Skip to content
  1. Nov 24, 2016
    • Daniel Stenberg's avatar
      dbadaebf
    • Alex Rousskov's avatar
      proxy: Support HTTPS proxy and SOCKS+HTTP(s) · cb4e2be7
      Alex Rousskov authored
      * HTTPS proxies:
      
      An HTTPS proxy receives all transactions over an SSL/TLS connection.
      Once a secure connection with the proxy is established, the user agent
      uses the proxy as usual, including sending CONNECT requests to instruct
      the proxy to establish a [usually secure] TCP tunnel with an origin
      server. HTTPS proxies protect nearly all aspects of user-proxy
      communications as opposed to HTTP proxies that receive all requests
      (including CONNECT requests) in vulnerable clear text.
      
      With HTTPS proxies, it is possible to have two concurrent _nested_
      SSL/TLS sessions: the "outer" one between the user agent and the proxy
      and the "inner" one between the user agent and the origin server
      (through the proxy). This change adds supports for such nested sessions
      as well.
      
      A secure connection with a proxy requires its own set of the usual SSL
      options (their actual descriptions differ and need polishing, see TODO):
      
        --proxy-cacert FILE        CA certificate to verify peer against
        --proxy-capath DIR         CA directory to verify peer against
        --proxy-cert CERT[:PASSWD] Client certificate file and password
        --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
        --proxy-ciphers LIST       SSL ciphers to use
        --proxy-crlfile FILE       Get a CRL list in PEM format from the file
        --proxy-insecure           Allow connections to proxies with bad certs
        --proxy-key KEY            Private key file name
        --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
        --proxy-pass PASS          Pass phrase for the private key
        --proxy-ssl-allow-beast    Allow security flaw to improve interop
        --proxy-sslv2              Use SSLv2
        --proxy-sslv3              Use SSLv3
        --proxy-tlsv1              Use TLSv1
        --proxy-tlsuser USER       TLS username
        --proxy-tlspassword STRING TLS password
        --proxy-tlsauthtype STRING TLS authentication type (default SRP)
      
      All --proxy-foo options are independent from their --foo counterparts,
      except --proxy-crlfile which defaults to --crlfile and --proxy-capath
      which defaults to --capath.
      
      Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
      similar to the existing %{ssl_verify_result} variable.
      
      Supported backends: OpenSSL, GnuTLS, and NSS.
      
      * A SOCKS proxy + HTTP/HTTPS proxy combination:
      
      If both --socks* and --proxy options are given, Curl first connects to
      the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
      proxy.
      
      TODO: Update documentation for the new APIs and --proxy-* options.
      Look for "Added in 7.XXX" marks.
      cb4e2be7
  2. Nov 07, 2016
  3. Sep 22, 2016
  4. Sep 08, 2016
  5. Aug 09, 2016
  6. Jul 31, 2016
    • Daniel Stenberg's avatar
      include: revert 9adf3c47 and make public types void * again · d6604524
      Daniel Stenberg authored
      Many applications assume the actual contents of the public types and use
      that do for example forward declarations (saving them from including our
      public header) which then breaks when we switch from void * to a struct
      *.
      
      I'm not convinced we were wrong, but since this practise seems
      widespread enough I'm willing to (partly) step down.
      
      Now libcurl uses the struct itself when it is built and it allows
      applications to use the struct type if CURL_STRICTER is defined at the
      time of the #include.
      
      Reported-by: Peter Frühberger
      Fixes #926
      d6604524
  7. Jun 22, 2016
  8. May 30, 2016
  9. Apr 25, 2016
  10. Apr 22, 2016
  11. Apr 18, 2016
  12. Apr 17, 2016
  13. Apr 12, 2016
  14. Apr 09, 2016
  15. Apr 03, 2016
  16. Apr 01, 2016
  17. Mar 31, 2016
    • Diego Bes's avatar
      http2: support "prior knowledge", no upgrade from HTTP/1.1 · 324a97ec
      Diego Bes authored
      Supports HTTP/2 over clear TCP
      
      - Optimize switching to HTTP/2 by removing calls to init and setup
      before switching. Switching will eventually call setup and setup calls
      init.
      
      - Supports new version to “force” the use of HTTP/2 over clean TCP
      
      - Add common line parameter “--http2-prior-knowledge” to the Curl
        command line tool.
      324a97ec
  18. Feb 24, 2016
  19. Feb 23, 2016
  20. Feb 03, 2016
  21. Feb 02, 2016
  22. Dec 13, 2015
  23. Dec 07, 2015
  24. Nov 19, 2015
  25. Nov 13, 2015
  26. Nov 02, 2015
  27. Oct 31, 2015
    • Daniel Stenberg's avatar
      curl.h: s/HTTPPOST_/CURL_HTTPOST_ · 49a99134
      Daniel Stenberg authored
      Fixes a name space pollution at the cost of programs using one of these
      defines will no longer compile. However, the vast majority of libcurl
      programs that do multipart formposts use curl_formadd() to build this
      list.
      
      Closes #506
      49a99134
  28. Oct 23, 2015
  29. Oct 20, 2015
  30. Aug 24, 2015
  31. Aug 23, 2015
    • Nathaniel Waisbrot's avatar
      CURLOPT_DEFAULT_PROTOCOL: added · 9756d1da
      Nathaniel Waisbrot authored
      - Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
      protocol for schemeless URLs.
      
      - Add new tool option --proto-default to expose
      CURLOPT_DEFAULT_PROTOCOL.
      
      In the case of schemeless URLs libcurl will behave in this way:
      
      When the option is used libcurl will use the supplied default.
      
      When the option is not used, libcurl will follow its usual plan of
      guessing from the hostname and falling back to 'http'.
      9756d1da
  32. Jul 17, 2015
  33. Jun 05, 2015
  34. May 18, 2015
    • Daniel Stenberg's avatar
      CURLOPT_PIPEWAIT: added · 81144375
      Daniel Stenberg authored
      By setting this option to 1 libcurl will wait for a connection to reveal
      if it is possible to pipeline/multiplex on before it continues.
      81144375
  35. Apr 28, 2015