mirror of
https://github.com/curl/curl.git
synced 2025-02-17 14:59:45 +08:00
54e7475016
- Disable auto credentials by default. This is a breaking change for clients that are using it, wittingly or not. - New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl to automatically locate and use a client certificate for authentication, when requested by the server. - New curl tool options --ssl-auto-client-cert and --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT. This option is only supported for Schannel (the native Windows SSL library). Prior to this change Schannel would, with no notification to the client, attempt to locate a client certificate and send it to the server, when requested by the server. Since the server can request any certificate that supports client authentication in the OS certificate store it could be a privacy violation and unexpected. Fixes https://github.com/curl/curl/issues/2262 Reported-by: Jeroen Ooms Assisted-by: Wes Hinsley Assisted-by: Rich FitzJohn Ref: https://curl.se/mail/lib-2021-02/0066.html Reported-by: Morten Minde Neergaard Closes https://github.com/curl/curl/pull/6673 |
||
|---|---|---|
| .. | ||
| cmdline-opts | ||
| examples | ||
| libcurl | ||
| .gitignore | ||
| ALTSVC.md | ||
| BINDINGS.md | ||
| BUFREF.md | ||
| BUG-BOUNTY.md | ||
| BUGS.md | ||
| CHECKSRC.md | ||
| CIPHERS.md | ||
| CMakeLists.txt | ||
| CODE_OF_CONDUCT.md | ||
| CODE_REVIEW.md | ||
| CODE_STYLE.md | ||
| CONTRIBUTE.md | ||
| curl-config.1 | ||
| CURL-DISABLE.md | ||
| DEPRECATE.md | ||
| DYNBUF.md | ||
| ECH.md | ||
| EXPERIMENTAL.md | ||
| FAQ | ||
| FEATURES.md | ||
| GOVERNANCE.md | ||
| HELP-US.md | ||
| HISTORY.md | ||
| HSTS.md | ||
| HTTP2.md | ||
| HTTP3.md | ||
| HTTP-COOKIES.md | ||
| HYPER.md | ||
| INSTALL | ||
| INSTALL.cmake | ||
| INSTALL.md | ||
| INTERNALS.md | ||
| KNOWN_BUGS | ||
| MAIL-ETIQUETTE | ||
| Makefile.am | ||
| MANUAL.md | ||
| mk-ca-bundle.1 | ||
| MQTT.md | ||
| NEW-PROTOCOL.md | ||
| options-in-versions | ||
| PARALLEL-TRANSFERS.md | ||
| README.md | ||
| RELEASE-PROCEDURE.md | ||
| ROADMAP.md | ||
| RUSTLS.md | ||
| SECURITY-PROCESS.md | ||
| SSL-PROBLEMS.md | ||
| SSLCERTS.md | ||
| THANKS | ||
| THANKS-filter | ||
| TheArtOfHttpScripting.md | ||
| TODO | ||
| URL-SYNTAX.md | ||
| VERSIONS.md | ||
Documentation
You'll find a mix of various documentation in this directory and subdirectories, using several different formats. Some of them are not ideal for reading directly in your browser.
If you'd rather see the rendered version of the documentation, check out the curl website's documentation section for general curl stuff or the libcurl section for libcurl related documentation.