James Gallagher's Content-Encoding work

                                  Changelog

Daniel (2 Sep 2002)

- James Gallagher added Content-Encoding support to libcurl so now curl and

  libcurl-using apps can request compressed contents using the 'deflate'

  method. See the special file lib/README.encoding for details.

  curl --compressed is now used to request compressed contents.

Daniel (30 Aug 2002)

- Applied an anonymous SOCKS5-proxy patch. Not properly working in all

  situations though, as all getaddrinfo()-using libcurls will fail on this.

AUTOMAKE_OPTIONS = foreign

EXTRA_DIST =						\

	CHANGES LEGAL maketgz MITX.txt MPL-1.1.txt	\

EXTRA_DIST = CHANGES LEGAL maketgz MITX.txt MPL-1.1.txt UPGRADE		\

	reconf Makefile.dist curl-config.in build_vms.com curl-mode.el

bin_SCRIPTS = curl-config

Upgrading to curl/libcurl 7.10 from any previous version

========================================================

libcurl 7.10 performs peer SSL certificate verification by default. This is

done by installing a default CA cert bundle on 'make install' (or similar),

that is used by default on operations against SSL servers.

Alas, if you use communicate with HTTPS servers using certifcates that are

signed by CAs present in the bundle, you will not notice and changed behavior

and you will seeminglessly get a higher security level on your SSL connections

since you will make sure that the remote server really is who it claims to be.

If the remote server uses a self-signed certificate, or if you don't install

curl's CA cert bundle or if it uses a certificate signed by a CA that isn't

included in the bundle, then you need to do one of the following:

 1. Tell libcurl to *not* verify the peer. With libcurl you disable with with

    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);

    With the curl command tool, you disable this with -k/--insecure.

 2. Get a CA certificate that can verify the remote server and use the proper

    option to point out this CA cert for verification when connecting. For

    libcurl hackers: curl_easy_setopt(curl, CURLOPT_CAPATH, capath);

    With the curl command tool: --cacert [file]

This upgrade procedure has been deemed The Right Thing even though it adds

this extra trouble for some users, since it adds security to a majority of the

SSL connections that previously weren't really secure.

It turned out many people were using previous versions of curl/libcurl without

realizing the need for the CA cert options to get truly secure SSL

connections.

/* Define to disable TELNET */

#undef CURL_DISABLE_TELNET

/* Define if you have zlib present */

#undef HAVE_LIBZ

dnl        does is change where we look (by adjusting LIBS and CPPFLAGS.)

dnl

dnl AC_MSG_CHECKING(where to look for ZLIB)

dnl if test X"$OPT_ZLIB" = Xno

dnl then

dnl 	AC_MSG_RESULT([defaults (or given in environment)])

dnl else

dnl	test X"$OPT_ZLIB" = Xyes && OPT_ZLIB=/usr/local

dnl	LIBS="$LIBS -L$OPT_ZLIB/lib"

dnl	CPPFLAGS="$CPPFLAGS -I$OPT_ZLIB/include"

dnl	AC_MSG_RESULT([$OPT_ZLIB])

dnl fi

dnl z lib?

dnl AC_CHECK_FUNC(gzread, , AC_CHECK_LIB(z, gzread))

AC_MSG_CHECKING(where to look for ZLIB)

if test X"$OPT_ZLIB" = Xno

then

	AC_MSG_RESULT([defaults (or given in environment)])

else

	test X"$OPT_ZLIB" = Xyes && OPT_ZLIB=/usr/local

	LIBS="$LIBS -L$OPT_ZLIB/lib"

	CPPFLAGS="$CPPFLAGS -I$OPT_ZLIB/include"

	AC_MSG_RESULT([$OPT_ZLIB])

fi

dnl AC_CHECK_FUNC(gzread, , AC_CHECK_LIB(z, gzread))

AC_CHECK_LIB(z, gzread, [AM_CONDITIONAL(CONTENT_ENCODING, true) 

		         AC_DEFINE(HAVE_LIBZ)

			 LIBS="$LIBS -lz"])

dnl Default is to try the thread-safe versions of a few functions

OPT_THREAD=on

)

dnl Check for libz header

dnl AC_CHECK_HEADERS(zlib.h)

AC_CHECK_HEADERS(zlib.h)

dnl Checks for typedefs, structures, and compiler characteristics.

AC_C_CONST