hoelee/curl-impersonate
1
0
Fork 0
mirror of https://github.com/lwthiker/curl-impersonate.git synced 2025-08-08 12:49:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add control over HTTP/2 pseudo-headers order

Browse Source 
Add the ability to control the order of the HTTP/2 pseudo-headers. Each
browser uses a different order for the ":method", ":authority",
":scheme" and ":path" pseudo-headers. It is therefore desirable to be
able to control it. The CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER libcurl
option and '--http2-pseudo-headers-order' command line option now allow
doing that.

Patch from
dd4b76241e
This commit is contained in:
lwthiker
2022-03-03 15:25:23 +02:00
parent 979750a072
commit 2ea7458239
1 changed files with 225 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

278
chrome/patches/curl-impersonate.patch
View File

@@ -22,10 +22,10 @@ index 63e320236..deb054300 100644
LDFLAGS="$LDFLAGS $LD_H2" LDFLAGS="$LDFLAGS $LD_H2"
diff --git a/include/curl/curl.h b/include/curl/curl.h diff --git a/include/curl/curl.h b/include/curl/curl.h
index 7b69ce2d6..42b7604d1 100644 index 7b69ce2d6..a62c8a4a9 100644
--- a/include/curl/curl.h --- a/include/curl/curl.h
+++ b/include/curl/curl.h +++ b/include/curl/curl.h
@@ -2135,6 +2135,29 @@ typedef enum { @@ -2135,6 +2135,38 @@ typedef enum {
/* Set MIME option flags. */ /* Set MIME option flags. */
CURLOPT(CURLOPT_MIME_OPTIONS, CURLOPTTYPE_LONG, 315), CURLOPT(CURLOPT_MIME_OPTIONS, CURLOPTTYPE_LONG, 315),
@@ -51,6 +51,15 @@ index 7b69ce2d6..42b7604d1 100644
+ +
+ /* Enable/disable TLS session ticket extension (RFC5077) */ + /* Enable/disable TLS session ticket extension (RFC5077) */
+ CURLOPT(CURLOPT_SSL_ENABLE_TICKET, CURLOPTTYPE_LONG, 320), + CURLOPT(CURLOPT_SSL_ENABLE_TICKET, CURLOPTTYPE_LONG, 320),
+
+ /*
+ * curl-impersonate:
+ * Set the order of the HTTP/2 pseudo headers. The value must contain
+ * the letters 'm', 'a', 's', 'p' representing the pseudo-headers
+ * ":method", ":authority", ":scheme", ":path" in the desired order of
+ * appearance in the HTTP/2 HEADERS frame.
+ */
+ CURLOPT(CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER, CURLOPTTYPE_STRINGPOINT, 321),
+ +
CURLOPT_LASTENTRY /* the last unused */ CURLOPT_LASTENTRY /* the last unused */
} CURLoption; } CURLoption;
@@ -76,7 +85,7 @@ index 2dbfb26b5..e0bf86169 100644
* NAME curl_easy_getinfo() * NAME curl_easy_getinfo()
* *
diff --git a/lib/easy.c b/lib/easy.c diff --git a/lib/easy.c b/lib/easy.c
index 20293a710..b9c5a80b2 100644 index 20293a710..1646a8064 100644
--- a/lib/easy.c --- a/lib/easy.c
+++ b/lib/easy.c +++ b/lib/easy.c
@@ -80,6 +80,7 @@ @@ -80,6 +80,7 @@
@@ -87,7 +96,7 @@ index 20293a710..b9c5a80b2 100644
/* The last 3 #include files should be in this order */ /* The last 3 #include files should be in this order */
#include "curl_printf.h" #include "curl_printf.h"
@@ -282,6 +283,207 @@ void curl_global_cleanup(void) @@ -282,6 +283,214 @@ void curl_global_cleanup(void)
init_flags = 0; init_flags = 0;
} }
@@ -114,6 +123,7 @@ index 20293a710..b9c5a80b2 100644
+ * (TLS extension 27) */ + * (TLS extension 27) */
+ const char *cert_compression; + const char *cert_compression;
+ const char *http_headers[IMPERSONATE_MAX_HEADERS]; + const char *http_headers[IMPERSONATE_MAX_HEADERS];
+ const char *http2_pseudo_headers_order;
+ /* Other TLS options will come here in the future once they are + /* Other TLS options will come here in the future once they are
+ * configurable through curl_easy_setopt() */ + * configurable through curl_easy_setopt() */
+} impersonations[] = { +} impersonations[] = {
@@ -289,13 +299,19 @@ index 20293a710..b9c5a80b2 100644
+ return ret; + return ret;
+ } + }
+ +
+ if(opts->http2_pseudo_headers_order) {
+ ret = curl_easy_setopt(data, CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER, headers);
+ if(ret)
+ return ret;
+ }
+
+ return CURLE_OK; + return CURLE_OK;
+} +}
+ +
/* /*
* curl_easy_init() is the external interface to alloc, setup and init an * curl_easy_init() is the external interface to alloc, setup and init an
* easy handle that is returned. If anything goes wrong, NULL is returned. * easy handle that is returned. If anything goes wrong, NULL is returned.
@@ -290,6 +492,7 @@ struct Curl_easy *curl_easy_init(void) @@ -290,6 +499,7 @@ struct Curl_easy *curl_easy_init(void)
{ {
CURLcode result; CURLcode result;
struct Curl_easy *data; struct Curl_easy *data;
@@ -303,7 +319,7 @@ index 20293a710..b9c5a80b2 100644
/* Make sure we inited the global SSL stuff */ /* Make sure we inited the global SSL stuff */
if(!initialized) { if(!initialized) {
@@ -308,6 +511,22 @@ struct Curl_easy *curl_easy_init(void) @@ -308,6 +518,22 @@ struct Curl_easy *curl_easy_init(void)
return NULL; return NULL;
} }
@@ -326,7 +342,7 @@ index 20293a710..b9c5a80b2 100644
return data; return data;
} }
@@ -878,6 +1097,13 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) @@ -878,6 +1104,13 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
outcurl->state.referer_alloc = TRUE; outcurl->state.referer_alloc = TRUE;
} }
@@ -341,31 +357,42 @@ index 20293a710..b9c5a80b2 100644
* note: the engine name has already been copied by dupset */ * note: the engine name has already been copied by dupset */
if(outcurl->set.str[STRING_SSL_ENGINE]) { if(outcurl->set.str[STRING_SSL_ENGINE]) {
diff --git a/lib/easyoptions.c b/lib/easyoptions.c diff --git a/lib/easyoptions.c b/lib/easyoptions.c
index 04871ad1e..385eab2e6 100644 index 04871ad1e..ce280eaa3 100644
--- a/lib/easyoptions.c --- a/lib/easyoptions.c
+++ b/lib/easyoptions.c +++ b/lib/easyoptions.c
@@ -130,6 +130,7 @@ struct curl_easyoption Curl_easyopts[] = { @@ -128,8 +128,11 @@ struct curl_easyoption Curl_easyopts[] = {
{"HSTS_CTRL", CURLOPT_HSTS_CTRL, CURLOT_LONG, 0},
{"HTTP09_ALLOWED", CURLOPT_HTTP09_ALLOWED, CURLOT_LONG, 0},
{"HTTP200ALIASES", CURLOPT_HTTP200ALIASES, CURLOT_SLIST, 0}, {"HTTP200ALIASES", CURLOPT_HTTP200ALIASES, CURLOT_SLIST, 0},
+ {"HTTP2_PSEUDO_HEADERS_ORDER", CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER,
+ CURLOT_STRING, 0},
{"HTTPAUTH", CURLOPT_HTTPAUTH, CURLOT_VALUES, 0}, {"HTTPAUTH", CURLOPT_HTTPAUTH, CURLOT_VALUES, 0},
{"HTTPGET", CURLOPT_HTTPGET, CURLOT_LONG, 0}, {"HTTPGET", CURLOPT_HTTPGET, CURLOT_LONG, 0},
+ {"HTTPBASEHEADER", CURLOPT_HTTPBASEHEADER, CURLOT_SLIST, 0}, + {"HTTPBASEHEADER", CURLOPT_HTTPBASEHEADER, CURLOT_SLIST, 0},
{"HTTPHEADER", CURLOPT_HTTPHEADER, CURLOT_SLIST, 0}, {"HTTPHEADER", CURLOPT_HTTPHEADER, CURLOT_SLIST, 0},
{"HTTPPOST", CURLOPT_HTTPPOST, CURLOT_OBJECT, 0}, {"HTTPPOST", CURLOPT_HTTPPOST, CURLOT_OBJECT, 0},
{"HTTPPROXYTUNNEL", CURLOPT_HTTPPROXYTUNNEL, CURLOT_LONG, 0}, {"HTTPPROXYTUNNEL", CURLOPT_HTTPPROXYTUNNEL, CURLOT_LONG, 0},
@@ -297,8 +298,12 @@ struct curl_easyoption Curl_easyopts[] = { @@ -293,15 +296,19 @@ struct curl_easyoption Curl_easyopts[] = {
{"SSLKEYTYPE", CURLOPT_SSLKEYTYPE, CURLOT_STRING, 0},
{"SSLKEY_BLOB", CURLOPT_SSLKEY_BLOB, CURLOT_BLOB, 0},
{"SSLVERSION", CURLOPT_SSLVERSION, CURLOT_VALUES, 0},
+ {"SSL_CERT_COMPRESSION", CURLOPT_SSL_CERT_COMPRESSION, CURLOT_STRING, 0},
{"SSL_CIPHER_LIST", CURLOPT_SSL_CIPHER_LIST, CURLOT_STRING, 0},
{"SSL_CTX_DATA", CURLOPT_SSL_CTX_DATA, CURLOT_CBPTR, 0}, {"SSL_CTX_DATA", CURLOPT_SSL_CTX_DATA, CURLOT_CBPTR, 0},
{"SSL_CTX_FUNCTION", CURLOPT_SSL_CTX_FUNCTION, CURLOT_FUNCTION, 0}, {"SSL_CTX_FUNCTION", CURLOPT_SSL_CTX_FUNCTION, CURLOT_FUNCTION, 0},
{"SSL_EC_CURVES", CURLOPT_SSL_EC_CURVES, CURLOT_STRING, 0}, {"SSL_EC_CURVES", CURLOPT_SSL_EC_CURVES, CURLOT_STRING, 0},
+ {"SSL_SIG_HASH_ALGS", CURLOPT_SSL_SIG_HASH_ALGS, CURLOT_STRING, 0},
+ {"SSL_CERT_COMPRESSION", CURLOPT_SSL_CERT_COMPRESSION, CURLOT_STRING, 0},
{"SSL_ENABLE_ALPN", CURLOPT_SSL_ENABLE_ALPN, CURLOT_LONG, 0}, {"SSL_ENABLE_ALPN", CURLOPT_SSL_ENABLE_ALPN, CURLOT_LONG, 0},
{"SSL_ENABLE_NPN", CURLOPT_SSL_ENABLE_NPN, CURLOT_LONG, 0},
+ {"SSL_ENABLE_ALPS", CURLOPT_SSL_ENABLE_ALPS, CURLOT_LONG, 0}, + {"SSL_ENABLE_ALPS", CURLOPT_SSL_ENABLE_ALPS, CURLOT_LONG, 0},
{"SSL_ENABLE_NPN", CURLOPT_SSL_ENABLE_NPN, CURLOT_LONG, 0},
+ {"SSL_ENABLE_TICKET", CURLOPT_SSL_ENABLE_TICKET, CURLOT_LONG, 0}, + {"SSL_ENABLE_TICKET", CURLOPT_SSL_ENABLE_TICKET, CURLOT_LONG, 0},
{"SSL_FALSESTART", CURLOPT_SSL_FALSESTART, CURLOT_LONG, 0}, {"SSL_FALSESTART", CURLOPT_SSL_FALSESTART, CURLOT_LONG, 0},
{"SSL_OPTIONS", CURLOPT_SSL_OPTIONS, CURLOT_VALUES, 0}, {"SSL_OPTIONS", CURLOPT_SSL_OPTIONS, CURLOT_VALUES, 0},
{"SSL_SESSIONID_CACHE", CURLOPT_SSL_SESSIONID_CACHE, CURLOT_LONG, 0}, {"SSL_SESSIONID_CACHE", CURLOPT_SSL_SESSIONID_CACHE, CURLOT_LONG, 0},
@@ -360,6 +365,6 @@ struct curl_easyoption Curl_easyopts[] = { + {"SSL_SIG_HASH_ALGS", CURLOPT_SSL_SIG_HASH_ALGS, CURLOT_STRING, 0},
{"SSL_VERIFYHOST", CURLOPT_SSL_VERIFYHOST, CURLOT_LONG, 0},
{"SSL_VERIFYPEER", CURLOPT_SSL_VERIFYPEER, CURLOT_LONG, 0},
{"SSL_VERIFYSTATUS", CURLOPT_SSL_VERIFYSTATUS, CURLOT_LONG, 0},
@@ -360,6 +367,6 @@ struct curl_easyoption Curl_easyopts[] = {
*/ */
int Curl_easyopts_check(void) int Curl_easyopts_check(void)
{ {
@@ -549,7 +576,7 @@ index b4aaba2a2..1cf65c4b1 100644
#else #else
int unused; /* prevent a compiler warning */ int unused; /* prevent a compiler warning */
diff --git a/lib/http2.c b/lib/http2.c diff --git a/lib/http2.c b/lib/http2.c
index e74400a4c..33197df20 100644 index e74400a4c..b22271d23 100644
--- a/lib/http2.c --- a/lib/http2.c
+++ b/lib/http2.c +++ b/lib/http2.c
@@ -41,6 +41,7 @@ @@ -41,6 +41,7 @@
@@ -595,17 +622,108 @@ index e74400a4c..33197df20 100644
} }
void Curl_http2_done(struct Curl_easy *data, bool premature) void Curl_http2_done(struct Curl_easy *data, bool premature)
@@ -1818,7 +1830,8 @@ static ssize_t http2_recv(struct Curl_easy *data, int sockindex, @@ -1816,10 +1828,6 @@ static ssize_t http2_recv(struct Curl_easy *data, int sockindex,
return -1;
}
/* Index where :authority header field will appear in request header -/* Index where :authority header field will appear in request header
field list. */ - field list. */
-#define AUTHORITY_DST_IDX 3 -#define AUTHORITY_DST_IDX 3
+/* curl-impersonate: Put the ":authority" header in the first place. */ -
+#define AUTHORITY_DST_IDX 1
/* USHRT_MAX is 65535 == 0xffff */ /* USHRT_MAX is 65535 == 0xffff */
#define HEADER_OVERFLOW(x) \ #define HEADER_OVERFLOW(x) \
@@ -2032,25 +2045,26 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex, (x.namelen > 0xffff || x.valuelen > 0xffff - x.namelen)
@@ -1890,6 +1898,53 @@ static header_instruction inspect_header(const char *name, size_t namelen,
}
}
+/*
+ * curl-impersonate:
+ * Determine the position of HTTP/2 pseudo headers.
+ * The pseudo headers ":method", ":path", ":scheme", ":authority"
+ * are sent in different order by different browsers. An important part of the
+ * impersonation is ordering them like the browser does.
+ */
+static int http2_pseudo_header_index(struct Curl_easy *data,
+ const char *header,
+ size_t *index)
+{
+ char *off;
+ // Use the Chrome ordering by default:
+ // :method, :authority, :scheme, :path
+ char *order = "masp";
+ if(data->set.str[STRING_HTTP2_PSEUDO_HEADERS_ORDER])
+ order = data->set.str[STRING_HTTP2_PSEUDO_HEADERS_ORDER];
+
+ if(strlen(order) != 4)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ // :method should always be first
+ if(order[0] != 'm')
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ // All pseudo-headers must be present
+ if(!strchr(order, 'm') ||
+ !strchr(order, 'a') ||
+ !strchr(order, 's') ||
+ !strchr(order, 'p'))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ if(strcasecompare(header, ":method"))
+ off = strchr(order, 'm');
+ else if(strcasecompare(header, ":authority"))
+ off = strchr(order, 'a');
+ else if(strcasecompare(header, ":scheme"))
+ off = strchr(order, 's');
+ else if(strcasecompare(header, ":path"))
+ off = strchr(order, 'p');
+ else
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ *index = off - order;
+ return CURLE_OK;
+}
+
static ssize_t http2_send(struct Curl_easy *data, int sockindex,
const void *mem, size_t len, CURLcode *err)
{
@@ -1905,6 +1960,7 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
nghttp2_nv *nva = NULL;
size_t nheader;
size_t i;
+ size_t header_idx;
size_t authority_idx;
char *hdbuf = (char *)mem;
char *end, *line_end;
@@ -2010,12 +2066,21 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
end = memchr(hdbuf, ' ', line_end - hdbuf);
if(!end || end == hdbuf)
goto fail;
- nva[0].name = (unsigned char *)":method";
- nva[0].namelen = strlen((char *)nva[0].name);
- nva[0].value = (unsigned char *)hdbuf;
- nva[0].valuelen = (size_t)(end - hdbuf);
- nva[0].flags = NGHTTP2_NV_FLAG_NONE;
- if(HEADER_OVERFLOW(nva[0])) {
+ /* curl-impersonate: Set the index of ":method" based on libcurl option */
+ if(http2_pseudo_header_index(data, ":authority", &authority_idx))
+ goto fail;
+ if(http2_pseudo_header_index(data, ":method", &header_idx))
+ goto fail;
+ /* This is needed to overcome the fact that curl will only move the authority
+ * header into its place after all other headers have been placed. */
+ if(header_idx > authority_idx)
+ header_idx--;
+ nva[header_idx].name = (unsigned char *)":method";
+ nva[header_idx].namelen = strlen((char *)nva[header_idx].name);
+ nva[header_idx].value = (unsigned char *)hdbuf;
+ nva[header_idx].valuelen = (size_t)(end - hdbuf);
+ nva[header_idx].flags = NGHTTP2_NV_FLAG_NONE;
+ if(HEADER_OVERFLOW(nva[header_idx])) {
failf(data, "Failed sending HTTP request: Header overflow");
goto fail;
}
@@ -2032,25 +2097,35 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
} }
if(!end || end == hdbuf) if(!end || end == hdbuf)
goto fail; goto fail;
@@ -615,36 +733,61 @@ index e74400a4c..33197df20 100644
- nva[1].valuelen = (size_t)(end - hdbuf); - nva[1].valuelen = (size_t)(end - hdbuf);
- nva[1].flags = NGHTTP2_NV_FLAG_NONE; - nva[1].flags = NGHTTP2_NV_FLAG_NONE;
- if(HEADER_OVERFLOW(nva[1])) { - if(HEADER_OVERFLOW(nva[1])) {
+ /* curl-impersonate: Switch the places of ":path" and ":scheme". */ + /* curl-impersonate: Set the index of ":path" based on libcurl option */
+ nva[2].name = (unsigned char *)":path"; + if(http2_pseudo_header_index(data, ":path", &header_idx))
+ nva[2].namelen = strlen((char *)nva[2].name); + goto fail;
+ nva[2].value = (unsigned char *)hdbuf; + if(header_idx > authority_idx)
+ nva[2].valuelen = (size_t)(end - hdbuf); + header_idx--;
+ nva[2].flags = NGHTTP2_NV_FLAG_NONE; + nva[header_idx].name = (unsigned char *)":path";
+ if(HEADER_OVERFLOW(nva[2])) { + nva[header_idx].namelen = strlen((char *)nva[header_idx].name);
+ nva[header_idx].value = (unsigned char *)hdbuf;
+ nva[header_idx].valuelen = (size_t)(end - hdbuf);
+ nva[header_idx].flags = NGHTTP2_NV_FLAG_NONE;
+ if(HEADER_OVERFLOW(nva[header_idx])) {
failf(data, "Failed sending HTTP request: Header overflow"); failf(data, "Failed sending HTTP request: Header overflow");
goto fail; goto fail;
} }
- nva[2].name = (unsigned char *)":scheme"; - nva[2].name = (unsigned char *)":scheme";
- nva[2].namelen = strlen((char *)nva[2].name); - nva[2].namelen = strlen((char *)nva[2].name);
+ nva[1].name = (unsigned char *)":scheme"; + /* curl-impersonate: Set the index of ":scheme" based on libcurl option */
+ nva[1].namelen = strlen((char *)nva[1].name); + if(http2_pseudo_header_index(data, ":scheme", &header_idx))
+ goto fail;
+ if(header_idx > authority_idx)
+ header_idx--;
+ nva[header_idx].name = (unsigned char *)":scheme";
+ nva[header_idx].namelen = strlen((char *)nva[header_idx].name);
if(conn->handler->flags & PROTOPT_SSL) if(conn->handler->flags & PROTOPT_SSL)
- nva[2].value = (unsigned char *)"https"; - nva[2].value = (unsigned char *)"https";
+ nva[1].value = (unsigned char *)"https"; + nva[header_idx].value = (unsigned char *)"https";
else else
- nva[2].value = (unsigned char *)"http"; - nva[2].value = (unsigned char *)"http";
- nva[2].valuelen = strlen((char *)nva[2].value); - nva[2].valuelen = strlen((char *)nva[2].value);
- nva[2].flags = NGHTTP2_NV_FLAG_NONE; - nva[2].flags = NGHTTP2_NV_FLAG_NONE;
- if(HEADER_OVERFLOW(nva[2])) { - if(HEADER_OVERFLOW(nva[2])) {
+ nva[1].value = (unsigned char *)"http"; + nva[header_idx].value = (unsigned char *)"http";
+ nva[1].valuelen = strlen((char *)nva[1].value); + nva[header_idx].valuelen = strlen((char *)nva[header_idx].value);
+ nva[1].flags = NGHTTP2_NV_FLAG_NONE; + nva[header_idx].flags = NGHTTP2_NV_FLAG_NONE;
+ if(HEADER_OVERFLOW(nva[1])) { + if(HEADER_OVERFLOW(nva[header_idx])) {
failf(data, "Failed sending HTTP request: Header overflow"); failf(data, "Failed sending HTTP request: Header overflow");
goto fail; goto fail;
} }
@@ -2117,10 +2192,13 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
++i;
}
+ /* curl-impersonate: Set the index of ":authority" based on libcurl option */
+ if(http2_pseudo_header_index(data, ":authority", &header_idx))
+ goto fail;
/* :authority must come before non-pseudo header fields */
- if(authority_idx && authority_idx != AUTHORITY_DST_IDX) {
+ if(authority_idx && authority_idx != header_idx) {
nghttp2_nv authority = nva[authority_idx];
- for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) {
+ for(i = authority_idx; i > header_idx; --i) {
nva[i] = nva[i - 1];
}
nva[i] = authority;
diff --git a/lib/http2.h b/lib/http2.h diff --git a/lib/http2.h b/lib/http2.h
index d6986d97f..fa5c90e7f 100644 index d6986d97f..fa5c90e7f 100644
--- a/lib/http2.h --- a/lib/http2.h
@@ -674,7 +817,7 @@ index f8dcc63b4..e6b728592 100644
#ifdef USE_WINSOCK #ifdef USE_WINSOCK
diff --git a/lib/setopt.c b/lib/setopt.c diff --git a/lib/setopt.c b/lib/setopt.c
index 599ed5d99..7a3880b0e 100644 index 599ed5d99..3ac151feb 100644
--- a/lib/setopt.c --- a/lib/setopt.c
+++ b/lib/setopt.c +++ b/lib/setopt.c
@@ -48,6 +48,7 @@ @@ -48,6 +48,7 @@
@@ -737,7 +880,7 @@ index 599ed5d99..7a3880b0e 100644
#endif #endif
case CURLOPT_IPRESOLVE: case CURLOPT_IPRESOLVE:
arg = va_arg(param, long); arg = va_arg(param, long);
@@ -2871,6 +2910,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) @@ -2871,6 +2910,16 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
case CURLOPT_SSL_ENABLE_ALPN: case CURLOPT_SSL_ENABLE_ALPN:
data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE; data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE;
break; break;
@@ -746,6 +889,10 @@ index 599ed5d99..7a3880b0e 100644
+ break; + break;
+ case CURLOPT_SSL_ENABLE_TICKET: + case CURLOPT_SSL_ENABLE_TICKET:
+ data->set.ssl_enable_ticket = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.ssl_enable_ticket = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER:
+ result = Curl_setstropt(&data->set.str[STRING_HTTP2_PSEUDO_HEADERS_ORDER],
+ va_arg(param, char *));
+ break; + break;
#ifdef USE_UNIX_SOCKETS #ifdef USE_UNIX_SOCKETS
case CURLOPT_UNIX_SOCKET_PATH: case CURLOPT_UNIX_SOCKET_PATH:
@@ -824,7 +971,7 @@ index 9f1013554..0eff9c354 100644
/* There is a connection that *might* become usable for multiplexing /* There is a connection that *might* become usable for multiplexing
"soon", and we wait for that */ "soon", and we wait for that */
diff --git a/lib/urldata.h b/lib/urldata.h diff --git a/lib/urldata.h b/lib/urldata.h
index cc9c88870..3f268bf14 100644 index cc9c88870..636ae6770 100644
--- a/lib/urldata.h --- a/lib/urldata.h
+++ b/lib/urldata.h +++ b/lib/urldata.h
@@ -257,6 +257,8 @@ struct ssl_primary_config { @@ -257,6 +257,8 @@ struct ssl_primary_config {
@@ -865,16 +1012,17 @@ index cc9c88870..3f268bf14 100644
/* Dynamically allocated strings, MUST be freed before this struct is /* Dynamically allocated strings, MUST be freed before this struct is
killed. */ killed. */
struct dynamically_allocated_data { struct dynamically_allocated_data {
@@ -1579,6 +1596,8 @@ enum dupstring { @@ -1579,6 +1596,9 @@ enum dupstring {
STRING_DNS_LOCAL_IP4, STRING_DNS_LOCAL_IP4,
STRING_DNS_LOCAL_IP6, STRING_DNS_LOCAL_IP6,
STRING_SSL_EC_CURVES, STRING_SSL_EC_CURVES,
+ STRING_SSL_SIG_HASH_ALGS, + STRING_SSL_SIG_HASH_ALGS,
+ STRING_SSL_CERT_COMPRESSION, + STRING_SSL_CERT_COMPRESSION,
+ STRING_HTTP2_PSEUDO_HEADERS_ORDER,
/* -- end of null-terminated strings -- */ /* -- end of null-terminated strings -- */
@@ -1849,6 +1868,8 @@ struct UserDefined { @@ -1849,6 +1869,8 @@ struct UserDefined {
BIT(tcp_fastopen); /* use TCP Fast Open */ BIT(tcp_fastopen); /* use TCP Fast Open */
BIT(ssl_enable_npn); /* TLS NPN extension? */ BIT(ssl_enable_npn); /* TLS NPN extension? */
BIT(ssl_enable_alpn);/* TLS ALPN extension? */ BIT(ssl_enable_alpn);/* TLS ALPN extension? */
@@ -1318,10 +1466,10 @@ index 6007bbba0..3c79e0d30 100644
#ifdef USE_SSL #ifdef USE_SSL
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 227b914e3..91ffa283b 100644 index 227b914e3..9f0d0b18b 100644
--- a/src/tool_cfgable.h --- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h +++ b/src/tool_cfgable.h
@@ -165,6 +165,8 @@ struct OperationConfig { @@ -165,8 +165,11 @@ struct OperationConfig {
bool crlf; bool crlf;
char *customrequest; char *customrequest;
char *ssl_ec_curves; char *ssl_ec_curves;
@@ -1329,8 +1477,11 @@ index 227b914e3..91ffa283b 100644
+ char *ssl_cert_compression; + char *ssl_cert_compression;
char *krblevel; char *krblevel;
char *request_target; char *request_target;
+ char *http2_pseudo_headers_order;
long httpversion; long httpversion;
@@ -274,6 +276,8 @@ struct OperationConfig { bool http09_allowed;
bool nobuffer;
@@ -274,6 +277,8 @@ struct OperationConfig {
char *oauth_bearer; /* OAuth 2.0 bearer token */ char *oauth_bearer; /* OAuth 2.0 bearer token */
bool nonpn; /* enable/disable TLS NPN extension */ bool nonpn; /* enable/disable TLS NPN extension */
bool noalpn; /* enable/disable TLS ALPN extension */ bool noalpn; /* enable/disable TLS ALPN extension */
@@ -1340,10 +1491,10 @@ index 227b914e3..91ffa283b 100644
bool abstract_unix_socket; /* path to an abstract Unix domain socket */ bool abstract_unix_socket; /* path to an abstract Unix domain socket */
bool falsestart; bool falsestart;
diff --git a/src/tool_getparam.c b/src/tool_getparam.c diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 7abbcc639..e6165dc18 100644 index 7abbcc639..d2455b74f 100644
--- a/src/tool_getparam.c --- a/src/tool_getparam.c
+++ b/src/tool_getparam.c +++ b/src/tool_getparam.c
@@ -279,6 +279,10 @@ static const struct LongShort aliases[]= { @@ -279,6 +279,11 @@ static const struct LongShort aliases[]= {
{"EC", "etag-save", ARG_FILENAME}, {"EC", "etag-save", ARG_FILENAME},
{"ED", "etag-compare", ARG_FILENAME}, {"ED", "etag-compare", ARG_FILENAME},
{"EE", "curves", ARG_STRING}, {"EE", "curves", ARG_STRING},
@@ -1351,10 +1502,11 @@ index 7abbcc639..e6165dc18 100644
+ {"EH", "alps", ARG_BOOL}, + {"EH", "alps", ARG_BOOL},
+ {"EI", "cert-compression", ARG_STRING}, + {"EI", "cert-compression", ARG_STRING},
+ {"EJ", "tls-session-ticket", ARG_BOOL}, + {"EJ", "tls-session-ticket", ARG_BOOL},
+ {"EK", "http2-pseudo-headers-order", ARG_STRING},
{"f", "fail", ARG_BOOL}, {"f", "fail", ARG_BOOL},
{"fa", "fail-early", ARG_BOOL}, {"fa", "fail-early", ARG_BOOL},
{"fb", "styled-output", ARG_BOOL}, {"fb", "styled-output", ARG_BOOL},
@@ -1794,6 +1798,26 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ @@ -1794,6 +1799,31 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
GetStr(&config->ssl_ec_curves, nextarg); GetStr(&config->ssl_ec_curves, nextarg);
break; break;
@@ -1377,15 +1529,20 @@ index 7abbcc639..e6165dc18 100644
+ /* --tls-session-ticket */ + /* --tls-session-ticket */
+ config->noticket = (!toggle)?TRUE:FALSE; + config->noticket = (!toggle)?TRUE:FALSE;
+ break; + break;
+
+ case 'K':
+ /* --http2-pseudo-headers-order */
+ GetStr(&config->http2_pseudo_headers_order, nextarg);
+ break;
+ +
default: /* unknown flag */ default: /* unknown flag */
return PARAM_OPTION_UNKNOWN; return PARAM_OPTION_UNKNOWN;
} }
diff --git a/src/tool_listhelp.c b/src/tool_listhelp.c diff --git a/src/tool_listhelp.c b/src/tool_listhelp.c
index 448fc7cb3..43201c639 100644 index 448fc7cb3..aa0c6203b 100644
--- a/src/tool_listhelp.c --- a/src/tool_listhelp.c
+++ b/src/tool_listhelp.c +++ b/src/tool_listhelp.c
@@ -106,6 +106,15 @@ const struct helptxt helptext[] = { @@ -106,6 +106,18 @@ const struct helptxt helptext[] = {
{" --curves <algorithm list>", {" --curves <algorithm list>",
"(EC) TLS key exchange algorithm(s) to request", "(EC) TLS key exchange algorithm(s) to request",
CURLHELP_TLS}, CURLHELP_TLS},
@@ -1398,10 +1555,13 @@ index 448fc7cb3..43201c639 100644
+ {" --no-tls-session-ticket", + {" --no-tls-session-ticket",
+ "Disable the TLS session ticket extension", + "Disable the TLS session ticket extension",
+ CURLHELP_TLS}, + CURLHELP_TLS},
+ {" --http2-pseudo-headers-order",
+ "Change the order of the HTTP2 pseudo headers",
+ CURLHELP_HTTP},
{"-d, --data <data>", {"-d, --data <data>",
"HTTP POST data", "HTTP POST data",
CURLHELP_IMPORTANT | CURLHELP_HTTP | CURLHELP_POST | CURLHELP_UPLOAD}, CURLHELP_IMPORTANT | CURLHELP_HTTP | CURLHELP_POST | CURLHELP_UPLOAD},
@@ -379,6 +388,9 @@ const struct helptxt helptext[] = { @@ -379,6 +391,9 @@ const struct helptxt helptext[] = {
{" --no-alpn", {" --no-alpn",
"Disable the ALPN TLS extension", "Disable the ALPN TLS extension",
CURLHELP_TLS | CURLHELP_HTTP}, CURLHELP_TLS | CURLHELP_HTTP},
@@ -1412,10 +1572,22 @@ index 448fc7cb3..43201c639 100644
"Disable buffering of the output stream", "Disable buffering of the output stream",
CURLHELP_CURL}, CURLHELP_CURL},
diff --git a/src/tool_operate.c b/src/tool_operate.c diff --git a/src/tool_operate.c b/src/tool_operate.c
index fe2c43b55..c829515dd 100644 index fe2c43b55..7e487242e 100644
--- a/src/tool_operate.c --- a/src/tool_operate.c
+++ b/src/tool_operate.c +++ b/src/tool_operate.c
@@ -1520,6 +1520,14 @@ static CURLcode single_transfer(struct GlobalConfig *global, @@ -1432,6 +1432,11 @@ static CURLcode single_transfer(struct GlobalConfig *global,
return result;
}
+ if(config->http2_pseudo_headers_order)
+ my_setopt_str(curl,
+ CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER,
+ config->http2_pseudo_headers_order);
+
} /* (built_in_protos & CURLPROTO_HTTP) */
my_setopt_str(curl, CURLOPT_FTPPORT, config->ftpport);
@@ -1520,6 +1525,14 @@ static CURLcode single_transfer(struct GlobalConfig *global,
if(config->ssl_ec_curves) if(config->ssl_ec_curves)
my_setopt_str(curl, CURLOPT_SSL_EC_CURVES, config->ssl_ec_curves); my_setopt_str(curl, CURLOPT_SSL_EC_CURVES, config->ssl_ec_curves);
@@ -1430,7 +1602,7 @@ index fe2c43b55..c829515dd 100644
if(curlinfo->features & CURL_VERSION_SSL) { if(curlinfo->features & CURL_VERSION_SSL) {
/* Check if config->cert is a PKCS#11 URI and set the /* Check if config->cert is a PKCS#11 URI and set the
* config->cert_type if necessary */ * config->cert_type if necessary */
@@ -2061,6 +2069,14 @@ static CURLcode single_transfer(struct GlobalConfig *global, @@ -2061,6 +2074,14 @@ static CURLcode single_transfer(struct GlobalConfig *global,
my_setopt(curl, CURLOPT_SSL_ENABLE_ALPN, 0L); my_setopt(curl, CURLOPT_SSL_ENABLE_ALPN, 0L);
} }