wolfssl: ignore errors in CA path

The default wolfSSL_CTX_load_verify_locations() function is quite picky
with the certificates it loads and will for example return error if just
one

wolfssl: ignore errors in CA path

The default wolfSSL_CTX_load_verify_locations() function is quite picky
with the certificates it loads and will for example return error if just
one of the certs has expired.

With the *_ex() function and its WOLFSSL_LOAD_FLAG_IGNORE_ERR flag, it
behaves more similar to what OpenSSL does by default.

Even the set of default certs on my Debian unstable has several expired
ones.

Assisted-by: Juliusz Sosinowicz
Assisted-by: Michael Osipov

Closes #11987

show more ...

create-dirs.d: clarify it also uses --output-dirs

Reported-by: Robert Simpson
Fixes #11991
Closes #11995

appveyor: fix yamlint issues, indent

Also:
- use double quotes in all batch if statements.

Closes #11994

cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`

Based on existing autotools logic.

Ref: #11964 (effort to sync cmake detections with autotools)

Closes #11981

cmake: detect `HAVE_GETADDRINFO_THREADSAFE`

Based on existing autotools logic.

autotools checks for old versions of the allowlisted target OSes and
disables this feature when se

cmake: detect `HAVE_GETADDRINFO_THREADSAFE`

Based on existing autotools logic.

autotools checks for old versions of the allowlisted target OSes and
disables this feature when seeing them. In CMake we assume we're running
on newer systems and enable regardless of OS version.

autotools always runs all 3 probes for non-fast-tracked systems and
enables this feature if any one of them was successful. To save
configuration time, CMake stops at the first successful check.

OpenBSD is not fast-tracked and then gets blocklisted as a generic BSD
system. I haven't double-checked if this is correct, but looks odd.

Ref: #11964 (effort to sync cmake detections with autotools)

Closes #11979

show more ...

cmake: fix `HAVE_WRITABLE_ARGV` detection

Move detection before the creation of detection results in
`curl_config.h`.

Ref: #11964 (effort to sync cmake detections with autotools

cmake: fix `HAVE_WRITABLE_ARGV` detection

Move detection before the creation of detection results in
`curl_config.h`.

Ref: #11964 (effort to sync cmake detections with autotools)

Closes #11978

show more ...

appveyor: minor improvements

- run `curl -V` after builds to see if they run and with what features.
Except for one job where a CRT DLL is missing. And ARM64 which should
fail, b

appveyor: minor improvements

- run `curl -V` after builds to see if they run and with what features.
Except for one job where a CRT DLL is missing. And ARM64 which should
fail, but is silently not launched instead.

- copy libcurl DLL next to curl tool and tests binaries in shared mode.
This makes it possible to run the tests. (We don't run tests after
these builds yet.)

- list the DLLs and EXEs present after the builds.

- add `DEBUG` variable for CMake builds to allow disabling it, for
testing non-debug builds. (currently enabled for all)

- add commented lines that dump CMake configuration logs for debugging
build/auto-detection issues.

- add gcc version to jobs where missing.

- switch a job to the native MSYS2 mingw-w64 toolchain. This adds gcc 9
to the build mix.

- make `SHARED=OFF` and `OPENSSL=OFF` defaults global.

- delete a duplicate backslash.

Closes #11976

show more ...

configure: replace adhoc domain with `localhost` in tests

Reviewed-by: Daniel Stenberg
Closes #11988

tidy-up: use more example domains

Also make use of the example TLD:
https://en.wikipedia.org/wiki/.example

Reviewed-by: Daniel Stenberg
Closes #11992

runtests: display the test status if tests appear hung

It sometimes happens that a test hangs during a test run and never
returns. The test harness will wait indefinitely for the results

runtests: display the test status if tests appear hung

It sometimes happens that a test hangs during a test run and never
returns. The test harness will wait indefinitely for the results and on
CI servers the CI job will eventually be killed after an hour or two.
At the end of a test run, if results haven't come in within a couple of
minutes, display the status of all test runners and what tests they're
running to help in debugging the problem.

This feature is really only kick in with parallel testing enabled, which
is fine because without parallel testing it's usually easy to tell what
test has hung.

Closes #11980

show more ...

github/labeler: remove workaround for labeler

This was added due to what seemed to be a bug regarding the sync-labels:
config option, but it looks like it wasn't necessary.

Foll

github/labeler: remove workaround for labeler

This was added due to what seemed to be a bug regarding the sync-labels:
config option, but it looks like it wasn't necessary.

Follow-up to b2b0534e7

show more ...

docs: upgrade an URL to HTTPS in `BINDINGS.md` [ci skip]

docs: replace made up domains with example.com

in FAQ and MANUAL.md

- example.com was made for this purpose.

- reduces the risk that one of those domains suddenly start hos

docs: replace made up domains with example.com

in FAQ and MANUAL.md

- example.com was made for this purpose.

- reduces the risk that one of those domains suddenly start hosting
something nasty and we provide links to them

Closes #11986

show more ...

acinclude.m4: Document proper system truststore on FreeBSD

The default system truststore on FreeBSD has been /etc/ssl/certs for many
years now. It is managed canonically through certctl(

acinclude.m4: Document proper system truststore on FreeBSD

The default system truststore on FreeBSD has been /etc/ssl/certs for many
years now. It is managed canonically through certctl(8) and contains hashed
symlinks for OpenSSL and other TLS providers.
The previous ones require security/ca_root_nss which might not be installed or
will not contain any custom CA certificates.

Closes #11985

show more ...

FAQ: How do I upgrade curl.exe in Windows?

This is a growing question, better answer it here to get somewhere to
point users to.

Closes #11984

cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC

`basename` is present in mingw-w64, missing from MSVC. Pre-cache
accordingly to make configure faster.

Notice that `basen

cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC

`basename` is present in mingw-w64, missing from MSVC. Pre-cache
accordingly to make configure faster.

Notice that `basename` has a bug so we later disable it even with
mingw-w64:
https://github.com/curl/curl/blob/781242ffa44a9f9b95b6da5ac5a1bf6372ec6257/lib/curl_setup.h#L820-L825

Closes #11974

show more ...

cmake: add missing checks

- check for arc4random. To make rand.c use it accordingly.
- check for fcntl
- fix fseek detection
- add SIZEOF_CURL_SOCKET_T
- fix USE_UNIX_SOCKETS

cmake: add missing checks

- check for arc4random. To make rand.c use it accordingly.
- check for fcntl
- fix fseek detection
- add SIZEOF_CURL_SOCKET_T
- fix USE_UNIX_SOCKETS
- define HAVE_SNPRINTF to 1
- check for fnmatch
- check for sched_yield
- remove HAVE_GETPPID duplicate from curl_config.h
- add HAVE_SENDMSG

Ref: #11964

Co-authored-by: Viktor Szakats
Closes #11973

show more ...

configure: remove unused checks

- for sys/uio.h
- for fork
- for connect

Ref: #11964

Closes #11973

lib: remove TIME_WITH_SYS_TIME

It is not used in any code anywhere.

Ref: #11964
Closes #11975

docs: update curl man page references

Detected by the manpage-syntax update

Closes #11963

manpage-syntax: verify curl man page references

1. References to curl symbols are now checked that they indeed exist as
man pages. This for \f references as well as the names referenc

manpage-syntax: verify curl man page references

1. References to curl symbols are now checked that they indeed exist as
man pages. This for \f references as well as the names referenced in the
SEE ALSO section.

Allowlist curl.1 since it is not always built in builds

2. References to curl symbols that lack section now causes warning, since that
will prevent them from getting linked properly

3. Check for "bare" references to curl functions and warn, they should be
references

Closes #11963

show more ...

cmake: add check for suseconds_t

And fix the HAVE_LONGLONG define

Ref: #11964
Closes #11977

tidy-up: whitespace fixes

Closes #11972

cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS

With new option `CURL_DISABLE_SRP=ON` to force-disable it.
To match existing option and detection logic in autotools.

Also:
-

cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS

With new option `CURL_DISABLE_SRP=ON` to force-disable it.
To match existing option and detection logic in autotools.

Also:
- fix detecting GnuTLS.
We assume `nettle` as a GnuTLS dependency.
- add CMake GnuTLS CI job.
- bump AppVeyor CMake OpenSSL MSVC job to OpenSSL 1.1.1 (from 1.0.2)
TLS-SRP fails to detect with 1.0.2 due to an OpenSSL header bug.
- fix compiler warning when building with GnuTLS and disabled TLS-SRP.
- fix comment typos, whitespace.

Ref: #11964

Closes #11967

show more ...

tool: use our own stderr variable

Earlier this year we changed our own stderr variable to use the standard
name `stderr` (to avoid bugs where someone is using `stderr` instead of
the

tool: use our own stderr variable

Earlier this year we changed our own stderr variable to use the standard
name `stderr` (to avoid bugs where someone is using `stderr` instead of
the curl-tool specific variable). This solution needed to override the
standard `stderr` symbol via the preprocessor. This in turn didn't play
well with unity builds and caused curl tool to crash or stay silent due
to an uninitialized stderr. This was a hard to find issue, fixed by
manually breaking out one file from the unity sources.

To avoid two these two tricks, this patch implements a different
solution: Restore using our own local variable for our stderr output and
leave `stderr` as-is. To avoid using `stderr` by mistake, add a
`checksrc` rule (based on logic we already used in lib for `strerror`)
that detects any `stderr` use in `src` and points to using our own
variable instead: `tool_stderr`.

Follow-up to 06133d3e9b8aeb9e9ca0b3370c246bdfbfc8619e
Follow-up to 2f17a9b654121dd1ecf4fc043c6d08a9da3522db

Closes #11958

show more ...