vtls: TLS session storage overhaul

- add session with destructor callback
- remove vtls `session_free` method
- let `Curl_ssl_addsessionid()` take ownership
of session object,

vtls: TLS session storage overhaul

- add session with destructor callback
- remove vtls `session_free` method
- let `Curl_ssl_addsessionid()` take ownership
of session object, freeing it also on failures
- change tls backend use
- test_17, add tests for SSL session resumption

Closes #13386

show more ...

http2 + ngtcp2: pass CURLcode errors from callbacks

- errors returned by Curl_xfer_write_resp() and the header variant are
not errors in the protocol. The result needs to be returned o

http2 + ngtcp2: pass CURLcode errors from callbacks

- errors returned by Curl_xfer_write_resp() and the header variant are
not errors in the protocol. The result needs to be returned on the
next recv() from the protocol filter.

- make xfer write errors for response data cause the stream to be
cancelled

- added pytest test_02_14 and test_02_15 to verify that also for
parallel processing

Reported-by: Laramie Leavitt
Fixes #13411
Closes #13424

show more ...

ngtcp2: fix macro use

macro "H3_STREAM_CTX" requires 2 arguments, but only 1 given

Follow-up to c6655f7029ec5c128561e3ecf1f93db3ed0432a4

Closes #13401

http/2, http/3: decouple stream state from easy handle

- add `Curl_hash_offt` as hashmap between a `curl_off_t` and
an object. Use this in h2+h3 connection filters to associate
`

http/2, http/3: decouple stream state from easy handle

- add `Curl_hash_offt` as hashmap between a `curl_off_t` and
an object. Use this in h2+h3 connection filters to associate
`data->id` with the internal stream state.
- changed implementations of all affected connection filters
- removed `h2_ctx*` and `h3_ctx*` from `struct HTTP` and thus
the easy handle
- solves the problem of attaching "foreign protocol" easy handles
during connection shutdown

Test 1616 verifies the new hash functions.

Closes #13204

show more ...

http3: extend download abort tests, fixes in ngtcp2

- fix flow handling in ngtcp2 to ACK data on streams
we abort ourself.
- extend test_02_23* cases to also run for h3
- skip

http3: extend download abort tests, fixes in ngtcp2

- fix flow handling in ngtcp2 to ACK data on streams
we abort ourself.
- extend test_02_23* cases to also run for h3
- skip test_02_23* for OpenSSL QUIC as it gets stalled
on progressing the connection

Closes #13374

show more ...

lib: add Curl_xfer_write_resp_hd

Add method in protocol handlers to allow writing of a single,
0-terminated header line. Avoids parsing and copying these lines.

Closes #13165

quic: fixup duplicate static function name (for cmake unity)

Visible in daily curl-for-win builds:
https://github.com/curl/curl-for-win/actions/runs/8621925870

```
lib/vquic

quic: fixup duplicate static function name (for cmake unity)

Visible in daily curl-for-win builds:
https://github.com/curl/curl-for-win/actions/runs/8621925870

```
lib/vquic/curl_ngtcp2.c:1916:12: error: redefinition of 'ossl_new_session_cb'
static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
^
lib/vtls/openssl.c:2978:12: note: previous definition is here
static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
^
```
https://github.com/curl/curl-for-win/actions/runs/8621925870/job/23631885439#step:3:6965

Follow-up to 3210101088dfa3d6a125d213226b092f2f866722 #13172
Closes #13332

show more ...

tls: use shared init code for TCP+QUIC

Closes #13172

vquic: use new curl_int64_t type

- add curl_int64_t signed 64-bit type for lib use

- define CURL_PRId64, CURL_PRIu64 format ids

- use curl_int64_t in vquic

curl_in

vquic: use new curl_int64_t type

- add curl_int64_t signed 64-bit type for lib use

- define CURL_PRId64, CURL_PRIu64 format ids

- use curl_int64_t in vquic

curl_int64_t signed complements the existing curl_uint64_t unsigned.

Note that `curl_int64_t` and `int64_t` are assignable from each other
but not identical. Some platforms with 64 long type defint int64_t as
"long long" (staring at macOS) which messes up things like pointers and
format identifiers.

Closes https://github.com/curl/curl/pull/13293

show more ...

vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output

Reported-by: Keitagit-kun on github
Fixes #13224
Closes #13231

http2, http3: only return CURLE_PARTIAL_FILE when bytes were received

- should resolve spurious pytest failures when stream were reset
right after response header were received

http2, http3: only return CURLE_PARTIAL_FILE when bytes were received

- should resolve spurious pytest failures when stream were reset
right after response header were received

Clsoes #13151

show more ...

lib: move 'done' parameter to SingleRequests

A transfer may do several `SingleRequest`s for its success. This happens
regularly for authentication, follows and retries on failed connecti

lib: move 'done' parameter to SingleRequests

A transfer may do several `SingleRequest`s for its success. This happens
regularly for authentication, follows and retries on failed connections.
The "readwrite()" calls and functions connected to those carried a `bool
*done` parameter to indicate that the current `SingleRequest` is over.
This may happen before `upload_done` or `download_done` bits of
`SingleRequest` are set.

The problem with that is now `write_resp()` protocol handlers are
invoked in places where the `bool *done` cannot be passed up to the
caller. Instead of being a bool in the call chain, it needs to become a
member of `SingleRequest`, reflecting its state.

This removes the `bool *done` parameter and adds the `done` bit to
`SingleRequest` instead. It adds `Curl_req_soft_reset()` for using a
`SingleRequest` in a follow up, clearing `done` and other
flags/counters.

Closes #13096

show more ...

lib: keep conn IP information together

new struct ip_quadruple for holding local/remote addr+port

- used in data->info and conn and cf-socket.c
- copy back and forth complete st

lib: keep conn IP information together

new struct ip_quadruple for holding local/remote addr+port

- used in data->info and conn and cf-socket.c
- copy back and forth complete struct
- add 'secondary' to conn
- use secondary in reporting success for ftp 2nd connection

Reported-by: DasKutti on github
Fixes #13084
Closes #13090

show more ...

ngtcp2: no recvbuf for stream

- write response data directly to the transfer via
`Curl_xfer_write_resp()` like we do in HTTP/2.

Closes #13073

misc: Fix typos in docs and lib

This fixes miscellaneous typos and duplicated words in the docs, lib
and test comments and a few user facing errorstrings.

Author: RainRat on Git

misc: Fix typos in docs and lib

This fixes miscellaneous typos and duplicated words in the docs, lib
and test comments and a few user facing errorstrings.

Author: RainRat on Github
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Dan Fandrich <dan@coneharvesters.com>
Closes: #13019

show more ...

vquic: extract TLS setup into own source

- separate ngtcp2 specific parts out
- provide callback during init to allow ngtcp2 to apply its defaults

Closes #12678

transfer: adjust_pollset improvements

- let `multi_getsock()` initialize the pollset in what the
transfer state requires in regards to SEND/RECV
- change connection filters `adjust

transfer: adjust_pollset improvements

- let `multi_getsock()` initialize the pollset in what the
transfer state requires in regards to SEND/RECV
- change connection filters `adjust_pollset()` implementation
to react on the presence of POLLIN/-OUT in the pollset and
no longer check CURL_WANT_SEND/CURL_WANT_RECV
- cf-socket will no longer add POLLIN on its own
- http2 and http/3 filters will only do adjustments if the
passed pollset wants to POLLIN/OUT for the transfer on
the socket. This is similar to the HTTP/2 proxy filter
and works in stacked filters.

Closes #12640

show more ...

http: adjust_pollset fix

do not add a socket for POLLIN when the transfer does not want to send
(for example is paused).

Follow-up to 47f5b1a

Reported-by: bubbleguuum o

http: adjust_pollset fix

do not add a socket for POLLIN when the transfer does not want to send
(for example is paused).

Follow-up to 47f5b1a

Reported-by: bubbleguuum on github
Fixes #12632
Closes #12633

show more ...

quiche: return CURLE_HTTP3 on send to invalid stream

Prior to this change if a send failed on a stream in an invalid state
(according to quiche) and not marked as closed (according to li

quiche: return CURLE_HTTP3 on send to invalid stream

Prior to this change if a send failed on a stream in an invalid state
(according to quiche) and not marked as closed (according to libcurl)
then the send function would return CURLE_SEND_ERROR.

We already have similar code for ngtcp2 to return CURLE_HTTP3 in this
case.

Caught by test test_07_upload.py: test_07_22_upload_parallel_fail.

Fixes https://github.com/curl/curl/issues/12590
Closes https://github.com/curl/curl/pull/12597

show more ...

ngtcp2: put h3 at the front of alpn

Closes #12576

lib: eliminate `conn->cselect_bits`

- use `data->state.dselect_bits` everywhere instead
- remove `bool *comeback` parameter as non-zero
`data->state.dselect_bits` will indicate tha

lib: eliminate `conn->cselect_bits`

- use `data->state.dselect_bits` everywhere instead
- remove `bool *comeback` parameter as non-zero
`data->state.dselect_bits` will indicate that IO is
incomplete.

Closes #12512

show more ...

ngtcp2: ignore errors on unknown streams

- expecially in is_alive checks on connections, we might
see incoming packets on streams already forgotten and closed,
leading to errors

ngtcp2: ignore errors on unknown streams

- expecially in is_alive checks on connections, we might
see incoming packets on streams already forgotten and closed,
leading to errors reported by nghttp3. Ignore those.

Closes #12449

show more ...

ngtcp2: fix races in stream handling

- fix cases where ngtcp2 invokes callbacks on streams that
nghttp3 has already forgotten. Ignore the NGHTTP3_ERR_STREAM_NOT_FOUND
in these ca

ngtcp2: fix races in stream handling

- fix cases where ngtcp2 invokes callbacks on streams that
nghttp3 has already forgotten. Ignore the NGHTTP3_ERR_STREAM_NOT_FOUND
in these cases as it is normal behaviour.

Closes #12435

show more ...

quic: make eyeballers connect retries stop at weird replies

- when a connect immediately goes into DRAINING state, do
not attempt retries in the QUIC connection filter. Instead,

quic: make eyeballers connect retries stop at weird replies

- when a connect immediately goes into DRAINING state, do
not attempt retries in the QUIC connection filter. Instead,
return CURLE_WEIRD_SERVER_REPLY
- When eyeballing, interpret CURLE_WEIRD_SERVER_REPLY as an
inconclusive answer. When all addresses have been attempted,
rewind the address list once on an inconclusive answer.
- refs #11832 where connects were retried indefinitely until
the overall timeout fired

Closes #12400

show more ...

openssl: fix building with v3 `no-deprecated` + add CI test

- build quictls with `no-deprecated` in CI to have test coverage for
this OpenSSL 3 configuration.

- don't call `Op

openssl: fix building with v3 `no-deprecated` + add CI test

- build quictls with `no-deprecated` in CI to have test coverage for
this OpenSSL 3 configuration.

- don't call `OpenSSL_add_all_algorithms()`, `OpenSSL_add_all_digests()`.
The caller code is meant for OpenSSL 3, while these two functions were
only necessary before OpenSSL 1.1.0. They are missing from OpenSSL 3
if built with option `no-deprecated`, causing build errors:
```
vtls/openssl.c:4097:3: error: call to undeclared function 'OpenSSL_add_all_algorithms'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
vtls/openssl.c:4098:3: error: call to undeclared function 'OpenSSL_add_all_digests'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
```
Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/48587418?fullLog=true#L7667

Regression from b6e6d4ff8f253c8b8055bab9d4d6a10f9be109f3 #12030
Bug: https://github.com/curl/curl/issues/12380#issuecomment-1822944669
Reviewed-by: Alex Bozarth

- vquic/curl_ngtcp2: fix using `SSL_get_peer_certificate` with
`no-deprecated` quictls 3 builds.
Do it by moving an existing solution for this from `vtls/openssl.c`
to `vtls/openssl.h` and adjusting caller code.
```
vquic/curl_ngtcp2.c:1950:19: error: implicit declaration of function 'SSL_get_peer_certificate'; did you mean 'SSL_get1_peer_certificate'? [-Wimplicit-function-declaration]
```
Ref: https://github.com/curl/curl/actions/runs/6960723097/job/18940818625#step:24:1178

- curl_ntlm_core: fix `-Wunused-parameter`, `-Wunused-variable` and
`-Wunused-function` when trying to build curl with NTLM enabled but
without the necessary TLS backend (with DES) support.

Closes #12384

show more ...