TLS: add support for ECH (Encrypted Client Hello)

An EXPERIMENTAL feature used with CURLOPT_ECH and --ech.

Closes #11922

curl: make --help adapt to the terminal width

Instead of assuming and working with 80 colums, try figuring out what
width is actually used.

Ref: #13141

Closes #13171

cmdline-opts: shorter help texts

In an effort to increase the readability of the "--help all" output on
narrow (80 column) terminals.

Co-authored-by: Jay Satiro

Closes

cmdline-opts: shorter help texts

In an effort to increase the readability of the "--help all" output on
narrow (80 column) terminals.

Co-authored-by: Jay Satiro

Closes #13169

show more ...

curl: show ipfs and ipns as supported "protocols"

They are accepted schemes in URLs passed to curl (the tool, not the
library).

Also makes curl-config show the same list.

curl: show ipfs and ipns as supported "protocols"

They are accepted schemes in URLs passed to curl (the tool, not the
library).

Also makes curl-config show the same list.

Co-Authored-by: Jay Satiro
Reported-by: Chara White
Bug: https://curl.se/mail/archive-2023-12/0026.html
Closes #12508

show more ...

build: add more picky warnings and fix them

Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
funct

build: add more picky warnings and fix them

Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
functionality for it [1].

`-Wunused-macros` was too noisy to keep around, but fixed a few issues
it revealed while testing.

- autotools: reflect the more precisely-versioned clang warnings.
Follow-up to 033f8e2a08eb1d3102f08c4d8c8e85470f8b460e #12324
- autotools: sync between clang and gcc the way we set `no-multichar`.
- autotools: avoid setting `-Wstrict-aliasing=3` twice.
- autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2].
It triggers in libtool-generated stub code.

- lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch.

- lib/curl_setup.h: delete duplicate declaration for `fileno`.
Added in initial commit ae1912cb0d494b48d514d937826c9fe83ec96c4d
(1999-12-29). This suggests this may not be needed anymore, but if
it does, we may restore this for those specific (non-Windows) systems.
- lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since
c1d6fe2aaa5a26e49a69a4f2495b3cc7a24d9394.
- lib: delete unused macro `isxdigit_ascii` since
f65f750742068f579f4ee6d8539ed9d5f0afcb85.
- lib/mqtt: delete unused macro `MQTT_HEADER_LEN`.
- lib/multi: delete unused macro `SH_READ`/`SH_WRITE`.
- lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN`
macro.
- lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`.
- lib/rand: fix `-Wunreachable-code` and related fallouts [3].
- lib/setopt: fix `-Wunreachable-code-break`.
- lib/system_win32 and lib/timeval: fix double declarations for
`Curl_freq` and `Curl_isVistaOrGreater` in CMake UNITY mode [4].
- lib/warnless: fix double declarations in CMake UNITY mode [5].
This was due to force-disabling the header guard of `warnless.h` to
to reapply it to source code coming after `warnless.c` in UNITY
builds. This reapplied declarations too, causing the warnings.
Solved by adding a header guard for the lines that actually need
to be reapplied.
- lib/vauth/digest: fix `-Wunreachable-code-break` [6].
- lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant
block.
- lib/vtls/sectransp: fix `-Wunreachable-code-break` [7].
- lib/vtls/sectransp: suppress `-Wunreachable-code`.
Detected in `else` branches of dynamic feature checks, with results
known at compile-time, e.g.
```c
if(SecCertificateCopySubjectSummary) /* -> true */
```
Likely fixable as a separate micro-project, but given SecureTransport
is deprecated anyway, let's just silence these locally.
- src/tool_help: delete duplicate declaration for `helptext`.
- src/tool_xattr: fix `-Wunreachable-code`.
- tests: delete duplicate declaration for `unitfail` [8].
- tests: delete duplicate declaration for `strncasecompare`.
- tests/libtest: delete duplicate declaration for `gethostname`.
Originally added in 687df5c8c39c370a59999b9afc0917d808d978b7
(2010-08-02).
Got complicated later: c49e9683b85ba9d12cbb6eebc4ab2c8dba68fbdc
If there are still systems around with warnings, we may restore the
prototype, but limited for those systems.
- tests/lib2305: delete duplicate declaration for
`libtest_debug_config`.
- tests/h2-download: fix `-Wunreachable-code-break`.

[1] https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake
[2] https://ci.appveyor.com/project/curlorg/curl/builds/48553586/job/3qkgjauiqla5fj45?fullLog=true#L1675
[3] https://github.com/curl/curl/actions/runs/6880886309/job/18716044703?pr=12331#step:7:72
https://github.com/curl/curl/actions/runs/6883016087/job/18722707368?pr=12331#step:7:109
[4] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L204
[5] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L218
[6] https://github.com/curl/curl/actions/runs/6880886309/job/18716042927?pr=12331#step:7:290
[7] https://github.com/curl/curl/actions/runs/6891484996/job/18746659406?pr=12331#step:9:1193
[8] https://github.com/curl/curl/actions/runs/6882803986/job/18722082562?pr=12331#step:33:1870

Closes #12331

show more ...

tool: use our own stderr variable

Earlier this year we changed our own stderr variable to use the standard
name `stderr` (to avoid bugs where someone is using `stderr` instead of
the

tool: use our own stderr variable

Earlier this year we changed our own stderr variable to use the standard
name `stderr` (to avoid bugs where someone is using `stderr` instead of
the curl-tool specific variable). This solution needed to override the
standard `stderr` symbol via the preprocessor. This in turn didn't play
well with unity builds and caused curl tool to crash or stay silent due
to an uninitialized stderr. This was a hard to find issue, fixed by
manually breaking out one file from the unity sources.

To avoid two these two tricks, this patch implements a different
solution: Restore using our own local variable for our stderr output and
leave `stderr` as-is. To avoid using `stderr` by mistake, add a
`checksrc` rule (based on logic we already used in lib for `strerror`)
that detects any `stderr` use in `src` and points to using our own
variable instead: `tool_stderr`.

Follow-up to 06133d3e9b8aeb9e9ca0b3370c246bdfbfc8619e
Follow-up to 2f17a9b654121dd1ecf4fc043c6d08a9da3522db

Closes #11958

show more ...

curl: output warning at --verbose output for debug-enabled version

+ a libcurl warning in the debug output

Assisted-by: Jay Satiro

Ref: https://curl.se/mail/lib-2023-01/003

curl: output warning at --verbose output for debug-enabled version

+ a libcurl warning in the debug output

Assisted-by: Jay Satiro

Ref: https://curl.se/mail/lib-2023-01/0039.html
Closes #10278

show more ...

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

netware: remove leftover traces

Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the l

netware: remove leftover traces

Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the last bits.

Closes: #9966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

tool: use feature names instead of bit mask, when possible

If the run-time libcurl is too old to support feature names, the name
array is created locally from the bit masks. This is the

tool: use feature names instead of bit mask, when possible

If the run-time libcurl is too old to support feature names, the name
array is created locally from the bit masks. This is the only sequence
left that uses feature bit masks.

Closes #9583

show more ...

tool: remove protocol count limitation

Replace bit mask protocol sets by null-terminated arrays of protocol
tokens. These are the addresses of the protocol names returned by
curl_ver

tool: remove protocol count limitation

Replace bit mask protocol sets by null-terminated arrays of protocol
tokens. These are the addresses of the protocol names returned by
curl_version_info().

Protocol names are sorted case-insensitively before output to satisfy CI
tests matches consistency.

The protocol list returned by curl_version_info() is augmented with all
RTMP protocol variants.

Test 1401 adjusted for new alpha ordered output.

Closes #9546

show more ...

cli tool: do not use disabled protocols

As they are now rejected by the library, take care of not passing
disabled protocol names to CURLOPT_PROTOCOLS_STR and
CURLOPT_REDIR_PROTOCOLS

cli tool: do not use disabled protocols

As they are now rejected by the library, take care of not passing
disabled protocol names to CURLOPT_PROTOCOLS_STR and
CURLOPT_REDIR_PROTOCOLS_STR.

Rather than using the CURLPROTO_* constants, dynamically assign protocol
numbers based on the order they are listed by curl_version_info().

New type proto_set_t implements prototype bit masks: it should therefore
be large enough to accomodate all library-enabled protocols. If not,
protocol numbers beyond the bit count of proto_set_t are recognized but
"inaccessible": when used, a warning is displayed and the value is
ignored. Should proto_set_t overflows, enabled protocols are reordered to
force those having a public CURLPROTO_* representation to be accessible.

Code has been added to subordinate RTMP?* protocols to the presence of
RTMP in the enabled protocol list, being returned by curl_version_info()
or not.

show more ...

version: rename threadsafe-init to threadsafe

Referring to Daniel's article [1], making the init function thread-safe
was the last bit to make libcurl thread-safe as a whole. So the name

version: rename threadsafe-init to threadsafe

Referring to Daniel's article [1], making the init function thread-safe
was the last bit to make libcurl thread-safe as a whole. So the name of
the feature may as well be the more concise 'threadsafe', also telling
the story that libcurl is now fully thread-safe, not just its init
function. Chances are high that libcurl wants to remain so in the
future, so there is little likelihood of ever needing any other distinct
`threadsafe-<name>` feature flags.

For consistency we also shorten `CURL_VERSION_THREADSAFE_INIT` to
`CURL_VERSION_THREADSAFE`, update its description and reference libcurl's
thread safety documentation.

[1]: https://daniel.haxx.se/blog/2022/06/08/making-libcurl-init-more-thread-safe/

Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro
Closes #8989

show more ...

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...

curl_version_info: add CURL_VERSION_THREADSAFE_INIT

This flag can be used to make sure that curl_global_init() is
thread-safe.

This can be useful for libraries that can't contro

curl_version_info: add CURL_VERSION_THREADSAFE_INIT

This flag can be used to make sure that curl_global_init() is
thread-safe.

This can be useful for libraries that can't control what other
dependencies are doing with Curl.

Closes #8680

show more ...

version: allow stricmp() for sorting the feature list

In CMakeLists.txt there is an attempt to detect `stricmp()`, and in
certain cases, this attempt is the only successful one to detect

version: allow stricmp() for sorting the feature list

In CMakeLists.txt there is an attempt to detect `stricmp()`, and in
certain cases, this attempt is the only successful one to detect a
case-insensitive comparison function. `HAVE_STRICMP` is defined as
a result, but this macro wasn't used anywhere in the source. This
patch makes use of it as an alternative when alpha-sorting the
`--version` feature list.

Reviewed-by: Daniel Stenberg
Closes #8916

show more ...

curl: add --no-clobber

Does not overwrite output files if they already exist

Closes #7708
Co-authored-by: Daniel Stenberg

print_category: printf %*s needs an int argument

... not a size_t!

Detected by Coverity: CID 1492331.
Closes #7823

print_category: print help descriptions aligned

Adjust the description position to make an aligned column when doing
help listings, which is more pleasing to the eye.

Suggested-

print_category: print help descriptions aligned

Adjust the description position to make an aligned column when doing
help listings, which is more pleasing to the eye.

Suggested-by: Gisle Vanem
Closes #7792

show more ...

tool_listhelp: easier to generate with gen.pl

tool_listhelp.c is now a separate file with only the command line --help
output, exactly as generated by gen.pl. This makes it easier to gen

tool_listhelp: easier to generate with gen.pl

tool_listhelp.c is now a separate file with only the command line --help
output, exactly as generated by gen.pl. This makes it easier to generate
updates according to what's in the docs/cmdline-opts docs.

cd $srcroot/docs/cmdline-opts
./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c

With a configure build, this also works:

make -C src listhelp

Closes #7787

show more ...

libssh2: add SHA256 fingerprint support

Added support for SHA256 fingerprint in command line curl and in
libcurl.

Closes #7646

curl.1: provide examples for each option

The file format for each option now features a "Example:" header that
can provide one or more examples that get rendered appropriately in the

curl.1: provide examples for each option

The file format for each option now features a "Example:" header that
can provide one or more examples that get rendered appropriately in the
output. All options MUST have at least one example or gen.pl complains
at build-time.

This fix also does a few other minor format and consistency cleanups.

Closes #7654

show more ...

cleanup: spell DoH with a lowercase o

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

Closes #7413

tool_help: remove unused define

The PRINT_LINES_PAUSE macro is no longer used, and has been mostly
cleaned out but one occurrence remained.

Closes https://github.com/curl/curl/p

tool_help: remove unused define

The PRINT_LINES_PAUSE macro is no longer used, and has been mostly
cleaned out but one occurrence remained.

Closes https://github.com/curl/curl/pull/7380

show more ...

docs: document missing arguments to commands

This is a followup to commit f410b9e538129e77607fef1 fixing a few
more commands which takes arguments.

Closes #7382
Reviewed-by:

docs: document missing arguments to commands

This is a followup to commit f410b9e538129e77607fef1 fixing a few
more commands which takes arguments.

Closes #7382
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

show more ...