Commit Graph

2839 Commits

Author SHA1 Message Date
Steve Holme
0574196acb docs: Added Kerberos V5 to the --user SSPI current credentials usage 2014-08-16 10:16:05 +01:00
Kamil Dudka
cb1f18661a docs/SSLCERTS: update the section about NSS database
Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html
Reported-by: David Shaw
2014-08-11 16:49:54 +02:00
Michael Osipov
37f0e8a32c docs: Update SPNEGO and GSS-API related doc sections
Reflect recent changes in SPNEGO and GSS-API code in the docs.
Update them with appropriate namings and remove visible spots for
GSS-Negotiate.
2014-08-09 00:08:51 +01:00
Steve Holme
f719a97e12 docs: Added Negotiate to the SSPI current credentials usage description 2014-08-07 08:04:40 +01:00
Steve Holme
6c6983f477 TODO: HTTP Digest via Windows SSPI 2014-08-06 22:58:42 +01:00
Steve Holme
c399f6eeb2 TODO: FTP GSSAPI via Windows SSPI 2014-08-06 21:54:27 +01:00
Daniel Stenberg
e4f6adb023 CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it 2014-08-02 23:09:22 +02:00
Daniel Stenberg
8da2124060 FEATURES: minor update 2014-08-01 09:00:06 +02:00
Michael Wallner
7bb4c8cadb CURLOPT_HEADEROPT.3: typo: do -> to 2014-07-31 17:52:08 +02:00
Daniel Stenberg
0c23ec232b curl_version_info.3: 'ssl_version_num' is always 0
... and has been so since 2005
2014-07-31 12:27:15 +02:00
Daniel Stenberg
a439e438f3 ssl: generalize how the ssl backend identifier is set
Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
one which was missing previously.
2014-07-31 12:19:51 +02:00
Dan Fandrich
524bb823c9 opts: fixed some typos 2014-07-30 23:37:24 +02:00
Michael Wallner
df52f3500c curl_tlsinfo -> curl_tlssessioninfo 2014-07-30 11:11:29 +02:00
Daniel Stenberg
37faf55e17 libcurl.m4: include the standard source header
... with permission from David Shaw
2014-07-29 00:06:36 +02:00
Daniel Stenberg
821d4a1e55 symbols: CURL_VERSION_GSSNEGOTIATE is deprecated 2014-07-24 23:47:32 +02:00
Daniel Stenberg
81cd24adb8 http2: more and better error checking
1 - fixes the warnings when built without http2 support

2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
basically when they are about http2 specific things.
2014-07-23 09:23:56 +02:00
Daniel Stenberg
cc52d776dd symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0 2014-07-23 00:01:39 +02:00
Alessandro Ghedini
6f8046f7a4 CURLOPT_CHUNK_BGN_FUNCTION: fix typo 2014-07-19 21:27:38 +02:00
Daniel Stenberg
da172b0dde THANKS: added new contributors from 7.37.1 announcement 2014-07-17 13:18:46 +02:00
David Woodhouse
9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00
Steve Holme
f9b80cded7 CURLOPT_UPLOAD: Corrected argument type 2014-07-10 22:30:43 +01:00
Daniel Stenberg
6273b23a05 FAQ: expand the thread-safe section
... with a mention of *NOSIGNAL, based on talk in bug #1386
2014-07-09 22:07:36 -05:00
Dan Fandrich
3ae2b6cd7f Update instances of some obsolete CURLOPTs to their new names 2014-07-05 22:47:13 +02:00
Dimitrios Siganos
22eb00f937 example: use correct type (long) for CURLOPT_FOLLOWLOCATION 2014-07-03 22:47:28 +02:00
Dimitrios Siganos
afbd5f978e Document type of argument for CURLOPT_FOLLOWLOCATION. 2014-07-03 22:44:45 +02:00
Dimitrios Siganos
7441c6d7af Document type of argument for CURLOPT_ERRORBUFFER. 2014-07-03 22:44:45 +02:00
Dimitrios Siganos
3e0443239a Document type of argument for CURLOPT_COPYPOSTFIELDS. 2014-07-03 22:44:45 +02:00
Dimitrios Siganos
8b8cc85d8d Document type of argument for CURLOPT_ADDRESS_SCOPE. 2014-07-03 22:44:45 +02:00
Daniel Stenberg
97db9fb653 curl.1: minor language fix
Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
2014-07-03 22:37:43 +02:00
Dan Fandrich
1c1d9a3a86 opts: fixed some CURLOPT references so they get turned into links 2014-07-02 21:40:39 +02:00
Dan Fandrich
46a886cd48 opts: Document the socket callback function parameters 2014-07-01 08:12:11 +02:00
Steve Holme
1b6bc02fb9 opts: Fixed some typos 2014-06-28 12:40:06 +01:00
Dan Fandrich
057cc2e915 curl_easy_setopt.3: fixed the error code for an unsupported option 2014-06-25 22:33:32 +02:00
Dan Fandrich
d8287ca8bc opts: added some DEFAULT and RETURN VALUE sections 2014-06-24 00:00:34 +02:00
Daniel Stenberg
cf1f8d4528 libcurl docs: man page edits
mainly to improve how the web versions render
2014-06-21 23:52:06 +02:00
Dan Fandrich
c66c2dd755 curl_easy_setopt.3: fixed some typos 2014-06-21 20:43:04 +02:00
Daniel Stenberg
c7e491f9c2 lib man pages: update easy setopt option references
... by using the "\fIopt(3)\fP" syntax they will be linked properly when
the web version of the page is generated.
2014-06-21 20:21:47 +02:00
Daniel Stenberg
7d618c477f opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default 2014-06-21 20:03:35 +02:00
Daniel Stenberg
ac5b6f8082 curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception
... to the always-copy-char *-argument.

And fix some minor mistakes.
2014-06-21 19:46:45 +02:00
Daniel Stenberg
ecacdb3430 curl_easy_setopt.3: refer to the individual man pages
With all the new individual option man pages created, this now refers to
each separate one instead of duplicaing the info. Also makes this page
easier to overview.
2014-06-21 15:45:50 +02:00
Dan Fandrich
d4cc9db64d opts: fixed mancheck for out-of-tree builds 2014-06-21 11:22:04 +02:00
Daniel Stenberg
31b28a0942 curl_easy_setopt.3: shorten
shorten descriptions, mostly refer to the separate descriptions
2014-06-21 00:04:13 +02:00
Daniel Stenberg
25a975408e CURLOPT_DNS_LOCAL_IP4.3: better short desc 2014-06-21 00:04:13 +02:00
Dan Fandrich
c088f29b98 opts: document CURLE_OUT_OF_MEMORY among other return values 2014-06-20 23:43:46 +02:00
Dan Fandrich
59d5b4ce06 opts: fixed some typos 2014-06-20 23:31:06 +02:00
Daniel Stenberg
68d1bea5fc opts: various corrections 2014-06-20 01:10:34 +02:00
Daniel Stenberg
662f749cec opts: add the rest of the options
... and fixed mancheck to ignore obsolete options
2014-06-20 01:02:49 +02:00
Daniel Stenberg
290e1bbe0d opts: the final bunch of options as man pages
Now all current options have their own man pages.
2014-06-20 00:58:18 +02:00
Daniel Stenberg
a6cd174b2e opts: 37 additional man pages 2014-06-19 17:59:13 +02:00
Daniel Stenberg
fede49532d CURLOPT_URL: move up the text from "Notes" 2014-06-19 15:11:49 +02:00