Commit Graph

425 Commits

Author SHA1 Message Date
Daniel Stenberg
da82f59b69 CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value
After a research team wrote a document[1] that found several live source
codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST
option thinking it was a boolean, this change now bans 1 as a value and
will make libcurl return error for it.

1 was never a sensible value to use in production but was introduced
back in the days to help debugging. It was always documented clearly
this way.

1 was never supported by all SSL backends in libcurl, so this cleanup
makes the treatment of it unified.

The report's list of mistakes for this option were all PHP code and
while there's a binding layer between libcurl and PHP, the PHP team has
decided that they have an as thin layer as possible on top of libcurl so
they will not alter or specifically filter a 'TRUE' value for this
particular option. I sympathize with that position.

[1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
2012-11-06 19:46:53 +01:00
Daniel Stenberg
41a3bff3da curl_easy_setopt: documented CURLSOCKTYPE_ACCEPT for SOCKOPTFUNCTION 2012-08-16 23:34:23 +02:00
Kamil Dudka
f208bf5a2d docs: update the links to cipher-suites supported by NSS
... and make the list of cipher-suites in nss.c readable by humans.

Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html
2012-08-09 16:24:53 +02:00
Armel Asselin
0774386b23 docs: mention CURLSSH_AUTH_AGENT 2012-08-08 23:03:11 +02:00
Daniel Stenberg
8a279d2275 curl_easy_setopt: fix typo
Reported by: Santhana Todatry
2012-07-24 00:29:39 +02:00
Dan Fandrich
cb787b70bf Fixed some typos in documentation 2012-07-20 21:02:58 +02:00
Steve Holme
1eb74f94c4 DOCS: Added clarification to CURLOPT_CUSTOMREQUEST for the POP3 protocol
Bug: http://curl.haxx.se/mail/lib-2012-06/0302.html
Reported by: Nagai H
2012-06-24 23:23:30 +01:00
Daniel Stenberg
b511486fcd curl_easy_setopt.3: proto updates + cleanups
- For all *FUNCTION options, they now all show the complete prototype in
  the description. Previously some of them would just refer to a
  typedef'ed function pointer in the curl.h header.

- I made the phrasing of that "Pass a pointer to a function that matches
  the following prototype" the same for all *FUNCTION option descriptions.

- I removed some uses of 'should'. I think I sometimes over-use this
  word as in many places I actually mean MUST or otherwise more specific
  and not-so-optional synonyms.
2012-06-04 20:03:13 +02:00
Steve Holme
3124a8df93 DOCS: Corrected the "Added in" version number for CURLOPT_MAIL_AUTH
Additionally corrected another RFC link that I missed yesterday.
2012-05-27 20:04:36 +01:00
Steve Holme
efb8471a69 DOCS: Fixed line spacing of authentication examples in CURLOPT_URL 2012-05-26 14:15:33 +01:00
Steve Holme
25c1b29226 DOCS: Changed domain names in various examples to example.com
Updated various references of real domain names to example.com as per
RFC-2606.
2012-05-26 14:05:45 +01:00
Steve Holme
2839c059b1 DOCS: Fixed meaning of bit 2 in CURLOPT_POSTREDIR
Setting bit 2 for this value was documented as having a constant value
defined as CURL_REDIR_POST_303 yet referenced a 302 request.

Additionally corrected the meaning of CURL_REDIR_POST_ALL for all three
bits and fixed problems with the bolding of keywords in this section.
2012-05-26 13:08:37 +01:00
Steve Holme
cb9e2e8466 DOCS: Standardised how RFCs are referenced.
Standardised how RFCs are referenced so that the website may autolink to
the correct documentation on ietf.org. Additionally removed the one link
to RFC3986 on curl.haxx.se.
2012-05-26 12:26:35 +01:00
Steve Holme
4f3ec68dc7 DOCS: Added LDAP to the CURLOPT_URL section 2012-05-24 21:17:00 +01:00
Steve Holme
b1f081f6e6 DOCS: Updated version number for features added in the pending release 2012-05-22 20:20:59 +01:00
Daniel Stenberg
92f841aef7 NTLM: is supported in GnuTLS builds too
... since commit 9a4c887c4a introduced in libcurl 7.19.4
2012-05-12 23:15:51 +02:00
Daniel Stenberg
3ebcfdda36 CURLOPT_HEADERFUNCTION: works for non-HTTP protocols too 2012-05-07 00:13:46 +02:00
Claes Jakobsson
77bac26587 Add note about default timeout in CURLOPT_TIMEOUT 2012-05-03 13:49:55 +02:00
Andrei Cipu
0b516b7162 CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URL
As it turns out, some people do want that after all.
2012-04-05 23:29:21 +02:00
Armel Asselin
05a443adf2 SSH: public key can now be an empty string
If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will
pass no public key to libssh2 which then tries to compute it from the
private key. This is known to work when libssh2 1.4.0+ is linked against
OpenSSL.
2012-04-01 20:22:37 +02:00
Steve Holme
a9086e8a4b DOCS: Added information regarding POP3 commands to CURLOPT_CUSTOMREQUEST 2012-03-31 18:50:04 +01:00
Armel Asselin
b50e9e9e9e CURLSSH_OPT_AUTH: documented it has no effect 2012-03-10 16:15:23 +01:00
Daniel Stenberg
d185960a6d libcurl docs: version corrections
Correct some inconsistencies in which version some things were added.

Bug: http://curl.haxx.se/bug/view.cgi?id=3494091
Reported by: "curlybugs"
2012-02-25 19:34:08 +01:00
Kamil Dudka
674699b212 docs: mention that NTLM works with NSS, too 2012-02-16 12:20:57 +01:00
Steve Holme
154c0d4b93 DOCS: Added information for CURLOPT_MAIL_AUTH.
Added information relating to the new CURLOPT_MAIL_AUTH parameter and
reworked CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT to be a clearer.

Fixed inconsistencies of "vocalisation of the abbreviation" versus
"vocalisation of the first word" for all abbreviations.

Corrected a typo in CURLOPT_NOPROXY.
2012-02-15 21:51:48 +01:00
Daniel Stenberg
ea4ceca222 s/7.24.1/7.25.0
We will go straight to 7.25.0 due to the new additions
2012-02-13 23:57:18 +01:00
Daniel Stenberg
2a699bc6e9 CURLOPT_SSL_OPTIONS: added
Allow an appliction to set libcurl specific SSL options. The first and
only options supported right now is CURLSSLOPT_ALLOW_BEAST.

It will make libcurl to disable any work-arounds the underlying SSL
library may have to address a known security flaw in the SSL3 and TLS1.0
protocol versions.

This is a reaction to us unconditionally removing that behavior after
this security advisory:

http://curl.haxx.se/docs/adv_20120124B.html

... it did however cause a lot of programs to fail because of old
servers not liking this work-around. Now programs can opt to decrease
the security in order to interoperate with old servers better.
2012-02-09 22:22:54 +01:00
Dave Reisner
705f0f7a5b add library support for tuning TCP_KEEPALIVE
This adds three new options to control the behavior of TCP keepalives:

- CURLOPT_TCP_KEEPALIVE: enable/disable probes
- CURLOPT_TCP_KEEPIDLE: idle time before sending first probe
- CURLOPT_TCP_KEEPINTVL: delay between successive probes

While not all operating systems support the TCP_KEEPIDLE and
TCP_KEEPINTVL knobs, the library will still allow these options to be
set by clients, silently ignoring the values.
2012-02-09 18:53:51 +01:00
Dan Fandrich
75b6f7d9ef curl_easy_setopt.3: Fixed SEEKDATA & CLOSESOCKETDATA descriptions 2012-01-24 21:31:57 -08:00
Daniel Stenberg
6e2fd2c9ea CURLOPT_ACCEPTTIMEOUT_MS: spellfix 2012-01-22 00:00:55 +01:00
Daniel Stenberg
0f8239d5b4 curl_easy_setopt: refer to the most recent URI RFC 2012-01-03 23:39:22 +01:00
Daniel Stenberg
26ce3ac328 libcurl docs: add the new FTP accept option + errors 2011-12-20 23:14:18 +01:00
Steve Holme
ee3d3adc6f DOCS: Added SMTP information to CURLOPT_INFILESIZE 2011-12-19 11:08:01 +01:00
Alessandro Ghedini
cd4cd66839 docs: fix typo in curl_easy_setopt manpage 2011-12-15 17:25:07 +01:00
Jason Glasgow
6e4835c795 CURLOPT_INTERFACE: avoid resolving interfaces names
Do not try to resolve interfaces names via DNS by recognizing interface
names in a few ways.  If the interface option argument has a prefix of
"if!" then treat the argument as only an interface.  Similarly, if the
interface argument is the name of an interface (even if it does not have
an IP address assigned), treat it as an interface name.  Finally, if the
interface argument is prefixed by "host!" treat it as a hostname that
must be resolved by /etc/hosts or DNS.

These changes allow a client using the multi interfaces to avoid
blocking on name resolution if the interface loses its IP address or
disappears.
2011-12-12 23:12:37 +01:00
Daniel Stenberg
361cd03d58 CURLOPT_CONNECTTIMEOUT: default is 300 seconds
If the option is set to 0, the default timeout will be used - which in
modern libcurl versions equals 300 seconds (== 5 minutes).

Bug: http://curl.haxx.se/mail/lib-2011-12/0051.html
Reported by: Vladimir Grishchenko
2011-12-05 23:19:50 +01:00
Daniel Stenberg
088ba97a24 FTP: call opensocket callback properly
When the new socket is created for an active connection, it is now done
using the open socket callback.

Test case 596 was modified to run fine, although it hides the fact that
the close callback is still called too many times, as it also gets
called for closing sockets that were created with accept().
2011-12-05 11:42:10 +01:00
Daniel Stenberg
66617b79d7 CURLOPT_QUOTE: SFTP supports the '*'-prefix now 2011-11-18 20:27:07 +01:00
Jason Glasgow
8d0a504f0d CURLOPT_DNS_SERVERS: set name servers if possible 2011-11-17 22:52:33 +01:00
Daniel Stenberg
5850cc4808 curl_easy_setopt.3: headers can be CURL_MAX_HTTP_HEADER bytes
Mention this maximum header size for the header callback cases
2011-10-24 16:43:53 +02:00
Daniel Stenberg
e771344611 curl_easy_setopt.3: fix typo
shoot, Dan Fandrich already had this pointed out...
2011-10-24 00:13:47 +02:00
Steve Holme
a4471045bb curl_easy_setopt: Added pop3 to CURLOPT_URL.
Added pop3 username and password example as well as an explanation of
how path part of the URL is used under pop3.

Additionally have corrected a couple of typos.
2011-10-24 00:10:58 +02:00
Dan Fandrich
5898a6a09b curl_easy_setopt: Added scp and sftp to the URL section 2011-09-28 21:39:48 -07:00
Steve Holme
57fffa728b curl_easy_setopt: A brief tidy up
Slight rewording of the CURLOPT_URL SMTP sub-section.

Corrected the incorrect use of hyphens on the three uses of
"zero-terminated" with "zero terminated" to match the rest of the
document.

Corrected the use of an out of place hyphen in CURLOPT_NOPROXY section.
2011-09-28 23:31:37 +02:00
Yang Tse
d9f686db88 remove short-lived CURL_WRITEFUNC_OUT_OF_MEMORY 2011-09-26 13:05:42 +02:00
Yang Tse
119f43360b allow write callbacks to indicate OOM to libcurl
Allow (*curl_write_callback) write callbacks to return
CURL_WRITEFUNC_OUT_OF_MEMORY to properly indicate libcurl of OOM conditions
inside the callback itself.
2011-09-25 19:05:46 +02:00
Daniel Stenberg
00532341b5 CURLOPT_URL docs: no need to mention function names 2011-09-18 23:42:29 +02:00
Steve Holme
dae0b7d1aa CURLOPT_URL: Expanded URL description
Expanded the section about CURLOPT_URL to include the format of the URL
and detailed information and examples relating to specific protocols.
2011-09-18 23:38:08 +02:00
Dan Fandrich
9dfd7a3d13 Document NTLM winbind options (and caveats) 2011-09-12 14:45:37 -07:00
Kamil Dudka
f5ad192d23 docs: the next release is going to be 7.22.0 2011-08-24 23:51:21 +02:00
Kamil Dudka
a7864c41db curl_gssapi: refine the handling of CURLOPT_GSSAPI_DELEGATION
Suggested by Richard Silverman.
2011-08-03 10:56:41 +02:00
Adam Tkac
ebf42c4be7 Add new CURLOPT_GSSAPI_DELEGATION option.
Curl_gss_init_sec_context got new parameter - SessionHandle.

Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-08-03 10:23:34 +02:00
Daniel Stenberg
3e71ebe4eb docs: FTP quotes support '*' prefix to ignore errors
By default libcurl stops processing quote commands on failures.
2011-06-30 09:57:23 +02:00
Daniel Stenberg
d5cc77b744 CURLOPT_WRITEHEADER: clarify the docs 2011-06-10 13:17:17 +02:00
Daniel Stenberg
d6bb8dcc23 CURLOPT_WILDCARDMATCH: minor style edit
Due to some flaw in roffit I removed some style changes to make the web
page look better.
2011-06-01 19:51:16 +02:00
Daniel Stenberg
f3d77f772d curl_easy_setopt.3: NOPROGRESS also affects the callback 2011-05-27 11:13:13 +02:00
Daniel Stenberg
340228cc81 setopt.3: remove leftover style change 2011-05-25 13:51:57 +02:00
Daniel Stenberg
edf282c096 setopt.3: CURLOPT_WRITEFUNCTION had wrong function proto 2011-05-25 13:50:52 +02:00
Daniel Stenberg
e83816bfcf typo: close is in man page section 3 2011-05-19 22:31:04 +02:00
Daniel Stenberg
664ff30650 curl_easy_setopt.3: document CLOSESOCKET* options 2011-05-18 22:56:46 +02:00
Daniel Stenberg
558f997e99 socks proxy: allow socks5h:// prefix too
Using 'socks5h' as proxy protocol will make it a
CURLPROXY_SOCKS5_HOSTNAME proxy which is SOCKS5 and asking the proxy to
resolve host names. I found no "standard" protocol name for this.
2011-05-05 11:47:55 +02:00
Daniel Stenberg
365db94e0a curl_easy_setopt.3: clarify the SSH KEYFILE options usage
The internal defaults are important info
2011-05-02 23:33:03 +02:00
Daniel Stenberg
d4ebf3c6b0 docs: mention the protocol:// support in proxy strings 2011-05-02 22:15:14 +02:00
Daniel Stenberg
c6a0abdd97 curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification
When set to a HTTP 1.0 proxy, that only affects the CONNECT request and
not the regular HTTP request.
2011-04-20 15:42:23 +02:00
Daniel Stenberg
5aae3c13e2 transfer-encoding: document the options
The new libcurl and command line options are now described.
2011-04-18 19:46:21 +02:00
Daniel Stenberg
2064ea9612 curl_easy_setopt.3: CURLOPT_RESOLVE typo version
Reported by: Hongli Lai
2011-04-09 20:04:22 +02:00
Daniel Stenberg
2a0c7ea4cc curl_easy_setopt.3: mention TFTP read callback flaw
The read callback must return the exact requested amount of data when it
is used for doing TFTP uploads. This is due to how it deals with data
internally. This could/should be fixed but for now we document the
existing behavior.

Reported by: Colin Blair
Bug: http://curl.haxx.se/mail/lib-2011-03/0319.html
2011-03-29 11:19:49 +02:00
Peter Sylvester
2531cd94a5 TSL-SRP: enabled with OpenSSL
If a new enough OpenSSL version is used, configure detects the TLS-SRP
support and enables it.
2011-03-25 23:09:28 +01:00
Kamil Dudka
806dbb022b nss: do not ignore value of CURLOPT_SSL_VERIFYPEER
When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled.  In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580
2011-03-15 15:48:24 +01:00
Daniel Stenberg
10cea49a46 CURLOPT_SSH_KEYFUNCTION: requires *SSH_KNOWNHOSTS
Extend the docs to clarify that CURLOPT_SSH_KEYFUNCTION is only called
if the known hosts option is also correctly set!
2011-02-21 13:51:26 +01:00
Julien Chaffraix
073ce06379 curl_easy_setopt.3: Removed wrong reference to CURLOPT_USERPASSWORD.
CURLOPT_HTTPAUTH was mentioning CURLOPT_USERPASSWORD instead of
CURLOPT_PASSWORD.

Reported by: Mike Henshaw
2011-02-20 21:13:19 -08:00
Daniel Stenberg
4c33b0a200 SOCKOPTFUNCTION: documented new return codes 2011-02-17 22:42:19 +01:00
Quinn Slack
ae7fe3b7f4 TLS-SRP: new options documented 2011-02-09 23:33:06 +01:00
Dave Reisner
b89122a2bf file: add support for CURLOPT_TIMECONDITION 2011-01-31 14:49:51 +01:00
Daniel Stenberg
4f13340ab8 CURLOPT_SSL_VERIFYPEER: more clarifications
The default value is 1.

curl _uses_ a default CA bundle, it doesn't install one.

Drop the references to 7.10 as that is now >8 years old!
2011-01-19 13:19:44 +01:00
Daniel Stenberg
b35622f387 curl_easy_setopt.3: clarify VERIFYHOST/PEER
Extended the descriptions somewhat and made the options get listed next
to each other.
2011-01-19 12:54:17 +01:00
Kamil Dudka
fc77790bcd nss: fix a bug in handling of CURLOPT_CAPATH
... and update the curl.1 and curl_easy_setopt.3 man pages such that
they do not suggest to use an OpenSSL utility if curl is not built
against OpenSSL.

Bug: https://bugzilla.redhat.com/669702
2011-01-18 14:30:49 +01:00
Kamil Dudka
d8f6d1c334 nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash
Bug: https://bugzilla.redhat.com/623663
2011-01-04 17:20:43 +01:00
Daniel Stenberg
16c4314a21 CURLOPT_MAIL_FROM: document the bracket situation 2010-12-22 14:44:10 +01:00
Daniel Stenberg
8636742256 HTTP Auth: Add CURLAUTH_ONLY
This is a meta symbol. OR this value together with a single specific
auth value to force libcurl to probe for un-restricted auth and if not,
only that single auth algorithm is acceptable.

For example you can use CURLAUTH_DIGEST|CURLAUTH_ONLY to make libcurl
first probe for what method to use, but yet only consider Digest to be
acceptable.

Using _only_ CURLAUTH_DIGEST without the CURLAUTH_ONLY field, will make
libcurl explicitly use Digest right away and not do any probing.
2010-11-11 16:44:50 +01:00
Daniel Stenberg
0a41318f1d CURLOPT_RESOLVE: documented 2010-11-08 09:53:35 +01:00
Daniel Stenberg
4bde456f73 CURLOPT_USE_SSL: move from FTP options to connection options 2010-11-08 09:46:48 +01:00
Daniel Stenberg
d95b67f409 CURLOPT_NOSIGNAL: add blurb about SIGPIPE 2010-11-04 09:49:02 +01:00
Daniel Stenberg
6164d40fce curl_easy_setopt.3: spellfix 2010-10-19 17:50:10 +02:00
Daniel Stenberg
65ca4b547b curl_easy_setopt.3: CURLOPT_USE_SSL is not just for FTP
It is for FTP, SMTP, POP3, IMAP at least.
2010-10-19 17:48:51 +02:00
Daniel Stenberg
0f2e35b305 curl_easy_setopt.3: clarify CURLOPT_CRLF
The option takes a parameter that should be 1 or 0 to enable or disable
the feature.

URL: http://curl.haxx.se/bug/view.cgi?id=3086428
2010-10-14 14:09:00 +02:00
Daniel Stenberg
3aef3ed8f6 curl_easy_setopt.3: CURLOPT_DIRLISTONLY implies dir list
Make it explicit that setting CURLOPT_DIRLISTONLY to 1 will make libcurl
to list the directory.
2010-10-01 19:52:53 +02:00
Daniel Stenberg
09cee1633b CURLOPT_DIRLISTONLY: don't use with CURLOPT_WILDCARDMATCH 2010-08-28 23:07:21 +02:00
Daniel Stenberg
cfdc4aca45 RESUME_FROM: clarify what ftp uploads do
The numerical value passed to CURLOPT_RESUME_FROM for FTP uploads is
interpreted and used as position where to resume the _reading_ of the
local file and it will "blindly" append that data on the remote
file. This was certainly not clear in the docs previously.

Reported by: catalin
Bug: http://curl.haxx.se/bug/view.cgi?id=3048174
2010-08-23 00:36:11 +02:00
Daniel Stenberg
5c2b6b2d3e curl_easy_setopt.3: rename stream to userdata
In some places where the name 'stream' has been used for naming a
function argument that is in fact settable with a setopt() option we now
call that argument 'userdata' to make it more obvious that it is in fact
possible to set by the application.

Suggested by: Jeff Pohlmeyer
2010-08-07 14:08:30 +02:00
Kamil Dudka
2ffe834bff ftp wildcard: a new option CURLOPT_FNMATCH_DATA 2010-05-16 02:52:33 +02:00
Daniel Stenberg
a1a98d5908 ftp wildcards: mention they're added in 7.21.0 2010-05-12 23:59:11 +02:00
Daniel Stenberg
d62ce21249 syntax: cleanups 2010-05-12 23:18:22 +02:00
Pavel Raiskup
0825cd80a6 FTP: WILDCARDMATCH/CHUNKING/FNMATCH added 2010-05-12 23:17:51 +02:00
Daniel Stenberg
2c1b0624ac progress callback: can be called more than once per sec 2010-04-26 15:38:07 +02:00
Chris Conroy
1ac168e576 Fix RTSP GET_PARAMETER empty and non-empty operation.
Test coverage included. Thanks to Massimo Callegari for the bug report
2010-03-24 13:21:14 +01:00
Daniel Stenberg
2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Daniel Stenberg
a0fba2f66b Julien Chaffraix clarified CURLOPT_HEADERFUNCTION and made
CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION more consistent
2010-03-04 16:06:00 +00:00
Daniel Stenberg
a4a60afabb - Fixed the SMTP compliance by making sure RCPT TO addresses are specified
properly in angle brackets. Recipients provided with CURLOPT_MAIL_RCPT now
  get angle bracket wrapping automatically by libcurl unless the recipient
  starts with an angle bracket as then the app is assumed to deal with that
  properly on its own.
2010-02-20 22:29:59 +00:00
Yang Tse
a07bc79117 removed trailing whitespace 2010-02-14 19:40:18 +00:00