curl-library
Ann TclCurl 7.19.6
Date: Tue, 29 Sep 2009 14:55:51 +0200
Hi,
I have released a new version of TclCurl for libcurl 7.19.6.
It's the first release since 7.19.0, so there are many changes:
* New configure options:
* certinfo: Pass a 1 to enable TclCurl's certificate chain info
gatherer. With this enabled, TclCurl (if libcurl is built with
OpenSSL support) will extract lots of information and data
about the certificates in the certificate chain used in the SSL
connection.
It is then possible to extract this data after the transfer using
'$curlHandle getinfo certinfo'.
* noproxy: Pass a string, a comma-separated list of hosts which do
not use a proxy, if one is specified. The only wildcard is a
single * character, which matches all hosts and effectively
disables the proxy. Each name in this list is matched as either a
domain which contains the hostname, or the hostname itself. For
example, local.com would match local.com, local.com:80, and
www.local.com, but not www.notlocal.com.
* postredir: Controls how TclCurl acts on redirects after POSTs that
get a 301 or 302 response back.
A "301" as parameter tells the TclCurl to respect RFC 2616/10.3.2
and not convert POST requests into GET requests when following a
301 redirection.
Passing a "302" makes TclCurl maintain the request method after a
302 redirect.
"all" is a convenience string that activates both behaviours.
The non-RFC behaviour is ubiquitous in web browsers, so the
extension does the conversion by default to maintain consistency.
However, a server may require a POST to remain a POST after such a
redirection.
This option is meaningful only when setting '-followlocation'.
The option used to be known as '-post301', which should still work
but is now deprecated.
* protocols: Pass a list, in lowercase, with the protocols TclCurl
is allowed to use. This allows you to have a libcurl built to
support a wide range of protocols but still limit specific
transfers to only be allowed to use a subset of them.
By default TclCurl will accept all protocols supported by libcurl.
Supported protocols are: http, https, ftp, ftps, scp, sftp,
telnet, ldap, ldaps, dict. file and tftp. You can use the
string 'all' to enable all of them
* redirprotocols: Pass a list, in lowercase, with the protocols that
TclCurl may use in a transfer that it follows to in a redirect
when 'followlocation' is enabled. This allows you to limit
specific transfers to a subset of protocols in redirections. By
default TclCurl will allow all protocols except for FILE and SCP.
* socks5gssapiservice: Pass a string holding the name of the
service.
The default service name for a SOCKS5 server is rcmd/server-fqdn.
This option allows you to change it.
* socks5gssapinec: Pass a l1 to enable or 0 to disable. As part of
the gssapi negotiation a protection mode is negotiated, the
rfc1961 says in section 4.3/4.4 it should be protected, but the
NEC reference implementation does not. If enabled, this option
allows the unprotected exchange of the protection mode
negotiation.
* sshknownhosts: Pass a string holding the file name of the
known_host file to use. The known_hosts file should use the
OpenSSH file format as supported by libssh2. If this file is
specified, TclCurl will only accept connections with
hosts that are known and present in that file, with a matching
public key.
* sshkeyproc: Pass the name of the procedure that will be called
when the known_host matching has been done to allow the
application to act and decide for TclCurl how to proceed. It gets
passed a list with three elements, the first one is a list with
the type of the key from the known_hosts file and the key itself,
the second is another list with the type of the key from the
remote site and the key itslef, the third tells you what TclCurl
thinks about the matching status.
The known key types are: "rsa", "rsa1" and "dss", in any other
case "unknown" is given.
TclCurl opinion about how they match may
be: "match", "mismatch", "missing" or "error".
The procedure must return:
- 0: The host+key is accepted and TclCurl will append it to the
known_hosts file before continuing with the connection.
This will also add the host+key combo to the known_host
pool kept in memory if it wasn't already present there.
Note that the adding of data to the file is done
by completely replacing the file with a new copy, so the
permissions of the file must allow this.
- 1: The host+key is accepted, TclCurl will continue with the
connection.
This will also add the host+key combo to the known_host
pool kept in memory if it wasn't already present
- 2: The host+key is rejected. TclCurl will close the
connection.
- 3: The host+key is rejected, but the SSH connection is asked
to be kept alive. This feature could be used when the app
wants to somehow return back and act on the host+key
situation and then retry without needing the overhead of
setting it up from scratch again.
- Any other value will cause the connection to be closed.
* tftpblksize: Specify block size to use for a TFTP data
transmission. Valid range as per RFC 2348 is 8-65464 bytes. The
default of 512 bytes will be used if this option is not
specified. The specified block size will only be used pending
support by the remote server. If the server does not return an
option acknowledgement or returns an option acknowledgement with
no blksize, the default of 512 bytes will be used.
* httpauth gets a new authentication methotd 'digestie', HTTP
Digest authentication with an IE flavor. Digest authentication is
defined in RFC2617 and is a more secure way to do authentication
over public networks than the regular old-fashioned Basic method.
With the IE flavor TclCurl will use a special "quirk" that IE is
known to have used before version 7 and that some servers require
the client to use.
* proxytype may now be set to "http1.0".
* New info available through the 'getinfo' command:
* certinfo: The command will return a lists, the first item is
the number of certs, and then the info about those certs. The
info chain is provided in a series of data in the
format "name:content" where the content is for the specific
named data.
NOTE: this option is only available in libcurl built with
OpenSSL support.
* Internal changes:
* Update the configure/makefile scripts to TEA 3.7, please report
any problems.
* Bug fixes:
* I completely messed the option "ftpsslccc", to the point where
all the configure options added after it wouldn't work.
For more information, please visit:
http://personal1.iddeo.es/andresgarci/tclcurl/english/
Share the wonders,
Andres
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-09-29