- Nov 27, 2016
-
-
Daniel Stenberg authored
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS proxy. Those protocols are insecure by design and deprecated.
-
- Nov 26, 2016
-
-
Daniel Stenberg authored
-
Patrick Monnerat authored
Also define it in ILE/RPG binding.
-
Okhin Vasilij authored
Closes #1142
-
Frank Gevaerts authored
Add missing tests for CURLINFO_SCHEME, CURLINFO_PROTOCOL, %{scheme}, and %{http_version} closes #1143
-
Frank Gevaerts authored
-
- Nov 25, 2016
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Follow-up to 4f8b1774
-
Daniel Stenberg authored
Sorted the lists too. ... and include the new ones in the PDF and HTML generation targets
-
Thomas Glanzmann authored
-
Thomas Glanzmann authored
-
Daniel Stenberg authored
-
Jan Ehrhardt authored
Closes #1141
-
Jay Satiro authored
Prior to this change we depended on errno if strtol could not perform a conversion. POSIX says EINVAL *may* be set. Some implementations like Microsoft's will not set it if there's no conversion. Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189
-
-
Patrick Monnerat authored
-
Jay Satiro authored
Follow-up to dbadaebf which changed the style.
-
Jay Satiro authored
- Restore the removed parts of the parameter check. Follow-up to 945f60e8 which altered the parameter check.
-
- Nov 24, 2016
-
-
Daniel Stenberg authored
-
Frank Gevaerts authored
Adds access to the effectively used protocol/scheme to both libcurl and curl, both in string and numeric (CURLPROTO_*) form. Note that the string form will be uppercase, as it is just the internal string. As these strings are declared internally as const, and all other strings returned by curl_easy_getinfo() are de-facto const as well, string handling in getinfo.c got const-ified. Closes #1137
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Detects (char*) and 'char*foo' uses.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Verifies a 'char *name' style, with no space after the asterisk.
-
Daniel Stenberg authored
Coverity CID 1394666
-
Okhin Vasilij authored
-
Daniel Stenberg authored
It builds and runs all test cases. No adaptations for actual HTTPS proxy support has been made.
-
Daniel Stenberg authored
vtls/gtls.c: In function ‘Curl_gtls_data_pending’: vtls/gtls.c:1429:3: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if(conn->proxy_ssl[connindex].session && ^~ vtls/gtls.c:1433:5: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ return res;
-
Thomas Glanzmann authored
-
Alex Rousskov authored
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
-
Patrick Monnerat authored
This is done for all functions of the form Curl_read[136][624]_[lb]e.
-
Patrick Monnerat authored
See CRL-01-006.
-
- Nov 22, 2016
-
-
Jay Satiro authored
- Fix connection reuse for when the proposed new conn 'needle' has a specified local port but does not have a specified device interface. Bug: https://curl.haxx.se/mail/lib-2016-11/0137.html Reported-by: bjt3[at]hotmail.com
-
- Nov 21, 2016
-
-
Daniel Stenberg authored
-
Jay Satiro authored
-