KNOWN_BUGS: aws-sigv4 does not handle multipart/form-data correctly

Closes #13351
Closes #13866

RELEASE-NOTES: synced

GHA: fix old mingw-w64 32-bit job

This toolchain resides in the `mingw32` directory. Make sure to
configure `PATH` accordingly.

Before this patch, it pointed to a non-existing `

GHA: fix old mingw-w64 32-bit job

This toolchain resides in the `mingw32` directory. Make sure to
configure `PATH` accordingly.

Before this patch, it pointed to a non-existing `mingw64` directory,
making the job use the wrong compiler (gcc 12, 64-bit).

Follow-up to e838b341a08b44d4a8486fb0d3f15d12fc794c62 #12927
Closes #13863

show more ...

tool_cb_hdr: return error for failed header writes

By checking that fflush() works.

Reported-by: Sebastian Andersson
Fixes #13836
Closes #13859

GHA: bump all build jobs to nproc+1

- bump rest of the workflows (windows, macos, distrocheck).

- non-native virtualized envs have 2 CPUs, bump down accordingly.
(for `vmactio

GHA: bump all build jobs to nproc+1

- bump rest of the workflows (windows, macos, distrocheck).

- non-native virtualized envs have 2 CPUs, bump down accordingly.
(for `vmactions/omnios-vm` it's just a guess.)

- bump all to nproc + 1.

Follow-up to e838b341a08b44d4a8486fb0d3f15d12fc794c62 #12927
Closes #13807

show more ...

GHA: disable MQTT and WebSocket tests in Windows jobs

Trying to figure out which category is causing the remaining hangs.

Follow-up to def7d05382743ea7aa1d356d1e41dcb22ecdd4d7
C

GHA: disable MQTT and WebSocket tests in Windows jobs

Trying to figure out which category is causing the remaining hangs.

Follow-up to def7d05382743ea7aa1d356d1e41dcb22ecdd4d7
Closes #13860

show more ...

lib/v*: tidy up types and casts

Also add a couple of negative checks.

Cherry-picked from #13489
Closes #13622

GHA: fix caching old mingw-w64 toolchains in the Windows workflow

- stop altering the `PATH` via `GITHUB_ENV`. This confused the
`actions/cache` post-job, which needs to run in the exa

GHA: fix caching old mingw-w64 toolchains in the Windows workflow

- stop altering the `PATH` via `GITHUB_ENV`. This confused the
`actions/cache` post-job, which needs to run in the exact same
environment as its pre-job, to have a consistent cache entry "version"
hash. Altering the `PATH` via `GITHUB_ENV` spills into the the
post-job and breaks this hash. GHA doesn't reset the env automatically
and I have not found a way to do it manually.

- add double-quotes where missing.

- move cache directory under `USERPROFILE` to not rely on absolute
paths.

- make cache directory flatter and versionless.

Follow-up to 0914d8aadddac0d1459673d5b7f77e8f3378b22b #13759
Closes #13856

show more ...

ci: pin actions/github-script action to 60a0d83

Closes #13846

x509asn1: add some common ECDSA OIDs

Closes #13857

ci: update rojopolis/spellcheck-github-actions digest to e36f662

Closes #13852

x509asn1: fallback to dotted OID representation

Reported-by: Luke Hamburg
Fixes #13845
Closes #13858

request.md: language fix

improved for better readability and correctness

Closes #13854

vtls: deprioritize Secure Transport

Moved Secure Transport behind OpenSSL, so we can build CURL with both
and prefer using OpenSSL over Secure Transport by default.

Closes #13547

urlapi: add CURLU_NO_GUESS_SCHEME

Used for extracting:

- when used asking for a scheme, it will return CURLUE_NO_SCHEME if the
stored information was a guess

- when u

urlapi: add CURLU_NO_GUESS_SCHEME

Used for extracting:

- when used asking for a scheme, it will return CURLUE_NO_SCHEME if the
stored information was a guess

- when used asking for a URL, the URL is returned without a scheme, like
when previously given to the URL parser when it was asked to guess

- as soon as the scheme is set explicitly, it is no longer internally
marked as guessed

The idea being:

1. allow a user to figure out if a URL's scheme was set as a result of
guessing

2. extract the URL without a guessed scheme

3. this makes it work similar to how we already deal with port numbers

Extend test 1560 to verify.

Closes #13616

show more ...

wolfssl: support CA caching

As a bonus, add SSLSUPP_CA_CACHE to let TLS backends signal its support
for this so that *setopt() return error if there is no support.

Closes #13786

socket: change TCP keepalive from ms to seconds on DragonFly BSD

DragonFly BSD changed the time unit for TCP keep-alive from milliseconds
to seconds since v5.8, thus setting the keepaliv

socket: change TCP keepalive from ms to seconds on DragonFly BSD

DragonFly BSD changed the time unit for TCP keep-alive from milliseconds
to seconds since v5.8, thus setting the keepalive options with
milliseconds with curl/libcurl will result in unexpected behaviors on
DragonFlyBSD 5.8+

Distinguish the DragonFly BSD versions and use the proper time units
accordingly.

Ref:
https://lists.dragonflybsd.org/pipermail/commits/2019-July/719125.html
https://github.com/DragonFlyBSD/DragonFlyBSD/blob/965b380e960908836b97aa034fa2753091e0172e/sys/sys/param.h#L207

Fixes #13847
Closes #13848

show more ...

curlver.h: aiming for 8.9.0

noproxy: patterns need to be comma separated

or they will not parse correctly.

Mentioned in DEPRECATED since Janurary 2023 (in 7ad8a7ba9ebdedc).

Closes #13789

sectransp: remove large cipher table

Previously a large table of ciphers was used to determine the default
ciphers and to lookup manually selected ciphers names.

With the lookup

sectransp: remove large cipher table

Previously a large table of ciphers was used to determine the default
ciphers and to lookup manually selected ciphers names.

With the lookup of the manually selected cipher names moved to
Curl_cipher_suite_walk_str() the large table is no longer needed for
that purpose.

The list of manually selected cipher can now be intersected with the
ciphers supported by Secure Transport (SSLGetSupportedCiphers()),
instead of using the fixed table for that.

The other use of the table was to filter the list of all supported
ciphers offered by Secure Transport to create a list of ciphers to
use by default, excluding ciphers in the table marked as weak.

Instead of using a complement based approach (exclude weak), switch
to using an intersection with a smaller list of ciphers deemed
appropriate.

Closes #13823

show more ...

GHA: unify http3 workflows into one

This commit unifies the following http3 workflows into http3-linux.yml:

- ngtcp2-linux.yml
- osslq-linux.yml
- quiche-linux.yml

GHA: unify http3 workflows into one

This commit unifies the following http3 workflows into http3-linux.yml:

- ngtcp2-linux.yml
- osslq-linux.yml
- quiche-linux.yml

The idea is better use of the build cache. Previously, they
independently create caches with the same key. Some of the caches
include source code and intermediate object files, which makes cache
quite large. In this commit, only built artifacts are cached, which
drastically reduces the cache size. OpenSSL v3, mod_h2 and quiche caches
still include all stuff, but they are left for the later improvement.
Because the contents of the cache have been changed, the cache keys are
also changed to include the word "http3".

Closes #13841

show more ...

openSSL: fix hostname handling when using ECH

Reported-by: vvb2060
Fixes #13818
Closes #13822

ci: update github/codeql-action digest to f079b84

Closes #13837

RELEASE-NOTES: synced

curl_multi_poll.md: expand the example with an custom file descriptor

Closes #13842