+++ /dev/null
-- All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and\r
- CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to\r
- send when using FTP, as a sign that libcurl shall simply ignore the response\r
- from the server instead of treating it as an error. Not treating a 400+ FTP\r
- response code as an error means that failed commands will not abort the\r
- chain of commands, nor will they cause the connection to get disconnected.\r
-\r
-SOLO DOCS\r
-\r
-- Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA.\r
- They introduce known_host support for SSH keys to libcurl. See docs for\r
- details. Note that this feature depends on a new enough libssh2 version, to\r
- be supported in libssh2 1.2 and later (or current git repo at this time).\r
-\r
-HECHO\r
-\r
-- David Kierznowski notified us about a security flaw\r
- (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in\r
- which previous libcurl versions (by design) can be tricked to access an\r
- arbitrary local/different file instead of a remote one when\r
- CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release\r
- together this the addition of two new setopt options for controlling this\r
- new behavior:\r
-\r
- o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to\r
- follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option\r
- excludes the FILE and SCP protocols and thus you nee to explicitly allow\r
- them in your app if you really want that behavior.\r
-\r
- o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch\r
- using the primary URL option. This is useful if you want to allow a user or\r
- other outsiders control what URL to pass to libcurl and yet not allow all\r
- protocols libcurl may have been built to support.\r
-\r
-HECHO\r
-\r
-- After a bug reported by James Cheng I've made curl_easy_getinfo() for\r
- CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return\r
- -1 if the sizes aren't know. Previously these returned 0, make it impossible\r
- to detect the difference between actually zero and unknown.\r
-\r
-SOLO DOC\r
-\r
-- FTP downloads (i.e.: RETR) ending with code 550 now return error\r
- CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE.\r
-\r
-SOLO DOC\r
-\r
-- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for\r
- plain FTP connections, and it will then allow MKD to fail once and retry the\r
- CWD afterwards. This is especially useful if you're doing many simultanoes\r
- connections against the same server and they all have this option enabled,\r
- as then CWD may first fail but then another connection does MKD before this\r
- connection and thus MKD fails but trying CWD works! The numbers can\r
- (should?) now be set with the convenience enums now called\r
- CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY.\r
-\r
- Tests has proven that if you're making an application that uploads a set of\r
- files to an ftp server, you will get a noticable gain in speed if you're\r
- using multiple connections and this option will be then be very useful.\r
-\r
-SOLO DOC\r
-\r
-- CURLINFO_CONDITION_UNMET was added to allow an application to get to know if\r
- the condition in the previous request was unmet. This is typically a time\r
- condition set with CURLOPT_TIMECONDITION and was previously not possible to\r
- reliably figure out. From bug report #2565128\r
- (http://curl.haxx.se/bug/view.cgi?id=2565128) filed by Jocelyn Jaubert.\r
-\r
-HECHO\r
-\r
-- Markus Moeller introduced tw onew options to libcurl:\r
- CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl\r
- to do GSS-style authentication with SOCKS5 proxies. The curl tool got the\r
- options called --socks5-gssapi-service and --socks5-gssapi-nec to enable\r
- these.\r
-\r
-HECHO\r
-\r
-- Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an app\r
- to set desired block size to use for TFTP transfers instead of the default\r
- 512 bytes.\r
-\r
-HECHO\r
-\r
-- Internet Explorer had a broken HTTP digest authentication before v7 and\r
- there are servers "out there" that relies on the client doing this broken\r
- Digest authentication. Apache even comes with an option to work with such\r
- broken clients.\r
-\r
- The difference is only for URLs that contain a query-part (a '?'-letter and\r
- text to the right of it).\r
-\r
- libcurl now supports this quirk, and you enable it by setting the\r
- CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or\r
- CURLOPT_PROXYAUTH options. They are thus individually controlled to server\r
- and proxy.\r
-\r
-HECHO\r
-\r
-- Igor Novoseltsev added CURLOPT_PROXYUSER and CURLOPT_PROXYPASSWORD that then\r
- make CURLOPT_PROXYUSERPWD sort of deprecated. The primary motive for adding\r
- these new options is that they have no problems with the colon separator\r
- that the CURLOPT_PROXYUSERPWD option does.\r
-\r
-HECHO\r
-\r
-- Igor Novoseltsev brought a patch that introduced two new options to\r
- curl_easy_setopt: CURLOPT_USERNAME and CURLOPT_PASSWORD that sort of\r
- deprecates the good old CURLOPT_USERPWD since they allow applications to set\r
- the user name and password independently and perhaps more importantly allow\r
- both to contain colon(s) which CURLOPT_USERPWD doesn't fully support.\r
-\r
-HECHO\r
-\r
-- The libcurl FTP code now returns CURLE_REMOTE_FILE_NOT_FOUND error when SIZE\r
- gets a 550 response back for the cases where a download (or NOBODY) is\r
- wanted. It still allows a 550 as response if the SIZE is used as part of an\r
- upload process (like if resuming an upload is requested and the file isn't\r
- there before the upload). I also modified the FTP test server and a few test\r
- cases accordingly to match this modified behavior.\r
-\r
-NADA\r
-\r
-- Martin Drasar provided the CURLOPT_POSTREDIR patch. It renames\r
- CURLOPT_POST301 (but adds a define for backwards compatibility for you who\r
- don't define CURL_NO_OLDIES). This option allows you to now also change the\r
- libcurl behavior for a HTTP response 302 after a POST to not use GET in the\r
- subsequent request (when CURLOPT_FOLLOWLOCATION is enabled). I edited the\r
- patch somewhat before commit. The curl tool got a matching --post302\r
- option. Test case 1076 was added to verify this.\r
-\r
-HECHO\r
-\r
-- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By\r
- enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS\r
- or FTPS), libcurl will gather lots of server certificate info and that info\r
- can then get extracted by a client after the request has completed with\r
- curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing\r
- helped me test and smoothen out this feature.\r
-\r
- Unfortunately, this feature currently only works with libcurl built to use\r
- OpenSSL.\r
-\r
- This feature was sponsored by networking4all.com - thanks!\r
-\r
-HECHO\r
-\r