Граф коммитов

1025 Коммитов

Автор SHA1 Сообщение Дата
Emil Engler 725ec470e2
language: s/behaviour/behavior/g
We currently use both spellings the british "behaviour" and the american
"behavior". However "behavior" is more used in the project so I think
it's worth dropping the british name.

Closes #6395
2021-01-02 23:35:59 +01:00
Matthias Gatto eb69797766
http: Make the call to v4 signature
This patch allow to call the v4 signature introduce in previous commit

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
2020-12-21 16:28:03 +01:00
Matthias Gatto 08e8455ddd
http: introduce AWS HTTP v4 Signature
It is a security process for HTTP.

It doesn't seems to be standard, but it is used by some cloud providers.

Aws:
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Outscale:
https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request
GCP (I didn't test that this code work with GCP though):
https://cloud.google.com/storage/docs/access-control/signing-urls-manually

most of the code is in lib/http_v4_signature.c

Information require by the algorithm:
- The URL
- Current time
-  some prefix that are append to some of the signature parameters.

The data extracted from the URL are: the URI, the region,
the host and the API type

example:
https://api.eu-west-2.outscale.com/api/latest/ReadNets
        ~~~ ~~~~~~~~               ~~~~~~~~~~~~~~~~~~~
        ^       ^                          ^
       /         \                        URI
   API type     region

Small description of the algorithm:
- make canonical header using content type, the host, and the date
- hash the post data
- make canonical_request using custom request, the URI,
  the get data, the canonical header, the signed header
  and post data hash
- hash canonical_request
- make str_to_sign using one of the prefix pass in parameter,
  the date, the credential scope and the canonical_request hash
- compute hmac from date, using secret key as key.
- compute hmac from region, using above hmac as key
- compute hmac from api_type, using above hmac as key
- compute hmac from request_type, using above hmac as key
- compute hmac from str_to_sign using above hmac as key
- create Authorization header using above hmac, prefix pass in parameter,
  the date, and above hash

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>

Closes #5703
2020-12-21 16:27:50 +01:00
Daniel Stenberg 9211cb2034
version: include hyper version 2020-12-18 09:58:03 +01:00
Daniel Stenberg 4dc710b198
RELEASE-NOTES: synced 2020-12-16 08:22:28 +01:00
Daniel Stenberg 98dc917869
RELEASE-NOTES: synced
start over on the next release cycle
2020-12-09 22:57:47 +01:00
Oliver Urbann 0d16a49c16
curl: add compatibility for Amiga and GCC 6.5
Changes are mainly reordering and adding of includes required
to compile with a more recent version of GCC.

Closes #6220
2020-11-20 23:36:51 +01:00
Daniel Stenberg ac0a88fd25
copyright: fix year ranges
Follow-up from 4d2f800677
2020-11-05 08:22:10 +01:00
Daniel Stenberg 4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Daniel Stenberg 21464a65c6
curlver: bumped to 7.74.0 2020-11-03 16:08:48 +01:00
Daniel Stenberg 2cfc4ed983
hsts: add read/write callbacks
- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks

Closes #5896
2020-11-03 16:08:48 +01:00
Daniel Stenberg 7385610d0c
hsts: add support for Strict-Transport-Security
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle

Closes #5896
2020-11-03 16:08:42 +01:00
Daniel Stenberg 96450a1a33
alt-svc: enable by default
Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported.

alt-svc support in curl is no longer considered experimental

Closes #5868
2020-10-25 23:08:54 +01:00
Daniel Stenberg a654fdc9d1
RELEASE-NOTES: synced
Started over for the journey to next release.
2020-10-15 12:53:29 +02:00
Daniel Stenberg d0c77730ed
include/README: convert to markdown
Closes #6028
2020-09-30 22:45:41 +02:00
Michael Baentsch ede125b7b7
tls: add CURLOPT_SSL_EC_CURVES and --curves
Closes #5892
2020-08-30 17:24:04 +02:00
Jeroen Ooms 70984ce1be
tests: add test1912 with typechecks
Validates that gcc-typecheck macros match the new option type API.

Closes #5873
2020-08-28 23:36:55 +02:00
Daniel Stenberg 6ebe63fac2
options: API for meta-data about easy options
const struct curl_easyoption *curl_easy_option_by_name(const char *name);

 const struct curl_easyoption *curl_easy_option_by_id (CURLoption id);

 const struct curl_easyoption *
 curl_easy_option_next(const struct curl_easyoption *prev);

The purpose is to provide detailed enough information to allow for
example libcurl bindings to get option information at run-time about
what easy options that exist and what arguments they expect.

Assisted-by: Jeroen Ooms
Closes #5365
2020-08-27 14:17:36 +02:00
Michael Musset ebc6c54c74
sftp: add the option CURLKHSTAT_FINE_REPLACE
Replace the old fingerprint of the host with a new.

Closes #5685
2020-08-24 17:26:08 +02:00
Daniel Stenberg ddf47bbc0a
RELEASE-NOTES: synced
The next release is now to become 7.73.0
2020-08-24 17:02:16 +02:00
Daniel Stenberg 88b1ca7cba
CURLE_PROXY: new error code
Failures clearly returned from a (SOCKS) proxy now causes this return
code. Previously the situation was not very clear as what would be
returned and when.

In addition: when this error code is returned, an application can use
CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then
returns a value from the new 'CURLproxycode' enum.

Closes #5770
2020-08-24 08:41:48 +02:00
Daniel Stenberg 5bb1721579
RELEASE-NOTES: synced
... and version bumped to 7.72.1
2020-08-19 23:43:52 +02:00
Jay Satiro d979cb9ed2 curl.h: update CURLINFO_LASTONE
CURLINFO_LASTONE should have been updated when
CURLINFO_EFFECTIVE_METHOD was added.

Reported-by: xwxbug@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/5711
2020-07-23 02:44:53 -04:00
Daniel Stenberg 954cd3eb48
CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream
... by adding support for a new dedicated return code.

Suggested-by: Jonathan Cardoso
Assisted-by: Erik Johansson
URL: https://curl.haxx.se/mail/lib-2020-06/0099.html
Closes #5636
2020-07-16 00:24:29 +02:00
Daniel Stenberg d75e3ab74c
CURLINFO_EFFECTIVE_METHOD: added
Provide the HTTP method that was used on the latest request, which might
be relevant for users when there was one or more redirects involved.

Closes #5511
2020-07-14 17:53:45 +02:00
Viktor Szakats 8fa3f7809a
windows: add unicode to feature list
Reviewed-by: Marcel Raad
Reviewed-by: Marc Hörsken

Closes #5491
2020-07-14 08:30:17 +00:00
Daniel Stenberg 2bd8fe8823
RELEASE-NOTES: synced
... and bumped to 7.72.0 as the next release version number
2020-07-12 18:16:23 +02:00
Gilles Vollant e13357b14b
content_encoding: add zstd decoding support
include zstd curl patch for Makefile.m32 from vszakats
and include Add CMake support for zstd from Peter Wu

Helped-by: Viktor Szakats
Helped-by: Peter Wu
Closes #5453
2020-07-12 18:11:37 +02:00
Daniel Stenberg 01afe4e1af
RELEASE-NOTES: synced 2020-07-01 10:37:20 +02:00
Daniel Stenberg 032e838b73
terminology: call them null-terminated strings
Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).

Reported-by: coinhubs on github
Fixes #5598
Closes #5608
2020-06-28 00:31:24 +02:00
Daniel Stenberg 906bb64ac9
curlver: start working on 7.71.1 2020-06-24 11:44:10 +02:00
Daniel Stenberg eab2f95c0d
wording: avoid blacklist/whitelist stereotypes
Instead of discussing if there's value or meaning (implied or not) in
the colors, let's use words without the same possibly negative
associations.

Closes #5546
2020-06-10 08:49:17 +02:00
Viktor Szakats 308c243db5
all: fix codespell errors
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Closes https://github.com/curl/curl/pull/5452
2020-05-25 19:44:04 +00:00
Gilles Vollant 7f40633422
setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency
Closes #5431
2020-05-23 23:19:13 +02:00
Daniel Stenberg 5d965b4898
typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *'
Reported-by: Billyzou0741326 on github
Fixes #5432
Closes #5436
2020-05-21 00:05:42 +02:00
Daniel Stenberg c9fddf64c6
typecheck-gcc.h: fix the OFF_T check
The option number also needs to be less than CURLOPTTYPE_BLOB.

Follow-up to cac5374298
Reported-by: Jeroen Ooms
Bug: https://github.com/curl/curl/pull/5365#issuecomment-631084114
2020-05-20 10:08:54 +02:00
Gilles Vollant cac5374298
setopt: support certificate options in memory with struct curl_blob
This change introduces a generic way to provide binary data in setopt
options, called BLOBs.

This change introduces these new setopts:

CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB,
CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB.

Reviewed-by: Daniel Stenberg
Closes #5357
2020-05-15 13:03:59 +02:00
Daniel Stenberg 8df455479f
source cleanup: remove all custom typedef structs
- Stick to a single unified way to use structs
 - Make checksrc complain on 'typedef struct {'
 - Allow them in tests, public headers and examples

 - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
   typedef different types/structs depending on build conditions.

Closes #5338
2020-05-15 08:54:42 +02:00
Daniel Stenberg 1fa3733997
RELEASE-NOTES: synced
And bumped next version to 7.71.0
2020-05-08 16:01:39 +02:00
Gilles Vollant 148534db57
CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)
Closes #4346
2020-05-08 15:55:04 +02:00
Daniel Stenberg b4799e978e
RELEASE-NOTES: synced
... and bumped curlver.h to 7.70.1
2020-04-29 12:21:09 +02:00
Brian Bergeron f807d163c9
curl.h: update comment typo
"routines with be invoked" -> "routines will be invoked"

Closes #5279
2020-04-22 08:14:35 +02:00
Bjorn Stenberg 2522903b79
mqtt: add new experimental protocol
Closes #5173
2020-04-14 13:03:40 +02:00
Daniel Stenberg 93fafb93db
curl.h: remnove CURL_VERSION_ESNI. Never supported nor documented
Considered experimental and therefore we can do this.

Closes #5157
2020-03-29 23:28:49 +02:00
Daniel Stenberg 6de756c9b1
version: add 'cainfo' and 'capath' to version info struct
Suggested-by: Timothe Litt
URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
Reviewed-by: Jay Satiro

Closes #5150
2020-03-27 09:04:27 +01:00
Daniel Stenberg 9a8b3b3e13
copyright: fix out-of-date copyright ranges and missing headers
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.

Removed three (mostly usesless) README files from docs/

Closes #5141
2020-03-24 15:05:59 +01:00
Daniel Stenberg 1a46b218db
RELEASE-NOTES: synced
... and bumped curlver.h to 7.70.0
2020-03-18 08:48:35 +01:00
Johannes Schindelin 5450428491 schannel: add "best effort" revocation check option
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
  --ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

	Unknown error (0x80092012) - The revocation function was unable
	to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981
2020-03-18 03:23:39 -04:00
Daniel Stenberg 4674269633
RELEASE-NOTES: synced
bumped to 7.69.2
2020-03-11 11:07:53 +01:00
Daniel Stenberg 32a28dc28d
RELEASE-NOTES: synced
and bumped curlver.h
2020-03-05 15:32:13 +01:00