On Wed, 7 Feb 2018, Dan Fandrich wrote:
If the application/script sets --netrc then an attacker would just need to
supply a username and curl would fill in the password, allowing attacks on
machines that honoured those credentials (probably only local machines). And
if --negotiate or --ntlm ar
On Wed, 7 Feb 2018, surya chandrika wrote:
res = curl_easy_getinfo( e, CURLINFO_RESPONSE_CODE, &response_code )
if curl_easy_getinfo returns a value res != CURLE_OK, Please let me know
1. Should i re-try this request.
If curl_easy_getinfo() returns an error, you can rarely fix that by try
On Wed, 7 Feb 2018, Pete Lomax wrote:
A couple of quick points:
"Localhost is hard to protect" says "may be possible to exploit to
"port-scan" the particular hosts". I think that needs a slight rewording.
What's not clear about that? You want me to elaborate on what port-scanning is
or why
2018-02-05 18:29 GMT+03:00 Daniel Stenberg :
> On Fri, 2 Feb 2018, Paul D Rotter wrote:
>
>> We define USE_OPENSSL in our project, so USE_WIN32_CRYPTO has always been
>> off as we do use OpenSSL. The problem with USE_WIN32_CRYPTO being
>> unconditionally defined is it results in USE_NTLM2SESSION no
I'm using libcurl v7.53.1. I'm facing issue that libcurl is unable to resolve
URL.
Sample app code is as below:
#include
#include
#include
#include
int main(void)
{
CURL *curl;
CURLcode res;
int i;
curl = curl_easy_init();
curl_easy_setopt(curl, CURLOP
FYI: WHATWG is a sort of standards organization, similar to W3C and
IETF. It was created by a bunch of browser vendors and they have a
strong browser focus with participation representation from all the
major browsers.
I see rfc-8089 as the spec that tells us about a "file" or some blob
On Thu, 8 Feb 2018, Dennis Clarke wrote:
There is nothing wrong with RFC-3986 nor the more specific RFC-8089.
RFC 3986 is for generic URIs. RFC 8089 is for the specific subset file: URIs.
They're different beasts.
The "wrong" about 3986 is that people and software are more and more often
u
On Thu, Feb 8, 2018 at 8:58 AM Daniel Stenberg wrote:
> On Thu, 8 Feb 2018, Dennis Clarke wrote:
>
> > There is nothing wrong with RFC-3986 nor the more specific RFC-8089.
>
> RFC 3986 is for generic URIs. RFC 8089 is for the specific subset file:
> URIs.
> They're different beasts.
>
> The "wron
On Thu, 8 Feb 2018, bch wrote:
Over time we've (reluctantly) added adaptions when curl users have
suffered.
Is there a way to see what “quirks” have been applied to URLs ? It’d be
illustrative to see or retrieve info that says: “cURL adapted for
scheme/slash count”, or “automatic encoding em
