- Add an explanation of the CURL_BLOB_COPY flag to CURLOPT_CAINFO_BLOB
and CURLOPT_PROXY_CAINFO_BLOB docs.
All the other _BLOB option docs already have the same explanation.
Closes https://github.com/curl/curl/pull/12277
Remove the CURL_CA_FALLBACK logic. That build option was added to allow
primarily OpenSSL to use the default paths for loading the CA certs. For
GnuTLS it was instead made to load the "system certs", which is
different and not desirable.
The native CA store loading is now asked for with this option.
Follow-up to 7b55279d1d
Co-authored-by: Jay Satiro
Closes#12137
- Warn that the user's debug callback may be called with the handle
parameter set to an internal handle.
Without this warning the user may assume that the only handles their
debug callback receives are the easy handles on which they set
CURLOPT_DEBUGFUNCTION.
This is a follow-up to f8cee8cc which changed DoH handles to inherit
the debug callback function set in the user's easy handle. As a result
those handles are now passed to the user's debug callback function.
Closes https://github.com/curl/curl/pull/12034
Previously it would only stop them from getting started if the size is
known to be too big then.
Update the libcurl and curl docs accordingly.
Fixes#11810
Reported-by: Elliot Killick
Assisted-by: Jay Satiro
Closes#11820
At least FreeBSD preserves cwd across makefile lines, so rules
consisting of more than one "cd X; do_something" must be explicitly run
in a subshell to avoid this. This problem caused the Cirrus FreeBSD
build to fail when parallel make jobs were enabled.
- delete completed TODO from `./CMakeLists.txt`.
- convert a C++ comment to C89 in `./CMake/CurlTests.c`.
- delete duplicate EOLs from EOF.
- add missing EOL at EOF.
- delete whitespace at EOL (except from expected test results).
- convert tabs to spaces.
- convert CRLF EOLs to LF in GHA yaml.
- text casing fixes in `./CMakeLists.txt`.
- fix a codespell typo in `packages/OS400/initscript.sh`.
Closes#11772
- Remove the out-of-date SSL backend list supported by
CURLOPT_SSL_CTX_FUNCTION.
It makes more sense to just refer to that document instead of having
a separate list that has to be kept in sync.
Closes https://github.com/curl/curl/pull/11665
We remove support for building curl with gskit.
- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
- no CI builds use or verify this backend
- gskit, or the curl adaption for it, lacks many modern TLS features
making it an inferior solution
- build breakages in this code take weeks or more to get detected
- fixing gskit code is mostly done "flying blind"
This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has
been mentioned on the curl-library mailing list.
It could be brought back, this is not a ban. Given proper effort and
will, gskit support is welcome back into the curl TLS backend family.
Closes#11460
It was previously unlimited by default, but that's not a sensible
default. While changing this has a remote risk of breaking an existing
use case, I figure it is more likely to actually save users from loops.
Closes#11581
- If the user set a legacy algorithm list (CURLOPT_SSL_CIPHER_LIST) then
use the SCHANNEL_CRED legacy structure to pass the list to Schannel.
- If the user set both a legacy algorithm list and a TLS 1.3 cipher list
then abort.
Although MS doesn't document it, Schannel will not negotiate TLS 1.3
when SCHANNEL_CRED is used. That means setting a legacy algorithm list
limits the user to earlier versions of TLS.
Prior to this change, since 8beff435 (precedes 7.85.0), libcurl would
ignore legacy algorithms in Windows 10 1809 and later.
Reported-by: zhihaoy@users.noreply.github.com
Fixes https://github.com/curl/curl/pull/10741
Closes https://github.com/curl/curl/pull/10746
- Update the OpenSSL connect state machine to handle
SSL_ERROR_WANT_RETRY_VERIFY.
This allows libcurl users that are using custom certificate validation
to suspend processing while waiting for external I/O during certificate
validation.
Closes https://github.com/curl/curl/pull/11499
Fix the distcheck CI failure and delete more NSS references.
Follow-up to 7c8bae0d9c
Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Closes#11548
- Implement AUTH=+LOGIN for CURLOPT_LOGIN_OPTIONS to prefer plaintext
LOGIN over SASL auth.
Prior to this change there was no method to be able to fall back to
LOGIN if an IMAP server advertises SASL capabilities. However, this may
be desirable for e.g. a misconfigured server.
Per: https://www.ietf.org/rfc/rfc5092.html#section-3.2
";AUTH=<enc-auth-type>" looks to be the correct way to specify what
authenication method to use, regardless of SASL or not.
Closes https://github.com/curl/curl/pull/10041
- add an `id` long to Curl_easy, -1 on init
- once added to a multi (or its own multi), it gets
a non-negative number assigned by the connection cache
- `id` is unique among all transfers using the same
cache until reaching LONG_MAX where it will wrap
around. So, not unique eternally.
- CURLINFO_CONN_ID returns the connection id attached to
data or, if none present, data->state.lastconnect_id
- variables and type declared in tool for write out
Closes#11185
The behavior of CURLOPT_UPLOAD differs from what is described in the
documentation. The option automatically adds the 'Transfer-Encoding:
chunked' header if the upload size is unknown.
Closes#11300
These two functions were added in 7.44.0 when CURLMOPT_PUSHFUNCTION was
introduced but always lived a life in the shadows, embedded in the
CURLMOPT_PUSHFUNCTION man page. Until now.
It makes better sense and gives more visibility to document them in
their own stand-alone man pages.
Closes#11286
Hook the new (1.11.0 or newer) libssh2 support for setting a read timeout
into the SERVER_RESPONSE_TIMEOUT option. With this done, clients can use
the standard curl response timeout setting to also control the time that
libssh2 will wait for packets from a slow server. This is necessary to
enable use of very slow SFTP servers.
Signed-off-by: Daniel Silverstone <daniel.silverstone@codethink.co.uk>
Closes#10965
To reduce the damage an application can cause if using -1 or other
ridiculous timeout values and letting the cache live long times.
The maximum number of entries in the DNS cache is now totally
arbitrarily and hard-coded set to 29999.
Closes#11084
