curl -J: do not append to the destination file

Reported-by: Kamil Dudka
Fixes #3380
Closes #3381

ssl: replace all internal uses of CURLE_SSL_CACERT

Closes #3291

curl: fix --local-port integer overflow

The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
lib

curl: fix --local-port integer overflow

The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
libcurl however, has a strict range check for the values so it rejects
anything outside of the accepted range.

Reported-by: Brian Carpenter
Closes #3242

show more ...

curl: --doh-url added

tool_operate: Add http code 408 to transient list for --retry

- Treat 408 request timeout as transient so that curl will retry the
request if --retry was used.

Closes #2925

tool_operate: Fix setting proxy TLS 1.3 ciphers

ssl: set engine implicitly when a PKCS#11 URI is provided

This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "

ssl: set engine implicitly when a PKCS#11 URI is provided

This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.

Acked-by: Nikos Mavrogiannopoulos
Closes #2333

show more ...

option: disallow username in URL

Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes
libcurl reject URLs with a username in them.

Closes #2340

setopt: add TLS 1.3 ciphersuites

Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.

curl: added --tls13-ciphers and --proxy-tls13-ciphers

Fixes #2435
Reported-

setopt: add TLS 1.3 ciphersuites

Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.

curl: added --tls13-ciphers and --proxy-tls13-ciphers

Fixes #2435
Reported-by: zzq1015 on github
Closes #2607

show more ...

curl: show headers in bold

The feature is only enabled if the output is believed to be a tty.

-J: There's some minor differences and improvements in -J handling, as
now J should

curl: show headers in bold

The feature is only enabled if the output is believed to be a tty.

-J: There's some minor differences and improvements in -J handling, as
now J should work with -i and it actually creates a file first using the
initial name and then *renames* that to the one found in
Content-Disposition (if any).

-i: only shows headers for HTTP transfers now (as documented).
Previously it would also show for pieces of the transfer that were HTTP
(for example when doing FTP over a HTTP proxy).

-i: now shows trailers as well. Previously they were not shown at all.

--libcurl: the CURLOPT_HEADER is no longer set, as the header output is
now done in the header callback.

show more ...

checksrc: force indentation of lines after an else

This extends the INDENTATION case to also handle 'else' statements
and require proper indentation on the following line. Also fixes the

checksrc: force indentation of lines after an else

This extends the INDENTATION case to also handle 'else' statements
and require proper indentation on the following line. Also fixes the
offending cases found in the codebase.

Closes #2532

show more ...

schannel: add support for CURLOPT_CAINFO

- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
f

schannel: add support for CURLOPT_CAINFO

- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
from schannel.c have been moved to schannel.h to allow them to be
used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
all versions of Windows instead of just Windows CE. verify_certificate
will be invoked on Windows CE or when the user specifies
CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
exclusively trusts the certificate store backed by the CURLOPT_CAINFO
file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
when available. This implements a TODO in schannel.c to improve
handling of multiple SANs in a certificate. In particular, all SANs
will now be searched instead of just the first name.

- Update tool_operate.c to not search for the curl-ca-bundle.crt file
when using Schannel to maintain backward compatibility. Previously,
any curl-ca-bundle.crt file found in that search would have been
ignored by Schannel. But, with CAINFO support, the file found by
that search would have been used as the certificate store and
could cause issues for any users that have curl-ca-bundle.crt in
the search path.

- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
SSL backend is Schannel. We allow setting CA location for schannel
only when explicitly specified by the user via CURLOPT_CAINFO /
--cacert.

- Add new test cases 3000 and 3001. These test cases check that the first
and last SAN, respectively, matches the connection hostname. New test
certificates have been added for these cases. For 3000, the certificate
prefix is Server-localhost-firstSAN and for 3001, the certificate
prefix is Server-localhost-secondSAN.

- Remove TODO 15.2 (Add support for custom server certificate
validation), this commit addresses it.

Closes https://github.com/curl/curl/pull/1325

show more ...

tool_operate: Fix retry on FTP 4xx to ignore other protocols

Only treat response code as FTP response codes in case the
protocol type is FTP.

This fixes an issue where an HTTP d

tool_operate: Fix retry on FTP 4xx to ignore other protocols

Only treat response code as FTP response codes in case the
protocol type is FTP.

This fixes an issue where an HTTP download was treated as FTP
in case libcurl returned with 33. This happens when the
download has already finished and the server responses 416:
HTTP/1.1 416 Requested Range Not Satisfiable

This should not be treated as an FTP error.

Fixes #2464
Closes #2465

show more ...

CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol

Add --haproxy-protocol for the command line tool

Closes #2162

cleanup: misc typos in strings and comments

Found via `codespell`

Closes #2389

lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS

- In keeping with the naming of our other connect timeout options rename
CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURL

lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS

- In keeping with the naming of our other connect timeout options rename
CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.

This change adds the _MS suffix since the option expects milliseconds.
This is more intuitive for our users since other connect timeout options
that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS,
CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS.

The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms.

Follow-up to 2427d94 which added the lib and tool option yesterday.

Ref: https://github.com/curl/curl/pull/2260

show more ...

url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT

- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy
eyeball timeout value.

- Add new optval macro CURL_HET_DE

url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT

- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy
eyeball timeout value.

- Add new optval macro CURL_HET_DEFAULT to represent the default happy
eyeballs timeout value (currently 200 ms).

- Add new tool option --happy-eyeballs-timeout-ms to expose
CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the
other -timeout options in the tool expect seconds not milliseconds.

Closes https://github.com/curl/curl/pull/2260

show more ...

time-cond: fix reading the file modification time on Windows

On Windows, stat() may adjust the unix file time by a daylight saving time
offset. Avoid this by calling GetFileTime() instea

time-cond: fix reading the file modification time on Windows

On Windows, stat() may adjust the unix file time by a daylight saving time
offset. Avoid this by calling GetFileTime() instead.

Fixes #2164
Closes #2204

show more ...

Revert "curl: don't set CURLOPT_INTERLEAVEDATA"

This reverts commit 9ffad8eb1329bb35c8988115ac7ed85cf91ef955.

It was actually added rather recently in 8e8afa82cbb629 due to a crash

Revert "curl: don't set CURLOPT_INTERLEAVEDATA"

This reverts commit 9ffad8eb1329bb35c8988115ac7ed85cf91ef955.

It was actually added rather recently in 8e8afa82cbb629 due to a crash
that would otherwise happen in the RTSP code. As I don't think we've
fixed that behavior yet, we better keep this work-around until we have
fixed it better.

show more ...

curl: don't set CURLOPT_INTERLEAVEDATA

That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback
and that option isn't set or used by the curl tool!

Updates the 9 t

curl: don't set CURLOPT_INTERLEAVEDATA

That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback
and that option isn't set or used by the curl tool!

Updates the 9 tests that verify --libcurl

Closes #2167

show more ...

Set and use more necessary options when some protocols are disabled

When curl and libcurl are built with some protocols disabled, they stop
setting and receiving some options that don't

Set and use more necessary options when some protocols are disabled

When curl and libcurl are built with some protocols disabled, they stop
setting and receiving some options that don't make sense with those
protocols. In particular, when HTTP is disabled many options aren't set
that are used only by HTTP. However, some options that appear to be
HTTP-only are actually used by other protocols as well (some despite
having HTTP in the name) and should be set, but weren't. This change now
causes some of these options to be set and used for more (or for all)
protocols. In particular, this fixes tests 646 through 649 in an
HTTP-disabled build, which use the MIME API in the mail protocols.

show more ...

curl: check fseek() return code and bail on error

Detected by coverity. CID 1418137.

code style: use spaces around pluses

code style: use spaces around equals signs

mime: use in curl cli tool instead of form API.

Extended -F option syntax to support multipart mail messages.
-F keyword headers= added to include custom headers in parts.
Documentat

mime: use in curl cli tool instead of form API.

Extended -F option syntax to support multipart mail messages.
-F keyword headers= added to include custom headers in parts.
Documentation upgraded.

show more ...