TextSweep: Check-in [7db359029c]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Hotfix for secure app update
Timelines:	family \| ancestors \| descendants \| both \| trunk
Files:	files \| file ages \| folders
SHA1:	7db359029c846eabbb86fe6dd4f4a41f24591a39
User & Date:	kevin 2017-04-07 22:31:42

Context

2017-04-08
01:53		Hotfix for tls issues on macOS check-in: 5124af622e user: kevin tags: trunk
2017-04-07
22:31		Hotfix for secure app update check-in: 7db359029c user: kevin tags: trunk
2017-04-03
10:09		Update ssl bits check-in: 6ae661a85d user: kevin tags: trunk

Changes

Hide Diffs Side-by-Side Diffs Show Whitespace Changes Patch

Deleted maclibs/tcltls1.7.11/pkgIndex.tcl.

Deleted maclibs/tcltls1.7.11/tcltls.dylib.

cannot compute difference between binary files

Added scriptlibs/softwareupdate/curl/BUILD-HOMEPAGE.url.

Added scriptlibs/softwareupdate/curl/BUILD-README.txt.

Added scriptlibs/softwareupdate/curl/CHANGES.txt.

Added scriptlibs/softwareupdate/curl/COPYING-libssh2.txt.

Added scriptlibs/softwareupdate/curl/COPYING-nghttp2.txt.

Added scriptlibs/softwareupdate/curl/COPYING-zlib.txt.

Added scriptlibs/softwareupdate/curl/COPYING.txt.

Added scriptlibs/softwareupdate/curl/LICENSE-openssl.txt.

Added scriptlibs/softwareupdate/curl/README.txt.

Added scriptlibs/softwareupdate/curl/RELEASE-NOTES.txt.

Added scriptlibs/softwareupdate/curl/bin/curl-ca-bundle.crt.

Added scriptlibs/softwareupdate/curl/bin/curl.exe.

cannot compute difference between binary files

Added scriptlibs/softwareupdate/curl/bin/libcurl.dll.

cannot compute difference between binary files

Added scriptlibs/softwareupdate/curl/docs/BINDINGS.md.

Added scriptlibs/softwareupdate/curl/docs/BUGS.txt.

Added scriptlibs/softwareupdate/curl/docs/CHECKSRC.md.

Added scriptlibs/softwareupdate/curl/docs/CODE_OF_CONDUCT.md.

Added scriptlibs/softwareupdate/curl/docs/CODE_STYLE.md.

Added scriptlibs/softwareupdate/curl/docs/CONTRIBUTE.md.

Added scriptlibs/softwareupdate/curl/docs/FAQ.txt.

Added scriptlibs/softwareupdate/curl/docs/FEATURES.txt.

Added scriptlibs/softwareupdate/curl/docs/HISTORY.md.

Added scriptlibs/softwareupdate/curl/docs/HTTP-COOKIES.md.

Added scriptlibs/softwareupdate/curl/docs/HTTP2.md.

Added scriptlibs/softwareupdate/curl/docs/INSTALL.md.

Added scriptlibs/softwareupdate/curl/docs/INSTALL.txt.

Added scriptlibs/softwareupdate/curl/docs/INTERNALS.md.

Added scriptlibs/softwareupdate/curl/docs/KNOWN_BUGS.txt.

Added scriptlibs/softwareupdate/curl/docs/LICENSE-MIXING.md.

Added scriptlibs/softwareupdate/curl/docs/MAIL-ETIQUETTE.txt.

Added scriptlibs/softwareupdate/curl/docs/MANUAL.txt.

Added scriptlibs/softwareupdate/curl/docs/RELEASE-PROCEDURE.txt.

Added scriptlibs/softwareupdate/curl/docs/RESOURCES.txt.

Added scriptlibs/softwareupdate/curl/docs/ROADMAP.md.

Added scriptlibs/softwareupdate/curl/docs/SECURITY.md.

Added scriptlibs/softwareupdate/curl/docs/SSL-PROBLEMS.md.

Added scriptlibs/softwareupdate/curl/docs/SSLCERTS.md.

Added scriptlibs/softwareupdate/curl/docs/THANKS.txt.

Added scriptlibs/softwareupdate/curl/docs/TODO.txt.

Added scriptlibs/softwareupdate/curl/docs/TheArtOfHttpScripting.txt.

Added scriptlibs/softwareupdate/curl/docs/VERSIONS.txt.

Added scriptlibs/softwareupdate/curl/docs/libcurl/ABI.txt.

Added scriptlibs/softwareupdate/curl/docs/libcurl/index.html.

Added scriptlibs/softwareupdate/curl/docs/libcurl/symbols-in-versions.txt.

Added scriptlibs/softwareupdate/curl/include/curl/curl.h.

Added scriptlibs/softwareupdate/curl/include/curl/curlbuild.h.

Added scriptlibs/softwareupdate/curl/include/curl/curlrules.h.

Added scriptlibs/softwareupdate/curl/include/curl/curlver.h.

Added scriptlibs/softwareupdate/curl/include/curl/easy.h.

Added scriptlibs/softwareupdate/curl/include/curl/mprintf.h.

Added scriptlibs/softwareupdate/curl/include/curl/multi.h.

Added scriptlibs/softwareupdate/curl/include/curl/stdcheaders.h.

Added scriptlibs/softwareupdate/curl/include/curl/typecheck-gcc.h.

Added scriptlibs/softwareupdate/curl/lib/libcurl.a.

cannot compute difference between binary files

Added scriptlibs/softwareupdate/curl/lib/libcurldll.a.

cannot compute difference between binary files

Added scriptlibs/softwareupdate/curl/mk-ca-bundle.pl.

Changes to scriptlibs/softwareupdate/pkgIndex.tcl.

Changes to scriptlibs/softwareupdate/softwareupdate.tcl.

Deleted winlibs/tls/pkgIndex.tcl.

Deleted winlibs/tls/tls.tcl.

Deleted winlibs/tls/tls163_32bit.dll.

cannot compute difference between binary files

Deleted winlibs/tls/tls163_64bit.dll.

cannot compute difference between binary files

1 2 3 4 5 6 ~~7 8~~ 9 ~~10 11 12~~ 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38	- - - - - + + + +	#softwareupdate.tcl routines to manage spoftware updates # Copyright (C) 2014 WordTech Communications LLC #MIT license ~~package provide softwareupdate 1.5~~ ~~package require http~~ ~~::tls::init -tls1 true~~ ~~::http::register https 443 ::tls::socket~~ package provide softwareupdate 1.6 namespace eval softwareupdate { if {![info exists library]} { variable library [file dirname [info script]] } variable icon variable appname variable tmpdir variable currentinstall variable versionnumber variable getupdate switch [tk windowingsystem] { "aqua" { set tmpdir $::env(TMPDIR) set getupdate /usr/bin/curl } "win32" { set tmpdir $::env(TMP) set getupdate [file join [file dirname [info script]] curl bin curl.exe] } "x11" { set tmpdir $::env(TMP) } }
︙
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85	55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85	+ - + - + - +	#check version of installed software proc checkVersion {app version} { variable appversion variable appname variable currentversion variable versionnumber variable getupdate set appname $app softwareupdate::checkingForUpdates set versionurl https://www.codebykevin.com/$appname-version.tcl ~~http::config -useragent "$appname Update Check"~~ ~~if [catch {~~http::~~geturl $versionurl} msg] {~~ if [catch {exec $getupdate $versionurl} msg] { puts "error: $msg" tk_messageBox -icon warning -title "Unable to Connect to Server" -message "Unable to Connect to Server" -detail "Unable to connect to www.codebykevin.com to check for updates. Please make sure you are connected to the Internet." -parent . catch {destroy .updateprogress} return } ~~set versionnumber [string trim ~~[http::data~~ ~~[http::~~geturl $versionurl]]]~~ set versionnumber [string trim exec $getupdate $versionurl] if [expr $currentversion < $versionnumber] { softwareupdate::updatePitch } else { softwareupdate::upToDate } }
︙
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 ~~139~~ 140 141 142 143 144 145 146 ~~147~~ 148 149 150 151 152 153 154	123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155	+ - + - +	#prompt user to update proc updatePitch {} { variable appname variable icon variable changedata variable currentversion variable versionnumber variable getupdate catch {destroy .updateprogress} catch {destroy .update} variable appname set changeurl https://www.codebykevin.com/$appname-changes.tcl ~~if [catch {~~http::~~geturl $changeurl} msg] {~~ if [catch {exec $getupdate $changeurl} msg] { puts "error: $msg" tk_messageBox -icon warning -title "Unable to Connect to Server" -message "Unable to Connect to Server" -detail "Unable to connect to www.codebykevin.com to check for updates. Please make sure you are connected to the Internet." -parent . catch {destroy .updateprogress} return } ~~set changelist [~~http::data~~ ~~[http::~~geturl $changeurl]]~~ set changelist [exec $getupdate $changeurl] set updateanswer [tk_messageBox -title "Update" -icon info -message "Update Available" -detail "A new version ($softwareupdate::versionnumber) of $appname is available.\n\nThis new version features the following updates and changes:\n\n$changelist\n\nWould you like to install it? " -type yesno -parent .] switch -- $updateanswer { yes { softwareupdate::installUpdate } no {
︙
261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 ~~279~~ 280 281 282 283 284 285 286 287 288 289 ~~290~~ 291 292 293 294 295 296 297	262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299	+ - + - +	#download and install the update proc installUpdate {} { variable currentinstall variable status variable appname variable tmpdir variable getupdate catch {destroy .update} softwareupdate::findCurrentInstallation softwareupdate::progressDialog set status "Downloading update for $appname" switch [tk windowingsystem] { "aqua" { ~~~~http::~~geturl https://www.codebykevin.com/updates/[list $appname].dmg ~~-channel [open~~ $tmpdir/[list $appname].dmg w]~~ exec $getupdate https://www.codebykevin.com/updates/[list $appname].dmg > $tmpdir/[list $appname].dmg update after 1000 cd $tmpdir set status "Attaching [list $appname].dmg" update exec hdiutil attach [list $appname].dmg } "win32" { ~~~~http::~~geturl https://www.codebykevin.com/updates/[list $appname]_Setup.exe ~~-channel [open~~ $tmpdir/[list $appname]_Setup.exe w]~~ exec $getupdate https://www.codebykevin.com/updates/[list $appname]_Setup.exe > $tmpdir/[list $appname]_Setup.exe } "x11" { tk_messageBox -icon info -parent . -message "Please ask the maintainer of $appname on your platform to prepare a release of the latest version." return }
︙


	1 2	+ +	[InternetShortcut] URL=https://github.com/vszakats/harbour-deps










1 2 3 4 5 6 7 8 9 10	+ + + + + + + + + +	Visit the project page for details about these builds and the list of changes: https://github.com/vszakats/harbour-deps Please donate to support maintaining these builds: PayPal: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=2DZM6WAGRJWT6 Thank you!










































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	/* Copyright (c) 2004-2007 Sara Golemon <sarag@libssh2.org> * Copyright (c) 2005,2006 Mikhail Gusarov <dottedmag@dottedmag.net> * Copyright (c) 2006-2007 The Written Word, Inc. * Copyright (c) 2007 Eli Fant <elifantu@mail.ru> * Copyright (c) 2009-2014 Daniel Stenberg * Copyright (C) 2008, 2009 Simon Josefsson * All rights reserved. * * Redistribution and use in source and binary forms, * with or without modification, are permitted provided * that the following conditions are met: * * Redistributions of source code must retain the above * copyright notice, this list of conditions and the * following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials * provided with the distribution. * * Neither the name of the copyright holder nor the names * of any other contributors may be used to endorse or * promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY * OF SUCH DAMAGE. */























1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23	+ + + + + + + + + + + + + + + + + + + + + + +	The MIT License Copyright (c) 2012, 2014, 2015, 2016 Tatsuhiro Tsujikawa Copyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.



















































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	ZLIB DATA COMPRESSION LIBRARY zlib 1.2.11 is a general purpose data compression library. All the code is thread safe. The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to 1952 in the files http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and rfc1952 (gzip format). All functions of the compression library are documented in the file zlib.h (volunteer to write man pages welcome, contact zlib@gzip.org). A usage example of the library is given in the file test/example.c which also tests that the library is working correctly. Another example is given in the file test/minigzip.c. The compression library itself is composed of all source files in the root directory. To compile all files and run the test program, follow the instructions given at the top of Makefile.in. In short "./configure; make test", and if that goes well, "make install" should work for most flavors of Unix. For Windows, use one of the special makefiles in win32/ or contrib/vstudio/ . For VMS, use make_vms.com. Questions about zlib should be sent to <zlib@gzip.org>, or to Gilles Vollant <info@winimage.com> for the Windows DLL version. The zlib home page is http://zlib.net/ . Before reporting a problem, please check this site to verify that you have the latest version of zlib; otherwise get the latest version and check whether the problem still exists or not. PLEASE read the zlib FAQ http://zlib.net/zlib_faq.html before asking for help. Mark Nelson <markn@ieee.org> wrote an article about zlib for the Jan. 1997 issue of Dr. Dobb's Journal; a copy of the article is available at http://marknelson.us/1997/01/01/zlib-engine/ . The changes made in version 1.2.11 are documented in the file ChangeLog. Unsupported third party contributions are provided in directory contrib/ . zlib is available in Java using the java.util.zip package, documented at http://java.sun.com/developer/technicalArticles/Programming/compression/ . A Perl interface to zlib written by Paul Marquess <pmqs@cpan.org> is available at CPAN (Comprehensive Perl Archive Network) sites, including http://search.cpan.org/~pmqs/IO-Compress-Zlib/ . A Python interface to zlib written by A.M. Kuchling <amk@amk.ca> is available in Python 1.5 and later versions, see http://docs.python.org/library/zlib.html . zlib is built into tcl: http://wiki.tcl.tk/4610 . An experimental package to read and write files in .zip format, written on top of zlib by Gilles Vollant <info@winimage.com>, is available in the contrib/minizip directory of zlib. Notes for some targets: - For Windows DLL versions, please see win32/DLL_FAQ.txt - For 64-bit Irix, deflate.c must be compiled without any optimization. With -O, one libpng test fails. The test works in 32 bit mode (with the -n32 compiler flag). The compiler bug has been reported to SGI. - zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 it works when compiled with cc. - On Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1 is necessary to get gzprintf working correctly. This is done by configure. - zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works with other compilers. Use "make test" to check your compiler. - gzdopen is not supported on RISCOS or BEOS. - For PalmOs, see http://palmzlib.sourceforge.net/ Acknowledgments: The deflate format used by zlib was defined by Phil Katz. The deflate and zlib specifications were written by L. Peter Deutsch. Thanks to all the people who reported problems and suggested various improvements in zlib; they are too numerous to cite here. Copyright notice: (C) 1995-2017 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Jean-loup Gailly Mark Adler jloup@gzip.org madler@alumni.caltech.edu If you use the zlib library in a product, we would appreciate not receiving lengthy legal documents to sign. The sources are provided for free but without warranty of any kind. The library has been entirely written by Jean-loup Gailly and Mark Adler; it does not include third-party code. If you redistribute modified sources, we would appreciate that you include in the file ChangeLog history information documenting your changes. Please read the FAQ for more information on the distribution of modified source versions.






















1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22	+ + + + + + + + + + + + + + + + + + + + + +	COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1996 - 2017, Daniel Stenberg, <daniel@haxx.se>, and many contributors, see the THANKS file. All rights reserved. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization of the copyright holder.





























































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	LICENSE ISSUES ============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. OpenSSL License --------------- /* ==================================================================== * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * / Original SSLeay License ----------------------- / Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */

















































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	_ _ ____ _ ___\| \| \| \| _ \\| \| / __\| \| \| \| \|_) \| \| \| (__\| \|_\| \| _ <\| \|___ \___\|\___/\|_\| \_\_____\| README Curl is a command line tool for transferring data specified with URL syntax. Find out how to use curl by reading the curl.1 man page or the MANUAL document. Find out how to install Curl by reading the INSTALL document. libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl.3 man page to learn how! You find answers to the most frequent questions we get in the FAQ document. Study the COPYING file for distribution terms and similar. If you distribute curl binaries or other binaries that involve libcurl, you might enjoy the LICENSE-MIXING document. CONTACT If you have problems, questions, ideas or suggestions, please contact us by posting to a suitable mailing list. See https://curl.haxx.se/mail/ All contributors to the project are listed in the THANKS document. WEB SITE Visit the curl web site for the latest news and downloads: https://curl.haxx.se/ GIT To download the very latest source off the GIT server do this: git clone https://github.com/curl/curl.git (you'll get a directory named curl created, filled with the source code) NOTICE Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.







































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	Curl and libcurl 7.53.1 Public curl releases: 164 Command line options: 205 curl_easy_setopt() options: 244 Public functions in libcurl: 61 Contributors: 1507 This release includes the following bugfixes: o cyassl: fix typo o url: Improve CURLOPT_PROXY_CAPATH error handling [1] o urldata: include curl_sspi.h when Windows SSPI is enabled [2] o formdata: check for EOF when reading from stdin [3] o tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047 [4] o url: Default the proxy CA bundle location to CURL_CA_BUNDLE [5] o rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header [6] This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) This release would not have looked like this without help, code, reports and advice from friends like these: Dan Fandrich, Daniel Stenberg, İsmail Dönmez, jveazey on github, Ray Satiro, Sergii Pylypenko, Shachaf Ben-Kiki, Viktor Szakáts, (8 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: [1] = https://curl.haxx.se/bug/?i=1257 [2] = https://curl.haxx.se/bug/?i=1276 [3] = https://curl.haxx.se/bug/?i=1281 [4] = https://curl.haxx.se/bug/?i=1277 [5] = https://curl.haxx.se/bug/?i=1257 [6] = https://curl.haxx.se/bug/?i=1285










































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	libcurl bindings ================ Creative people have written bindings or interfaces for various environments and programming languages. Using one of these allows you to take advantage of curl powers from within your favourite language or system. This is a list of all known interfaces as of this writing. The bindings listed below are not part of the curl/libcurl distribution archives, but must be downloaded and installed separately. [Ada95](http://www.almroth.com/adacurl/index.html) Written by Andreas Almroth [Basic](http://scriptbasic.com/) ScriptBasic bindings written by Peter Verhas [C++](http://curlpp.org/) Written by Jean-Philippe Barrette-LaPierre [Ch](https://chcurl.sourceforge.io/) Written by Stephen Nestinger and Jonathan Rogado Cocoa: [BBHTTP](https://github.com/brunodecarvalho/BBHTTP) written by Bruno de Carvalho [curlhandle](https://github.com/karelia/curlhandle) Written by Dan Wood [D](https://dlang.org/library/std/net/curl.html) Written by Kenneth Bogert [Dylan](https://dylanlibs.sourceforge.io/) Written by Chris Double [Eiffel](https://room.eiffel.com/library/curl) Written by Eiffel Software [Euphoria](http://rays-web.com/eulibcurl.htm) Written by Ray Smith [Falcon](http://www.falconpl.org/index.ftd?page_id=prjs&prj_id=curl) [Ferite](http://www.ferite.org/) Written by Paul Querna [Gambas](https://gambas.sourceforge.io/) [glib/GTK+](http://atterer.net/glibcurl/) Written by Richard Atterer [Guile](http://www.lonelycactus.com/guile-curl.html) Written by Michael L. Gran [Harbour](https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl) Written by Viktor Szakáts [Haskell](https://hackage.haskell.org/cgi-bin/hackage-scripts/package/curl) Written by Galois, Inc [Java](https://github.com/pjlegato/curl-java) [Julia](https://github.com/forio/Curl.jl) Written by Paul Howe [Lisp](https://common-lisp.net/project/cl-curl/) Written by Liam Healy Lua: [luacurl](http://luacurl.luaforge.net/) by Alexander Marinov, [Lua-cURL](http://luaforge.net/projects/lua-curl/) by Jürgen Hötzel [Mono](https://forge.novell.com/modules/xfmod/project/?libcurl-mono) Written by Jeffrey Phillips [.NET](https://sourceforge.net/projects/libcurl-net/) libcurl-net by Jeffrey Phillips [node.js](https://github.com/JCMais/node-libcurl) node-libcurl by Jonathan Cardoso Machado [Object-Pascal](http://www.tekool.com/opcurl) Free Pascal, Delphi and Kylix binding written by Christophe Espern. [O'Caml](https://sourceforge.net/projects/ocurl/) Written by Lars Nilsson [Pascal](http://houston.quik.com/jkp/curlpas/) Free Pascal, Delphi and Kylix binding written by Jeffrey Pohlmeyer. [Perl](https://github.com/szbalint/WWW--Curl) Maintained by Cris Bailiff and Bálint Szilakszi [PHP](https://php.net/curl) Originally written by Sterling Hughes [PostgreSQL](http://gborg.postgresql.org/project/pgcurl/projdisplay.php) Written by Gian Paolo Ciceri [Python](http://pycurl.io/) PycURL by Kjetil Jacobsen [R](https://cran.r-project.org/package=curl) [Rexx](https://rexxcurl.sourceforge.io/) Written Mark Hessling RPG, support for ILE/RPG on OS/400 is included in source distribution Ruby: [curb](http://curb.rubyforge.org/) written by Ross Bamford, [ruby-curl-multi](http://curl-multi.rubyforge.org/) written by Kristjan Petursson and Keith Rarick [Rust](https://github.com/carllerche/curl-rust) curl-rust - by Carl Lerche [Scheme](https://www.metapaper.net/lisovsky/web/curl/) Bigloo binding by Kirill Lisovsky [S-Lang](http://www.jedsoft.org/slang/modules/curl.html) by John E Davis [Smalltalk](http://www.squeaksource.com/CurlPlugin/) Written by Danil Osipchuk [SP-Forth](http://www.forth.org.ru/~ac/lib/lin/curl/) Written by ygrek [SPL](http://www.clifford.at/spl/) Written by Clifford Wolf [Tcl](http://mirror.yellow5.com/tclcurl/) Tclcurl by Andrés García [Visual Basic](https://sourceforge.net/projects/libcurl-vb/) libcurl-vb by Jeffrey Phillips [Visual Foxpro](http://www.ctl32.com.ar/libcurl.asp) by Carlos Alloatti [Q](https://q-lang.sourceforge.io/) The libcurl module is part of the default install [wxWidgets](https://wxcode.sourceforge.io/components/wxcurl/) Written by Casey O'Donnell [XBLite](http://perso.wanadoo.fr/xblite/libraries.html) Written by David Szafranski [Xojo](https://github.com/charonn0/RB-libcURL) Written by Andrew Lambert




























































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	# checksrc This is the tool we use within the curl project to scan C source code and check that it adheres to our [Source Code Style guide](CODE_STYLE.md). ## Usage checksrc.pl [options] [file1] [file2] ... ## Command line options `-W[file]` whitelists that file and excludes it from being checked. Helpful when, for example, one of the files is generated. `-D[dir]` directory name to prepend to file names when accessing them. `-h` shows the help output, that also lists all recognized warnings ## What does checksrc warn for? checksrc does not check and verify the code against the entire style guide, but the script is instead an effort to detect the most common mistakes and syntax mistakes that contributors make before they get accustomed to our code style. Heck, many of us regulars do the mistakes too and this script helps us keep the code in shape. checksrc.pl -h Lists how to use the script and it lists all existing warnings it has and problems it detects. At the time of this writing, the existing checksrc warnings are: - `BADCOMMAND`: There's a bad !checksrc! instruction in the code. See the Ignore certain warnings section below for details. - `BANNEDFUNC`: A banned function was used. The functions sprintf, vsprintf, strcat, strncat, gets are never allowed in curl source code. - `BRACEELSE`: '} else' on the same line. The else is supposed to be on the following line. - `BRACEPOS`: wrong position for an open brace (`{`). - `COMMANOSPACE`: a comma without following space - `COPYRIGHT`: the file is missing a copyright statement! - `CPPCOMMENTS`: `//` comment detected, that's not C89 compliant - `FOPENMODE`: `fopen()` needs a macro for the mode string, use it - `INDENTATION`: detected a wrong start column for code. Note that this warning only checks some specific places and will certainly miss many bad indentations. - `LONGLINE`: A line is longer than 79 columns. - `PARENBRACE`: `){` was used without sufficient space in between. - `RETURNNOSPACE`: `return` was used without space between the keyword and the following value. - `SPACEAFTERPAREN`: there was a space after open parenthesis, `( text`. - `SPACEBEFORECLOSE`: there was a space before a close parenthesis, `text )`. - `SPACEBEFORECOMMA`: there was a space before a comma, `one , two`. - `SPACEBEFOREPAREN`: there was a space before an open parenthesis, `if (`, where one was not expected - `SPACESEMILCOLON`: there was a space before semicolon, ` ;`. - `TABS`: TAB characters are not allowed! - `TRAILINGSPACE`: Trailing white space on the line - `UNUSEDIGNORE`: a checksrc inlined warning ignore was asked for but not used, that's an ignore that should be removed or changed to get used. ## Ignore certain warnings Due to the nature of the source code and the flaws of the checksrc tool, there is sometimes a need to ignore specific warnings. checksrc allows a few different ways to do this. ### Inline ignore You can control what to ignore within a specific source file by providing instructions to checksrc in the source code itself. You need a magic marker that is `!checksrc!` followed by the instruction. The instruction can ask to ignore a specific warning N number of times or you ignore all of them until you mark the end of the ignored section. Inline ignores are only done for that single specific source code file. Example /* !checksrc! disable LONGLINE all / This will ignore the warning for overly long lines until it is re-enabled with: / !checksrc! enable LONGLINE / If the enabling isn't performed before the end of the file, it will be enabled automatically for the next file. You can also opt to ignore just N violations so that if you have a single long line you just can't shorten and is agreed to be fine anyway: / !checksrc! disable LONGLINE 1 */ ... and the warning for long lines will be enabled again automatically after it has ignored that single warning. The number `1` can of course be changed to any other integer number. It can be used to make sure only the exact intended instances are ignored and nothing extra. ### Directory wide ignore patterns This is a method we've transitioned away from. Use inline ignores as far as possible. Make a `checksrc.whitelist` file in the directory of the source code with the false positive, and include the full offending line into this file.
































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	Contributor Code of Conduct =========================== As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities. We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion. Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team. This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers. This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.1.0, available at [http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/)














































































































































































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	# curl C code style Source code that has a common style is easier to read than code that uses different styles in different places. It helps making the code feel like one single code base. Easy-to-read is a very important property of code and helps making it easier to review when new things are added and it helps debugging code when developers are trying to figure out why things go wrong. A unified style is more important than individual contributors having their own personal tastes satisfied. Our C code has a few style rules. Most of them are verified and upheld by the `lib/checksrc.pl` script. Invoked with `make checksrc` or even by default by the build system when built after `./configure --enable-debug` has been used. It is normally not a problem for anyone to follow the guidelines, as you just need to copy the style already used in the source code and there are no particularly unusual rules in our set of rules. We also work hard on writing code that are warning-free on all the major platforms and in general on as many platforms as possible. Code that obviously will cause warnings will not be accepted as-is. ## Naming Try using a non-confusing naming scheme for your new functions and variable names. It doesn't necessarily have to mean that you should use the same as in other places of the code, just that the names should be logical, understandable and be named according to what they're used for. File-local functions should be made static. We like lower case names. See the [INTERNALS](INTERNALS.md) document on how we name non-exported library-global symbols. ## Indenting We use only spaces for indentation, never TABs. We use two spaces for each new open brace. if(something_is_true) { while(second_statement == fine) { moo(); } } ## Comments Since we write C89 code, `//` comments are not allowed. They weren't introduced in the C standard until C99. We use only `/` and `/` comments: /* this is a comment / ## Long lines Source code in curl may never be wider than 79 columns and there are two reasons for maintaining this even in the modern era of very large and high resolution screens: 1. Narrower columns are easier to read than very wide ones. There's a reason newspapers have used columns for decades or centuries. 2. Narrower columns allow developers to easier show multiple pieces of code next to each other in different windows. I often have two or three source code windows next to each other on the same screen - as well as multiple terminal and debugging windows. ## Braces In if/while/do/for expressions, we write the open brace on the same line as the keyword and we then set the closing brace on the same indentation level as the initial keyword. Like this: if(age < 40) { / clearly a youngster / } You may omit the braces if they would contain only a one-line statement: if(!x) continue; For functions the opening brace should be on a separate line: int main(int argc, char argv) { return 1; } ## 'else' on the following line When adding an `else` clause to a conditional expression using braces, we add it on a new line after the closing brace. Like this: if(age < 40) { / clearly a youngster / } else { / probably grumpy / } ## No space before parentheses When writing expressions using if/while/do/for, there shall be no space between the keyword and the open parenthesis. Like this: while(1) { / loop forever / } ## Use boolean conditions Rather than test a conditional value such as a bool against TRUE or FALSE, a pointer against NULL or != NULL and an int against zero or not zero in if/while conditions we prefer: result = do_something(); if(!result) { / something went wrong / return result; } ## No assignments in conditions To increase readability and reduce complexity of conditionals, we avoid assigning variables within if/while conditions. We frown upon this style: if((ptr = malloc(100)) == NULL) return NULL; and instead we encourage the above version to be spelled out more clearly: ptr = malloc(100); if(!ptr) return NULL; ## New block on a new line We never write multiple statements on the same source line, even for very short if() conditions. if(a) return TRUE; else if(b) return FALSE; and NEVER: if(a) return TRUE; else if(b) return FALSE; ## Space around operators Please use spaces on both sides of operators in C expressions. Postfix `(), [], ->, ., ++, --` and Unary `+, - !, ~, &` operators excluded they should have no space. Examples: bla = func(); who = name[0]; age += 1; true = !false; size += -2 + 3 (a + b); ptr->member = a++; struct.field = b--; ptr = &address; contents = pointer; complement = ~bits; empty = (!string) ? TRUE : FALSE; ## Column alignment Some statements cannot be completed on a single line because the line would be too long, the statement too hard to read, or due to other style guidelines above. In such a case the statement will span multiple lines. If a continuation line is part of an expression or sub-expression then you should align on the appropriate column so that it's easy to tell what part of the statement it is. Operators should not start continuation lines. In other cases follow the 2-space indent guideline. Here are some examples from libcurl: ~~~c if(Curl_pipeline_wanted(handle->multi, CURLPIPE_HTTP1) && (handle->set.httpversion != CURL_HTTP_VERSION_1_0) && (handle->set.httpreq == HTTPREQ_GET \|\| handle->set.httpreq == HTTPREQ_HEAD)) /* didn't ask for HTTP/1.0 and a GET or HEAD */ return TRUE; ~~~ ~~~c case CURLOPT_KEEP_SENDING_ON_ERROR: data->set.http_keep_sending_on_error = (0 != va_arg(param, long)) ? TRUE : FALSE; break; ~~~ ~~~c data->set.http_disable_hostname_check_before_authentication = (0 != va_arg(param, long)) ? TRUE : FALSE; ~~~ ~~~c if(option) { result = parse_login_details(option, strlen(option), (userp ? &user : NULL), (passwdp ? &passwd : NULL), NULL); } ~~~ ~~~c DEBUGF(infof(data, "Curl_pp_readresp_ %d bytes of trailing " "server response left\n", (int)clipamount)); ~~~ ## Platform dependent code Use `#ifdef HAVE_FEATURE` to do conditional code. We avoid checking for particular operating systems or hardware in the #ifdef lines. The HAVE_FEATURE shall be generated by the configure script for unix-like systems and they are hard-coded in the config-[system].h files for the others. We also encourage use of macros/functions that possibly are empty or defined to constants when libcurl is built without that feature, to make the code seamless. Like this style where the `magic()` function works differently depending on a build-time conditional: #ifdef HAVE_MAGIC void magic(int a) { return a + 2; } #else #define magic(x) 1 #endif int content = magic(3);























































































































































































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	# Contributing to the curl project This document is intended to offer guidelines on how to best contribute to the curl project. This concerns new features as well as corrections to existing flaws or bugs. ## Learning curl ### Join the Community Skip over to [https://curl.haxx.se/mail/](https://curl.haxx.se/mail/) and join the appropriate mailing list(s). Read up on details before you post questions. Read this file before you start sending patches! We prefer questions sent to and discussions being held on the mailing list(s), not sent to individuals. Before posting to one of the curl mailing lists, please read up on the [mailing list etiquette](https://curl.haxx.se/mail/etiquette.html). We also hang out on IRC in #curl on irc.freenode.net If you're at all interested in the code side of things, consider clicking 'watch' on the [curl repo on github](https://github.com/curl/curl) to get notified on pull requests and new issues posted there. ### License and copyright When contributing with code, you agree to put your changes and new code under the same license curl and libcurl is already using unless stated and agreed otherwise. If you add a larger piece of code, you can opt to make that file or set of files to use a different license as long as they don't enforce any changes to the rest of the package and they make sense. Such "separate parts" can not be GPL licensed (as we don't want copyleft to affect users of libcurl) but they must use "GPL compatible" licenses (as we want to allow users to use libcurl properly in GPL licensed environments). When changing existing source code, you do not alter the copyright of the original file(s). The copyright will still be owned by the original creator(s) or those who have been assigned copyright by the original author(s). By submitting a patch to the curl project, you are assumed to have the right to the code and to be allowed by your employer or whatever to hand over that patch/code to us. We will credit you for your changes as far as possible, to give credit but also to keep a trace back to who made what changes. Please always provide us with your full real name when contributing! ### What To Read Source code, the man pages, the [INTERNALS document](https://curl.haxx.se/dev/internals.html), [TODO](https://curl.haxx.se/docs/todo.html), [KNOWN_BUGS](https://curl.haxx.se/docs/knownbugs.html) and the [most recent changes](https://curl.haxx.se/dev/sourceactivity.html) in git. Just lurking on the [curl-library mailing list](https://curl.haxx.se/mail/list.cgi?list=curl-library) will give you a lot of insights on what's going on right now. Asking there is a good idea too. ## Write a good patch ### Follow code style When writing C code, follow the [CODE_STYLE](https://curl.haxx.se/dev/code-style.html) already established in the project. Consistent style makes code easier to read and mistakes less likely to happen. Run `make checksrc` before you submit anything, to make sure you follow the basic style. That script doesn't verify everything, but if it complains you know you have work to do. ### Non-clobbering All Over When you write new functionality or fix bugs, it is important that you don't fiddle all over the source files and functions. Remember that it is likely that other people have done changes in the same source files as you have and possibly even in the same functions. If you bring completely new functionality, try writing it in a new source file. If you fix bugs, try to fix one bug at a time and send them as separate patches. ### Write Separate Changes It is annoying when you get a huge patch from someone that is said to fix 511 odd problems, but discussions and opinions don't agree with 510 of them - or 509 of them were already fixed in a different way. Then the person merging this change needs to extract the single interesting patch from somewhere within the huge pile of source, and that creates a lot of extra work. Preferably, each fix that corrects a problem should be in its own patch/commit with its own description/commit message stating exactly what they correct so that all changes can be selectively applied by the maintainer or other interested parties. Also, separate changes enable bisecting much better for tracking problems and regression in the future. ### Patch Against Recent Sources Please try to get the latest available sources to make your patches against. It makes the lives of the developers so much easier. The very best is if you get the most up-to-date sources from the git repository, but the latest release archive is quite OK as well! ### Documentation Writing docs is dead boring and one of the big problems with many open source projects. But someone's gotta do it! It makes things a lot easier if you submit a small description of your fix or your new features with every contribution so that it can be swiftly added to the package documentation. The documentation is always made in man pages (nroff formatted) or plain ASCII files. All HTML files on the web site and in the release archives are generated from the nroff/ASCII versions. ### Test Cases Since the introduction of the test suite, we can quickly verify that the main features are working as they're supposed to. To maintain this situation and improve it, all new features and functions that are added need to be tested in the test suite. Every feature that is added should get at least one valid test case that verifies that it works as documented. If every submitter also posts a few test cases, it won't end up as a heavy burden on a single person! If you don't have test cases or perhaps you have done something that is very hard to write tests for, do explain exactly how you have otherwise tested and verified your changes. ## Sharing Your Changes ### How to get your changes into the main sources Ideally you file a [pull request on github](https://github.com/curl/curl/pulls), but you can also send your plain patch to [the curl-library mailing list](https://curl.haxx.se/mail/list.cgi?list=curl-library). Either way, your change will be reviewed and discussed there and you will be expected to correct flaws pointed out and update accordingly, or the change risks stalling and eventually just getting deleted without action. As a submitter of a change, you are the owner of that change until it has been merged. Respond on the list or on github about the change and answer questions and/or fix nits/flaws. This is very important. We will take lack of replies as a sign that you're not very anxious to get your patch accepted and we tend to simply drop such changes. ### About pull requests With github it is easy to send a [pull request](https://github.com/curl/curl/pulls) to the curl project to have changes merged. We prefer pull requests to mailed patches, as it makes it a proper git commit that is easy to merge and they are easy to track and not that easy to loose in the flood of many emails, like they sometimes do on the mailing lists. When you adjust your pull requests after review, consider squashing the commits so that we can review the full updated version more easily. ### Making quality patches Make the patch against as recent source versions as possible. If you've followed the tips in this document and your patch still hasn't been incorporated or responded to after some weeks, consider resubmitting it to the list or better yet: change it to a pull request. ### Write good commit messages A short guide to how to write commit messages in the curl project. ---- start ---- [area]: [short line describing the main effect] -- empty line -- [full description, no wider than 72 columns that describe as much as possible as to why this change is made, and possibly what things it fixes and everything else that is related] -- empty line -- [Bug: URL to source of the report or more related discussion] [Reported-by: John Doe - credit the reporter] [whatever-else-by: credit all helpers, finders, doers] ---- stop ---- Don't forget to use commit --author="" if you commit someone else's work, and make sure that you have your own user and email setup correctly in git before you commit ### Write Access to git Repository If you are a very frequent contributor, you may be given push access to the git repository and then you'll be able to push your changes straight into the git repo instead of sending changes as pull requests or by mail as patches. Just ask if this is what you'd want. You will be required to have posted several high quality patches first, before you can be granted push access. ### How To Make a Patch with git You need to first checkout the repository: git clone https://github.com/curl/curl.git You then proceed and edit all the files you like and you commit them to your local repository: git commit [file] As usual, group your commits so that you commit all changes at once that constitute a logical change. Once you have done all your commits and you're happy with what you see, you can make patches out of your changes that are suitable for mailing: git format-patch remotes/origin/master This creates files in your local directory named NNNN-[name].patch for each commit. Now send those patches off to the curl-library list. You can of course opt to do that with the 'git send-email' command. ### How To Make a Patch without git Keep a copy of the unmodified curl sources. Make your changes in a separate source tree. When you think you have something that you want to offer the curl community, use GNU diff to generate patches. If you have modified a single file, try something like: diff -u unmodified-file.c my-changed-one.c > my-fixes.diff If you have modified several files, possibly in different directories, you can use diff recursively: diff -ur curl-original-dir curl-modified-sources-dir > my-fixes.diff The GNU diff and GNU patch tools exist for virtually all platforms, including all kinds of Unixes and Windows: For unix-like operating systems: - [https://savannah.gnu.org/projects/patch/](https://savannah.gnu.org/projects/patch/) - [https://www.gnu.org/software/diffutils/](https://www.gnu.org/software/diffutils/) For Windows: - [https://gnuwin32.sourceforge.io/packages/patch.htm](https://gnuwin32.sourceforge.io/packages/patch.htm) - [https://gnuwin32.sourceforge.io/packages/diffutils.htm](https://gnuwin32.sourceforge.io/packages/diffutils.htm)





















































































































































































































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	How curl Became Like This ========================= Towards the end of 1996, Daniel Stenberg was spending time writing an IRC bot for an Amiga related channel on EFnet. He then came up with the idea to make currency-exchange calculations available to Internet Relay Chat (IRC) users. All the necessary data were published on the Web; he just needed to automate their retrieval. Daniel simply adopted an existing command-line open-source tool, httpget, that Brazilian Rafael Sagula had written and recently released version 0.1 of. After a few minor adjustments, it did just what he needed. 1997 ---- HttpGet 1.0 was released on April 8th 1997 with brand new HTTP proxy support. We soon found and fixed support for getting currencies over GOPHER. Once FTP download support was added, the name of the project was changed and urlget 2.0 was released in August 1997. The http-only days were already passed. 1998 ---- The project slowly grew bigger. When upload capabilities were added and the name once again was misleading, a second name change was made and on March 20, 1998 curl 4 was released. (The version numbering from the previous names was kept.) (Unrelated to this project a company called Curl Corporation registered a US trademark on the name "CURL" on May 18 1998. That company had then already registered the curl.com domain back in November of the previous year. All this was revealed to us much later.) SSL support was added, powered by the SSLeay library. August: first announcement of curl on freshmeat.net. October: with the curl 4.9 release and the introduction of cookie support, curl was no longer released under the GPL license. Now we're at 4000 lines of code, we switched over to the MPL license to restrict the effects of "copyleft". November: configure script and reported successful compiles on several major operating systems. The never-quite-understood -F option was added and curl could now simulate quite a lot of a browser. TELNET support was added. Curl 5 was released in December 1998 and introduced the first ever curl man page. People started making Linux RPM packages out of it. 1999 ---- January: DICT support added. OpenSSL took over and SSLeay was abandoned. May: first Debian package. August: LDAP:// and FILE:// support added. The curl web site gets 1300 visits weekly. Moved site to curl.haxx.nu. September: Released curl 6.0. 15000 lines of code. December 28: added the project on Sourceforge and started using its services for managing the project. 2000 ---- Spring: major internal overhaul to provide a suitable library interface. The first non-beta release was named 7.1 and arrived in August. This offered the easy interface and turned out to be the beginning of actually getting other software and programs to be based on and powered by libcurl. Almost 20000 lines of code. June: the curl site moves to "curl.haxx.se" August, the curl web site gets 4000 visits weekly. The PHP guys adopted libcurl already the same month, when the first ever third party libcurl binding showed up. CURL has been a supported module in PHP since the release of PHP 4.0.2. This would soon get followers. More than 16 different bindings exist at the time of this writing. September: kerberos4 support was added. November: started the work on a test suite for curl. It was later re-written from scratch again. The libcurl major SONAME number was set to 1. 2001 ---- January: Daniel released curl 7.5.2 under a new license again: MIT (or MPL). The MIT license is extremely liberal and can be combined with GPL in other projects. This would finally put an end to the "complaints" from people involved in GPLed projects that previously were prohibited from using libcurl while it was released under MPL only. (Due to the fact that MPL is deemed "GPL incompatible".) March 22: curl supports HTTP 1.1 starting with the release of 7.7. This also introduced libcurl's ability to do persistent connections. 24000 lines of code. The libcurl major SONAME number was bumped to 2 due to this overhaul. The first experimental ftps:// support was added. August: curl is bundled in Mac OS X, 10.1. It was already becoming more and more of a standard utility of Linux distributions and a regular in the BSD ports collections. The curl web site gets 8000 visits weekly. Curl Corporation contacted Daniel to discuss "the name issue". After Daniel's reply, they have never since got back in touch again. September: libcurl 7.9 introduces cookie jar and curl_formadd(). During the forthcoming 7.9.x releases, we introduced the multi interface slowly and without many whistles. 2002 ---- June: the curl web site gets 13000 visits weekly. curl and libcurl is 35000 lines of code. Reported successful compiles on more than 40 combinations of CPUs and operating systems. To estimate number of users of the curl tool or libcurl library is next to impossible. Around 5000 downloaded packages each week from the main site gives a hint, but the packages are mirrored extensively, bundled with numerous OS distributions and otherwise retrieved as part of other software. September: with the release of curl 7.10 it is released under the MIT license only. 2003 ---- January: Started working on the distributed curl tests. The autobuilds. February: the curl site averages at 20000 visits weekly. At any given moment, there's an average of 3 people browsing the curl.haxx.se site. Multiple new authentication schemes are supported: Digest (May), NTLM (June) and Negotiate (June). November: curl 7.10.8 is released. 45000 lines of code. ~55000 unique visitors to the curl.haxx.se site. Five official web mirrors. December: full-fledged SSL for FTP is supported. 2004 ---- January: curl 7.11.0 introduced large file support. June: curl 7.12.0 introduced IDN support. 10 official web mirrors. This release bumped the major SONAME to 3 due to the removal of the curl_formparse() function August: Curl and libcurl 7.12.1 Public curl release number: 82 Releases counted from the very beginning: 109 Available command line options: 96 Available curl_easy_setopt() options: 120 Number of public functions in libcurl: 36 Amount of public web site mirrors: 12 Number of known libcurl bindings: 26 2005 ---- April: GnuTLS can now optionally be used for the secure layer when curl is built. April: Added the multi_socket() API September: TFTP support was added. More than 100,000 unique visitors of the curl web site. 25 mirrors. December: security vulnerability: libcurl URL Buffer Overflow 2006 ---- January: We dropped support for Gopher. We found bugs in the implementation that turned out to have been introduced years ago, so with the conclusion that nobody had found out in all this time we removed it instead of fixing it. March: security vulnerability: libcurl TFTP Packet Buffer Overflow September: The major SONAME number for libcurl was bumped to 4 due to the removal of ftp third party transfer support. November: Added SCP and SFTP support 2007 ---- February: Added support for the Mozilla NSS library to do the SSL/TLS stuff July: security vulnerability: libcurl GnuTLS insufficient cert verification 2008 ---- November: Command line options: 128 curl_easy_setopt() options: 158 Public functions in libcurl: 58 Known libcurl bindings: 37 Contributors: 683 145,000 unique visitors. >100 GB downloaded. 2009 ---- March: security vulnerability: libcurl Arbitrary File Access August: security vulnerability: libcurl embedded zero in cert name December: Added support for IMAP, POP3 and SMTP 2010 ---- January: Added support for RTSP February: security vulnerability: libcurl data callback excessive length March: The project switched over to use git (hosted by github) instead of CVS for source code control May: Added support for RTMP Added support for PolarSSL to do the SSL/TLS stuff August: Public curl releases: 117 Command line options: 138 curl_easy_setopt() options: 180 Public functions in libcurl: 58 Known libcurl bindings: 39 Contributors: 808 Gopher support added (re-added actually, see January 2006) 2012 ---- July: Added support for Schannel (native Windows TLS backend) and Darwin SSL (Native Mac OS X and iOS TLS backend). Supports metalink October: SSH-agent support. 2013 ---- February: Cleaned up internals to always uses the "multi" non-blocking approach internally and only expose the blocking API with a wrapper. September: First small steps on supporting HTTP/2 with nghttp2. October: Removed krb4 support. December: Happy eyeballs. 2014 ---- March: first real release supporting HTTP/2 September: Web site had 245,000 unique visitors and served 236GB data








































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	# HTTP Cookies ## Cookie overview Cookies are `name=contents` pairs that a HTTP server tells the client to hold and then the client sends back those to the server on subsequent requests to the same domains and paths for which the cookies were set. Cookies are either "session cookies" which typically are forgotten when the session is over which is often translated to equal when browser quits, or the cookies aren't session cookies they have expiration dates after which the client will throw them away. Cookies are set to the client with the Set-Cookie: header and are sent to servers with the Cookie: header. For a very long time, the only spec explaining how to use cookies was the original [Netscape spec from 1994](https://curl.haxx.se/rfc/cookie_spec.html). In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally published and details how cookies work within HTTP. ## Cookies saved to disk Netscape once created a file format for storing cookies on disk so that they would survive browser restarts. curl adopted that file format to allow sharing the cookies with browsers, only to see browsers move away from that format. Modern browsers no longer use it, while curl still does. The netscape cookie file format stores one cookie per physical line in the file with a bunch of associated meta data, each field separated with TAB. That file is called the cookiejar in curl terminology. When libcurl saves a cookiejar, it creates a file header of its own in which there is a URL mention that will link to the web version of this document. ## Cookies with curl the command line tool curl has a full cookie "engine" built in. If you just activate it, you can have curl receive and send cookies exactly as mandated in the specs. Command line options: `-b, --cookie` tell curl a file to read cookies from and start the cookie engine, or if it isn't a file it will pass on the given string. -b name=var works and so does -b cookiefile. `-j, --junk-session-cookies` when used in combination with -b, it will skip all "session cookies" on load so as to appear to start a new cookie session. `-c, --cookie-jar` tell curl to start the cookie engine and write cookies to the given file after the request(s) ## Cookies with libcurl libcurl offers several ways to enable and interface the cookie engine. These options are the ones provided by the native API. libcurl bindings may offer access to them using other means. `CURLOPT_COOKIE` Is used when you want to specify the exact contents of a cookie header to send to the server. `CURLOPT_COOKIEFILE` Tell libcurl to activate the cookie engine, and to read the initial set of cookies from the given file. Read-only. `CURLOPT_COOKIEJAR` Tell libcurl to activate the cookie engine, and when the easy handle is closed save all known cookies to the given cookiejar file. Write-only. `CURLOPT_COOKIELIST` Provide detailed information about a single cookie to add to the internal storage of cookies. Pass in the cookie as a HTTP header with all the details set, or pass in a line from a netscape cookie file. This option can also be used to flush the cookies etc. `CURLINFO_COOKIELIST` Extract cookie information from the internal cookie storage as a linked list. ## Cookies with javascript These days a lot of the web is built up by javascript. The webbrowser loads complete programs that render the page you see. These javascript programs can also set and access cookies. Since curl and libcurl are plain HTTP clients without any knowledge of or capability to handle javascript, such cookies will not be detected or used. Often, if you want to mimic what a browser does on such web sites, you can record web browser HTTP traffic when using such a site and then repeat the cookie operations using curl or libcurl.






























































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	HTTP/2 with curl ================ [HTTP/2 Spec](https://www.rfc-editor.org/rfc/rfc7540.txt) [http2 explained](https://daniel.haxx.se/http2/) Build prerequisites ------------------- - nghttp2 - OpenSSL, libressl, BoringSSL, NSS, GnutTLS, mbedTLS, wolfSSL or SChannel with a new enough version. [nghttp2](https://nghttp2.org/) ------------------------------- libcurl uses this 3rd party library for the low level protocol handling parts. The reason for this is that HTTP/2 is much more complex at that layer than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already existing and well functional library. We require at least version 1.0.0. Over an http:// URL ------------------- If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will include an upgrade header in the initial request to the host to allow upgrading to HTTP/2. Possibly we can later introduce an option that will cause libcurl to fail if not possible to upgrade. Possibly we introduce an option that makes libcurl use HTTP/2 at once over http:// Over an https:// URL -------------------- If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce an option that will cause libcurl to fail if not possible to use HTTP/2. `CURL_HTTP_VERSION_2TLS` was added in 7.47.0 as a way to ask libcurl to prefer HTTP/2 for HTTPS but stick to 1.1 by default for plain old HTTP connections. ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is for a similar purpose, was made prior to ALPN and is used for SPDY so early HTTP/2 servers are implemented using NPN before ALPN support is widespread. `CURLOPT_SSL_ENABLE_ALPN` and `CURLOPT_SSL_ENABLE_NPN` are offered to allow applications to explicitly disable ALPN or NPN. SSL libs -------- The challenge is the ALPN and NPN support and all our different SSL backends. You may need a fairly updated SSL library version for it to provide the necessary TLS features. Right now we support: - OpenSSL: ALPN and NPN - libressl: ALPN and NPN - BoringSSL: ALPN and NPN - NSS: ALPN and NPN - GnuTLS: ALPN - mbedTLS: ALPN - SChannel: ALPN - wolfSSL: ALPN Multiplexing ------------ Starting in 7.43.0, libcurl fully supports HTTP/2 multiplexing, which is the term for doing multiple independent transfers over the same physical TCP connection. To take advantage of multiplexing, you need to use the multi interface and set `CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl will attempt to re-use existing HTTP/2 connections and just add a new stream over that when doing subsequent parallel requests. While libcurl sets up a connection to a HTTP server there is a period during which it doesn't know if it can pipeline or do multiplexing and if you add new transfers in that period, libcurl will default to start new connections for those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you can ask that a transfer should rather wait and see in case there's a connection for the same host in progress that might end up being possible to multiplex on. It favours keeping the number of connections low to the cost of slightly longer time to first byte transferred. Applications ------------ We hide HTTP/2's binary nature and convert received HTTP/2 traffic to headers in HTTP 1.1 style. This allows applications to work unmodified. curl tool --------- curl offers the `--http2` command line option to enable use of HTTP/2. curl offers the `--http2-prior-knowledge` command line option to enable use of HTTP/2 without HTTP/1.1 Upgrade. Since 7.47.0, the curl tool enables HTTP/2 by default for HTTPS connections. curl tool limitations --------------------- The command line tool won't do any HTTP/2 multiplexing even though libcurl supports it, simply because the curl tool is not written to take advantage of the libcurl API that's necessary for this (the multi interface). We have an outstanding TODO item for this and you can help us make it happen. The command line tool also doesn't support HTTP/2 server push for the same reason it doesn't do multiplexing: it needs to use the multi interface for that so that multiplexing is supported. HTTP Alternative Services ------------------------- Alt-Svc is an extension with a corresponding frame (ALTSVC) in HTTP/2 that tells the client about an alternative "route" to the same content for the same origin server that you get the response from. A browser or long-living client can use that hint to create a new connection asynchronously. For libcurl, we may introduce a way to bring such clues to the application and/or let a subsequent request use the alternate route automatically. [Detailed in RFC 7838](https://tools.ietf.org/html/rfc7838)









1 2 3 4 5 6 7 8 9	+ + + + + + + + +	_ _ ____ _ ___\| \| \| \| _ \\| \| / __\| \| \| \| \|_) \| \| \| (__\| \|_\| \| _ <\| \|___ \___\|\___/\|_\| \_\_____\| How To Compile see INSTALL.md































































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	License Mixing ============== libcurl can be built to use a fair amount of various third party libraries, libraries that are written and provided by other parties that are distributed using their own licenses. Even libcurl itself contains code that may cause problems to some. This document attempts to describe what licenses libcurl and the other libraries use and what possible dilemmas linking and mixing them all can lead to for end users. I am not a lawyer and this is not legal advice! One common dilemma is that [GPL](https://www.gnu.org/licenses/gpl.html) licensed code is not allowed to be linked with code licensed under the [Original BSD license](https://spdx.org/licenses/BSD-4-Clause.html) (with the announcement clause). You may still build your own copies that use them all, but distributing them as binaries would be to violate the GPL license - unless you accompany your license with an [exception](https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs). This particular problem was addressed when the [Modified BSD license](https://opensource.org/licenses/BSD-3-Clause) was created, which does not have the announcement clause that collides with GPL. ## libcurl Uses an [MIT style license](https://curl.haxx.se/docs/copyright.html) that is very liberal. ## OpenSSL (May be used for SSL/TLS support) Uses an Original BSD-style license with an announcement clause that makes it "incompatible" with GPL. You are not allowed to ship binaries that link with OpenSSL that includes GPL code (unless that specific GPL code includes an exception for OpenSSL - a habit that is growing more and more common). If OpenSSL's licensing is a problem for you, consider using another TLS library. ## GnuTLS (May be used for SSL/TLS support) Uses the [LGPL](https://www.gnu.org/licenses/lgpl.html) license. If this is a problem for you, consider using another TLS library. Also note that GnuTLS itself depends on and uses other libs (libgcrypt and libgpg-error) and they too are LGPL- or GPL-licensed. ## WolfSSL (May be used for SSL/TLS support) Uses the GPL license or a proprietary license. If this is a problem for you, consider using another TLS library. ## NSS (May be used for SSL/TLS support) Is covered by the [MPL](https://www.mozilla.org/MPL/) license, the GPL license and the LGPL license. You may choose to license the code under MPL terms, GPL terms, or LGPL terms. These licenses grant you different permissions and impose different obligations. You should select the license that best meets your needs. ## axTLS (May be used for SSL/TLS support) Uses a Modified BSD-style license. ## mbedTLS (May be used for SSL/TLS support) Uses the [Apache 2.0 license](https://opensource.org/licenses/Apache-2.0) or the GPL license. You may choose to license the code under Apache 2.0 terms or GPL terms. These licenses grant you different permissions and impose different obligations. You should select the license that best meets your needs. ## BoringSSL (May be used for SSL/TLS support) As an OpenSSL fork, it has the same license as that. ## libressl (May be used for SSL/TLS support) As an OpenSSL fork, it has the same license as that. ## c-ares (Used for asynchronous name resolves) Uses an MIT license that is very liberal and imposes no restrictions on any other library or part you may link with. ## zlib (Used for compressed Transfer-Encoding support) Uses an MIT-style license that shouldn't collide with any other library. ## MIT Kerberos (May be used for GSS support) MIT licensed, that shouldn't collide with any other parts. ## Heimdal (May be used for GSS support) Heimdal is Original BSD licensed with the announcement clause. ## GNU GSS (May be used for GSS support) GNU GSS is GPL licensed. Note that you may not distribute binary curl packages that uses this if you build curl to also link and use any Original BSD licensed libraries! ## libidn (Used for IDNA support) Uses the GNU Lesser General Public License [3]. LGPL is a variation of GPL with slightly less aggressive "copyleft". This license requires more requirements to be met when distributing binaries, see the license for details. Also note that if you distribute a binary that includes this library, you must also include the full LGPL license text. Please properly point out what parts of the distributed package that the license addresses. ## OpenLDAP (Used for LDAP support) Uses a Modified BSD-style license. Since libcurl uses OpenLDAP as a shared library only, I have not heard of anyone that ships OpenLDAP linked with libcurl in an app. ## libssh2 (Used for scp and sftp support) libssh2 uses a Modified BSD-style license.



























































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	curl release procedure - how to do a release ============================================ in the source code repo ----------------------- - edit `RELEASE-NOTES` to be accurate - update `docs/THANKS` - make sure all relevant changes are committed on the master branch - tag the git repo in this style: `git tag -a curl-7_34_0`. -a annotates the tag and we use underscores instead of dots in the version number. - run "./maketgz 7.34.0" to build the release tarballs. It is important that you run this on a machine with the correct set of autotools etc installed as this is what then will be shipped and used by most users on *nix like systems. - push the git commits and the new tag - gpg sign the 4 tarballs as maketgz suggests - upload the 8 resulting files to the primary download directory in the curl-www repo -------------------- - edit `Makefile` (version number and date), - edit `_newslog.html` (announce the new release) and - edit `_changes.html` (insert changes+bugfixes from RELEASE-NOTES) - commit all local changes - tag the repo with the same tag as used for the source repo - make sure all relevant changes are committed and pushed on the master branch (the web site then updates its contents automatically) on github --------- - edit the newly made release tag so that it is listed as the latest release inform ------ - send an email to curl-users, curl-announce and curl-library. Insert the RELEASE-NOTES into the mail. celebrate --------- - suitable beverage intake is encouraged for the festivities curl release scheduling ======================= Basics ------ We do releases every 8 weeks on Wednesdays. If critical problems arise, we can insert releases outside of the schedule or we can move the release date - but this is very rare. Each 8 week release cycle is split in two 4-week periods. - During the first 4 weeks after a release, we allow new features and changes to curl and libcurl. If we accept any such changes, we bump the minor number used for the next release. - During the second 4-week period we do not merge any features or changes, we then only focus on fixing bugs and polishing things to make a solid coming release. Coming dates ------------ Based on the description above, here are some planned release dates (at the time of this writing): - February 22, 2017 (version 7.53.0) - April 19, 2017 - June 14, 2017 - August 9, 2017 - October 4, 2017 - December 29, 2017



















































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	_ _ ____ _ Project ___\| \| \| \| _ \\| \| / __\| \| \| \| \|_) \| \| \| (__\| \|_\| \| _ <\| \|___ \___\|\___/\|_\| \_\_____\| This document lists documents and standards used by curl. RFC 959 - The FTP protocol RFC 1635 - How to Use Anonymous FTP RFC 1738 - Uniform Resource Locators RFC 1777 - defines the LDAP protocol RFC 1808 - Relative Uniform Resource Locators RFC 1867 - Form-based File Upload in HTML RFC 1950 - ZLIB Compressed Data Format Specification RFC 1951 - DEFLATE Compressed Data Format Specification RFC 1952 - gzip compression format RFC 1959 - LDAP URL syntax RFC 2045-2049 - Everything you need to know about MIME! (needed for form based upload) RFC 2068 - HTTP 1.1 (obsoleted by RFC 2616) RFC 2104 - Keyed-Hashing for Message Authentication RFC 2109 - HTTP State Management Mechanism (cookie stuff) - Also, read Netscape's specification at https://curl.haxx.se/rfc/cookie_spec.html RFC 2183 - The Content-Disposition Header Field RFC 2195 - CRAM-MD5 authentication RFC 2229 - A Dictionary Server Protocol RFC 2255 - Newer LDAP URL syntax document. RFC 2231 - MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations RFC 2388 - "Returning Values from Forms: multipart/form-data" Use this as an addition to the RFC1867 RFC 2396 - "Uniform Resource Identifiers: Generic Syntax and Semantics" This one obsoletes RFC 1738, but since RFC 1738 is often mentioned I've left it in this list. RFC 2428 - FTP Extensions for IPv6 and NATs RFC 2577 - FTP Security Considerations RFC 2616 - HTTP 1.1, the latest RFC 2617 - HTTP Authentication RFC 2718 - Guidelines for new URL Schemes RFC 2732 - Format for Literal IPv6 Addresses in URL's RFC 2818 - HTTP Over TLS (TLS is the successor to SSL) RFC 2821 - SMTP protocol RFC 2964 - Use of HTTP State Management RFC 2965 - HTTP State Management Mechanism. Cookies. Obsoletes RFC2109 RFC 3207 - SMTP over TLS RFC 4616 - PLAIN authentication RFC 4954 - SMTP Authentication






















































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	curl the next few years - perhaps ================================= Roadmap of things Daniel Stenberg and Steve Holme want to work on next. It is intended to serve as a guideline for others for information, feedback and possible participation. QUIC ---- The standardization process of QUIC has been taken to the IETF and can be followed on the [IETF QUIC Mailing list](https://www.ietf.org/mailman/listinfo/quic). I'd like us to get on the bandwagon. Ideally, this would be done with a separate library/project to handle the binary/framing layer in a similar fashion to how HTTP/2 is implemented. This, to allow other projects to benefit from the work and to thus broaden the interest and chance of others to participate. HTTP cookies ------------ Two cookie drafts have been adopted by the httpwg in IETF and we should support them as the popular browsers will as well: [Deprecate modification of 'secure' cookies from non-secure origins](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-00) [Cookie Prefixes](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00) [Firefox bug report about secure cookies](https://bugzilla.mozilla.org/show_bug.cgi?id=976073) SRV records ----------- How to find services for specific domains/hosts. curl_formadd() -------------- make sure there's an easy handle passed in to `curl_formadd()`, `curl_formget()` and `curl_formfree()` by adding replacement functions and deprecating the old ones to allow custom mallocs and more. Or perhaps even better: revamp the formpost API completely while we're at it and making something that is easier to use and understand: https://github.com/curl/curl/wiki/formpost-API-redesigned Third-party SASL ---------------- Add support for third-party SASL libraries such as Cyrus SASL. SASL authentication in LDAP --------------------------- ... Simplify the SMTP email ----------------------- Simplify the SMTP email interface so that programmers don't have to construct the body of an email that contains all the headers, alternative content, images and attachments - maintain raw interface so that programmers that want to do this can email capabilities ------------------ Allow the email protocols to return the capabilities before authenticating. This will allow an application to decide on the best authentication mechanism Win32 pthreads -------------- Allow Windows threading model to be replaced by Win32 pthreads port dynamic buffer size ------------------- Implement a dynamic buffer size to allow SFTP to use much larger buffers and possibly allow the size to be customizable by applications. Use less memory when handles are not in use? New stuff - curl ---------------- 1. Embed a language interpreter (lua?). For that middle ground where curl isn’t enough and a libcurl binding feels “too much”. Build-time conditional of course. 2. Simplify the SMTP command line so that the headers and multi-part content don't have to be constructed before calling curl Improve ------- 1. build for windows (considered hard by many users) 2. curl -h output (considered overwhelming to users) 3. we have > 200 command line options, is there a way to redo things to simplify or improve the situation as we are likely to keep adding features/options in the future too 4. authentication framework (consider merging HTTP and SASL authentication to give one API for protocols to call) 5. Perform some of the clean up from the TODO document, removing old definitions and such like that are currently earmarked to be removed years ago Remove ------ 1. makefile.vc files as there is no point in maintaining two sets of Windows makefiles. Note: These are currently being used by the Windows autobuilds




















































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	curl security for developers ============================ This document is intended to provide guidance to curl developers on how security vulnerabilities should be handled. Publishing Information ---------------------- All known and public curl or libcurl related vulnerabilities are listed on [the curl web site security page](https://curl.haxx.se/docs/security.html). Security vulnerabilities should not be entered in the project's public bug tracker unless the necessary configuration is in place to limit access to the issue to only the reporter and the project's security team. Vulnerability Handling ---------------------- The typical process for handling a new security vulnerability is as follows. No information should be made public about a vulnerability until it is formally announced at the end of this process. That means, for example that a bug tracker entry must NOT be created to track the issue since that will make the issue public and it should not be discussed on any of the project's public mailing lists. Also messages associated with any commits should not make any reference to the security nature of the commit if done prior to the public announcement. - The person discovering the issue, the reporter, reports the vulnerability privately to `curl-security@haxx.se`. That's an email alias that reaches a handful of selected and trusted people. - Messages that do not relate to the reporting or managing of an undisclosed security vulnerability in curl or libcurl are ignored and no further action is required. - A person in the security team sends an e-mail to the original reporter to acknowledge the report. - The security team investigates the report and either rejects it or accepts it. - If the report is rejected, the team writes to the reporter to explain why. - If the report is accepted, the team writes to the reporter to let him/her know it is accepted and that they are working on a fix. - The security team discusses the problem, works out a fix, considers the impact of the problem and suggests a release schedule. This discussion should involve the reporter as much as possible. - The release of the information should be "as soon as possible" and is most often synced with an upcoming release that contains the fix. If the reporter, or anyone else, thinks the next planned release is too far away then a separate earlier release for security reasons should be considered. - Write a security advisory draft about the problem that explains what the problem is, its impact, which versions it affects, solutions or workarounds, when the release is out and make sure to credit all contributors properly. - Request a CVE number from [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros) when also informing and preparing them for the upcoming public security vulnerability announcement - attach the advisory draft for information. Note that 'distros' won't accept an embargo longer than 19 days and they do not care for Windows-specific flaws. For windows-specific flaws, request CVE directly from MITRE. - Update the "security advisory" with the CVE number. - The security team commits the fix in a private branch. The commit message should ideally contain the CVE number. This fix is usually also distributed to the 'distros' mailing list to allow them to use the fix prior to the public announcement. - No more than 48 hours before the release, the private branch is merged into the master branch and pushed. Once pushed, the information is accessible to the public and the actual release should follow suit immediately afterwards. The time between the push and the release is used for final tests and reviews. - The project team creates a release that includes the fix. - The project team announces the release and the vulnerability to the world in the same manner we always announce releases. It gets sent to the curl-announce, curl-library and curl-users mailing lists. - The security web page on the web site should get the new vulnerability mentioned. Pre-notification ---------------- If you think you are or should be eligible for a pre-notification about upcoming security announcements for curl, we urge OS distros and similar vendors to primarily join the distros@openwall list as that is one of the purposes of that list - and not just for curl of course. If you are not a distro or otherwise not suitable for distros@openwall and yet want pre-notifications from us, contact the curl security team with a detailed and clear explanation why this is the case. curl-security (at haxx dot se) ------------------------------ Who is on this list? There are a couple of criteria you must meet, and then we might ask you to join the list or you can ask to join it. It really isn't very formal. We basically only require that you have a long-term presence in the curl project and you have shown an understanding for the project and its way of working. You must've been around for a good while and you should have no plans in vanishing in the near future. We do not make the list of participants public mostly because it tends to vary somewhat over time and a list somewhere will only risk getting outdated.



































































































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	SSL Certificate Verification ============================ SSL is TLS ---------- SSL is the old name. It is called TLS these days. Native SSL ---------- If libcurl was built with Schannel or Secure Transport support (the native SSL libraries included in Windows and Mac OS X), then this does not apply to you. Scroll down for details on how the OS-native engines handle SSL certificates. If you're not sure, then run "curl -V" and read the results. If the version string says "WinSSL" in it, then it was built with Schannel support. It is about trust ----------------- This system is about trust. In your local CA certificate store you have certs from trusted Certificate Authorities that you then can use to verify that the server certificates you see are valid. They're signed by one of the CAs you trust. Which CAs do you trust? You can decide to trust the same set of companies your operating system trusts, or the set one of the known browsers trust. That's basically trust via someone else you trust. You should just be aware that modern operating systems and browsers are setup to trust hundreds of companies and recent years several such CAs have been found untrustworthy. Certificate Verification ------------------------ libcurl performs peer SSL certificate verification by default. This is done by using a CA certificate store that the SSL library can use to make sure the peer's server certificate is valid. If you communicate with HTTPS, FTPS or other TLS-using servers using certificates that are signed by CAs present in the store, you can be sure that the remote server really is the one it claims to be. If the remote server uses a self-signed certificate, if you don't install a CA cert store, if the server uses a certificate signed by a CA that isn't included in the store you use or if the remote host is an impostor impersonating your favorite site, and you want to transfer files from this server, do one of the following: 1. Tell libcurl to not verify the peer. With libcurl you disable this with `curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);` With the curl command line tool, you disable this with -k/--insecure. 2. Get a CA certificate that can verify the remote server and use the proper option to point out this CA cert for verification when connecting. For libcurl hackers: `curl_easy_setopt(curl, CURLOPT_CAPATH, capath);` With the curl command line tool: --cacert [file] 3. Add the CA cert for your server to the existing default CA certificate store. The default CA certificate store can changed at compile time with the following configure options: --with-ca-bundle=FILE: use the specified file as CA certificate store. CA certificates need to be concatenated in PEM format into this file. --with-ca-path=PATH: use the specified path as CA certificate store. CA certificates need to be stored as individual PEM files in this directory. You may need to run c_rehash after adding files there. If neither of the two options is specified, configure will try to auto-detect a setting. It's also possible to explicitly not hardcode any default store but rely on the built in default the crypto library may provide instead. You can achieve that by passing both --without-ca-bundle and --without-ca-path to the configure script. If you use Internet Explorer, this is one way to get extract the CA cert for a particular server: - View the certificate by double-clicking the padlock - Find out where the CA certificate is kept (Certificate> Authority Information Access>URL) - Get a copy of the crt file using curl - Convert it from crt to PEM using the openssl tool: openssl x509 -inform DES -in yourdownloaded.crt \ -out outcert.pem -text - Add the 'outcert.pem' to the CA certificate store or use it stand-alone as described below. If you use the 'openssl' tool, this is one way to get extract the CA cert for a particular server: - `openssl s_client -connect xxxxx.com:443 \|tee logfile` - type "QUIT", followed by the "ENTER" key - The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE" markers. - If you want to see the data in the certificate, you can do: "openssl x509 -inform PEM -in certfile -text -out certdata" where certfile is the cert you extracted from logfile. Look in certdata. - If you want to trust the certificate, you can add it to your CA certificate store or use it stand-alone as described. Just remember that the security is no better than the way you obtained the certificate. 4. If you're using the curl command line tool, you can specify your own CA cert path by setting the environment variable `CURL_CA_BUNDLE` to the path of your choice. If you're using the curl command line tool on Windows, curl will search for a CA cert file named "curl-ca-bundle.crt" in these directories and in this order: 1. application's directory 2. current working directory 3. Windows System directory (e.g. C:\windows\system32) 4. Windows Directory (e.g. C:\windows) 5. all directories along %PATH% 5. Get a better/different/newer CA cert bundle! One option is to extract the one a recent Firefox browser uses by running 'make ca-bundle' in the curl build tree root, or possibly download a version that was generated this way for you: [CA Extract](https://curl.haxx.se/docs/caextract.html) Neglecting to use one of the above methods when dealing with a server using a certificate that isn't signed by one of the certificates in the installed CA certificate store, will cause SSL to report an error ("certificate verify failed") during the handshake and SSL will then refuse further communication with that server. Certificate Verification with NSS --------------------------------- If libcurl was built with NSS support, then depending on the OS distribution, it is probably required to take some additional steps to use the system-wide CA cert db. RedHat ships with an additional module, libnsspem.so, which enables NSS to read the OpenSSL PEM CA bundle. On openSUSE you can install p11-kit-nss-trust which makes NSS use the system wide CA certificate store. NSS also has a new [database format](https://wiki.mozilla.org/NSS_Shared_DB). Starting with version 7.19.7, libcurl automatically adds the 'sql:' prefix to the certdb directory (either the hardcoded default /etc/pki/nssdb or the directory configured with SSL_DIR environment variable). To check which certdb format your distribution provides, examine the default certdb location: /etc/pki/nssdb; the new certdb format can be identified by the filenames cert9.db, key4.db, pkcs11.txt; filenames of older versions are cert8.db, key3.db, secmod.db. Certificate Verification with Schannel and Secure Transport ----------------------------------------------------------- If libcurl was built with Schannel (Microsoft's native TLS engine) or Secure Transport (Apple's native TLS engine) support, then libcurl will still perform peer certificate verification, but instead of using a CA cert bundle, it will use the certificates that are built into the OS. These are the same certificates that appear in the Internet Options control panel (under Windows) or Keychain Access application (under OS X). Any custom security rules for certificates will be honored. Schannel will run CRL checks on certificates unless peer verification is disabled. Secure Transport on iOS will run OCSP checks on certificates unless peer verification is disabled. Secure Transport on OS X will run either OCSP or CRL checks on certificates if those features are enabled, and this behavior can be adjusted in the preferences of Keychain Access.
























































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	Version Numbers and Releases ============================ Curl is not only curl. Curl is also libcurl. They're actually individually versioned, but they mostly follow each other rather closely. The version numbering is always built up using the same system: X.Y.Z - X is main version number - Y is release number - Z is patch number ## Bumping numbers One of these numbers will get bumped in each new release. The numbers to the right of a bumped number will be reset to zero. If Z is zero, it may not be included in the version number. The main version number will get bumped when really big, world colliding changes are made. The release number is bumped when changes are performed or things/features are added. The patch number is bumped when the changes are mere bugfixes. It means that after release 1.2.3, we can release 2.0 if something really big has been made, 1.3 if not that big changes were made or 1.2.4 if mostly bugs were fixed. Bumping, as in increasing the number with 1, is unconditionally only affecting one of the numbers (except the ones to the right of it, that may be set to zero). 1 becomes 2, 3 becomes 4, 9 becomes 10, 88 becomes 89 and 99 becomes 100. So, after 1.2.9 comes 1.2.10. After 3.99.3, 3.100 might come. All original curl source release archives are named according to the libcurl version (not according to the curl client version that, as said before, might differ). As a service to any application that might want to support new libcurl features while still being able to build with older versions, all releases have the libcurl version stored in the curl/curlver.h file using a static numbering scheme that can be used for comparison. The version number is defined as: #define LIBCURL_VERSION_NUM 0xXXYYZZ Where XX, YY and ZZ are the main version, release and patch numbers in hexadecimal. All three number fields are always represented using two digits (eight bits each). 1.2 would appear as "0x010200" while version 9.11.7 appears as "0x090b07". This 6-digit hexadecimal number is always a greater number in a more recent release. It makes comparisons with greater than and less than work. This number is also available as three separate defines: `LIBCURL_VERSION_MAJOR`, `LIBCURL_VERSION_MINOR` and `LIBCURL_VERSION_PATCH`.




































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	ABI - Application Binary Interface ================================== "ABI" describes the low-level interface between an application program and a library. Calling conventions, function arguments, return values, struct sizes/defines and more. [Wikipedia has a longer description](https://en.wikipedia.org/wiki/Application_binary_interface) Upgrades -------- In the vast majority of all cases, a typical libcurl upgrade does not break the ABI at all. Your application can remain using libcurl just as before, only with less bugs and possibly with added new features. You need to read the release notes, and if they mention an ABI break/soname bump, you may have to verify that your application still builds fine and uses libcurl as it now is defined to work. Version Numbers --------------- In libcurl land, you really can't tell by the libcurl version number if that libcurl is binary compatible or not with another libcurl version. Soname Bumps ------------ Whenever there are changes done to the library that will cause an ABI breakage, that may require your application to get attention or possibly be changed to adhere to new things, we will bump the soname. Then the library will get a different output name and thus can in fact be installed in parallel with an older installed lib (on most systems). Thus, old applications built against the previous ABI version will remain working and using the older lib, while newer applications build and use the newer one. During the first seven years of libcurl releases, there have only been four ABI breakages. We are determined to bump the SONAME as rarely as possible. Ideally, we never do it again. Downgrades ---------- Going to an older libcurl version from one you're currently using can be a tricky thing. Mostly we add features and options to newer libcurls as that won't break ABI or hamper existing applications. This has the implication that going backwards may get you in a situation where you pick a libcurl that doesn't support the options your application needs. Or possibly you even downgrade so far so you cross an ABI break border and thus a different soname, and then your application may need to adapt to the modified ABI. History ------- The previous major library soname number bumps (breaking backwards compatibility) have happened the following times: 0 - libcurl 7.1, August 2000 1 - libcurl 7.5 December 2000 2 - libcurl 7.7 March 2001 3 - libcurl 7.12.0 June 2004 4 - libcurl 7.16.0 October 2006







































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Index to libcurl documentation</title> </head> <body> <h1 align="center">Index to libcurl documentation</h1> <h2>Programs</h2> <p><a href="../index.html">curl and tools</a> <h2>Overviews</h2> <A HREF="libcurl.html">libcurl</A> <br><a href="libcurl-easy.html">libcurl-easy</a> <br><a href="libcurl-multi.html">libcurl-multi</a> <br><a href="libcurl-share.html">libcurl-share</a> <br><a href="libcurl-errors.html">libcurl-errors</a> <br><a href="libcurl-tutorial.html">libcurl-tutorial</a> <br><a href="libcurl-thread.html">libcurl-thread</a> <H2>Library Functions (A-Z)</H2> <a href="curl_easy_cleanup.html">curl_easy_cleanup</A> <br><a href="curl_easy_duphandle.html">curl_easy_duphandle</A> <br><a href="curl_easy_escape.html">curl_easy_escape</A> <br><a href="curl_easy_getinfo.html">curl_easy_getinfo</A> <br><a href="curl_easy_init.html">curl_easy_init</A> <br><a href="curl_easy_pause.html">curl_easy_pause</A> <br><a href="curl_easy_perform.html">curl_easy_perform</A> <br><a href="curl_easy_recv.html">curl_easy_recv</A> <br><a href="curl_easy_reset.html">curl_easy_reset</A> <br><a href="curl_easy_send.html">curl_easy_send</A> <br><a href="curl_easy_setopt.html">curl_easy_setopt</A> <br><a href="curl_easy_strerror.html">curl_easy_strerror</A> <br><a href="curl_easy_unescape.html">curl_easy_unescape</A> <br><a href="curl_escape.html">curl_escape</A> (deprecated) <br><a href="curl_formadd.html">curl_formadd</A> <br><a href="curl_formfree.html">curl_formfree</A> <br><a href="curl_formget.html">curl_formget</A> <br><a href="curl_free.html">curl_free</A> <br><a href="curl_getdate.html">curl_getdate</A> <br><a href="curl_getenv.html">curl_getenv</A> (deprecated) <br><a href="curl_global_cleanup.html">curl_global_cleanup</A> <br><a href="curl_global_init.html">curl_global_init</A> <br><a href="curl_global_init_mem.html">curl_global_init_mem</A> <br><a href="curl_mprintf.html">curl_mprintf</A> (deprecated) <br><a href="curl_multi_add_handle.html">curl_multi_add_handle</a> <br><a href="curl_multi_assign.html">curl_multi_assign</a> <br><a href="curl_multi_cleanup.html">curl_multi_cleanup</a> <br><a href="curl_multi_fdset.html">curl_multi_fdset</a> <br><a href="curl_multi_info_read.html">curl_multi_info_read</a> <br><a href="curl_multi_init.html">curl_multi_init</a> <br><a href="curl_multi_perform.html">curl_multi_perform</a> <br><a href="curl_multi_remove_handle.html">curl_multi_remove_handle</a> <br><a href="curl_multi_setopt.html">curl_multi_setopt</a> <br><a href="curl_multi_socket.html">curl_multi_socket</a> (deprecated) <br><a href="curl_multi_socket_action.html">curl_multi_socket_action</a> <br><a href="curl_multi_strerror.html">curl_multi_strerror</a> <br><a href="curl_multi_timeout.html">curl_multi_timeout</a> (deprecated) <br><a href="curl_share_cleanup.html">curl_share_cleanup</A> <br><a href="curl_share_init.html">curl_share_init</A> <br><a href="curl_share_setopt.html">curl_share_setopt</A> <br><a href="curl_share_strerror.html">curl_share_strerror</a> <br><a href="curl_slist_append.html">curl_slist_append</A> <br><a href="curl_slist_free_all.html">curl_slist_free_all</A> <br><a href="curl_strequal.html">curl_strequal and curl_strnequal</A> <br><a href="curl_unescape.html">curl_unescape</A> (deprecated) <br><a href="curl_version.html">curl_version</A> <br><a href="curl_version_info.html">curl_version_info</A> </body></html>






































































































































































































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	#ifndef __CURL_CURLRULES_H #define __CURL_CURLRULES_H /*************************************************************************** * _ _ ____ _ * Project ___\| \| \| \| _ \\| \| * / __\| \| \| \| \|_) \| \| * \| (__\| \|_\| \| _ <\| \|___ * \___\|\___/\|_\| \_\_____\| * * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms * are also available at https://curl.haxx.se/docs/copyright.html. * * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * **************************************************************************/ / ================================================================ / / COMPILE TIME SANITY CHECKS / / ================================================================ / / * NOTE 1: * ------- * * All checks done in this file are intentionally placed in a public * header file which is pulled by curl/curl.h when an application is * being built using an already built libcurl library. Additionally * this file is also included and used when building the library. * * If compilation fails on this file it is certainly sure that the * problem is elsewhere. It could be a problem in the curlbuild.h * header file, or simply that you are using different compilation * settings than those used to build the library. * * Nothing in this file is intended to be modified or adjusted by the * curl library user nor by the curl library builder. * * Do not deactivate any check, these are done to make sure that the * library is properly built and used. * * You can find further help on the libcurl development mailing list: * https://cool.haxx.se/mailman/listinfo/curl-library/ * * NOTE 2 * ------ * * Some of the following compile time checks are based on the fact * that the dimension of a constant array can not be a negative one. * In this way if the compile time verification fails, the compilation * will fail issuing an error. The error description wording is compiler * dependent but it will be quite similar to one of the following: * * "negative subscript or subscript is too large" * "array must have at least one element" * "-1 is an illegal array size" * "size of array is negative" * * If you are building an application which tries to use an already * built libcurl library and you are getting this kind of errors on * this file, it is a clear indication that there is a mismatch between * how the library was built and how you are trying to use it for your * application. Your already compiled or binary library provider is the * only one who can give you the details you need to properly use it. / / * Verify that some macros are actually defined. / #ifndef CURL_SIZEOF_LONG # error "CURL_SIZEOF_LONG definition is missing!" Error Compilation_aborted_CURL_SIZEOF_LONG_is_missing #endif #ifndef CURL_TYPEOF_CURL_SOCKLEN_T # error "CURL_TYPEOF_CURL_SOCKLEN_T definition is missing!" Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_is_missing #endif #ifndef CURL_SIZEOF_CURL_SOCKLEN_T # error "CURL_SIZEOF_CURL_SOCKLEN_T definition is missing!" Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_is_missing #endif #ifndef CURL_TYPEOF_CURL_OFF_T # error "CURL_TYPEOF_CURL_OFF_T definition is missing!" Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_is_missing #endif #ifndef CURL_FORMAT_CURL_OFF_T # error "CURL_FORMAT_CURL_OFF_T definition is missing!" Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_is_missing #endif #ifndef CURL_FORMAT_CURL_OFF_TU # error "CURL_FORMAT_CURL_OFF_TU definition is missing!" Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_is_missing #endif #ifndef CURL_FORMAT_OFF_T # error "CURL_FORMAT_OFF_T definition is missing!" Error Compilation_aborted_CURL_FORMAT_OFF_T_is_missing #endif #ifndef CURL_SIZEOF_CURL_OFF_T # error "CURL_SIZEOF_CURL_OFF_T definition is missing!" Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_is_missing #endif #ifndef CURL_SUFFIX_CURL_OFF_T # error "CURL_SUFFIX_CURL_OFF_T definition is missing!" Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_is_missing #endif #ifndef CURL_SUFFIX_CURL_OFF_TU # error "CURL_SUFFIX_CURL_OFF_TU definition is missing!" Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_is_missing #endif / * Macros private to this header file. / #define CurlchkszEQ(t, s) sizeof(t) == s ? 1 : -1 #define CurlchkszGE(t1, t2) sizeof(t1) >= sizeof(t2) ? 1 : -1 / * Verify that the size previously defined and expected for long * is the same as the one reported by sizeof() at compile time. / typedef char __curl_rule_01__ [CurlchkszEQ(long, CURL_SIZEOF_LONG)]; / * Verify that the size previously defined and expected for * curl_off_t is actually the the same as the one reported * by sizeof() at compile time. / typedef char __curl_rule_02__ [CurlchkszEQ(curl_off_t, CURL_SIZEOF_CURL_OFF_T)]; / * Verify at compile time that the size of curl_off_t as reported * by sizeof() is greater or equal than the one reported for long * for the current compilation. / typedef char __curl_rule_03__ [CurlchkszGE(curl_off_t, long)]; / * Verify that the size previously defined and expected for * curl_socklen_t is actually the the same as the one reported * by sizeof() at compile time. / typedef char __curl_rule_04__ [CurlchkszEQ(curl_socklen_t, CURL_SIZEOF_CURL_SOCKLEN_T)]; / * Verify at compile time that the size of curl_socklen_t as reported * by sizeof() is greater or equal than the one reported for int for * the current compilation. / typedef char __curl_rule_05__ [CurlchkszGE(curl_socklen_t, int)]; / ================================================================ / / EXTERNALLY AND INTERNALLY VISIBLE DEFINITIONS / / ================================================================ / / * CURL_ISOCPP and CURL_OFF_T_C definitions are done here in order to allow * these to be visible and exported by the external libcurl interface API, * while also making them visible to the library internals, simply including * curl_setup.h, without actually needing to include curl.h internally. * If some day this section would grow big enough, all this should be moved * to its own header file. / / * Figure out if we can use the ## preprocessor operator, which is supported * by ISO/ANSI C and C++. Some compilers support it without setting __STDC__ * or __cplusplus so we need to carefully check for them too. / #if defined(__STDC__) \|\| defined(_MSC_VER) \|\| defined(__cplusplus) \|\| \ defined(__HP_aCC) \|\| defined(__BORLANDC__) \|\| defined(__LCC__) \|\| \ defined(__POCC__) \|\| defined(__SALFORDC__) \|\| defined(__HIGHC__) \|\| \ defined(__ILEC400__) / This compiler is believed to have an ISO compatible preprocessor / #define CURL_ISOCPP #else / This compiler is believed NOT to have an ISO compatible preprocessor / #undef CURL_ISOCPP #endif / * Macros for minimum-width signed and unsigned curl_off_t integer constants. / #if defined(__BORLANDC__) && (__BORLANDC__ == 0x0551) # define __CURL_OFF_T_C_HLPR2(x) x # define __CURL_OFF_T_C_HLPR1(x) __CURL_OFF_T_C_HLPR2(x) # define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \ __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_T) # define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \ __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_TU) #else # ifdef CURL_ISOCPP # define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val ## Suffix # else # define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val//Suffix # endif # define __CURL_OFF_T_C_HLPR1(Val,Suffix) __CURL_OFF_T_C_HLPR2(Val,Suffix) # define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_T) # define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_TU) #endif / * Get rid of macros private to this header file. / #undef CurlchkszEQ #undef CurlchkszGE / * Get rid of macros not intended to exist beyond this point. / #undef CURL_PULL_WS2TCPIP_H #undef CURL_PULL_SYS_TYPES_H #undef CURL_PULL_SYS_SOCKET_H #undef CURL_PULL_SYS_POLL_H #undef CURL_PULL_STDINT_H #undef CURL_PULL_INTTYPES_H #undef CURL_TYPEOF_CURL_SOCKLEN_T #undef CURL_TYPEOF_CURL_OFF_T #ifdef CURL_NO_OLDIES #undef CURL_FORMAT_OFF_T / not required since 7.19.0 - obsoleted in 7.20.0 / #endif #endif / __CURL_CURLRULES_H */













































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	#ifndef __CURL_CURLVER_H #define __CURL_CURLVER_H /*************************************************************************** * _ _ ____ _ * Project ___\| \| \| \| _ \\| \| * / __\| \| \| \| \|_) \| \| * \| (__\| \|_\| \| _ <\| \|___ * \___\|\___/\|_\| \_\_____\| * * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms * are also available at https://curl.haxx.se/docs/copyright.html. * * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * **************************************************************************/ / This header file contains nothing but libcurl version info, generated by a script at release-time. This was made its own header file in 7.11.2 / / This is the global package copyright / #define LIBCURL_COPYRIGHT "1996 - 2017 Daniel Stenberg, <daniel@haxx.se>." / This is the version number of the libcurl package from which this header file origins: / #define LIBCURL_VERSION "7.53.1" / The numeric version number is also available "in parts" by using these defines: / #define LIBCURL_VERSION_MAJOR 7 #define LIBCURL_VERSION_MINOR 53 #define LIBCURL_VERSION_PATCH 1 / This is the numeric version of the libcurl version number, meant for easier parsing and comparions by programs. The LIBCURL_VERSION_NUM define will always follow this syntax: 0xXXYYZZ Where XX, YY and ZZ are the main version, release and patch numbers in hexadecimal (using 8 bits each). All three numbers are always represented using two digits. 1.2 would appear as "0x010200" while version 9.11.7 appears as "0x090b07". This 6-digit (24 bits) hexadecimal number does not show pre-release number, and it is always a greater number in a more recent release. It makes comparisons with greater than and less than work. Note: This define is the full hex number and _does not_ use the CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. / #define LIBCURL_VERSION_NUM 0x073501 / * This is the date and time when the full source package was created. The * timestamp is not stored in git, as the timestamp is properly set in the * tarballs by the maketgz script. * * The format of the date should follow this template: * * "Mon Feb 12 11:35:33 UTC 2007" / #define LIBCURL_TIMESTAMP "Fri Feb 24 07:49:42 UTC 2017" #define CURL_VERSION_BITS(x,y,z) ((x)<<16\|(y)<<8\|z) #define CURL_AT_LEAST_VERSION(x,y,z) \ (LIBCURL_VERSION_NUM >= CURL_VERSION_BITS(x, y, z)) #endif / __CURL_CURLVER_H */






































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	#ifndef __CURL_EASY_H #define __CURL_EASY_H /*************************************************************************** * _ _ ____ _ * Project ___\| \| \| \| _ \\| \| * / __\| \| \| \| \|_) \| \| * \| (__\| \|_\| \| _ <\| \|___ * \___\|\___/\|_\| \_\_____\| * * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms * are also available at https://curl.haxx.se/docs/copyright.html. * * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * **************************************************************************/ #ifdef __cplusplus extern "C" { #endif CURL_EXTERN CURL curl_easy_init(void); CURL_EXTERN CURLcode curl_easy_setopt(CURL curl, CURLoption option, ...); CURL_EXTERN CURLcode curl_easy_perform(CURL curl); CURL_EXTERN void curl_easy_cleanup(CURL curl); / * NAME curl_easy_getinfo() * * DESCRIPTION * * Request internal information from the curl session with this function. The * third argument MUST be a pointer to a long, a pointer to a char * or a * pointer to a double (as the documentation describes elsewhere). The data * pointed to will be filled in accordingly and can be relied upon only if the * function returns CURLE_OK. This function is intended to get used AFTER a * performed transfer, all results from this function are undefined until the * transfer is completed. / CURL_EXTERN CURLcode curl_easy_getinfo(CURL curl, CURLINFO info, ...); /* * NAME curl_easy_duphandle() * * DESCRIPTION * * Creates a new curl session handle with the same options set for the handle * passed in. Duplicating a handle could only be a matter of cloning data and * options, internal state info and things like persistent connections cannot * be transferred. It is useful in multithreaded applications when you can run * curl_easy_duphandle() for each new thread to avoid a series of identical * curl_easy_setopt() invokes in every thread. / CURL_EXTERN CURL curl_easy_duphandle(CURL curl); / * NAME curl_easy_reset() * * DESCRIPTION * * Re-initializes a CURL handle to the default values. This puts back the * handle to the same state as it was in when it was just created. * * It does keep: live connections, the Session ID cache, the DNS cache and the * cookies. / CURL_EXTERN void curl_easy_reset(CURL curl); /* * NAME curl_easy_recv() * * DESCRIPTION * * Receives data from the connected socket. Use after successful * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. / CURL_EXTERN CURLcode curl_easy_recv(CURL curl, void buffer, size_t buflen, size_t n); /* * NAME curl_easy_send() * * DESCRIPTION * * Sends data over the connected socket. Use after successful * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. / CURL_EXTERN CURLcode curl_easy_send(CURL curl, const void buffer, size_t buflen, size_t n); #ifdef __cplusplus } #endif #endif