TODO: Configurable loading of OpenSSL configuration file

Closes #2724

TODO: "Option to refuse usernames in URLs" done

Implemented by Björn in 946ce5b61f

TODO: CURLINFO_PAUSE_STATE

Closes #2588

Revert "TODO: remove configure --disable-pthreads"

This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3.

--disable-pthreads can be used to disable pthreads and get the threa

Revert "TODO: remove configure --disable-pthreads"

This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3.

--disable-pthreads can be used to disable pthreads and get the threaded
resolver to use the windows threading when building with mingw.

show more ...

TODO: remove configure --disable-pthreads

TODO: Support the clienthello extension

Closes #2299

TODO: CLOEXEC

Closes #2252

schannel: add support for CURLOPT_CAINFO

- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
f

schannel: add support for CURLOPT_CAINFO

- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
from schannel.c have been moved to schannel.h to allow them to be
used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
all versions of Windows instead of just Windows CE. verify_certificate
will be invoked on Windows CE or when the user specifies
CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
exclusively trusts the certificate store backed by the CURLOPT_CAINFO
file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
when available. This implements a TODO in schannel.c to improve
handling of multiple SANs in a certificate. In particular, all SANs
will now be searched instead of just the first name.

- Update tool_operate.c to not search for the curl-ca-bundle.crt file
when using Schannel to maintain backward compatibility. Previously,
any curl-ca-bundle.crt file found in that search would have been
ignored by Schannel. But, with CAINFO support, the file found by
that search would have been used as the certificate store and
could cause issues for any users that have curl-ca-bundle.crt in
the search path.

- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
SSL backend is Schannel. We allow setting CA location for schannel
only when explicitly specified by the user via CURLOPT_CAINFO /
--cacert.

- Add new test cases 3000 and 3001. These test cases check that the first
and last SAN, respectively, matches the connection hostname. New test
certificates have been added for these cases. For 3000, the certificate
prefix is Server-localhost-firstSAN and for 3001, the certificate
prefix is Server-localhost-secondSAN.

- Remove TODO 15.2 (Add support for custom server certificate
validation), this commit addresses it.

Closes https://github.com/curl/curl/pull/1325

show more ...

TODO: connection cache sharing is now supporte

TODO: expand ~/ in config files

Closes #2317

cleanup: misc typos in strings and comments

Found via `codespell`

Closes #2389

TODO: remove "sha-256 digest", added in 2b5b37cb9109e7c2

TODO: warning if curl version is not in sync with libcurl version

TODO: "Support in-memory certs/ca certs/keys"

removed SSLKEYLOGFILE support (fixed)

removed "consider SSL patches" (outdated)

Closes #2310

TODO: 1.1 Option to refuse usernames in URLs

Also expanded the CURL_REFUSE_CLEARTEXT section with more ideas.

TODO: 1.7 Support HTTP/2 for HTTP(S) proxies

TODO: 18.18 retry on network is unreachable

Closes #1603

TODO fixed: Detect when called from within callbacks

Closes #2302

TODO: UTF-8 filenames in Content-Disposition

Closes #1888

TODO: hardcode the "localhost" addresses

TODO: CURL_REFUSE_CLEARTEXT

An idea that popped up in discussions on twitter.

TODO: two possible name resolver improvements

TODO: Expose tried IP addresses that failed

Suggested-by: Rainer Canavan

Closes #2126

TODO: ignore private IP addresses in PASV response

Closes #1455

HTTP: implement Brotli content encoding

This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
str

HTTP: implement Brotli content encoding

This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.

Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.

Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.

show more ...