[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 25/150: curl: add --proxy-pinnedpubkey
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 25/150: curl: add --proxy-pinnedpubkey |
Date: |
Fri, 30 Mar 2018 16:47:59 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit fecec1d8aefb3cc89925cffb83d4de6bc95540bb
Author: Daniel Stenberg <address@hidden>
AuthorDate: Sun Jan 28 14:15:56 2018 +0100
curl: add --proxy-pinnedpubkey
To verify a proxy's public key. For when using HTTPS proxies.
Fixes #2192
Closes #2268
---
docs/cmdline-opts/Makefile.inc | 2 +-
docs/cmdline-opts/proxy-pinnedpubkey.d | 16 ++++++++++++++++
src/tool_cfgable.c | 3 ++-
src/tool_cfgable.h | 3 ++-
src/tool_getparam.c | 5 +++++
src/tool_help.c | 4 +++-
6 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/docs/cmdline-opts/Makefile.inc b/docs/cmdline-opts/Makefile.inc
index e8f46410b..9891f3717 100644
--- a/docs/cmdline-opts/Makefile.inc
+++ b/docs/cmdline-opts/Makefile.inc
@@ -34,7 +34,7 @@ DPAGES = abstract-unix-socket.d anyauth.d append.d basic.d
cacert.d capath.d cer
remote-name-all.d remote-name.d remote-time.d request.d resolve.d \
retry-connrefused.d retry.d retry-delay.d retry-max-time.d sasl-ir.d \
service-name.d show-error.d silent.d socks4a.d socks4.d socks5.d \
- socks5-basic.d socks5-gssapi.d \
+ socks5-basic.d socks5-gssapi.d proxy-pinnedpubkey.d \
socks5-gssapi-nec.d socks5-gssapi-service.d socks5-hostname.d \
speed-limit.d speed-time.d ssl-allow-beast.d ssl.d ssl-no-revoke.d \
ssl-reqd.d sslv2.d sslv3.d stderr.d suppress-connect-headers.d \
diff --git a/docs/cmdline-opts/proxy-pinnedpubkey.d
b/docs/cmdline-opts/proxy-pinnedpubkey.d
new file mode 100644
index 000000000..abd6dc4aa
--- /dev/null
+++ b/docs/cmdline-opts/proxy-pinnedpubkey.d
@@ -0,0 +1,16 @@
+Long: proxy-pinnedpubkey
+Arg: <hashes>
+Help: FILE/HASHES public key to verify proxy with
+Protocols: TLS
+---
+Tells curl to use the specified public key file (or hashes) to verify the
+proxy. This can be a path to a file which contains a single public key in PEM
+or DER format, or any number of base64 encoded sha256 hashes preceded by
+\'sha256//\' and separated by \';\'
+
+When negotiating a TLS or SSL connection, the server sends a certificate
+indicating its identity. A public key is extracted from this certificate and
+if it does not exactly match the public key provided to this option, curl will
+abort the connection before sending or receiving any data.
+
+If this option is used several times, the last one will be used.
diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
index 755195ced..d77488166 100644
--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -113,6 +113,7 @@ static void free_config_fields(struct OperationConfig
*config)
Curl_safefree(config->proxy_capath);
Curl_safefree(config->crlfile);
Curl_safefree(config->pinnedpubkey);
+ Curl_safefree(config->proxy_pinnedpubkey);
Curl_safefree(config->proxy_crlfile);
Curl_safefree(config->key);
Curl_safefree(config->proxy_key);
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index ddfc9bfce..713739e7a 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -128,6 +128,7 @@ struct OperationConfig {
char *crlfile;
char *proxy_crlfile;
char *pinnedpubkey;
+ char *proxy_pinnedpubkey;
char *key;
char *proxy_key;
char *key_type;
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 3f4046417..015d63551 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -232,6 +232,7 @@ static const struct LongShort aliases[]= {
{"En", "ssl-allow-beast", ARG_BOOL},
{"Eo", "login-options", ARG_STRING},
{"Ep", "pinnedpubkey", ARG_STRING},
+ {"EP", "proxy-pinnedpubkey", ARG_STRING},
{"Eq", "cert-status", ARG_BOOL},
{"Er", "false-start", ARG_BOOL},
{"Es", "ssl-no-revoke", ARG_BOOL},
@@ -1500,6 +1501,10 @@ ParameterError getparameter(const char *flag, /* f or
-long-flag */
GetStr(&config->pinnedpubkey, nextarg);
break;
+ case 'P': /* proxy pinned public key */
+ GetStr(&config->proxy_pinnedpubkey, nextarg);
+ break;
+
case 'q': /* --cert-status */
config->verifystatus = TRUE;
break;
diff --git a/src/tool_help.c b/src/tool_help.c
index 9dc59cb3e..70b2e8a1b 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -314,6 +314,8 @@ static const struct helptxt helptext[] = {
"Use NTLM authentication on the proxy"},
{" --proxy-pass <phrase>",
"Pass phrase for the private key for HTTPS proxy"},
+ {" --proxy-pinnedpubkey <hashes>",
+ "FILE/HASHES public key to verify proxy with"},
{" --proxy-service-name <name>",
"SPNEGO proxy service name"},
{" --proxy-ssl-allow-beast",
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 19/150: KNOWN_BUGS: DICT responses show the underlying protocol, (continued)
- [GNUnet-SVN] [gnurl] 19/150: KNOWN_BUGS: DICT responses show the underlying protocol, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 20/150: TODO: UTF-8 filenames in Content-Disposition, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 22/150: build: open VC15 projects with VS 2017, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 24/150: configure: set PATH_SEPARATOR to colon for PATH w/o separator, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 26/150: winbuild: make linker generate proper PDB, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 21/150: RELEASE-NOTES: synced with 094647fca, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 45/150: getdate: return -1 for out of range, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 30/150: curlver: next release will be 7.59.0, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 40/150: fnmatch: pattern syntax can no longer fail, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 51/150: build-openssl.bat/build-wolfssl.bat: Build platform is optional, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 25/150: curl: add --proxy-pinnedpubkey,
gnunet <=
- [GNUnet-SVN] [gnurl] 31/150: RELEASE-NOTES: synced with 811beab9f, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 55/150: build-openssl.bat: Fixed incorrect move if destination build folder exists, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 78/150: travis: add build with iconv enabled, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 23/150: curl_ctype: private is*() type macros and functions, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 59/150: get_posix_time: only check for overflows if they can happen!, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 64/150: smtp: fix processing of initial dot in data, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 52/150: fnmatch: optimize processing of consecutive *s and ?s pattern characters, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 47/150: time-cond: fix reading the file modification time on Windows, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 67/150: RELEASE-NOTES: synced with e551910f8, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 43/150: time_t-fixes: remove typecasts to 'long' for info.filetime, gnunet, 2018/03/30