curl: --test-duphandle in debug builds runs "duphandled"

Using this option (only available in debug builds) makes curl always
call curl_easy_duphandle() on the handle before using it.

curl: --test-duphandle in debug builds runs "duphandled"

Using this option (only available in debug builds) makes curl always
call curl_easy_duphandle() on the handle before using it.

To help us catch curl_easy_duphandle() mistakes better.

Add a CI job using this.

Bonus: the previous runtests option -e is now also supported as
--test-event

Closes #15504

show more ...

curl/config2setopts: move SSH related options into same block

Move the code setting SSH specific libcurl options into the same block
to avoid having a separate almost identical condition

curl/config2setopts: move SSH related options into same block

Move the code setting SSH specific libcurl options into the same block
to avoid having a separate almost identical condition later.

Closes #15444

show more ...

tool_operate: url_proto improvements

- renamed to url_proto_and_rewrite to better reveal what it does
- clarify the functionality in the top comment
- make it return CURLE_OUT_OF_MEM

tool_operate: url_proto improvements

- renamed to url_proto_and_rewrite to better reveal what it does
- clarify the functionality in the top comment
- make it return CURLE_OUT_OF_MEMORY appropriately
- remove check for URL being set, use assert instead

Closes #15442

show more ...

src/lib: remove redundant ternary operators

Closes #15435

curl: detect ECH support dynamically, not at build time

Closes #15402

tool_operate: split up the huge single_transfer into sub functions

- split up in a few smaller and easier to read functions
- simplify several sections
- avoid superfluous extra allo

tool_operate: split up the huge single_transfer into sub functions

- split up in a few smaller and easier to read functions
- simplify several sections
- avoid superfluous extra allocations
- remove unused debug code

Closes #15385

show more ...

tool_operate: reuse the schannel backend check

The transfer_per_config is called once per new transfer. It now saves
the result of the first TLS backend check done so that subsequent

tool_operate: reuse the schannel backend check

The transfer_per_config is called once per new transfer. It now saves
the result of the first TLS backend check done so that subsequent
invokes are more efficient and reuses the existing knowledge.

This change also splits the logic into several smaller functions.

Closes #15323

show more ...

tool_operate: break out of loop on error

Follow-up to 69bf530dfd2a

The loop could get stuck there in torture tests/OOM.

Closes #15322

src: guard for double declaration of `curl_ca_embed` in unity builds

Seen with curl-for-win linux-musl-from-mac build with gcc 9.2.0.

```
n file included from /Users/runner/work

src: guard for double declaration of `curl_ca_embed` in unity builds

Seen with curl-for-win linux-musl-from-mac build with gcc 9.2.0.

```
n file included from /Users/runner/work/curl-for-win/curl-for-win/curl/_x64-linux-musl-bld/src/CMakeFiles/curl.dir/Unity/unity_0_c.c:136:
/Users/runner/work/curl-for-win/curl-for-win/curl/_x64-linux-musl-bld/src/tool_ca_embed.c:4:28: warning: redundant redeclaration of 'curl_ca_embed' [-Wredundant-decls]
4 | extern const unsigned char curl_ca_embed[];
| ^~~~~~~~~~~~~
In file included from /Users/runner/work/curl-for-win/curl-for-win/curl/_x64-linux-musl-bld/src/CMakeFiles/curl.dir/Unity/unity_0_c.c:88:
/Users/runner/work/curl-for-win/curl-for-win/curl/src/tool_operate.c:107:28: note: previous declaration of 'curl_ca_embed' was here
107 | extern const unsigned char curl_ca_embed[];
| ^~~~~~~~~~~~~
```
https://github.com/curl/curl-for-win/actions/runs/11192203640/job/31116070669#step:3:4894

Follow-up to 8a3740bc8e558b9a9d4a652b74cf27a0961d7010 #14059
Closes #15307

show more ...

curl.h: remove the struct pointer for CURL/CURLSH/CURLM typedefs

It makes the callbacks get different signnatures when used from within
libcurl vs outside of it by libcurl-using applicat

curl.h: remove the struct pointer for CURL/CURLSH/CURLM typedefs

It makes the callbacks get different signnatures when used from within
libcurl vs outside of it by libcurl-using applications (such as the
libtests) and this triggers UndefinedBehaviorSanitizer errors.

Closes #15289

show more ...

tool_operate: make --skip-existing work for --parallel

Reported-by: Tobias Wendorff
Fixes #15261
Closes #15283

TLS: TLSv1.3 earlydata support for curl

Based on #14135, implement TLSv1.3 earlydata support for the curl
command line, libcurl and its implementation in GnuTLS.

If a known TLS

TLS: TLSv1.3 earlydata support for curl

Based on #14135, implement TLSv1.3 earlydata support for the curl
command line, libcurl and its implementation in GnuTLS.

If a known TLS session announces early data support, and the feature is
enabled *and* it is not a "connect-only" transfer, delay the TLS
handshake until the first request is being sent.

- Add --tls-earldata as new boolean command line option for curl.
- Add CURLSSLOPT_EARLYDATA to libcurl to enable use of the feature.
- Add CURLINFO_EARLYDATA_SENT_T to libcurl, reporting the amount of
bytes sent and accepted/rejected by the server.

Implementation details:
- store the ALPN protocol selected at the SSL session.
- When reusing the session and enabling earlydata, use exactly
that ALPN protocol for negoptiation with the server. When the
sessions ALPN does not match the connections ALPN, earlydata
will not be enabled.
- Check that the server selected the correct ALPN protocol for
an earlydata connect. If the server does not confirm or reports
something different, the connect fails.
- HTTP/2: delay sending the initial SETTINGS frames during connect,
if not connect-only.

Verification:
- add test_02_32 to verify earlydata GET with nghttpx.
- add test_07_70 to verify earlydata PUT with nghttpx.
- add support in 'hx-download', 'hx-upload' clients for the feature

Assisted-by: ad-chaos on github
Closes #15211

show more ...

tool: support --show-headers AND --remote-header-name

By keeping the headers in memory until we know the target file name,
then output them all.

Previously this option combinati

tool: support --show-headers AND --remote-header-name

By keeping the headers in memory until we know the target file name,
then output them all.

Previously this option combination would cause an error.

Add test 1310 and 1492 to verify. Adjusted test 1460 to work in the new
conditions.

Closes #15110

show more ...

quic: use send/recvmmsg when available

add checks for sendmmsg in configure and CmakeLists.txt for enabling use
of these functions in ngtcp2/quiche quic.

Closes #14880

tool_operate: let --create-dirs work for --dump-header as well

Add test 3011 to verify

Proposed-by: Montg0mery on github
Fixes #14941
Closes #14965

curl: add options for safe/no CA bundle search (Windows)

Add `CURL_CA_SEARCH_SAFE` build-time option to enable CA bundle search
in the `curl` tool directory. The lookup method was alread

curl: add options for safe/no CA bundle search (Windows)

Add `CURL_CA_SEARCH_SAFE` build-time option to enable CA bundle search
in the `curl` tool directory. The lookup method was already used to find
`.curlrc` and `_curlrc` (on Windows). On Windows it overrides the unsafe
default `SearchPath()` method.

Enable with:
- cmake: `-DCURL_CA_SEARCH_SAFE=ON`
- autotools: `--enable-ca-search-safe`
- raw: `CPPFLAGS=-DCURL_CA_SEARCH_SAFE`

On Windows, before this patch the whole `PATH` was searched for
a CA bundle. `PATH` may contain unwanted or world-writable locations,
including the current directory. Searching them all is convenient to
pick up any CA bundle, but not secure.

The Muldersoft curl distro implements such CA search via a custom
patch for Windows:
https://github.com/lordmulder/cURL-build-win32/blob/cd652d4792c177c98b08b4309d3cac2b8dbbf9b0/patch/curl_tool_doswin.diff#L50

MSYS2/mingw-w64 distro has also been rolling a patch solving this:
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/0001-Make-cURL-relocatable.patch
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/pathtools.c

Also add option to fully disable Windows CA search:
- cmake: `-DCURL_DISABLE_CA_SEARCH=ON`
- autotools: `--disable-ca-search`
- raw: `CPPFLAGS=-DCURL_DISABLE_CA_SEARCH`.

Both options are considered EXPERIMENTAL, with possible incompatible
changes or even (partial) removal in the future, depending on feedback.

An alternative, secure option is to embed the CA bundle into the binary.

Safe search can be extended to other platforms if necessary or useful,
by using `_NSGetExecutablePath()` (macOS),
`/proc/self/exe` (Linux/Cygwin), or `argv[0]`.

Closes #14582

show more ...

tidy-up: spelling

C89, Schannel, Secure Transport, contractions.

Cherry-picked from #14692
Closes #14996

tidy-up: indent, whitespace, comment in sources

Cherry-picked from #14692
Closes #14995

ipfs: add options to disable

- CPPFLAGS: `-DCURL_DISABLE_IPFS`
- configure: `--disable-ipfs`
- cmake: `-DCURL_DISABLE_IPFS=ON`

Fixes #14824
Closes #14827

src: tidy-up conditions for CA bundle search

- delete redundant Schannel check.

- move `feature_ssl` check one level up from `FindWin32CACert()`.

- check `feature_ssl` earl

src: tidy-up conditions for CA bundle search

- delete redundant Schannel check.

- move `feature_ssl` check one level up from `FindWin32CACert()`.

- check `feature_ssl` early to skip a bunch of CA bundle search logic
for no-ssl configurations.

Reviewed-by: Jay Satiro
Closes #14841

show more ...

lib/src: white space edits to comply better with code style

... as checksrc now finds and complains about these.

Closes #14921

tool_cb_wrt: use "curl_response" if no file name in URL

Use the same fallback for content-disposition cases as for regular -O

Add test692: verify -JO with URL without a file name

tool_cb_wrt: use "curl_response" if no file name in URL

Use the same fallback for content-disposition cases as for regular -O

Add test692: verify -JO with URL without a file name

Reported-by: Brian Inglis
Fixes #14939
Closes #14940

show more ...

src: namespace symbols clashing with lib

Before this patch `lib/http.h` and `src/tool_sdecls.h` both declared
`HTTPREQ_*` enums.

Rename `src` ones to have distinct names.

src: namespace symbols clashing with lib

Before this patch `lib/http.h` and `src/tool_sdecls.h` both declared
`HTTPREQ_*` enums.

Rename `src` ones to have distinct names.

They are not included in the same code for now, but this may change when
bundling unit/libtests into single programs.

Closes #14785

show more ...

src: fix potential macro confusion in cmake unity builds

Sources used `lib/curlx.h` with both `ENABLE_CURLX_PRINTF` set and unset
before including it.

In a cmake "unity" batch w

src: fix potential macro confusion in cmake unity builds

Sources used `lib/curlx.h` with both `ENABLE_CURLX_PRINTF` set and unset
before including it.

In a cmake "unity" batch where the first included source had it unset,
the next sources did not get the macros requested with
`ENABLE_CURLX_PRINTF` because `lib/curl.x` had already been included
without them.

Fix it by by making the macros enabled permanently and globally for
internal sources, and dropping `ENABLE_CURLX_PRINTF`.

This came up while testing unity builds with smaller batches. The full,
default unity build where all `src` is bundled up in a single unit, was
not affected.

Fixes:
```
$ cmake -B build -DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=15
$ make -C build
...
curl/src/tool_getparam.c: In function ‘getparameter’:
curl/src/tool_getparam.c:2409:11: error: implicit declaration of function ‘msnprintf’; did you mean ‘vsnprintf’? [-Wimplicit-function-declaration]
2409 | msnprintf(buffer, sizeof(buffer), "%" CURL_FORMAT_CURL_OFF_T "-",
| ^~~~~~~~~
| vsnprintf
curl/src/tool_getparam.c:2409:11: warning: nested extern declaration of ‘msnprintf’ [-Wnested-externs]
[...]
```

Reported-by: Daniel Stenberg
Bug: https://github.com/curl/curl/pull/14626#issuecomment-2301663491

Closes #14632

show more ...

curl: fix --proxy-pinnedpubkey

This option was added in #2268 but never connected in
tool_operate.c.

Closes #14438