GnuTLS: don't allow TLS 1.3 for versions that don't support it

Follow-up to 781864bedbc5

... as they don't understand it and will return error at us!

Closes #7014

tool_getparam: handle failure of curlx_convert_tchar_to_UTF8()

Reported by GCC analyzer:

Error: GCC_ANALYZER_WARNING (CWE-476):
src/tool_getparam.c: scope_hint: In function 'par

tool_getparam: handle failure of curlx_convert_tchar_to_UTF8()

Reported by GCC analyzer:

Error: GCC_ANALYZER_WARNING (CWE-476):
src/tool_getparam.c: scope_hint: In function 'parse_args'
src/tool_getparam.c:2318:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'orig_opt'
lib/curlx.h:56: included_from: Included from here.
src/tool_getparam.c:28: included_from: Included from here.
lib/curl_multibyte.h:70:51: note: in definition of macro 'curlx_convert_tchar_to_UTF8'
src/tool_getparam.c:2316:16: note: in expansion of macro 'curlx_convert_tchar_to_UTF8'

Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Closes #7023

show more ...

scripts/delta: also show total number of days

sockfilt: fix invalid increment of handles index variable nfd

Only increment the array index if we actually stored a handle.

Follow up to e917492048f4b85a0fd58a033d10072fc7666c3b

sockfilt: fix invalid increment of handles index variable nfd

Only increment the array index if we actually stored a handle.

Follow up to e917492048f4b85a0fd58a033d10072fc7666c3b
Closes #6992

show more ...

sockfilt: avoid getting stuck waiting for writable socket

Reset FD_WRITE event using the same approach as in multi.c

Follow up to b36442b24305f3cda7c13cc64b46838995a4985b
Closes

sockfilt: avoid getting stuck waiting for writable socket

Reset FD_WRITE event using the same approach as in multi.c

Follow up to b36442b24305f3cda7c13cc64b46838995a4985b
Closes #6992

show more ...

test678: Fix for Windows multibyte builds

Follow-up to 77fc385 from yesterday.

Bug: https://github.com/curl/curl/pull/6662#issuecomment-832966557
Reported-by: Marc Hörsken

build: fix compilation for Windows UWP platform

- Include afunix.h which is necessary for sockaddr_un when
USE_UNIX_SOCKETS is defined on Windows.

Closes https://github.com/cu

build: fix compilation for Windows UWP platform

- Include afunix.h which is necessary for sockaddr_un when
USE_UNIX_SOCKETS is defined on Windows.

Closes https://github.com/curl/curl/pull/7006

show more ...

gnutls: make setting only the MAX TLS allowed version work

Previously, settting only the max allowed TLS version, leaving the
minimum one at default, didn't actually set it and left it t

gnutls: make setting only the MAX TLS allowed version work

Previously, settting only the max allowed TLS version, leaving the
minimum one at default, didn't actually set it and left it to default
(TLS 1.3) too!

As a bonus, this change also removes the dead code handling of SSLv3
since that version can't be set anymore (since eff614fb0242cb).

Reported-by: Daniel Carpenter
Fixes #6998
Closes #7000

show more ...

openldap: replace ldap_ prefix on private functions

Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at
least) there's a symbol collision because of that.

The pri

openldap: replace ldap_ prefix on private functions

Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at
least) there's a symbol collision because of that.

The private functions now use the 'oldap_' prefix where it previously
used 'ldap_'.

Reported-by: 3eka on github
Fixes #7004
Closes #7005

show more ...

http2: fix potentially uninitialized variable

introduced several days ago in 3193170. caught by visual studio linker.

SSL: support in-memory CA certs for some backends

- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
specify in-memory PEM certificates for OpenSSL, Schannel (Windows)

SSL: support in-memory CA certs for some backends

- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
and Secure Transport (Apple) SSL backends.

Prior to this change PEM certificates could only be imported from a file
and not from memory.

Co-authored-by: moparisthebest@users.noreply.github.com

Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109

Closes https://github.com/curl/curl/pull/6662

show more ...

tests: ignore case of chunked hex numbers in tests

When hyper is used, it emits uppercase hexadecimal numbers for chunked
encoding lengths. Without hyper, lowercase hexadecimal numbers a

tests: ignore case of chunked hex numbers in tests

When hyper is used, it emits uppercase hexadecimal numbers for chunked
encoding lengths. Without hyper, lowercase hexadecimal numbers are used.
This change adds preprocessor statements to tests where this is an
issue, and adapts the fixtures to match.

Closes #6987

show more ...

cmake: check for getppid and utimes

... as they're checked for in the configure script and are used by
source code.

Removed checks for perror, setvbuf and strlcat since those de

cmake: check for getppid and utimes

... as they're checked for in the configure script and are used by
source code.

Removed checks for perror, setvbuf and strlcat since those defines are
not checked for in source code.

Bonus: removed HAVE_STRLCPY from a few config-*.h files since that
symbol is not used in source code.

Closes #6997

show more ...

libtest: remove lib530.c

Follow up from e50a877df when test 530 was removed. Since then this
source file has not been used/needed.

Closes #6999

FILEFORMAT: mention sectransp as a feature

Been supported since at least 40259ca65

Closes #7001

RELEASE-NOTES: synced

libssh2: ignore timeout during disconnect

... to avoid memory leaks!

libssh2 is tricky as we have to deal with the non-blockiness even in
close and shutdown cases. In the cases

libssh2: ignore timeout during disconnect

... to avoid memory leaks!

libssh2 is tricky as we have to deal with the non-blockiness even in
close and shutdown cases. In the cases when we shutdown after a timeout
already expired, it is crucial that curl doen't let the timeout abort
the shutdown process as that then leaks memory!

Reported-by: Benjamin Riefenstahl
Fixes #6990

show more ...

KNOWN_BUGS: add two HTTP/2 bugs

KNOWN_BUGS: add three HTTP/3 issues

... and moved the HTTP/2 issues to its own section

Closes #6606
Closes #6510
Closes #6494

CURLcode: add CURLE_SSL_CLIENTCERT

When a TLS server requests a client certificate during handshake and
none can be provided, libcurl now returns this new error code
CURLE_SSL_CLIENT

CURLcode: add CURLE_SSL_CLIENTCERT

When a TLS server requests a client certificate during handshake and
none can be provided, libcurl now returns this new error code
CURLE_SSL_CLIENTCERT

Only supported by Secure Transport and OpenSSL for TLS 1.3 so far.

Closes #6721

show more ...

.github/FUNDING: add link to GitHub sponsors

Closes #6985

krb5/name_to_level: replace checkprefix with curl_strequal

Closes #6993

Curl_input_digest: require space after Digest

Closes #6993

Curl_http_header: check for colon when matching Persistent-Auth

Closes #6993

Curl_http_input_auth: require valid separator after negotiation type

Closes #6993