x509asn1: make several functions static

and remove the private SIZE_T_MAX define and use the generic one.

Closes #2902

INTERNALS: require GnuTLS >= 2.11.3

Since the public pinning support was brought in e644866caf4. GnuTLS
2.11.3 was released in October 2010.

Figured out in #2890

http2: avoid set_stream_user_data() before stream is assigned

... before the stream is started, we have it set to -1.

Fixes #2894
Closes #2898

SSLCERTS: improve the openssl command line

... for extracting certs from a live HTTPS server to make a cacerts.pem
from them.

docs/SECURITY-PROCESS: now we name the files after the CVE id

RELEASE-NOTES: synced

upload: change default UPLOAD_BUFSIZE to 64KB

To make uploads significantly faster in some circumstances.

Part 2 of #2888
Closes #2892

upload: allocate upload buffer on-demand

Saves 16KB on the easy handle for operations that don't need that
buffer.

Part 1 of #2888

vtls: reinstantiate engine on duplicated handles

Handles created with curl_easy_duphandle do not use the SSL engine set
up in the original handle. This fixes the issue by storing the eng

vtls: reinstantiate engine on duplicated handles

Handles created with curl_easy_duphandle do not use the SSL engine set
up in the original handle. This fixes the issue by storing the engine
name in the internal url state and setting the engine from its name
inside curl_easy_duphandle.

Reported-by: Anton Gerasimov
Signed-of-by: Laurent Bonnans
Fixes #2829
Closes #2833

show more ...

http2: make sure to send after RST_STREAM

If this is the last stream on this connection, the RST_STREAM might not
get pushed to the wire otherwise.

Fixes #2882
Closes #2887

http2: make sure to send after RST_STREAM

If this is the last stream on this connection, the RST_STREAM might not
get pushed to the wire otherwise.

Fixes #2882
Closes #2887
Researched-by: Michael Kaufmann

show more ...

test1268: check the stderr output as "text"

Follow-up to 099f37e9c57

Pointed-out-by: Marcel Raad

urldata: remove unused pipe_broke struct field

This struct field is never set TRUE in any existing code path. This
change removes the field completely.

Closes #2871

curl: warn the user if a given file name looks like an option

... simply because this is usually a sign of the user having omitted the
file name and the next option is instead "eaten" by

curl: warn the user if a given file name looks like an option

... simply because this is usually a sign of the user having omitted the
file name and the next option is instead "eaten" by the parser as a file
name.

Add test1268 to verify

Closes #2885

show more ...

http2: check nghttp2_session_set_stream_user_data return code

Might help bug #2688 debugging

Closes #2880

travis: revert back to gcc-7 for coverage builds

... since the gcc-8 ones seem to fail frequently.

Follow-up from b85207199544ca

Closes #2886

RELEASE-NOTES: synced

... and now listed in alphabetical order!

CMake: CMake config files are defining CURL_STATICLIB for static builds

This change allows to use the CMake config files generated by Curl's
CMake scripts for static builds of the librar

CMake: CMake config files are defining CURL_STATICLIB for static builds

This change allows to use the CMake config files generated by Curl's
CMake scripts for static builds of the library.
The symbol CURL_STATIC lib must be defined to compile downstream,
thus the config package is the perfect place to do so.

Fixes #2817
Closes #2823
Reported-by: adnn on github
Reviewed-by: Sergei Nikulov

show more ...

TODO: host name sections in config files

ssh-libssh: fix infinite connect loop on invalid private key

Added test 656 (based on test 604) to verify the fix.

Bug: https://bugzilla.redhat.com/1595135

Closes #2879

ssh-libssh: reduce excessive verbose output about pubkey auth

The verbose message "Authentication using SSH public key file" was
printed each time the ssh_userauth_publickey_auto() was c

ssh-libssh: reduce excessive verbose output about pubkey auth

The verbose message "Authentication using SSH public key file" was
printed each time the ssh_userauth_publickey_auto() was called, which
meant each time a packet was transferred over network because the API
operates in non-blocking mode.

This patch makes sure that the verbose message is printed just once
(when the authentication state is entered by the SSH state machine).

show more ...

travis: disable h2 torture tests for "coverage"

Since they started to fail almost 100% since a few days.

Closes #2876

travis: update to GCC 8

Closes https://github.com/curl/curl/pull/2869

http: fix for tiny "HTTP/0.9" response

Deal with tiny "HTTP/0.9" (header-less) responses by checking the
status-line early, even before a full "HTTP/" is received to allow
detecting

http: fix for tiny "HTTP/0.9" response

Deal with tiny "HTTP/0.9" (header-less) responses by checking the
status-line early, even before a full "HTTP/" is received to allow
detecting 0.9 properly.

Test 1266 and 1267 added to verify.

Fixes #2420
Closes #2872

show more ...

docs: add disallow-username-in-url.d and haproxy-protocol.d on the list

... to make make the files appear in distribution tarballs

Closes #2856

.travis.yml: verify that man pages can be regenerated

... when curl is built from distribution tarball

Closes #2856