http: disallow >3-digit response codes

Make the built-in HTTP parser behave similar to hyper and reject any
HTTP response using more than 3 digits for the response code.

Updated

http: disallow >3-digit response codes

Make the built-in HTTP parser behave similar to hyper and reject any
HTTP response using more than 3 digits for the response code.

Updated test 1432 accordingly.
Enabled test 1432 in the hyper builds.

Closes #7641

show more ...

ngtcp2: stop buffering crypto data

Stop buffering crypto data because libngtcp2 now buffers submitted
crypto data.

Closes #7637

test1280: CRLFify the response to please hyper

Closes #7639

tests: enable test 1129 for hyper builds

Closes #7638

curl: better error message when -O fails to get a good name

Due to how this currently works internally, it needs a working initial
file name to store contents in, so it may still fail ev

curl: better error message when -O fails to get a good name

Due to how this currently works internally, it needs a working initial
file name to store contents in, so it may still fail even with -J is
used (and thus accepting a name from content-disposition:) if the file
name part of the URL isn't "good enough".

Fixes #7628
Closes #7635

show more ...

curl_easy_setopt: tweak the string copy wording

Reported-by: Yaobin Wen
Fixes #7632
Closes #7634

RELEASE-NOTES: synced

cmake: sync CURL_DISABLE options

Adds the full listing of CURL_DISABLE options to the CMake build. Moves
all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which
reside

cmake: sync CURL_DISABLE options

Adds the full listing of CURL_DISABLE options to the CMake build. Moves
all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which
resides near OpenSSL configuration, to the same block of code. Also
sorts the options here and in the cmake config header.

Additionally sorted the CURL-DISABLE listing and fixed the
CURL_DISABLE_POP3 option.

Closes #7624

show more ...

KNOWN_BUGS: FTPS upload data loss with TLS 1.3

Bug: https://github.com/curl/curl/issues/6149
Reported-by: Bylon2@users.noreply.github.com

Closes https://github.com/curl/curl/pul

KNOWN_BUGS: FTPS upload data loss with TLS 1.3

Bug: https://github.com/curl/curl/issues/6149
Reported-by: Bylon2@users.noreply.github.com

Closes https://github.com/curl/curl/pull/7623

show more ...

cmake: avoid poll() on macOS

... like we do in configure builds. Since poll() on macOS is not
reliable enough.

Reported-by: marc-groundctl
Fixes #7595
Closes #7619

c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection

Enable test 1074

Closes #7617

c-hyper: deal with Expect: 100-continue combined with POSTFIELDS

Enable test 1130 and 1131

Closes #7616

tests: be explicit about using 'python3' instead of 'python'

This fixes running tests in virtualenvs (or on distros) that no longer
have a symlink from python to python2 or python3.

tests: be explicit about using 'python3' instead of 'python'

This fixes running tests in virtualenvs (or on distros) that no longer
have a symlink from python to python2 or python3.

Closes #7602

show more ...

scripts: invoke interpreters through /usr/bin/env

Closes #7602

DISABLED: enable 11 more tests for hyper builds

Closes #7612

setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper

Since this option is also used for FTP, it needs to work to set for
applications even if hyper doesn't support it for HTTP. Verifie

setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper

Since this option is also used for FTP, it needs to work to set for
applications even if hyper doesn't support it for HTTP. Verified by test
1137.

Updated docs to specify that the option doesn't work for HTTP when using
the hyper backend.

Closes #7614

show more ...

test1138: remove trailing space to make work with hyper

Closes #7613

libcurl-errors.3: clarify two CURLUcode errors

CURLUE_BAD_HANDLE and CURLUE_BAD_PARTPOINTER should be for "bad" or
wrong pointers in a generic sense, not just for NULL pointers.

libcurl-errors.3: clarify two CURLUcode errors

CURLUE_BAD_HANDLE and CURLUE_BAD_PARTPOINTER should be for "bad" or
wrong pointers in a generic sense, not just for NULL pointers.

Reviewed-by: Jay Satiro

Ref: #7605
Closes #7611

show more ...

symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version

... and also change the 'Removed' column name to 'Last' since that
column is for the last version to contain the symbol.

symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version

... and also change the 'Removed' column name to 'Last' since that
column is for the last version to contain the symbol.

Closes https://github.com/curl/curl/pull/7609

show more ...

urlapi.c:seturl: assert URL instead of using if-check

There's no code flow possible where this can happen. The assert makes
sure it also won't be introduced undetected in the future.

urlapi.c:seturl: assert URL instead of using if-check

There's no code flow possible where this can happen. The assert makes
sure it also won't be introduced undetected in the future.

Closes #7610

show more ...

curl-openssl.m4: show correct output for OpenSSL v3

Using 3.0.0 versions configure should now show this:

checking for OpenSSL headers version... 3.0.0 - 0x300
checking for OpenS

curl-openssl.m4: show correct output for OpenSSL v3

Using 3.0.0 versions configure should now show this:

checking for OpenSSL headers version... 3.0.0 - 0x300
checking for OpenSSL library version... 3.0.0
checking for OpenSSL headers and library versions matching... yes

This output doesn't actually change what configure generates but is only
"cosmetic".

Reported-by: Randall S. Becker
Fixes #7606
Closes #7608

show more ...

mksymbolsmanpage.pl: Fix showing symbol's last used version

Prior to this change the symbol's deprecated version was erroneously
shown as its last used version.

Bug: https://git

mksymbolsmanpage.pl: Fix showing symbol's last used version

Prior to this change the symbol's deprecated version was erroneously
shown as its last used version.

Bug: https://github.com/curl/curl/commit/4e53b94#commitcomment-55239509
Reported-by: i-ky@users.noreply.github.com

show more ...

mksymbolsmanpage.pl: match symbols case insenitively

Follow-up to 4e53b9430c750 which made this bug show.

Reported-by: i-ky
Bug: https://github.com/curl/curl/commit/4e53b9430c75

mksymbolsmanpage.pl: match symbols case insenitively

Follow-up to 4e53b9430c750 which made this bug show.

Reported-by: i-ky
Bug: https://github.com/curl/curl/commit/4e53b9430c7504de8984796e2a2091ec16f27136#commitcomment-55239253
Closes #7607

show more ...

asyn-ares: call ares_freeaddrinfo() to clean up addrinfo results

As this leaks memory otherwise

Follow-up to ba904db0705c931

Closes #7599

wolfssl: clean up wolfcrypt error queue

If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error
queue gets added on to for each session and never freed. Fix it by
cal

wolfssl: clean up wolfcrypt error queue

If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error
queue gets added on to for each session and never freed. Fix it by
calling ERR_clear_error() like in vtls/openssl when needed. This func is
a no-op in wolfcrypt if the error queue is not enabled.

Closes #7594

show more ...