using TIMEOUT in curl_setopt
Hi, What happens when in some way both options CURLOPT_TIMEOUT_MS and CURL_TIMEOUT are set? which value is used assuming both have different values? Thanks, Saket Jalan --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: using TIMEOUT in curl_setopt
I checked implementation in curl-7.32.0, these options share the same storage. So the latest option set will be used. case CURLOPT_TIMEOUT: /* * The maximum time you allow curl to use for a single transfer * operation. */ data-set.timeout = va_arg(param, long) * 1000L; break; case CURLOPT_TIMEOUT_MS: data-set.timeout = va_arg(param, long); break; On Fri, Sep 20, 2013 at 11:28 AM, Saket Jalan saaketja...@gmail.com wrote: Hi, What happens when in some way both options CURLOPT_TIMEOUT_MS and CURL_TIMEOUT are set? which value is used assuming both have different values? Thanks, Saket Jalan --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Patch: Support CURLINFO_CERTINFO with GnuTLS
Here is another patch which adds the CURLINFO_GNUTLS_SESSION option to curl_easy_getinfo. It exposes the GnuTLS session to clients, which is useful if clients need to inspect certificate chains or other properties of the TLS connection. Naturally, the option only works if cURL was compiled with GnuTLS support (hence the GNUTLS in the name). This patch should be completely independent from my previous patch to support CURLINFO_CERTINFO with GnuTLS, and I think it is generally more useful as it allows applications to access certificates via the nice GnuTLS X509 APIs instead of having to parse the strings. This time I did also update the man page to document the new option; I used 7.33.0 as the version number for the introduction in hope that this makes it in time for the merge window (we need this for the GNU Name System). Happy hacking! Christian On 09/18/2013 10:14 PM, Christian Grothoff wrote: Here's a little patch to get CURLINFO_CERTINFO to do something meaningful if libcurl was compiled to use GnuTLS instead of OpenSSL. As described in the log, I'd prefer to get PEM as the returned text to the client, but the OpenSSL API doesn't allow that either. Would you be happy with a patch to add an option CURLINFO_CERTINFO_PEM that would return the server certificate in PEM format for machine-processing? Happy hacking! Christian From 549e464a82580fb4cfb6ab928d679e897633ae91 Mon Sep 17 00:00:00 2001 From: Christian Grothoff christ...@grothoff.org Date: Fri, 20 Sep 2013 16:27:10 +0200 Subject: [PATCH 2/2] Adding CURLINFO_GNUTLS_SESSION option for direct access to GnuTLS session. This adds support for CURLINFO_GNUTLS_SESSION in curl_easy_getinfo, which is useful for clients that want to inspect certificate chains and other TLS session information. --- docs/libcurl/curl_easy_getinfo.3 |9 + include/curl/curl.h |6 +++--- lib/getinfo.c| 23 +++ 3 files changed, 35 insertions(+), 3 deletions(-) diff --git a/docs/libcurl/curl_easy_getinfo.3 b/docs/libcurl/curl_easy_getinfo.3 index 62d8ae4..c5a509c 100644 --- a/docs/libcurl/curl_easy_getinfo.3 +++ b/docs/libcurl/curl_easy_getinfo.3 @@ -221,6 +221,15 @@ provided in a series of data in the format name:content where the content is for the specific named data. See also the certinfo.c example. NOTE: this option is only available in libcurl built with OpenSSL support. (Added in 7.19.1) + +.IP CURLINFO_GNUTLS_SESSION +Pass a pointer to a 'gnutls_session' and you'll get it set to point to the +respective GnuTLS session used by this request. This can then be used to +extract certificate information in a format convenient for further +processing, such as manual validation. NOTE: this +option is only available in libcurl built with GnuTLS support. (Added in +7.33.0) + .IP CURLINFO_CONDITION_UNMET Pass a pointer to a long to receive the number 1 if the condition provided in the previous request didn't match (see \fICURLOPT_TIMECONDITION\fP). Alas, if diff --git a/include/curl/curl.h b/include/curl/curl.h index 4e09cf7..a63ee67 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -1388,8 +1388,7 @@ typedef enum { CINIT(ADDRESS_SCOPE, LONG, 171), /* Collect certificate chain info and allow it to get retrievable with - CURLINFO_CERTINFO after the transfer is complete. (Unfortunately) only - working with OpenSSL-powered builds. */ + CURLINFO_CERTINFO after the transfer is complete. */ CINIT(CERTINFO, LONG, 172), /* name and pwd to use when fetching. */ @@ -2031,9 +2030,10 @@ typedef enum { CURLINFO_PRIMARY_PORT = CURLINFO_LONG + 40, CURLINFO_LOCAL_IP = CURLINFO_STRING + 41, CURLINFO_LOCAL_PORT = CURLINFO_LONG + 42, + CURLINFO_GNUTLS_SESSION = CURLINFO_SLIST + 43, /* Fill in new entries below here! */ - CURLINFO_LASTONE = 42 + CURLINFO_LASTONE = 43 } CURLINFO; /* CURLINFO_RESPONSE_CODE is the new name for the option previously known as diff --git a/lib/getinfo.c b/lib/getinfo.c index 3d09dc6..36197c2 100644 --- a/lib/getinfo.c +++ b/lib/getinfo.c @@ -277,7 +277,30 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info, ptr.to_certinfo = data-info.certs; *param_slistp = ptr.to_slist; break; +#ifdef USE_GNUTLS + case CURLINFO_GNUTLS_SESSION: +{ + union { +gnutls_session session; +struct curl_slist* to_slist; + } gptr; + struct connectdata *conn; + unsigned int sockindex; + conn = data-easy_conn; + sockindex = 0; + while((sockindex sizeof(conn-ssl)/sizeof(conn-ssl[0])) +(! conn-ssl[sockindex].use)) sockindex++; + if(sockindex == sizeof(conn-ssl)/sizeof(conn-ssl[0])) { +*param_slistp = NULL; +break; + } + gptr.session = conn-ssl[sockindex].session; + *param_slistp = gptr.to_slist; + break; +} +break; +#endif default:
Re: using TIMEOUT in curl_setopt
Awesome. Thanks a lot. On Friday, September 20, 2013, Алексей Филиппов wrote: I checked implementation in curl-7.32.0, these options share the same storage. So the latest option set will be used. case CURLOPT_TIMEOUT: /* * The maximum time you allow curl to use for a single transfer * operation. */ data-set.timeout = va_arg(param, long) * 1000L; break; case CURLOPT_TIMEOUT_MS: data-set.timeout = va_arg(param, long); break; On Fri, Sep 20, 2013 at 11:28 AM, Saket Jalan saaketja...@gmail.comjavascript:_e({}, 'cvml', 'saaketja...@gmail.com'); wrote: Hi, What happens when in some way both options CURLOPT_TIMEOUT_MS and CURL_TIMEOUT are set? which value is used assuming both have different values? Thanks, Saket Jalan --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html -- Saket Jalan --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
libcurl: HTTP NTLMv2 user authentication
Hi, We are using libcurl to make a HTTP Post to a SCEP server. We pass a username and password and set the auth type to CURLAUTH_ANY. Our client is telling us this is using NTLMv1 authentication and they want us to support NTLMv2. We using version 7.21.1 and are linking with OpenSSL 1.0.0a. Is NTLMv2 supported? And if so, how? Fiberlink Disclaimer: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Help required on data option usage with DELETE - curl -X DELETE -d data='{name:test}'
HI Team I am Prasanna from India. I am working on a Java Application where I would want to send a DELETE with more information than present with the URI. I learnt that the CURL library achieves this with this form curl -X DELETE -d data='{name:test}'.. Captured the packets and did observe the name/value pair being sent with the packet. : DELETE /restapi/15/123/vlan/0 HTTP/1.1 0028: User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 O 0068: penSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 008f: Host: 1.1.1.1 00a4: Accept: application/json 00be: Content-Length: 24 00d2: Content-Type: application/x-www-form-urlencoded 0103: 0105: data={name:test} How does CURL manage to achieve this ? Is it possible to get this ported to Java with the use of any of the Apache HTTP client libraries ? Appreciate your help in this regard. Best Prasanna, V --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Help required on data option usage with DELETE - curl -X DELETE -d data='{name:test}'
On Fri, 20 Sep 2013, Prasanna Viswakumar wrote: [HTTP request cut out] How does CURL manage to achieve this ? It tells libcurl to do such a request! Seriously though, there's nothing strange in there and anything speaking TCP could be made to send that. Is it possible to get this ported to Java with the use of any of the Apache HTTP client libraries ? I would assume you can, but this is quite likely not a good place to ask that question - we're kind of focused on libcurl here. Surely there are much more suitable Apache HTTP client forums or lists to ask that question! -- / daniel.haxx.se --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: libcurl: HTTP NTLMv2 user authentication
On Fri, 20 Sep 2013, Thomas Herchek wrote: We are using libcurl to make a HTTP Post to a SCEP server. We pass a username and password and set the auth type to CURLAUTH_ANY. Our client is telling us this is using NTLMv1 authentication and they want us to support NTLMv2. We using version 7.21.1 and are linking with OpenSSL 1.0.0a. Is NTLMv2 supported? And if so, how? It isn't supported in the current code, not even in a current libcurl version. Someone needs to step up and write the implementation and send us the patch. I wrote the most of the initial NTLM protocol support code, but back then I had NTLM test servers/pages setup by friendly people to verify that things were working correctly - which I no longer have. And I never had it for NTLMv2. The best resource for NTLM protocol details is from my knowledge still this: http://davenport.sourceforge.net/ntlm.html -- / daniel.haxx.se --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
RE: [PATCH] OAUTH 2.0 Bearer token support SMTP/IMAP (XOAUTH2)
Hi Kyle, On Sun, 25 Aug 2013, Kyle L. Huff wrote: Do you know if OAUTH 2.0 is supported in POP3 as well? POP3 might support OAUTH 2.0, but I have not found a provider that has implemented it. I know that presently the google POP3 service does not support OAUTH 2.0. I couldn't find much on the subject myself, from a quick search, but I think I found a mail client / api that had implemented it and it should be pretty straight forward to implement it here as well. I plan to focus on the HTTP Authorization XOAUTH2 mechanism in the near future, I could attempt to address the POP3 implementation at that time. I will have to do some digging to find a provider that I can test it with. Daniel announced this week that we are approaching feature freeze for cURL 7.33 and as I felt it would be best to add XOAUTH to POP3 in the same release as IMAP and SMTP I have cobbled together the appropriate implementation. I have pushed this as commit 18db7438512de1 and would appreciate it if you would be so kind to review the code at some point. Many thanks in advance Steve --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Help required on data option usage with DELETE - curl -X DELETE -d data='{name:test}'
On Fri, Sep 20, 2013 at 11:45:07AM -0700, Prasanna Viswakumar wrote: Is it possible to get this ported to Java with the use of any of the Apache HTTP client libraries ? There is a libcurl binding for Java available at http://curl.haxx.se/libcurl/java/ Dan --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Get the directory of remote machine
On Thu, Sep 19, 2013 at 12:54:47PM -0700, Igor Korot wrote: On Thu, Sep 19, 2013 at 12:24 PM, Dan Fandrich d...@coneharvesters.com wrote: CURLOPT_TIMECONDITION Actually, you'll want CURLOPT_TIMEVALUE as well. I googled a little and I guess this is what I will use as it is easier and does not require sorting the directory by date. However, I didn't find any code example of setting this option. Assuming I know the date of the local file, how do I set this option properly? Read the documentation! It's documented in the curl_easy_setopt(3) man page, and it's used just like any other curl_easy_setopt option. Dan --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Make DNS requests follow the CURLOPT_INTERFACE if c-ares is in use
On Thu, 19 Sep 2013, Kim Vandry wrote: No, I missed that. I just added documentation for the 4 options to the curl.1 manpage. https://github.com/vandry/curl/commit/b9d897fea1828bfc5a63e79ecf93e391f0e0f0c7 Thanks a lot, pushed! (with minor edits) -- / daniel.haxx.se --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
RE: any libcurl API to delete expired cookies?
On Fri, 20 Sep 2013, Steve Holme wrote: I appreciate that I've been breaking the auto builds a fair bit over the last few of days so we haven't been able to see the wood for the trees so to speak, but it appears that test 1415 breaks on AIX, IRIX and Tru64 for the 01 Jan 2038 dates which if I've understood the logs correctly is representing the date numerically as 2147483647 rather than 2145916800: -.example.com TRUE / FALSE 2145916800 test2value test2 -.example.com TRUE / FALSE 2145916800 test4value test4 -.example.com TRUE / FALSE 2145916800 test7value test7 +.example.com TRUE / FALSE 2147483647 test2value test2 +.example.com TRUE / FALSE 2147483647 test4value test4 +.example.com TRUE / FALSE 2147483647 test7value test7 Thanks for pointing this out. I'll have to research this a bit then. It looks perhaps it is a 32bit vs 64bit thing and could be due to an overflow somewhere or whatever. I'll start out on my 32bit linux host and see how that runs. -- / daniel.haxx.se --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
RE: any libcurl API to delete expired cookies?
On Tue, 17 Sep 2013, Daniel Stenberg wrote: I create patch again which branch is branched from curl git master today. Please check it. https://github.com/aYasuharuYamada/curl/commit/b30ce0b990e52ea4b44 7cfbfbb21e77b5c399200 Thanks a lot, I've renumbered 9001 to 1415 but I also had to change the numbers in the test for the numerical representation of the expiration date for the cookies that aren't expired. Let's see if this will give us reasons to dig deeper or not. I appreciate that I've been breaking the auto builds a fair bit over the last few of days so we haven't been able to see the wood for the trees so to speak, but it appears that test 1415 breaks on AIX, IRIX and Tru64 for the 01 Jan 2038 dates which if I've understood the logs correctly is representing the date numerically as 2147483647 rather than 2145916800: -.example.com TRUE / FALSE 2145916800 test2value test2 -.example.com TRUE / FALSE 2145916800 test4value test4 -.example.com TRUE / FALSE 2145916800 test7value test7 +.example.com TRUE / FALSE 2147483647 test2value test2 +.example.com TRUE / FALSE 2147483647 test4value test4 +.example.com TRUE / FALSE 2147483647 test7value test7 Kind Regards Steve --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Using curl_easy_setopt in generic way
On Thu, 19 Sep 2013, sachin dravid wrote: Use case = I am working on a library, where I am getting map of (string) vs (void *). Here string is name of CURL option and value comes as (void *). Issue = curl_easy_setopt takes CURLoption parameter which is actually an enum and respectively value should be passed with proper type. How can I use curl_easy_setopt function generically with string and void*? Perhaps something like this: 1. convert the string to the correct CURLOPT_* 2. pass in the void * if the CURLOPT_ wants a pointer that you know how to create, or convert it to a long and pass that in if it wants a long. 3. then handle the few special cases separately Not all options make sense to handle like this though, like for example the FUNCTIONPOINT ones. -- / daniel.haxx.se --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
RE: any libcurl API to delete expired cookies?
On Fri, 20 Sep 2013, Daniel Stenberg wrote: Thanks for pointing this out. I'll have to research this a bit then. It looks perhaps it is a 32bit vs 64bit thing and could be due to an overflow somewhere or whatever. Right, like... #if SIZEOF_TIME_T 5 /* 32 bit time_t can only hold dates to the beginning of 2038 */ if(yearnum 2037) { *output = 0x7fff; return PARSEDATE_LATER; } #endif ;-) I'll modify the test case instead. Tomorrow. -- / daniel.haxx.se --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html