fix our support
until so has been done.
Closes#7390Fixes#7385
Reported-by: Wyatt OʼDay
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
It can't run on focal and causes warnings on bionic. Since the focal
failure started rather suddenly a while ago, we can suspect it might be
temporary.
Added "bring back the build" to the TODO document.
Fixes#7011Closes#7012
configure no longer tries to find a TLS library by default, but all
libraries are now equal: the user needs to explicitly ask what TLS
library or libraries to use.
If no TLS library is selected, configure will error out unless
--without-ssl is explicitly used to request a built without TLS (as that
is very rare these days).
Removes: --with-winssl, --with-darwinssl and all --without-* options for
TLS libraries.
Closes#6897
- Disable auto credentials by default. This is a breaking change
for clients that are using it, wittingly or not.
- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
to automatically locate and use a client certificate for
authentication, when requested by the server.
- New curl tool options --ssl-auto-client-cert and
--proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.
This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.
Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn
Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard
Closes https://github.com/curl/curl/pull/6673
We should offer an option to allow abrupt server closures (server closes
SSL transfer without sending a known termination point such as length of
transfer or close_notify alert). Abrupt server closures are usually
because of misconfigured or very old servers.
Closes https://github.com/curl/curl/issues/4427
