Commit Graph

3632 Commits

Author SHA1 Message Date
Daniel Stenberg
63198a4750 curl.1: the new --proxy options ship in 7.52.0 2016-11-25 00:14:39 +01:00
Daniel Stenberg
6832c1d4b2 checksrc: move open braces to comply with function declaration style 2016-11-24 23:58:22 +01:00
Daniel Stenberg
8657c268e1 checksrc: white space edits to comply to stricter checksrc 2016-11-24 23:58:22 +01:00
Daniel Stenberg
dbadaebfc4 checksrc: code style: use 'char *name' style 2016-11-24 23:58:22 +01:00
Okhin Vasilij
c6da05a5ec HTTPS-proxy: fixed mbedtls and polishing 2016-11-24 23:41:45 +01:00
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Jay Satiro
a4d888857e http2: Use huge HTTP/2 windows
- Improve performance by using a huge HTTP/2 window size.

Bug: https://github.com/curl/curl/issues/1102
Reported-by: afrind@users.noreply.github.com
Assisted-by: Tatsuhiro Tsujikawa
2016-11-16 17:35:11 -05:00
Daniel Stenberg
342aa4797e cmdline-docs: more conversion 2016-11-16 15:15:57 +01:00
Daniel Stenberg
c3c1e96185 gen: support 'protos'
and warn on unrecognized lines
2016-11-16 15:13:17 +01:00
Daniel Stenberg
5781e3653e gen: support 'single' to make an individual page man page 2016-11-16 11:41:02 +01:00
Daniel Stenberg
41b1f649bf cmdline-docs: more options converted over 2016-11-16 10:42:51 +01:00
Daniel Stenberg
81e61cda39 gen: support 'redirect'
... and warn for too long --help lines
2016-11-16 10:42:50 +01:00
Daniel Stenberg
1ef1f10cab cmdline/gen: replace options in texts better 2016-11-16 08:23:36 +01:00
Jay Satiro
7f439f1652 curl.1: Clarify --dump-header only writes received headers 2016-11-16 01:40:23 -05:00
Alex Chan
771f3f22dd docs: Spelling fixes 2016-11-15 15:41:45 +01:00
Kamil Dudka
cfd69c1339 docs: the next release will be 7.52.0 2016-11-15 12:21:00 +01:00
Daniel Stenberg
b8c35f40f9 cmdline-opts: support generating the --help output 2016-11-15 09:08:50 +01:00
Daniel Stenberg
f82bbe01c8 curl: add --fail-early
Exit with an error on the first transfer error instead of continuing to
do the rest of the URLs.

Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-14 08:35:40 +01:00
Daniel Stenberg
050aa80309 cmdline-opts: first test version of a new man page generator kit
See MANPAGE.md for the description of how this works. Each command line
option is now described in a separate .d file.
2016-11-13 23:40:12 +01:00
Daniel Hwang
cdfda3ee82 curl: Add --retry-connrefused
to consider ECONNREFUSED as a transient error.

Closes #1064
2016-11-11 10:00:54 +01:00
Daniel Stenberg
1299df6868 CODE_STYLE.md: link to INTERNALS.md correctly 2016-11-09 09:56:13 +01:00
Daniel Stenberg
dfcdaaba37 examples/fileupload.c: fclose the file as well 2016-11-08 23:00:43 +01:00
Daniel Stenberg
c2bc47ddb8 curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept
Reported-by: Frank Gevaerts
2016-11-08 15:28:04 +01:00
Kamil Dudka
a110a03b43 curl: introduce the --tlsv1.3 option to force TLS 1.3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 12:07:11 +01:00
Kamil Dudka
6ad3add606 vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 11:52:07 +01:00
Daniel Stenberg
27302abb94 s/cURL/curl
We're mostly saying just "curl" in lower case these days so here's a big
cleanup to adapt to this reality. A few instances are left as the
project could still formally be considered called cURL.
2016-11-07 10:36:23 +01:00
Daniel Stenberg
677d8b3fec curl.1: explain the SMTP data expected for -T
Fixes #1107

Reported-by: Adam Piggott
2016-11-07 08:33:02 +01:00
Daniel Stenberg
c8e6e60b40 docs: shorten and simplify the top comment in multi-uv.c
and change URL to use https
2016-11-03 12:44:38 +01:00
Andrei Sedoi
82b6fd4112 docs: handle CURL_POLL_INOUT in multi-uv example 2016-11-03 12:32:14 +01:00
Andrei Sedoi
e6882ce484 docs: multi-uv: don't use CURLMsg after cleanup 2016-11-03 12:32:14 +01:00
Andrei Sedoi
b1aeed302d docs: remove unused variables in multi-uv example 2016-11-03 12:32:14 +01:00
Daniel Stenberg
3c561c657c THANKS: synced with 7.51.0 2016-11-02 07:34:06 +01:00
Daniel Stenberg
1fe755f99d RELEASE-NOTES: 7.51.0 2016-11-02 07:34:06 +01:00
Daniel Stenberg
e5c49b9e69 curl.1: typo 2016-11-01 10:27:40 +01:00
Daniel Stenberg
b744950f43 curl.1: expand on how multiple uses of -o looks
Suggested-by: Dan Jacobson
Issue: https://github.com/curl/curl/issues/1097
2016-11-01 10:24:49 +01:00
Daniel Stenberg
53e71e47d6 unescape: avoid integer overflow
CVE-2016-8622

Bug: https://curl.haxx.se/docs/adv_20161102H.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
Daniel Stenberg
fba28277ca TODO: remove IDNA2008 2016-10-31 08:46:35 +01:00
Jay Satiro
164ee10b0b INTERNALS: better markdown (follow-up)
- Wrap more words with underscores in backticks.

Follow-up to 13f4913.
2016-10-31 00:38:27 -04:00
Daniel Stenberg
13f4913303 INTERNALS: better markdown
words with underscore need to be within `these`

Bug: https://github.com/curl/curl-www/issues/19
Reported-by : Jay Satiro
2016-10-30 23:46:11 +01:00
Daniel Stenberg
d0623f856c BINDINGS: converted to markdown
To make it render better on the web site, at the price of it becoming
slightly less readable as text.
2016-10-28 09:54:39 +02:00
Jay Satiro
568037f6af CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
- Clarify that this option is only for HTTP/1.1 pipelining.

Bug: https://github.com/curl/curl/issues/1059
Reported-by: Jeroen Ooms

Assisted-by: Daniel Stenberg
2016-10-27 23:15:41 -04:00
Daniel Stenberg
4eb7657a13 KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted
Closes #927
2016-10-27 23:47:59 +02:00
Daniel Stenberg
c443a8ce21 KNOWN_BUGS: c-ares deviates from stock resolver on http://1346569778
Closes #893
2016-10-27 23:46:13 +02:00
Daniel Stenberg
a65db0bbcb SECURITY: minor updates
- we allow the security push up to 48 hours before the release

- add a mention about possible pre-notifications

- lower case the 'curl-security' title
2016-10-27 10:21:52 +02:00
Andrei Sedoi
50ef91b59a docs: fix req->data in multi-uv example
Closes #1088
2016-10-27 09:14:24 +02:00
Daniel Stenberg
4d7fc0a9bb TODO: indent code to make it render properly 2016-10-24 14:03:08 +02:00
Daniel Stenberg
cc8c8f957e TODO: Remove the generated include file 2016-10-24 13:38:29 +02:00
Daniel Stenberg
21b9e54058 TODO: add "--retry should resume"
See #1084
2016-10-24 11:56:26 +02:00
Daniel Stenberg
f435308cfa mk-ca-bundle.1: document -k
Brought in 1ad2bdcf11. Now does HTTPS by default and needs -k to
fall back to plain HTTP.
2016-10-24 10:24:27 +02:00
Dan Fandrich
50ee3aaf1a INSTALL.md: Updated minimum file sizes for 7.50.3 2016-10-23 22:42:19 +02:00