CODEOWNERS: remove the peeps mentioned as CI owners

These owners do not have the bandwidth/energy to do the reviews which
makes PRs stall and this ownership claim flawed. We can bring pe

CODEOWNERS: remove the peeps mentioned as CI owners

These owners do not have the bandwidth/energy to do the reviews which
makes PRs stall and this ownership claim flawed. We can bring people
back when the situation is different.

Follow-up to c04c78ac87c4d46737934345a

Closes #10386

show more ...

write-out.d: add 'since version' to %{header_json} documentation

The documentation of `%{header_json}` missed to mention since which
version this variable for `--write-out` is present.

write-out.d: add 'since version' to %{header_json} documentation

The documentation of `%{header_json}` missed to mention since which
version this variable for `--write-out` is present.

Based on commit https://github.com/curl/curl/commit/4133a69f2daa476bb
we can determine from the tags were this commit is present that the
first version to include it was `7.83.0`.
This could be also checked with:
`git tag --contains 4133a69f2daa476bb6d902687f1dd6660ea9c3c5`

Closes #10395

show more ...

urlapi: avoid Curl_dyn_addf() for hex outputs

Inspired by the recent fixes to escape.c, we should avoid calling
Curl_dyn_addf() in loops, perhaps in particular when adding something so

urlapi: avoid Curl_dyn_addf() for hex outputs

Inspired by the recent fixes to escape.c, we should avoid calling
Curl_dyn_addf() in loops, perhaps in particular when adding something so
simple as %HH codes - for performance reasons. This change makes the
same thing for the URL parser's two URL-encoding loops.

Closes #10384

show more ...

urlapi: skip path checks if path is just "/"

As a miniscule optimization, treat a path of the length 1 as the same as
non-existing, as it can only be a single leading slash, and that's w

urlapi: skip path checks if path is just "/"

As a miniscule optimization, treat a path of the length 1 as the same as
non-existing, as it can only be a single leading slash, and that's what
we do for no paths as well.

Closes #10385

show more ...

GHA/macos: use Xcode_14.0.1 for cmake builds

Fixes #10356
Closes #10381

tls: fixes for wolfssl + openssl combo builds

1. Add `USE_WOLFSSL` to the TLS backend priority list in
`lib/curl_ntlm_core.c`.

2. Fix `lib/curl_ntlm_core.h` to respect TLS ba

tls: fixes for wolfssl + openssl combo builds

1. Add `USE_WOLFSSL` to the TLS backend priority list in
`lib/curl_ntlm_core.c`.

2. Fix `lib/curl_ntlm_core.h` to respect TLS backend priority, bringing
it in sync with the above list and `lib/curl_ntlm_core.c` itself.

Reported-by: Mark Roszko
Ref: https://github.com/curl/curl/issues/10321

3. Allow enabling both wolfSSL and OpenSSL at the same time in
`lib/Makefile.mk` bringing this in line with cmake/autotools builds.
Update logic to select the crypto-specific lib for `ngtcp2`, which
supports a single TLS backend at the same time.

Closes #10322

show more ...

RELEASE-NOTES: synced

docs/INSTALL: document how to use multiple TLS backends

And document how OpenSSL forks and wolfSSL cannot be used at the same
time.

Reported-by: Mark Roszko
Fixes #10321

docs/INSTALL: document how to use multiple TLS backends

And document how OpenSSL forks and wolfSSL cannot be used at the same
time.

Reported-by: Mark Roszko
Fixes #10321
Closes #10382

show more ...

cookies: fp is always not NULL

Closes #10383

escape: use table lookup when adding %-codes to output

On my dev host, this code runs 7.8 times faster.

Closes #10377

unit2600: avoid error: ‘TEST_CASES’ defined but not used

Follow-up to d55de24dce9d51

Closes #10379

escape: hex decode with a lookup-table

Makes the decoding 2.8 times faster in my tests.

Closes #10376

cf-socket: fix build error wo TCP_FASTOPEN_CONNECT

Follow-up to 5651a36d1a

Closes #10378

Reviewed-by: Stefan Eissing

CI: add pytest github workflow to CI test/tests-httpd on a HTTP/3 setup

Closes #10317

connect: fix strategy testing for attempts, timeouts and happy-eyeball

- add test2600 as a unit test that triggers various connect conditions
and monitors behaviour, available in a deb

connect: fix strategy testing for attempts, timeouts and happy-eyeball

- add test2600 as a unit test that triggers various connect conditions
and monitors behaviour, available in a debug build only.

- this exposed edge cases in connect.c that have been fixed

Closes #10312

show more ...

cf-socket: improvements in socket I/O handling

- Curl_write_plain/Curl_read_plain have been eliminated. Last code use
now uses Curl_conn_send/recv so that requests use conn->send/revc

cf-socket: improvements in socket I/O handling

- Curl_write_plain/Curl_read_plain have been eliminated. Last code use
now uses Curl_conn_send/recv so that requests use conn->send/revc
callbacks which defaults to cfilters use.
- Curl_recv_plain/Curl_send_plain have been internalized in cf-socket.c.
- USE_RECV_BEFORE_SEND_WORKAROUND (active on Windows) has been moved
into cf-socket.c. The pre_recv buffer is held at the socket filter
context. `postponed_data` structures have been removed from
`connectdata`.
- the hanger in HTTP/2 request handling was a result of read buffering
on all sends and the multi handling is not prepared for this. The
following happens:

- multi preforms on a HTTP/2 easy handle
- h2 reads and processes data
- this leads to a send of h2 data
- which receives and buffers before the send
- h2 returns
- multi selects on the socket, but no data arrives (its in the buffer already)
the workaround now receives data in a loop as long as there is something in
the buffer. The real fix would be for multi to change, so that `data_pending`
is evaluated before deciding to wait on the socket.

io_buffer, optional, in cf-socket.c, http/2 sets state.drain if lower
filter have pending data.

This io_buffer is only available/used when the
-DUSE_RECV_BEFORE_SEND_WORKAROUND is active, e.g. on Windows
configurations. It also maintains the original checks on protocol
handler being HTTP and conn->send/recv not being replaced.

The HTTP/2 (nghttp2) cfilter now sets data->state.drain when it finds
out that the "lower" filter chain has still pending data at the end of
its IO operation. This prevents the processing from becoming stalled.

Closes #10280

show more ...

openssl: only use CA_BLOB if verifying peer

Reported-by: Paul Groke
Bug: https://curl.se/mail/lib-2023-01/0070.html
Fixes #10351
Closes #10359

curl_free.3: fix return type of `curl_free`

Fixes #10373
Closes #10374

zuul: stop using this CI service

The important jobs have already transitioned. The remaining ones we can
skip for now.

Closes #10368

copyright: remove "m4/ax_compile_check_sizeof.m4" from skips

and report if skipped files do not exist.

Follow-up to 9e11c2791fb960758 which removed the file.

Closes #10369

ws: unstick connect-only shutdown

As this mode uses blocking sockets, it must set them back to
non-blocking in disconnect to avoid the risk of getting stuck.

Closes #10366

ws: remove bad assert

Reported-by: Stanley Wucw
Fixes #10347
Closes #10366

openssl: adapt to boringssl's error code type

BoringSSL uses uint32_t, OpenSSL uses 'unsigned 'long'

Closes #10360

tool_operate: repair --rate

Regression from a55256cfb242 (7.87.0)
Reported-by: highmtworks on github
Fixes #10357
Closes #10358

dict: URL decode the entire path always

Reported-by: dekerser on github
Fixes #10298
Closes #10354