http: do not send PROXY more than once

Unlike `CONNECT`, currently we don't keep track whether `PROXY` is
already sent or not. This causes `PROXY` header to be sent twice during
`MST

http: do not send PROXY more than once

Unlike `CONNECT`, currently we don't keep track whether `PROXY` is
already sent or not. This causes `PROXY` header to be sent twice during
`MSTATE_TUNNELING` and `MSTATE_PROTOCONNECT`.

Closes #9878
Fixes #9442

show more ...

lib: add CURL_WRITEFUNC_ERROR to signal write callback error

Prior to this change if the user wanted to signal an error from their
write callbacks they would have to use logic to return

lib: add CURL_WRITEFUNC_ERROR to signal write callback error

Prior to this change if the user wanted to signal an error from their
write callbacks they would have to use logic to return a value different
from the number of bytes (nmemb) passed to the callback. Also, the
inclination of some users has been to just return 0 to signal error,
which is incorrect as that may be the number of bytes passed to the
callback.

To remedy this the user can now return CURL_WRITEFUNC_ERROR instead.

Ref: https://github.com/curl/curl/issues/9873

Closes https://github.com/curl/curl/pull/9874

show more ...

Revert "GHA: add scorecard.yml"

This reverts commit ca76c79b34f9d90105674a2151bf228ff7b13bef.

GHA: add scorecard.yml

add a "scorecard" scanner job

test3100: RTSP Basic authentication

Closes #9449

rtsp: fix RTSP auth

Verified with test 3100

Fixes #4750
Closes #9870

KNOWN_BUGS: remove eight entries

- 1.2 Multiple methods in a single WWW-Authenticate: header

This is not considered a bug anymore but a restriction and one that we
keep because

KNOWN_BUGS: remove eight entries

- 1.2 Multiple methods in a single WWW-Authenticate: header

This is not considered a bug anymore but a restriction and one that we
keep because we have NEVER gotten this reported by users in the wild and
because of this I consider this a fringe edge case we don't need to
support.

- 1.6 Unnecessary close when 401 received waiting for 100

This is not a bug, but possibly an optimization that *can* be done.

- 1.7 Deflate error after all content was received

This is not a curl bug. This happens due to broken servers.

- 2.1 CURLINFO_SSL_VERIFYRESULT has limited support

This is not a bug. This is just the nature of the implementation.

- 2.2 DER in keychain

This is not a bug.

- 5.7 Visual Studio project gaps

This is not a bug.

- 15.14 cmake build is not thread-safe

Fixed in 109e9730ee5e2b

- 11.3 Disconnects do not do verbose

This is not a bug.

Closes #9871

show more ...

headers: add endif comments

Closes #9853

test1221: verify --url-query

curl: add --url-query

This option adds a piece of data, usually a name + value pair, to the
end of the URL query part. The syntax is identical to that used for
--data-urlencode with

curl: add --url-query

This option adds a piece of data, usually a name + value pair, to the
end of the URL query part. The syntax is identical to that used for
--data-urlencode with one extension:

If the argument starts with a '+' (plus), the rest of the string is
provided as-is unencoded.

This allows users to "build" query parts with options and URL encoding
even when not doing GET requests, which the already provided option -G
(--get) is limited to.

This idea was born in a Twitter thread.

Closes #9691

show more ...

maketgz: set the right version in lib/libcurl.plist

Follow-up to e498a9b1fe5964a18eb2a3a99dc52

Make sure the tarball gets a version of the libcurl.plist file that is
updated wit

maketgz: set the right version in lib/libcurl.plist

Follow-up to e498a9b1fe5964a18eb2a3a99dc52

Make sure the tarball gets a version of the libcurl.plist file that is
updated with the new version string.

Reported-by: jvreelanda on github
Fixes #9866
Closes #9867

show more ...

RELEASE-NOTES: synced

Bumped version to 7.87.0

curl.h: add CURLOPT_CA_CACHE_TIMEOUT option

Adds a new option to control the maximum time that a cached
certificate store may be retained for.

Currently only the OpenSSL backend

curl.h: add CURLOPT_CA_CACHE_TIMEOUT option

Adds a new option to control the maximum time that a cached
certificate store may be retained for.

Currently only the OpenSSL backend implements support for
caching certificate stores.

Closes #9620

show more ...

openssl: reduce CA certificate bundle reparsing by caching

Closes #9620

lib: fix some type mismatches and remove unneeded typecasts

Many of these castings are unneeded if we change the variables to work
better with each other.

Ref: https://github.co

lib: fix some type mismatches and remove unneeded typecasts

Many of these castings are unneeded if we change the variables to work
better with each other.

Ref: https://github.com/curl/curl/pull/9823

Closes https://github.com/curl/curl/pull/9835

show more ...

cookie: compare cookie prefixes case insensitively

Adapted to language in rfc6265bis draft-11.

Closes #9863

Reviewed-by: Daniel Gustafsson

tool_operate: when aborting, make sure there is a non-NULL error buffer

To store custom errors in. Or SIGSEGVs will follow.

Reported-by: Trail of Bits
Closes #9865

WEBSOCKET.md: fix broken link

Reported-by: Felipe Gasper
Bug: https://curl.se/mail/lib-2022-10/0097.html
Closes #9864

CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example

Reported-by: Oskar Sigvardsson

Bug: https://curl.se/mail/lib-2022-11/0016.html

Closes #9862

websockets: fix handling of partial frames

buffer used and send length calculations are fixed when a partial
websocket frame has been received.

Closes #9861

mailmap: unify Stefan Eissing

hyper: fix handling of hyper_task's when reusing the same address

Fixes #9840
Closes #9860

ws: return CURLE_NOT_BUILT_IN when websockets not built in

- Change curl_ws_recv & curl_ws_send to return CURLE_NOT_BUILT_IN when
websockets support is not built in.

Prior to

ws: return CURLE_NOT_BUILT_IN when websockets not built in

- Change curl_ws_recv & curl_ws_send to return CURLE_NOT_BUILT_IN when
websockets support is not built in.

Prior to this change they returned CURLE_OK.

Closes #9851

show more ...

noproxy: tailmatch like in 7.85.0 and earlier

A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work
differently than before. This restores the logic to how it used to work

noproxy: tailmatch like in 7.85.0 and earlier

A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work
differently than before. This restores the logic to how it used to work:

All names listed in NO_PROXY are tailmatched against the used domain
name, if the lengths are identical it needs a full match.

Update the docs, update test 1614.

Reported-by: Stuart Henderson
Fixes #9842
Closes #9858

show more ...

configure: require fork for NTLM-WB

Reported-by: ウさん

Fixes #9847
Closes #9856