Commit Graph

119 Commits

Author SHA1 Message Date
Kamil Dudka
9ba22ce6b5 docs/cmdline-opts: update the documentation of --tlsv1.0
... to reflect the changes in 6015cefb1b

Closes #2955
2018-09-10 12:23:23 +02:00
Daniel Stenberg
5ffbb63e42
curl: --doh-url added 2018-09-06 09:17:25 +02:00
Jay Satiro
351c0f3a55
tool_operate: Add http code 408 to transient list for --retry
- Treat 408 request timeout as transient so that curl will retry the
  request if --retry was used.

Closes #2925
2018-09-03 13:19:14 +02:00
Daniel Stenberg
2345388728
cmdline-opts/page-footer: fix edit mistake
There was a missing newline.

follow-up to a7ba60bb72
2018-08-25 23:37:00 +02:00
Daniel Stenberg
a7ba60bb72
docs: clarify NO_PROXY env variable functionality
Reported-by: Kirill Marchuk
Fixes #2773
Closes #2911
2018-08-24 23:22:46 +02:00
Kamil Dudka
233908a55a docs: add disallow-username-in-url.d and haproxy-protocol.d on the list
... to make make the files appear in distribution tarballs

Closes #2856
2018-08-13 14:21:57 +02:00
Anderson Toshiyuki Sasaki
298d2565e2
ssl: set engine implicitly when a PKCS#11 URI is provided
This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.

Acked-by: Nikos Mavrogiannopoulos
Closes #2333
2018-08-08 09:46:01 +02:00
Daniel Stenberg
522236f55e
post303.d: clarify that this is an RFC violation
... and not the other way around, which this previously said.

Reported-by: Vasiliy Faronov
Fixes #2723
Closes #2726
2018-07-10 10:08:07 +02:00
Daniel Stenberg
6015cefb1b
openssl: make the requested TLS version the *minimum* wanted
The code treated the set version as the *exact* version to require in
the TLS handshake, which is not what other TLS backends do and probably
not what most people expect either.

Reported-by: Andreas Olsson
Assisted-by: Gaurav Malhotra
Fixes #2691
Closes #2694
2018-06-29 22:53:02 +02:00
Daniel Stenberg
08c845cfdb
openssl: allow TLS 1.3 by default
Reported-by: Andreas Olsson
Fixes #2692
Closes #2693
2018-06-29 09:15:34 +02:00
Daniel Stenberg
a8324599d2
cmdline-opts/cert-type.d: mention "p12" as a recognized type as well 2018-06-05 14:53:33 +02:00
Björn Stenberg
946ce5b61f
option: disallow username in URL
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes
libcurl reject URLs with a username in them.

Closes #2340
2018-05-31 11:27:16 +02:00
Daniel Stenberg
050c93c46f
setopt: add TLS 1.3 ciphersuites
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.

curl: added --tls13-ciphers and --proxy-tls13-ciphers

Fixes #2435
Reported-by: zzq1015 on github
Closes #2607
2018-05-29 16:12:52 +02:00
Daniel Stenberg
06a72880d6
cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options 2018-05-28 15:02:03 +02:00
Frank Gevaerts
7c189c6608
curl.1: Fix cmdline-opts reference errors.
--data, --form, and --ntlm were declared to be mutually exclusive with
non-existing options. --data and --form referred to --upload (which is
short for --upload-file and therefore did work, so this one was merely
a bit confusing), --ntlm referred to --negotiated instead of --negotiate.

Closes #2612
2018-05-28 15:02:03 +02:00
Frank Gevaerts
c78dd2e1d0
docs: fix cmdline-opts metadata headers case consistency.
Almost all headers start with an uppercase letter, but some didn't.
2018-05-28 15:02:03 +02:00
Daniel Stenberg
f3d836b736
curl: added --styled-output
It is enabled by default, so --no-styled-output will switch off the
detection/use of bold headers.

Closes #2538
2018-05-21 20:29:12 +02:00
Aleks
e05ad5dd99
docs: mention HAproxy protocol "version 1"
...as there's also a version 2.

Closes #2579
2018-05-18 17:48:40 +02:00
Daniel Stenberg
a39593d282
curl.1: clarify that options and URLs can be mixed
Fixes #2515
Closes #2517
2018-04-23 13:48:14 +02:00
Archangel_SDY
f0819f99ae CURLOPT_SSLCERT.3: improve WinSSL-specific usage info
Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780

Closes https://github.com/curl/curl/pull/2504
2018-04-23 03:16:52 -04:00
Jay Satiro
0f72716676 tool_help: clarify --max-time unit of time is seconds
Before:
 -m, --max-time <time> Maximum time allowed for the transfer

After:
 -m, --max-time <seconds> Maximum time allowed for the transfer
2018-04-21 14:19:37 -04:00
Dan McNulty
8996300211 schannel: add support for CURLOPT_CAINFO
- Move verify_certificate functionality in schannel.c into a new
  file called schannel_verify.c. Additionally, some structure defintions
  from schannel.c have been moved to schannel.h to allow them to be
  used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
  all versions of Windows instead of just Windows CE. verify_certificate
  will be invoked on Windows CE or when the user specifies
  CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
  exclusively trusts the certificate store backed by the CURLOPT_CAINFO
  file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
  when available. This implements a TODO in schannel.c to improve
  handling of multiple SANs in a certificate. In particular, all SANs
  will now be searched instead of just the first name.

- Update tool_operate.c to not search for the curl-ca-bundle.crt file
  when using Schannel to maintain backward compatibility. Previously,
  any curl-ca-bundle.crt file found in that search would have been
  ignored by Schannel. But, with CAINFO support, the file found by
  that search would have been used as the certificate store and
  could cause issues for any users that have curl-ca-bundle.crt in
  the search path.

- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
  SSL backend is Schannel. We allow setting CA location for schannel
  only when explicitly specified by the user via CURLOPT_CAINFO /
  --cacert.

- Add new test cases 3000 and 3001. These test cases check that the first
  and last SAN, respectively, matches the connection hostname. New test
  certificates have been added for these cases. For 3000, the certificate
  prefix is Server-localhost-firstSAN and for 3001, the certificate
  prefix is Server-localhost-secondSAN.

- Remove TODO 15.2 (Add support for custom server certificate
  validation), this commit addresses it.

Closes https://github.com/curl/curl/pull/1325
2018-04-18 03:59:47 -04:00
Jakub Wilk
24e8355877 docs: fix typos
Closes https://github.com/curl/curl/pull/2503
2018-04-17 15:32:51 -04:00
Daniel Stenberg
d92a9bd4ec
cookie.d: mention that "-" as filename means stdin
Reported-by: Dongliang Mu
Fixes #2410
2018-03-20 23:25:12 +01:00
Lawrence Matthews
6baeb6df35
CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol
Add --haproxy-protocol for the command line tool

Closes #2162
2018-03-17 11:50:06 +01:00
Daniel Stenberg
2b083dcc40
user-agent.d:: mention --proxy-header as well
Bug: https://github.com/curl/curl/issues/2381
2018-03-15 23:52:43 +01:00
Daniel Stenberg
c74521628b
curl.1: mention how to add numerical IP addresses in NO_PROXY 2018-03-04 19:57:43 +01:00
Viktor Szakats
7e35eb7729 spelling fixes
Detected using the `codespell` tool.

Also contains one URL protocol upgrade.

Closes https://github.com/curl/curl/pull/2334
2018-02-23 23:29:01 +00:00
Daniel Stenberg
93e7a6ffd1
form.d: rephrased somewhat, added two example command lines 2018-02-22 08:28:05 +01:00
Anders Bakken
2427d94c6d url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT
- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy
  eyeball timeout value.

- Add new optval macro CURL_HET_DEFAULT to represent the default happy
  eyeballs timeout value (currently 200 ms).

- Add new tool option --happy-eyeballs-timeout-ms to expose
  CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the
  other -timeout options in the tool expect seconds not milliseconds.

Closes https://github.com/curl/curl/pull/2260
2018-02-20 17:51:43 -05:00
Anders Bakken
50d1b3379a CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
This enables users to preresolve but still take advantage of happy
eyeballs and trying multiple addresses if some are not connecting.

Ref: https://github.com/curl/curl/pull/2260
2018-02-20 04:24:28 -05:00
Kamil Dudka
08029a7e73 tlsauthtype.d: works only if libcurl is built with TLS-SRP support
Bug: https://bugzilla.redhat.com/1542256

Closes #2306
2018-02-12 18:09:54 +01:00
Daniel Stenberg
34ecdffe90
progress-bar.d: update to match implementation
... since commit 993dd5651a

Reported-by: Martin Dreher
Bug: https://github.com/curl/curl/pull/2242#issuecomment-361059228

Closes #2271
2018-01-30 23:46:58 +01:00
Daniel Stenberg
fecec1d8ae
curl: add --proxy-pinnedpubkey
To verify a proxy's public key. For when using HTTPS proxies.

Fixes #2192
Closes #2268
2018-01-30 08:00:31 +01:00
Jay Satiro
d4e40f0690 scripts: allow all perl scripts to be run directly
- Enable execute permission (chmod +x)

- Change interpreter to /usr/bin/env perl

Closes https://github.com/curl/curl/pull/2222
2018-01-07 15:42:11 -05:00
Jay Satiro
e4f86025d6 mail-rcpt.d: fix short-text description 2018-01-07 01:04:36 -05:00
Gisle Vanem
859ac36021 tool_getparam: Support size modifiers for --max-filesize
- Move the size modifier detection code from limit-rate to its own
  function so that it can also be used with max-filesize.

Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc.

For example --max-filesize 1G

Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html

Closes https://github.com/curl/curl/pull/2179
2017-12-26 02:01:48 -05:00
Daniel Stenberg
48c184a604
curl.1: mention http:// and https:// as valid proxy prefixes 2017-12-11 13:24:42 +01:00
Daniel Stenberg
76db03dd9a
curl.1: documented two missing valid exit codes 2017-12-11 13:11:47 +01:00
Daniel Stenberg
715f1f53e0
resolve: allow IP address within [] brackets
... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.

Added test 1324 to verify
Reported-by: Alex Malinovich

Fixes #2087
Closes #2091
2017-11-17 15:26:08 +01:00
Luca Boccassi
32828cc4fb
--interface: add support for Linux VRF
The --interface command (CURLOPT_INTERFACE option) already uses
SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP
address first, which fails in case the user passes a VRF.

Try to use the socket option immediately and parse it as a fallback
instead.  Update the documentation to mention this feature, and that it
requires the binary to be ran by root or with CAP_NET_RAW capabilities
for this to work.

Closes #2024
2017-11-09 13:20:11 +01:00
Patrick Monnerat
f82f952d2f cli tool: in -F option arg, comma is a delimiter for files only
Also upgrade test 1133 to cover this case and clarify man page about
form data quoting.

Bug: https://github.com/curl/curl/issues/2022
Reported-By: omau on github
2017-10-29 16:23:06 +01:00
Patrick Monnerat
665b3e48bc cli tool: reimplement stdin buffering in -F option.
If stdin is not a regular file, its content is memory-buffered to enable
a possible data "rewind".
In all cases, stdin data size is determined before real use to avoid
having an unknown part's size.

--libcurl generated code is left as an unbuffered stdin fread/fseek callback
part with unknown data size.

Buffering is not supported in deprecated curl_formadd() API.
2017-10-12 14:25:59 +01:00
Patrick Monnerat
14d6e207d3 docs: clarify form/mime usage of non-regular data files. 2017-10-08 16:15:23 +01:00
Nick Zitzmann
3e492e03b3 darwinssl: add support for TLSv1.3
Closes https://github.com/curl/curl/pull/1794
2017-10-05 00:51:38 -04:00
Patrick Monnerat
63ef436ea1 mime: implement encoders.
curl_mime_encoder() is operational and documented.
curl tool -F option is extended with ";encoder=".
curl tool --libcurl option generates calls to curl_mime_encoder().
New encoder tests 648 & 649.
Test 1404 extended with an encoder specification.
2017-09-05 17:55:51 +01:00
Patrick Monnerat
fec7a858b8 mime: use in curl cli tool instead of form API.
Extended -F option syntax to support multipart mail messages.
-F keyword headers= added to include custom headers in parts.
Documentation upgraded.
2017-09-02 18:17:33 +01:00
Daniel Stenberg
88c2e22734
request-target.d: mention added in 7.55.0 2017-08-22 14:48:33 +02:00
Daniel Stenberg
525fb7e16a
compressed-ssh.d: "Added: 7.56.0" 2017-08-17 09:49:33 +02:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00