Commit Graph

4194 Commits

Author SHA1 Message Date
Marcel Raad
60776a0515
curl-compilers: enable -Wbad-function-cast on GCC
This warning used to be enabled only for clang as it's a bit stricter
on GCC. Silence the remaining occurrences and enable it on GCC too.

Closes https://github.com/curl/curl/pull/2747
2018-08-21 18:53:45 +02:00
Daniel Stenberg
362e9cc89b
INTERNALS: require GnuTLS >= 2.11.3
Since the public pinning support was brought in e644866caf. GnuTLS
2.11.3 was released in October 2010.

Figured out in #2890
2018-08-21 10:45:20 +02:00
Daniel Stenberg
9dad3bd665
SSLCERTS: improve the openssl command line
... for extracting certs from a live HTTPS server to make a cacerts.pem
from them.
2018-08-20 14:05:28 +02:00
Daniel Stenberg
a040ff88e4
docs/SECURITY-PROCESS: now we name the files after the CVE id 2018-08-20 11:49:58 +02:00
Daniel Stenberg
39cb7130c3
TODO: host name sections in config files 2018-08-15 09:17:03 +02:00
Kamil Dudka
233908a55a docs: add disallow-username-in-url.d and haproxy-protocol.d on the list
... to make make the files appear in distribution tarballs

Closes #2856
2018-08-13 14:21:57 +02:00
Michael Kaufmann
b676b66f4d docs: Improve the manual pages of some callbacks
- CURLOPT_HEADERFUNCTION: add newlines
- CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
- CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
- CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
  how to set it

Closes https://github.com/curl/curl/pull/2868
2018-08-11 14:33:28 -04:00
Daniel Jelinski
53d211bfd1
Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug
Closes #2867
2018-08-10 23:45:08 +02:00
Daniel Stenberg
6fac5a3e65
docs: mention NULL is fine input to several functions
Fixes #2837
Closes #2858
Reported-by: Markus Elfring
2018-08-10 00:24:12 +02:00
Anderson Toshiyuki Sasaki
298d2565e2
ssl: set engine implicitly when a PKCS#11 URI is provided
This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.

Acked-by: Nikos Mavrogiannopoulos
Closes #2333
2018-08-08 09:46:01 +02:00
Daniel Stenberg
8bab3e2eba
DEPRECATE: remove release date from 7.62.0
Since it will slip and the version is the important part there, not the
date.
2018-08-04 00:21:16 +02:00
Jay Satiro
0898331474 examples/ephiperfifo: checksrc compliance 2018-07-29 15:06:00 -04:00
Daniel Stenberg
1fb8048abb
TODO: Support Authority Information Access certificate extension (AIA)
Closes #2793
2018-07-28 23:26:42 +02:00
Josh Bialkowski
7f5e570616
docs/examples: add hiperfifo example using linux epoll/timerfd
Closes #2804
2018-07-28 22:34:54 +02:00
Darío Hereñú
7212c4cd60
docs/INSTALL.md: minor formatting fixes
Closes #2794
2018-07-26 16:37:36 +02:00
Christopher Head
812d05daff
docs/CURLOPT_URL: fix indentation
The statement, “The application does not have to keep the string around
after setting this option,” appears to be indented under the RTMP
paragraph. It actually applies to all protocols, not just RTMP.
Eliminate the extra indentation.

Closes #2788
2018-07-26 16:26:49 +02:00
Christopher Head
9526cbe6bc
docs/CURLOPT_WRITEFUNCTION: size is always 1
For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.

This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.

Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.

Closes #2787
2018-07-26 16:24:43 +02:00
Rodger Combs
092f6815c8 darwinssl: add support for ALPN negotiation 2018-07-14 18:32:47 -05:00
Daniel Stenberg
29b78a537f
docs/SECURITY-PROCESS: mention bounty, drop pre-notify
+ The hackerone bounty and its process

- We don't and can't handle pre-notification
2018-07-12 12:32:54 +02:00
Daniel Stenberg
1f6e38e6af
examples/crawler.c: move #ifdef to column 0
Apparently the C => HTML converter on the web site doesn't quite like it
otherwise.

Reported-by: Jeroen Ooms
2018-07-11 11:47:21 +02:00
Daniel Stenberg
eb8138405a
release: 7.61.0 2018-07-11 07:57:42 +02:00
Daniel Stenberg
d3bd7cb388
TODO: Configurable loading of OpenSSL configuration file
Closes #2724
2018-07-10 10:57:20 +02:00
Daniel Stenberg
522236f55e
post303.d: clarify that this is an RFC violation
... and not the other way around, which this previously said.

Reported-by: Vasiliy Faronov
Fixes #2723
Closes #2726
2018-07-10 10:08:07 +02:00
Marcel Raad
5bd8c389a3
examples: fix -Wformat warnings
When size_t is not a typedef for unsigned long (as usually the case on
Windows), GCC emits -Wformat warnings when using lu and lx format
specifiers with size_t. Silence them with explicit casts to
unsigned long.

Closes https://github.com/curl/curl/pull/2721
2018-07-09 18:08:27 +02:00
Daniel Stenberg
6e61668b9c
KNOWN_BUGS: Stick to same family over SOCKS proxy 2018-07-06 09:31:52 +02:00
Daniel Stenberg
75105480dc
KNOWN_BUGS: Borland support is dropped, AIX problem is too old 2018-07-05 23:11:22 +02:00
Jeroen Ooms
74e0bde773
example/crawler.c: simple crawler based on libxml2
Closes #2706
2018-07-05 15:52:31 +02:00
Daniel Stenberg
91d03fce96
DEPRECATE: include year when specifying date 2018-07-02 23:41:06 +02:00
Daniel Stenberg
9aabe91c8d
DEPRECATE: linkified 2018-07-02 13:16:09 +02:00
Daniel Stenberg
d56feb610d
DEPRECATE: mention the PR that disabled axTLS 2018-07-02 09:41:07 +02:00
Daniel Stenberg
6b919801d0
docs/DEPRECATE.md: spelling and minor formatting 2018-07-02 08:14:53 +02:00
Daniel Stenberg
f5ba9cea0c
DEPRECATE: new doc describing planned item removals
Closes #2704
2018-07-02 07:46:38 +02:00
Daniel Stenberg
9679790b23 docs: fix missed option name markups 2018-06-30 18:33:07 +02:00
Daniel Stenberg
6015cefb1b
openssl: make the requested TLS version the *minimum* wanted
The code treated the set version as the *exact* version to require in
the TLS handshake, which is not what other TLS backends do and probably
not what most people expect either.

Reported-by: Andreas Olsson
Assisted-by: Gaurav Malhotra
Fixes #2691
Closes #2694
2018-06-29 22:53:02 +02:00
Daniel Stenberg
08c845cfdb
openssl: allow TLS 1.3 by default
Reported-by: Andreas Olsson
Fixes #2692
Closes #2693
2018-06-29 09:15:34 +02:00
Adrian Peniak
24cb114c53
CURLINFO_TLS_SSL_PTR.3: improve the example
The previous example was a little bit confusing, because SSL* structure
(or other "in use" SSL connection pointer) is not accessible after the
transfer is completed, therefore working with the raw TLS library
specific pointer needs to be done during transfer.

Closes #2690
2018-06-28 09:43:23 +02:00
Daniel Stenberg
be231ef88a
GOVERNANCE: linkify, changed some titles 2018-06-27 09:41:36 +02:00
Daniel Stenberg
a5ed2a2cdd
GOVERNANCE: add maintainer details/duties 2018-06-27 08:21:20 +02:00
Daniel Stenberg
810ce31886
CURLOPT_SSL_VERIFYPEER.3: fix syntax mistake
Follow-up to b6a16afa0a
2018-06-24 23:18:52 +02:00
Patrick Schlangen
b6a16afa0a
CURLOPT_SSL_VERIFYPEER.3: Add performance note
Closes #2673
2018-06-23 22:35:12 +02:00
Daniel Stenberg
dfb873e308
CURLOPT_INTERFACE.3: interface names not supported on Windows 2018-06-18 23:14:28 +02:00
Daniel Stenberg
f404f9a285
docs/RELEASE-PROCEDURE.md: renamed to use .md extension
Closes #2663
2018-06-15 16:51:12 +02:00
Daniel Stenberg
66f727c8b0
RELEASE-PROCEDURE: gpg sign the tags 2018-06-15 16:51:06 +02:00
Daniel Stenberg
a78c5c7aae
CURLOPT_HTTPAUTH.3: CURLAUTH_BEARER was added in 7.61.0 2018-06-15 11:17:02 +02:00
Daniel Stenberg
023e80e477
GOVERNANCE.md: explains how this project is run
Closes #2657
2018-06-14 17:11:47 +02:00
Daniel Stenberg
81758be831
KNOWN_BUGS: NTLM doen't support password with § character
Closes #2120
2018-06-14 14:04:48 +02:00
Daniel Stenberg
6bc8304488
KNOWN_BUGS: slow connect to localhost on Windows
Closes #2281
2018-06-14 13:55:45 +02:00
Daniel Stenberg
54066f5d09
TODO: "Option to refuse usernames in URLs" done
Implemented by Björn in 946ce5b61f
2018-06-13 11:24:34 +02:00
Robert Prag
9aefbff30d
schannel: support selecting ciphers
Given the contstraints of SChannel, I'm exposing these as the algorithms
themselves instead; while replicating the ciphersuite as specified by
OpenSSL would have been preferable, I found no way in the SChannel API
to do so.

To use this from the commandline, you need to pass the names of contants
defining the desired algorithms. For example, curl --ciphers
"CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM"
https://github.com The specific names come from wincrypt.h

Closes #2630
2018-06-12 12:08:40 +02:00
Daniel Stenberg
7e799d22d6
RELEASE-PROCEDURE: update the release calendar for 2019 2018-06-11 08:36:30 +02:00