Commit Graph

5789 Commits

Author SHA1 Message Date
Daniel Stenberg
89756e87ee
CURLOPT_DNS_CACHE_TIMEOUT.3: fix spelling
Follow-up to 9ed7d56e04

Closes #11096
2023-05-10 00:24:14 +02:00
Daniel Stenberg
6708498588
compressed.d: clarify the words on "not notifying headers"
Reported-by: Dylan Anthony
Fixes #11091
Closes #11092
2023-05-09 09:20:12 +02:00
Daniel Stenberg
5d36bdf490
CURLOPT_IPRESOLVE.3: clarify that this for host names, not IP addresses
Reported-by: Harry Sintonen
Closes #11087
2023-05-08 14:58:05 +02:00
Daniel Stenberg
9ed7d56e04
hostip: enforce a maximum DNS cache size independent of timeout value
To reduce the damage an application can cause if using -1 or other
ridiculous timeout values and letting the cache live long times.

The maximum number of entries in the DNS cache is now totally
arbitrarily and hard-coded set to 29999.

Closes #11084
2023-05-08 14:55:26 +02:00
Daniel Stenberg
39434db41f
ipv4.d/ipv6.d: they are "mutex", not "boolean"
... which for example means they do not have --no-* versions.

Reported-by: Harry Sintonen
Fixes #11085
Closes #11086
2023-05-08 14:09:40 +02:00
Daniel Stenberg
5a7ae421c5
docs/SECURITY-ADVISORY.md: how to write a curl security advisory
Closes #11080
2023-05-08 09:40:29 +02:00
nobedee on github
62ba84a2ab
MANUAL.md: add dict example for looking up a single definition
Closes #11077
2023-05-05 23:49:25 +02:00
Daniel Stenberg
4578ada4a0
docs: minor polish
- "an HTTP*" (not "a")
- remove a few contractions
- remove a spurious "a"
- reduce use of "I" in texts

Closes #11040
2023-04-27 13:23:01 +02:00
Stefan Eissing
acd82c8bfd
tests/http: more tests with specific clients
- Makefile support for building test specific clients in tests/http/clients
- auto-make of clients when invoking pytest
- added test_09_02 for server PUSH_PROMISEs using clients/h2-serverpush
- added test_02_21 for lib based downloads and pausing/unpausing transfers

curl url parser:
- added internal method `curl_url_set_authority()` for setting the
  authority part of a url (used for PUSH_PROMISE)

http2:
- made logging of PUSH_PROMISE handling nicer

Placing python test requirements in requirements.txt files
- separate files to base test suite and http tests since use
  and module lists differ
- using the files in the gh workflows

websocket test cases, fixes for we and bufq
- bufq: account for spare chunks in space calculation
- bufq: reset chunks that are skipped empty
- ws: correctly encode frames with 126 bytes payload
- ws: update frame meta information on first call of collect
  callback that fills user buffer
- test client ws-data: some test/reporting improvements

Closes #11006
2023-04-26 23:24:46 +02:00
Daniel Stenberg
53523d7dcc
docs: clarify that more backends have HTTPS proxy support
Closes #11033
2023-04-26 16:28:12 +02:00
Daniel Stenberg
442355f8db
KNOWN_BUGS: remove two not-bugs
- 11.7 signal-based resolver timeouts

Not considered a bug anymore but just implementation details. People
should avoid using timeouts with the synchronous name resolver.

- 11.16 libcurl uses renames instead of locking for atomic operations

Not a bug, just a description of how it works

Closes #11032
2023-04-26 15:40:54 +02:00
Emanuele Torre
f5c36bf6fe
docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string"
Also reword the DESCRIPTION section to mention "input"/"string" argument
in bold.

Closes #11027
2023-04-26 10:20:04 +02:00
Emanuele Torre
73b9d7eb0f
docs/libcurl: minor cleanups
I was reading curl_unescape(3) and I noticed that there was an extra
space after the open parenthesis in the SYNOPSIS; I removed the extra
space.

I also ran a few  grep -r  commands to find and remove extra spaces
after '(' in other files, and to find and replace uses of `T*' instead
of `T *'. Some of the instances of `T*` where unnecessary casts that I
removed.

I also fixed a comment that was misaligned in CURLMOPT_SOCKETFUNCTION.3.

And I fixed some formatting inconsistencies: in curl_unescape(3), all
function parameter were mentioned with bold text except length, that was
mentioned as 'length'; and, in curl_easy_unescape(3), all parameters
were mentioned in bold text except url that was italicised. Now they are
all mentioned in bold.
Documentation is not very consistent in how function parameter are
formatted: many pages italicise them, and others display them in bold
text; but I think it makes sense to at least be consistent with
formatting within the same page.

Closes #11027
2023-04-26 10:19:48 +02:00
Daniel Stenberg
f98344c4ae
man pages: simplify the .TH sections
- remove the version numbers
- simplify the texts

The date and version number will be put there for releases when maketgz
runs the updatemanpages.pl script.

Closes #11029
2023-04-26 10:17:13 +02:00
Stefan Eissing
2079cb26a1
HTTP3: document the ngtcp2/nghttp3 versions to use for building curl
- refs #11011 to clarify this for people building curl themselves

Closes #11019
2023-04-25 17:38:59 +02:00
Daniel Stenberg
c9cff9262f
docs/examples/protofeats.c: Outputs all protocols and features
Showing off one way to get to char pointer arrays of info returned by
curl_version_info()

Closes #10991
2023-04-18 08:10:27 +02:00
Daniel Stenberg
fb1d62ff07
curl_easy_unescape.3: rename the argument
and highlight it appropriately in the text.

Closes #10979
2023-04-17 14:54:50 +02:00
Daniel Stenberg
7ed010ce21
libcurl-thread.3: improved name resolver wording
And make better .SH sections

Closes #10966
2023-04-14 16:36:48 +02:00
Colman Mbuya
ef8b1690c8
CURLOPT_PROXY_SSL_VERIFYPEER.3: fix minor grammar mistake
Closes #10968
2023-04-14 16:35:19 +02:00
Daniel Stenberg
e39754f6a2
curl: add --proxy-http2
For trying HTTP/2 with an HTTPS proxy.

Closes #10926
2023-04-14 10:39:23 +02:00
Daniel Stenberg
c39f981ff4
KNOWN_BUGS: remove fixed or outdated issues, move non-bugs
- remove h3 issues believed to be fixed

- make the flaky CI issue be generic and not Windows specific

- "TLS session cache does not work with TFO" now documented

  This is now a documented restriction and not a bug. TFO in general is
  rarely used and has other problems, making it a low-priotity thing to
  work on.

- remove "Renegotiate from server may cause hang for OpenSSL backend"

  This is an OpenSSL issue, not a curl one. Even if it taints curl.

- rm "make distclean loops forever"

- rm "configure finding libs in wrong directory"

  Added a section to docs/INSTALL.md about it.

- "A shared connection cache is not thread-safe"

  Moved over to TODO and expanded for other sharing improvements we
  could do

- rm "CURLOPT_OPENSOCKETPAIRFUNCTION is missing"

- rm "Blocking socket operations in non-blocking API"

  Already listed as a TODO

- rm "curl compiled on OSX 10.13 failed to run on OSX 10.10"

  Water under the bridge. No one cares about this anymore.

- rm "build on Linux links libcurl to libdl"

  Verified to not be true (anymore).

- rm "libpsl is not supported"

  The cmake build supports it since cafb356e19

Closes #10963
2023-04-14 09:50:19 +02:00
Daniel Stenberg
a8fbdb461c
gen.pl: error on duplicated See-Also fields
Updated http2.d accordingly.

Closes #10925
2023-04-11 12:31:30 +02:00
Daniel Stenberg
587dac67fb
curl_url_set.3: mention that users can set content rather freely
... which then might render bad URLs if you extract a URL later.

Closes #10921
2023-04-11 11:30:51 +02:00
Daniel Stenberg
712e5f1e7f
CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2
Setting this proxy type allows curl to negotiate and use HTTP/2 with
HTTPS proxies.

Closes #10900
2023-04-08 00:27:53 +02:00
Ali Khodkar
8803d2bfd9
write-out.d: add missing periods
Closes #10897
2023-04-08 00:23:48 +02:00
Daniel Stenberg
808cb31756
tool_writeout: add URL component variables
Output specific components from the used URL. The following variables
are added for this purpose:

  url.scheme, url.user, url.password, url.options, url.host, url.port,
  url.path, url.query, url.fragment, url.zoneid

Add the following for outputting parts of the "effective URL":

 urle.scheme, urle.user, urle.password, urle.options, urle.host, urle.port,
 urle.path, urle.query, urle.fragment, urle.zoneid

Added test 423 and 424 to verify.

Closes #10853
2023-04-04 14:42:44 +02:00
Dan Fandrich
b5cb9a5a36 docs: bump the minimum perl version to 5.6
It's actually been this way since at least 2012 (when a 3-argument open
was added to runtests.pl). Given the lack of complaints in the interim,
it's safe to call this 23 year old perl version the minimum.
2023-03-30 09:12:52 -07:00
Stefan Eissing
6d6404aca0
docs: add documentation for bufq
Closes #10869
2023-03-30 17:13:53 +02:00
Matt Jolly
0ae0abbe72
hostip: refuse to resolve the .onion TLD
RFC 7686 states that:

> Applications that do not implement the Tor
> protocol SHOULD generate an error upon the use of .onion and
> SHOULD NOT perform a DNS lookup.

Let's do that.

https://www.rfc-editor.org/rfc/rfc7686#section-2

Add test 1471 and 1472 to verify

Fixes #543
Closes #10705
2023-03-30 15:51:06 +02:00
Jim King
34ef4fab22
openssl: interop with AWS-LC
* Configure changes to detect AWS-LC
* CMakeLists.txt changes to detect AWS-LC
* Compile-time branches needed to support AWS-LC
* Correctly set OSSL_VERSION and report AWS-LC release number
* GitHub Actions script to build with autoconf and cmake against AWS-LC

AWS-LC is a BoringSSL/OpenSSL derivative
For more information see https://github.com/awslabs/aws-lc/

Closes #10320
2023-03-30 10:56:14 +02:00
Frank Gevaerts
1903b95e4c
curl_easy_getinfo.3: typo fix (duplicated "from the")
Closes #10850
2023-03-28 11:59:49 +02:00
Ronan Pigott
8d9c1a8aa8
docs/cmdline-opts: document the dotless config path
The real xdg config path is $XDG_CONFIG_HOME/curlrc, without the dot.
The dotless name seems preferable, so let's match the documentation to
the behavior.

Closes #10849
2023-03-28 10:32:00 +02:00
Daniel Stenberg
4fe6c91e7a
HTTP-COOKIES.md: mention the #HttpOnly_ prefix
Fixes #10847
Reported-by: Harry Sintonen
Closes #10848
2023-03-28 10:28:33 +02:00
Daniel Stenberg
9c469942e2
RELEASE-PROCEDURE: update to new schedule
Ref: https://curl.se/mail/lib-2023-03/0062.html

Assisted-by: Andy Alt
Assisted-by: Dan Frandrich

Closes #10827
2023-03-26 17:39:43 +02:00
Patrick Monnerat
61d4260434
doc: curl_mime_init() strong easy handle binding has been relaxed in 7.87.0
Reported-by: Chloe Kudryavtsev
Fixes #10834
Closes #10835
2023-03-26 16:39:58 +02:00
Jay Satiro
e5588ced30 CURLOPT_WRITEFUNCTION.3: fix typo
Reported-by: Osaila@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/10839
2023-03-25 15:54:02 -04:00
Daniel Stenberg
5ddd5f2619
data.d: emphasize no conversion
When asking curl to send a POST, curl does not encode or change the data.

Ref: #10820
Closes #10823
2023-03-23 15:35:25 +01:00
Daniel Stenberg
370dcf0b96
THANKS: from the 8.0.0 release 2023-03-20 08:04:43 +01:00
Daniel Stenberg
bb334dfdde
SECURITY-PROCESS.md: Busy-loops are not security problems
Closes #10790
2023-03-18 09:59:23 +01:00
Daniel Stenberg
f24014c3eb
lib2305: deal with CURLE_AGAIN
The test does a slightly ugly busy-loop for this case but should be
managable due to it likely being a very short moment.

Mention CURLE_AGAIN in curl_ws_recv.3

Fixes #10760
Reported-by: Jay Satiro
Closes #10781
2023-03-16 23:29:12 +01:00
Casey Bodley
495d09810a
aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
all s3 requests default to UNSIGNED-PAYLOAD and add the required
x-amz-content-sha256 header. this allows CURLAUTH_AWS_SIGV4 to correctly
sign s3 requests to amazon with no additional configuration

Signed-off-by: Casey Bodley <cbodley@redhat.com>

Closes #9995
2023-03-14 17:04:47 +01:00
Daniel Stenberg
c977fecf52
RELEASE-PROCEDURE.md: update coming release dates 2023-03-13 16:43:42 +01:00
Dan Fandrich
ee521a1c88 http: don't send 100-continue for short PUT requests
This is already how curl is documented to behave in Everything curl, but
in actuality only short POSTs skip this. This should knock 30 seconds
off a full run of the test suite since the 100-continue timeout will no
longer be hit.

Closes #10740
2023-03-11 18:57:19 -08:00
Daniel Stenberg
fcee070cb1
CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket
It results in error "NSS error -5985 (PR_ADDRESS_NOT_SUPPORTED_ERROR)"

Disabled test 1470 for NSS builds and documented the restriction.

Reported-by: Dan Fandrich
Fixes #10723
Closes #10734
2023-03-10 17:50:20 +01:00
Daniel Stenberg
dca4cdf071
CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
Reported-by: Hiroki Kurosawa
Closes #10732
2023-03-10 17:45:55 +01:00
Daniel Stenberg
56f306a5a6
docs/SECURITY-PROCESS.md: updates
- allow Low+Medium issues to be managed through plain PRs
- update the bug-bounty part to reflect current reality

Closes #10719
2023-03-10 08:00:38 +01:00
Evgeny Grin (Karlson2k)
372b95f77f
doc: fix compiler warning in libcurl.m4
Current test for curl_free() may produce warnings with strict compiler
flags or even with default compiler flags with upcoming versions.
These warning could turned into errors by -Werror or similar flags.
Such warnings/errors are avoided by this patch.

Closes #10710
2023-03-08 14:24:08 +01:00
Viktor Szakats
75087c3baa
misc: fix typos
Closes #10706
2023-03-08 08:00:35 +00:00
Daniel Stenberg
2a31086f39
docs: extend the URL API descriptions
Closes #10701
2023-03-07 13:36:10 +01:00
andy5995
7c3822fe45
docs: note '--data-urlencode' option
Closes #10687
2023-03-06 15:35:48 +01:00