Граф коммитов

16 Коммитов

Автор SHA1 Сообщение Дата
Daniel Stenberg 4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Daniel Stenberg 032e838b73
terminology: call them null-terminated strings
Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).

Reported-by: coinhubs on github
Fixes #5598
Closes #5608
2020-06-28 00:31:24 +02:00
Daniel Stenberg 027c065f3c
CURLOPT_CAINFO.3: polished wording
Clarify the functionality when built to use Schannel and Secure
Transport and stop calling it the "recommended" or "preferred" way and
instead rather call it the default.

Removed the reference to the ssl comparison table as it isn't necessary.

Reported-by: Richard Alcock
Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html
Closes #4005
2019-06-10 12:43:46 +02:00
Daniel Stenberg 6123d718aa
CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [ci skip]
Clues-provided-by: Jay Satiro
Clues-provided-by: Jeroen Ooms
Fixes #3711
Closes #3874
2019-05-14 08:19:58 +02:00
Daniel Stenberg 180501cb02
schannel: stop calling it "winssl"
Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alias.

Closes #3504
2019-02-01 08:20:38 +01:00
Dan McNulty 8996300211 schannel: add support for CURLOPT_CAINFO
- Move verify_certificate functionality in schannel.c into a new
  file called schannel_verify.c. Additionally, some structure defintions
  from schannel.c have been moved to schannel.h to allow them to be
  used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
  all versions of Windows instead of just Windows CE. verify_certificate
  will be invoked on Windows CE or when the user specifies
  CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
  exclusively trusts the certificate store backed by the CURLOPT_CAINFO
  file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
  when available. This implements a TODO in schannel.c to improve
  handling of multiple SANs in a certificate. In particular, all SANs
  will now be searched instead of just the first name.

- Update tool_operate.c to not search for the curl-ca-bundle.crt file
  when using Schannel to maintain backward compatibility. Previously,
  any curl-ca-bundle.crt file found in that search would have been
  ignored by Schannel. But, with CAINFO support, the file found by
  that search would have been used as the certificate store and
  could cause issues for any users that have curl-ca-bundle.crt in
  the search path.

- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
  SSL backend is Schannel. We allow setting CA location for schannel
  only when explicitly specified by the user via CURLOPT_CAINFO /
  --cacert.

- Add new test cases 3000 and 3001. These test cases check that the first
  and last SAN, respectively, matches the connection hostname. New test
  certificates have been added for these cases. For 3000, the certificate
  prefix is Server-localhost-firstSAN and for 3001, the certificate
  prefix is Server-localhost-secondSAN.

- Remove TODO 15.2 (Add support for custom server certificate
  validation), this commit addresses it.

Closes https://github.com/curl/curl/pull/1325
2018-04-18 03:59:47 -04:00
Daniel Stenberg c2227dae53 opts: more examples added in option man pages 2017-05-27 23:11:26 +02:00
Kamil Dudka e3e8d0204b nss: load libnssckbi.so if no other trust is specified
The module contains a more comprehensive set of trust information than
supported by nss-pem, because libnssckbi.so also includes information
about distrusted certificates.

Reviewed-by: Kai Engert
Closes #1414
2017-04-25 13:24:24 +02:00
Frank Gevaerts dbd3793859 docs: Add note about libcurl copying strings to CURLOPT_* manpages
Closes #1169
2017-01-13 15:14:55 +01:00
Nick Zitzmann e171968ba3 darwinssl: add documentation stating that the --cainfo option is intended for backward compatibility only
In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.
2016-08-28 16:46:59 -05:00
Daniel Stenberg 4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Steve Holme 007f3e0971 opts: Corrected TLS protocols list to include POP3S rather than POP3 2015-11-07 22:11:04 +00:00
Jay Satiro ac100f1624 opts: CURLOPT_CAINFO availability depends on SSL engine 2015-02-03 08:41:25 +01:00
Daniel Stenberg 0b48d1c821 CURLOPT_CA*: better refering between *CAINFO and *CAPATH
... and a minor wording edit
2014-09-03 23:04:52 +02:00
Dan Fandrich efbffa2fb7 opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE 2014-06-18 23:28:13 +02:00
Daniel Stenberg c3954ffb25 opts: more man pages 2014-06-18 13:18:58 +02:00