--ssl-allow-beast added

This option was formerly known as \fI--ftp-ssl-reqd\fP (added in 7.15.5). That

option name can still be used but will be removed in a future version.

.IP "--ssl-allow-beast"

(SSL) This option tells curl to not work around a security flaw in the SSL3

and TLS1.0 protocols known as BEAST.  If this option isn't used, the SSL layer

may use work-arounds known to cause interoperability problems with some older

SSL implementations. WARNING: this option loosens the SSL security, and by

using this flag you ask for exactly that.  (Added in 7.25.0)

.IP "--socks4 <host[:port]>"

Use the specified SOCKS4 proxy. If the port number is not specified, it is

assumed at port 1080. (Added in 7.15.2)

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

  bool xattr;               /* store metadata in extended attributes */

  long gssapi_delegation;

  bool ssl_allow_beast;     /* allow this SSL vulnerability */

}; /* struct Configurable */

void free_config_fields(struct Configurable *config);

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

  {"Ek", "tlsuser",                  TRUE},

  {"El", "tlspassword",              TRUE},

  {"Em", "tlsauthtype",              TRUE},

  {"En", "ssl-no-empty-fragments",   FALSE},

  {"f",  "fail",                     FALSE},

  {"F",  "form",                     TRUE},

  {"Fs", "form-string",              TRUE},

        else

          return PARAM_LIBCURL_DOESNT_SUPPORT;

        break;

      case 'n': /* no empty SSL fragments */

        if(curlinfo->features & CURL_VERSION_SSL)

          config->ssl_allow_beast = toggle;

        break;

      default: /* certificate file */

      {

        char *ptr = strchr(nextarg, ':');

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

  "     --ssl-reqd      Require SSL/TLS (FTP, IMAP, POP3, SMTP)",

  " -2, --sslv2         Use SSLv2 (SSL)",

  " -3, --sslv3         Use SSLv3 (SSL)",

  "     --ssl-allow-below Allow security flaw to improve interop (SSL)",

  "     --stderr FILE   Where to redirect stderr. - means stdout",

  "     --tcp-nodelay   Use the TCP_NODELAY option",

  " -t, --telnet-option OPT=VAL  Set telnet option",

          my_setopt_str(curl, CURLOPT_GSSAPI_DELEGATION,

                        config->gssapi_delegation);

        /* new in 7.25.0 */

        if(config->ssl_allow_beast)

          my_setopt(curl, CURLOPT_SSL_OPTIONS, (long)CURLSSLOPT_ALLOW_BEAST);

        /* initialize retry vars for loop below */

        retry_sleep_default = (config->retry_delay) ?

          config->retry_delay*1000L : RETRY_SLEEP_DEFAULT; /* ms */