[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 62/63: Merge tag 'curl-7_65_1' of https://github.co
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 62/63: Merge tag 'curl-7_65_1' of https://github.com/curl/curl |
|
Date: |
Fri, 07 Jun 2019 18:37:24 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 61c8b4c19e66a9a70ebd5e2ade322859ae038d35
Merge: 7959939f1 69248b58f
Author: ng0 <address@hidden>
AuthorDate: Fri Jun 7 16:10:38 2019 +0000
Merge tag 'curl-7_65_1' of https://github.com/curl/curl
7.65.1
.github/FUNDING.yml | 1 +
CMakeLists.txt | 1 +
RELEASE-NOTES | 310 ++++++---------------
appveyor.yml | 46 ++-
configure.ac | 101 +------
docs/CIPHERS.md | 11 +-
docs/DEPRECATE.md | 29 ++
docs/FAQ | 31 +--
docs/THANKS | 12 +
docs/TODO | 15 +-
docs/cmdline-opts/dump-header.d | 2 +
docs/cmdline-opts/pinnedpubkey.d | 2 -
docs/cmdline-opts/proxy-tls13-ciphers.d | 4 +
docs/cmdline-opts/tls13-ciphers.d | 4 +
docs/examples/cacertinmem.c | 35 ++-
docs/examples/curlgtk.c | 5 +-
docs/examples/ephiperfifo.c | 15 +-
docs/examples/evhiperfifo.c | 7 +-
docs/examples/ghiper.c | 11 +-
docs/examples/hiperfifo.c | 8 +-
docs/examples/htmltidy.c | 13 +-
docs/examples/http2-download.c | 2 +-
docs/examples/imap-append.c | 11 +-
docs/examples/multi-app.c | 4 +-
docs/examples/resolve.c | 4 +-
docs/examples/sendrecv.c | 7 +-
docs/examples/sftpuploadresume.c | 3 +-
docs/examples/shared-connection-cache.c | 6 +-
docs/examples/smooth-gtk-thread.c | 9 +-
docs/examples/smtp-mime.c | 15 +-
docs/examples/synctime.c | 22 +-
docs/examples/usercertinmem.c | 30 +-
docs/libcurl/gnurl_share_setopt.3 | 6 +-
docs/libcurl/libgnurl-thread.3 | 6 +-
docs/libcurl/opts/GNURLOPT_PINNEDPUBLICKEY.3 | 10 +-
docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3 | 7 +-
docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3 | 6 +-
docs/libcurl/opts/GNURLOPT_PROXY_TLS13_CIPHERS.3 | 4 +
docs/libcurl/opts/GNURLOPT_TLS13_CIPHERS.3 | 4 +
include/gnurl/curl.h | 25 +-
include/gnurl/curlver.h | 6 +-
lib/config-win32.h | 16 +-
lib/conncache.c | 31 ++-
lib/conncache.h | 3 +-
lib/curl_config.h.cmake | 26 +-
lib/curl_setup.h | 2 +-
lib/http.c | 18 +-
lib/http2.c | 7 +-
lib/http_proxy.c | 1 +
lib/md4.c | 7 +
lib/multi.c | 46 +--
lib/progress.c | 110 ++++----
lib/rand.c | 5 +-
lib/rand.h | 5 +-
lib/system_win32.c | 36 ++-
lib/system_win32.h | 13 +-
lib/url.c | 99 ++++---
lib/urldata.h | 10 +-
lib/vtls/nss.c | 5 +
lib/vtls/sectransp.c | 27 +-
m4/curl-functions.m4 | 113 ++++++++
src/tool_help.c | 8 +-
src/tool_parsecfg.c | 20 +-
src/tool_setopt.c | 52 ++++
src/tool_setopt.h | 41 +--
tests/data/Makefile.inc | 2 +-
tests/data/test1406 | 3 +-
tests/data/test1420 | 3 +-
tests/data/test1429 | 6 +-
tests/data/test1455 | 2 +
tests/data/test1456 | 2 +
tests/data/test334 | 44 +++
tests/server/.gitignore | 1 +
tests/sshhelp.pm | 10 +
tests/sshserver.pl | 46 ++-
winbuild/gen_resp_file.bat | 2 +-
winbuild/makedebug.cmd | 11 +-
77 files changed, 942 insertions(+), 741 deletions(-)
diff --cc docs/libcurl/gnurl_share_setopt.3
index 0646b348e,000000000..fd464b349
mode 100644,000000..100644
--- a/docs/libcurl/gnurl_share_setopt.3
+++ b/docs/libcurl/gnurl_share_setopt.3
@@@ -1,112 -1,0 +1,112 @@@
+.\" **************************************************************************
+.\" * _ _ ____ _
+.\" * Project ___| | | | _ \| |
+.\" * / __| | | | |_) | |
+.\" * | (__| |_| | _ <| |___
+.\" * \___|\___/|_| \_\_____|
+.\" *
- .\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
++.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.TH gnurl_share_setopt 3 "8 Aug 2003" "libcurl 7.10.7" "libgnurl Manual"
+.SH NAME
+curl_share_setopt - Set options for a shared object
+.SH SYNOPSIS
+.B #include <gnurl/curl.h>
+.sp
+CURLSHcode curl_share_setopt(CURLSH *share, CURLSHoption option, parameter);
+.ad
+.SH DESCRIPTION
+Set the \fIoption\fP to \fIparameter\fP for the given \fIshare\fP.
+.SH OPTIONS
+.IP CURLSHOPT_LOCKFUNC
+The \fIparameter\fP must be a pointer to a function matching the following
+prototype:
+
+void lock_function(CURL *handle, curl_lock_data data, curl_lock_access access,
+void *userptr);
+
- \fIdata\fP defines what data libcurl wants to lock, and you must make sure
that
- only one lock is given at any time for each kind of data.
++The \fIdata\fP argument tells what kind of data libcurl wants to lock. Make
++sure that the callback uses a different lock for each kind of data.
+
+\fIaccess\fP defines what access type libcurl wants, shared or single.
+
+\fIuserptr\fP is the pointer you set with \fICURLSHOPT_USERDATA\fP.
+.IP CURLSHOPT_UNLOCKFUNC
+The \fIparameter\fP must be a pointer to a function matching the following
+prototype:
+
+void unlock_function(CURL *handle, curl_lock_data data, void *userptr);
+
+\fIdata\fP defines what data libcurl wants to unlock, and you must make sure
+that only one lock is given at any time for each kind of data.
+
+\fIuserptr\fP is the pointer you set with \fICURLSHOPT_USERDATA\fP.
+.IP CURLSHOPT_SHARE
+The \fIparameter\fP specifies a type of data that should be shared. This may
+be set to one of the values described below.
+.RS
+.IP CURL_LOCK_DATA_COOKIE
+Cookie data will be shared across the easy handles using this shared object.
+.IP CURL_LOCK_DATA_DNS
+Cached DNS hosts will be shared across the easy handles using this shared
+object. Note that when you use the multi interface, all easy handles added to
+the same multi handle will share DNS cache by default without using this
+option.
+.IP CURL_LOCK_DATA_SSL_SESSION
+SSL session IDs will be shared across the easy handles using this shared
+object. This will reduce the time spent in the SSL handshake when reconnecting
+to the same server. Note SSL session IDs are reused within the same easy
handle
+by default. Note this symbol was added in 7.10.3 but was not implemented until
+7.23.0.
+.IP CURL_LOCK_DATA_CONNECT
+Put the connection cache in the share object and make all easy handles using
+this share object share the connection cache. Using this, you can for example
+do multi-threaded libcurl use with one handle in each thread, and yet have a
+shared pool of unused connections and this way get way better connection
+re-use than if you use one separate pool in each thread.
+
+Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing only
+get additional transfers added to them if the existing connection is held by
+the same multi or easy handle. libcurl does not support doing HTTP/2 streams
+in different threads using a shared connection.
+
+Support for \fBCURL_LOCK_DATA_CONNECT\fP was added in 7.57.0, but the symbol
+existed before this.
+
+Note that when you use the multi interface, all easy handles added to the same
+multi handle will share connection cache by default without using this option.
+.IP CURL_LOCK_DATA_PSL
+The Public Suffix List stored in the share object is made available to all
+easy handle bound to the later. Since the Public Suffix List is periodically
+refreshed, this avoids updates in too many different contexts.
+
+\fBCURL_LOCK_DATA_PSL\fP exists since 7.61.0.
+
+Note that when you use the multi interface, all easy handles added to the same
+multi handle will share PSL cache by default without using this option.
+.RE
+.IP CURLSHOPT_UNSHARE
+This option does the opposite of \fICURLSHOPT_SHARE\fP. It specifies that
+the specified \fIparameter\fP will no longer be shared. Valid values are
+the same as those for \fICURLSHOPT_SHARE\fP.
+.IP CURLSHOPT_USERDATA
+The \fIparameter\fP allows you to specify a pointer to data that will be
passed
+to the lock_function and unlock_function each time it is called.
+.SH RETURN VALUE
+CURLSHE_OK (zero) means that the option was set properly, non-zero means an
+error occurred as \fI<gnurl/curl.h>\fP defines. See the \fIlibcurl-errors.3\fP
+man page for the full list with descriptions.
+.SH "SEE ALSO"
+.BR curl_share_cleanup "(3), " curl_share_init "(3)"
diff --cc docs/libcurl/opts/GNURLOPT_PINNEDPUBLICKEY.3
index 498717373,000000000..a0e15a686
mode 100644,000000..100644
--- a/docs/libcurl/opts/GNURLOPT_PINNEDPUBLICKEY.3
+++ b/docs/libcurl/opts/GNURLOPT_PINNEDPUBLICKEY.3
@@@ -1,132 -1,0 +1,128 @@@
+.\" **************************************************************************
+.\" * _ _ ____ _
+.\" * Project ___| | | | _ \| |
+.\" * / __| | | | |_) | |
+.\" * | (__| |_| | _ <| |___
+.\" * \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH GNURLOPT_PINNEDPUBLICKEY 3 "27 Aug 2014" "libcurl 7.38.0"
"curl_easy_setopt options"
+.SH NAME
+CURLOPT_PINNEDPUBLICKEY \- set pinned public key
+.SH SYNOPSIS
+#include <gnurl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char
*pinnedpubkey);
+.SH DESCRIPTION
+Pass a pointer to a zero terminated string as parameter. The string can be the
+file name of your pinned public key. The file format expected is "PEM" or
"DER".
+The string can also be any number of base64 encoded sha256 hashes preceded by
+"sha256//" and separated by ";"
+
+When negotiating a TLS or SSL connection, the server sends a certificate
+indicating its identity. A public key is extracted from this certificate and
+if it does not exactly match the public key provided to this option, curl will
+abort the connection before sending or receiving any data.
+
+On mismatch, \fICURLE_SSL_PINNEDPUBKEYNOTMATCH\fP is returned.
+
+The application does not have to keep the string around after setting this
+option.
+.SH DEFAULT
+NULL
+.SH PROTOCOLS
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+ curl_easy_setopt(curl, CURLOPT_URL, "https://example.com";);
+ curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der");
+ /* OR
+ curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY,
"sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=;sha256//t62CeU2tQiqkexU74Gxa2eg7fRbEgoChTociMee9wno=");
+ */
+
+ /* Perform the request */
+ curl_easy_perform(curl);
+}
+.fi
+.SH PUBLIC KEY EXTRACTION
+If you do not have the server's public key file you can extract it from the
+server's certificate.
+.nf
+# retrieve the server's certificate if you don't already have it
+#
+# be sure to examine the certificate to see if it is what you expected
+#
+# Windows-specific:
+# - Use NUL instead of /dev/null.
+# - OpenSSL may wait for input instead of disconnecting. Hit enter.
+# - If you don't have sed, then just copy the certificate into a file:
+# Lines from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----.
+#
+openssl s_client -servername www.example.com -connect www.example.com:443 <
/dev/null | sed -n "/-----BEGIN/,/-----END/p" > www.example.com.pem
+
+# extract public key in pem format from certificate
+openssl x509 -in www.example.com.pem -pubkey -noout >
www.example.com.pubkey.pem
+
+# convert public key from pem to der
+openssl asn1parse -noout -inform pem -in www.example.com.pubkey.pem -out
www.example.com.pubkey.der
+
+# sha256 hash and base64 encode der to string for use
+openssl dgst -sha256 -binary www.example.com.pubkey.der | openssl base64
+.fi
+The public key in PEM format contains a header, base64 data and a
+footer:
+.nf
+-----BEGIN PUBLIC KEY-----
+[BASE 64 DATA]
+-----END PUBLIC KEY-----
+.fi
+.SH AVAILABILITY
+PEM/DER support:
+
+ 7.39.0: OpenSSL, GnuTLS
+
+ 7.39.0-7.48.0,7.58.1+: GSKit
+
- 7.43.0: NSS and wolfSSL/CyaSSL
++ 7.43.0: NSS and wolfSSL
+
+ 7.47.0: mbedtls
+
- 7.49.0: PolarSSL
-
- 7.54.1: SecureTransport/DarwinSSL on macOS 10.7+/iOS 10+
++ 7.54.1: SecureTransport on macOS 10.7+/iOS 10+
+
+ 7.58.1: SChannel
+
+sha256 support:
+
+ 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL
+
+ 7.47.0: mbedtls
+
- 7.49.0: PolarSSL
-
- 7.54.1: SecureTransport/DarwinSSL on macOS 10.7+/iOS 10+
++ 7.54.1: SecureTransport on macOS 10.7+/iOS 10+
+
+ 7.58.1: SChannel Windows XP SP3+
+
+Other SSL backends not supported.
+.SH RETURN VALUE
+Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or
+CURLE_OUT_OF_MEMORY if there was insufficient heap space.
+.SH "SEE ALSO"
+.BR CURLOPT_SSL_VERIFYPEER "(3), "
+.BR CURLOPT_SSL_VERIFYHOST "(3), "
+.BR CURLOPT_CAINFO "(3), "
+.BR CURLOPT_CAPATH "(3), "
diff --cc docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3
index bcd8bb0ca,000000000..693609f02
mode 100644,000000..100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3
@@@ -1,72 -1,0 +1,71 @@@
+.\" **************************************************************************
+.\" * _ _ ____ _
+.\" * Project ___| | | | _ \| |
+.\" * / __| | | | |_) | |
+.\" * | (__| |_| | _ <| |___
+.\" * \___|\___/|_| \_\_____|
+.\" *
- .\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
++.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH GNURLOPT_PROXY_CAPATH 3 "16 Nov 2016" "libcurl 7.52.0" "curl_easy_setopt
options"
+.SH NAME
+CURLOPT_PROXY_CAPATH \- specify directory holding proxy CA certificates
+.SH SYNOPSIS
+#include <gnurl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CAPATH, char *capath);
+.SH DESCRIPTION
+Pass a char * to a zero terminated string naming a directory holding multiple
+CA certificates to verify the HTTPS proxy with. If libcurl is built against
+OpenSSL, the certificate directory must be prepared using the openssl c_rehash
+utility. This makes sense only when \fICURLOPT_PROXY_SSL_VERIFYPEER(3)\fP is
+enabled (which it is by default).
+
+The application does not have to keep the string around after setting this
+option.
+.SH DEFAULT
+NULL
+.SH PROTOCOLS
+Everything used over an HTTPS proxy
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+ curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/";);
+ /* using an HTTPS proxy */
+ curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443";);
+ curl_easy_setopt(curl, CURLOPT_PROXY_CAPATH, "/etc/cert-dir");
+ ret = curl_easy_perform(curl);
+ curl_easy_cleanup(curl);
+}
+.fi
+.SH AVAILABILITY
+Added in 7.52.0
+
- This option is supported by the OpenSSL, GnuTLS, PolarSSL and mbedTLS
- (since 7.56.0) backends. The NSS backend provides the option only for
- backward compatibility.
++This option is supported by the OpenSSL, GnuTLS, and mbedTLS (since 7.56.0)
++backends. The NSS backend provides the option only for backward compatibility.
+.SH RETURN VALUE
+CURLE_OK if supported; or an error such as:
+
+CURLE_NOT_BUILT_IN - Not supported by the SSL backend
+
+CURLE_UNKNOWN_OPTION
+
+CURLE_OUT_OF_MEMORY
+.SH "SEE ALSO"
+.BR CURLOPT_PROXY_CAINFO "(3), "
+.Br CURLOPT_CAINFO "(3), " CURLOPT_PROXY_SSL_VERIFYHOST "(3), "
+.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "
diff --cc docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3
index 333daf919,000000000..c362e24f0
mode 100644,000000..100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3
@@@ -1,111 -1,0 +1,111 @@@
+.\" **************************************************************************
+.\" * _ _ ____ _
+.\" * Project ___| | | | _ \| |
+.\" * / __| | | | |_) | |
+.\" * | (__| |_| | _ <| |___
+.\" * \___|\___/|_| \_\_____|
+.\" *
- .\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
++.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH GNURLOPT_PROXY_PINNEDPUBLICKEY 3 "24 Nov 2016" "libcurl 7.52.0"
"curl_easy_setopt options"
+.SH NAME
+CURLOPT_PROXY_PINNEDPUBLICKEY \- set pinned public key for https proxy
+.SH SYNOPSIS
+#include <gnurl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_PINNEDPUBLICKEY, char
*pinnedpubkey);
+.SH DESCRIPTION
+Pass a pointer to a zero terminated string as parameter. The string can be the
+file name of your pinned public key. The file format expected is "PEM" or
"DER".
+The string can also be any number of base64 encoded sha256 hashes preceded by
+"sha256//" and separated by ";"
+
+When negotiating a TLS or SSL connection, the https proxy sends a certificate
+indicating its identity. A public key is extracted from this certificate and
+if it does not exactly match the public key provided to this option, curl will
+abort the connection before sending or receiving any data.
+
+On mismatch, \fICURLE_SSL_PINNEDPUBKEYNOTMATCH\fP is returned.
+
+The application does not have to keep the string around after setting this
+option.
+.SH DEFAULT
+NULL
+.SH PROTOCOLS
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+ curl_easy_setopt(curl, CURLOPT_URL, "https://example.com";);
+ curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy:443";);
+ curl_easy_setopt(curl, CURLOPT_PROXY_PINNEDPUBLICKEY,
+
"sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=;sha256//t62CeU2tQiqkexU74Gxa2eg7fRbEgoChTociMee9wno=");
+
+ /* Perform the request */
+ curl_easy_perform(curl);
+}
+.fi
+.SH PUBLIC KEY EXTRACTION
+If you do not have the https proxy server's public key file you can extract it
+from the https proxy server's certificate.
+.nf
+# retrieve the server's certificate if you don't already have it
+#
+# be sure to examine the certificate to see if it is what you expected
+#
+# Windows-specific:
+# - Use NUL instead of /dev/null.
+# - OpenSSL may wait for input instead of disconnecting. Hit enter.
+# - If you don't have sed, then just copy the certificate into a file:
+# Lines from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----.
+#
+openssl s_client -servername www.example.com -connect www.example.com:443 <
/dev/null | sed -n "/-----BEGIN/,/-----END/p" > www.example.com.pem
+
+# extract public key in pem format from certificate
+openssl x509 -in www.example.com.pem -pubkey -noout >
www.example.com.pubkey.pem
+
+# convert public key from pem to der
+openssl asn1parse -noout -inform pem -in www.example.com.pubkey.pem -out
www.example.com.pubkey.der
+
+# sha256 hash and base64 encode der to string for use
+openssl dgst -sha256 -binary www.example.com.pubkey.der | openssl base64
+.fi
+The public key in PEM format contains a header, base64 data and a
+footer:
+.nf
+-----BEGIN PUBLIC KEY-----
+[BASE 64 DATA]
+-----END PUBLIC KEY-----
+.fi
+.SH AVAILABILITY
+PEM/DER support:
+
- 7.52.0: GSKit, GnuTLS, NSS, OpenSSL, PolarSSL, mbedtls, wolfSSL/CyaSSL
++ 7.52.0: GSKit, GnuTLS, NSS, OpenSSL, mbedtls, wolfSSL
+
+sha256 support:
+
- 7.52.0: GnuTLS, NSS, OpenSSL, PolarSSL, mbedtls, wolfSSL/CyaSSL
++ 7.52.0: GnuTLS, NSS, OpenSSL, mbedtls, wolfSSL
+
+Other SSL backends not supported.
+.SH RETURN VALUE
+Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or
+CURLE_OUT_OF_MEMORY if there was insufficient heap space.
+.SH "SEE ALSO"
+.BR CURLOPT_PROXY_SSL_VERIFYPEER "(3), "
+.BR CURLOPT_PROXY_SSL_VERIFYHOST "(3), "
+.BR CURLOPT_PROXY_CAINFO "(3), "
+.BR CURLOPT_PROXY_CAPATH "(3), "
diff --cc docs/libcurl/opts/GNURLOPT_PROXY_TLS13_CIPHERS.3
index 18d7c4091,000000000..6e9918c8e
mode 100644,000000..100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_TLS13_CIPHERS.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_TLS13_CIPHERS.3
@@@ -1,65 -1,0 +1,69 @@@
+.\" **************************************************************************
+.\" * _ _ ____ _
+.\" * Project ___| | | | _ \| |
+.\" * / __| | | | |_) | |
+.\" * | (__| |_| | _ <| |___
+.\" * \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH GNURLOPT_PROXY_TLS13_CIPHERS 3 "25 May 2018" "libcurl 7.61.0"
"curl_easy_setopt options"
+.SH NAME
+CURLOPT_PROXY_TLS13_CIPHERS \- ciphers suites for proxy TLS 1.3
+.SH SYNOPSIS
+#include <gnurl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TLS13_CIPHERS, char
*list);
+.SH DESCRIPTION
+Pass a char *, pointing to a zero terminated string holding the list of cipher
+suites to use for the TLS 1.3 connection to a proxy. The list must be
+syntactically correct, it consists of one or more cipher suite strings
+separated by colons.
+
+You'll find more details about cipher lists on this URL:
+
+ https://curl.haxx.se/docs/ssl-ciphers.html
+
++This option is currently used only when curl is built to use OpenSSL 1.1.1 or
++later. If you are using a different SSL backend you can try setting TLS 1.3
++cipher suites by using the CURLOPT_PROXY_SSL_CIPHER_LIST option.
++
+The application does not have to keep the string around after setting this
+option.
+.SH DEFAULT
+NULL, use internal default
+.SH PROTOCOLS
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+ curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/";);
+ curl_easy_setopt(curl, CURLOPT_PROXY_TLS13_CIPHERS,
+ "TLS13-CHACHA20-POLY1305-SHA256");
+ ret = curl_easy_perform(curl);
+ curl_easy_cleanup(curl);
+}
+.fi
+.SH AVAILABILITY
+Added in 7.61.0.
+Available when built with OpenSSL >= 1.1.1.
+.SH RETURN VALUE
+Returns CURLE_OK if supported, CURLE_NOT_BUILT_IN otherwise.
+.SH "SEE ALSO"
+.BR CURLOPT_PROXY_SSL_CIPHER_LIST "(3), " CURLOPT_PROXY_SSLVERSION "(3), "
+.BR CURLOPT_SSL_CIPHER_LIST "(3), " CURLOPT_TLS13_CIPHERS "(3), "
+.BR CURLOPT_SSLVERSION "(3), "
diff --cc docs/libcurl/opts/GNURLOPT_TLS13_CIPHERS.3
index f6b997048,000000000..f2666f6a8
mode 100644,000000..100644
--- a/docs/libcurl/opts/GNURLOPT_TLS13_CIPHERS.3
+++ b/docs/libcurl/opts/GNURLOPT_TLS13_CIPHERS.3
@@@ -1,64 -1,0 +1,68 @@@
+.\" **************************************************************************
+.\" * _ _ ____ _
+.\" * Project ___| | | | _ \| |
+.\" * / __| | | | |_) | |
+.\" * | (__| |_| | _ <| |___
+.\" * \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH GNURLOPT_TLS13_CIPHERS 3 "25 May 2018" "libcurl 7.61.0" "curl_easy_setopt
options"
+.SH NAME
+CURLOPT_TLS13_CIPHERS \- specify ciphers suites to use for TLS 1.3
+.SH SYNOPSIS
+#include <gnurl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TLS13_CIPHERS, char *list);
+.SH DESCRIPTION
+Pass a char *, pointing to a zero terminated string holding the list of cipher
+suites to use for the TLS 1.3 connection. The list must be syntactically
+correct, it consists of one or more cipher suite strings separated by colons.
+
+You'll find more details about cipher lists on this URL:
+
+ https://curl.haxx.se/docs/ssl-ciphers.html
+
++This option is currently used only when curl is built to use OpenSSL 1.1.1 or
++later. If you are using a different SSL backend you can try setting TLS 1.3
++cipher suites by using the CURLOPT_SSL_CIPHER_LIST option.
++
+The application does not have to keep the string around after setting this
+option.
+.SH DEFAULT
+NULL, use internal default
+.SH PROTOCOLS
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+ curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/";);
+ curl_easy_setopt(curl, CURLOPT_TLS13_CIPHERS,
+ "TLS13-CHACHA20-POLY1305-SHA256");
+ ret = curl_easy_perform(curl);
+ curl_easy_cleanup(curl);
+}
+.fi
+.SH AVAILABILITY
+Added in 7.61.0.
+Available when built with OpenSSL >= 1.1.1.
+.SH RETURN VALUE
+Returns CURLE_OK if supported, CURLE_NOT_BUILT_IN otherwise.
+.SH "SEE ALSO"
+.BR CURLOPT_SSL_CIPHER_LIST "(3), " CURLOPT_SSLVERSION "(3), "
+.BR CURLOPT_PROXY_SSL_CIPHER_LIST "(3), " CURLOPT_PROXY_TLS13_CIPHERS "(3), "
+.BR CURLOPT_PROXY_SSLVERSION "(3), " CURLOPT_USE_SSL "(3), "
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [GNUnet-SVN] [gnurl] 44/63: system_win32: fix function prototype, (continued)
- [GNUnet-SVN] [gnurl] 44/63: system_win32: fix function prototype, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 50/63: tls13-docs: mention it is only for OpenSSL >= 1.1.1, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 30/63: RELEASE-NOTES: synced, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 55/63: tests/server/.gitignore: Add socksd to the ignore list, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 57/63: tool_parsecfg: Use correct return type for GetModuleFileName(), gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 54/63: tool_parsecfg: Fix control flow issue (DEADCODE), gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 60/63: THANKS: new contributors from 7.65.1, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 61/63: RELEASE-NOTES: 7.65.1, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 63/63: Merge changes to doc., gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 59/63: ssl: Update outdated "openssl-only" comments for supported backends, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 62/63: Merge tag 'curl-7_65_1' of https://github.com/curl/curl,
gnunet <=
- [GNUnet-SVN] [gnurl] 49/63: dump-header.d: spell out that no headers == empty file [ci skip], gnunet, 2019/06/07