HTTP2: remove the outdated remark about multiplexing for the tool

http2: don't set KEEP_SEND when there's no more data to be sent

this should fix an issue where curl sometimes doesn't send out a request
with authorization info after a 401 is received o

http2: don't set KEEP_SEND when there's no more data to be sent

this should fix an issue where curl sometimes doesn't send out a request
with authorization info after a 401 is received over http2

Closes #6747

show more ...

config: fix building SMB with configure using Win32 Crypto

Align conditions for NTLM features between CMake and configure
builds by differentiating between USE_NTLM and USE_CURL_NTLM_COR

config: fix building SMB with configure using Win32 Crypto

Align conditions for NTLM features between CMake and configure
builds by differentiating between USE_NTLM and USE_CURL_NTLM_CORE,
just like curl_setup.h does internally to detect support of:

- USE_NTLM: required for NTLM crypto authentication feature
- USE_CURL_NTLM_CORE: required for SMB protocol

Implement USE_WIN32_CRYPTO detection by checking for Crypt functions
in wincrypt.h which are not available in the Windows App environment.

Link advapi32 and crypt32 for Crypto API and Schannel SSL backend.
Fix condition of Schannel SSL backend in CMake build accordingly.

Reviewed-by: Marcel Raad

Closes #6277

show more ...

config: fix detection of restricted Windows App environment

Move the detection of the restricted Windows App environment
in curl_setup.h before the definition of USE_WIN32_CRYPTO
via

config: fix detection of restricted Windows App environment

Move the detection of the restricted Windows App environment
in curl_setup.h before the definition of USE_WIN32_CRYPTO
via included config-win32.h in case no build system is used.

Reviewed-by: Marcel Raad

Part of #6277

show more ...

HISTORY: curl 7.7.2 was the first version used in Mac OS X 10.1

gen.pl: quote "bare" minuses in the nroff curl.1

Reported-by: Alejandro Colomar
Fixes #6698
Closes #6722

hsts: remove unused defines

MAX_HSTS_SUBLEN and MAX_HSTS_SUBLENSTR were unused from the initial commit,
and mostly likely leftovers from early development. Remove as they're not
use

hsts: remove unused defines

MAX_HSTS_SUBLEN and MAX_HSTS_SUBLENSTR were unused from the initial commit,
and mostly likely leftovers from early development. Remove as they're not
used for anything.

Closes #6741
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

github: add torture-ftp for FTP-only torture testing

and at 20% to try to keep the run-time reasonable

Closes #6728

travis: split "torture" into a separate "events" build as well

Run torture without FTP and reducing coverage to 20%

For some reason the torture tests now run a lot slower on travis

travis: split "torture" into a separate "events" build as well

Run torture without FTP and reducing coverage to 20%

For some reason the torture tests now run a lot slower on travis and run
into the 50 minute limit all the time.

Closes #6728

show more ...

ftp: fix memory leak in ftp_done

If after a transfer is complete Curl_GetFTPResponse() returns an error,
curl would not free the ftp->pathalloc block.

Found by torture-testing t

ftp: fix memory leak in ftp_done

If after a transfer is complete Curl_GetFTPResponse() returns an error,
curl would not free the ftp->pathalloc block.

Found by torture-testing test 576

Closes #6737

show more ...

http2: fail if connection terminated without END_STREAM

Closes #6736

RELEASE-NOTES: synced

rustls: support CURLOPT_SSL_VERIFYPEER

This requires the latest main branch of crustls, which provides
rustls_client_config_builder_dangerous_set_certificate_verifier and
rustls_clie

rustls: support CURLOPT_SSL_VERIFYPEER

This requires the latest main branch of crustls, which provides
rustls_client_config_builder_dangerous_set_certificate_verifier and
rustls_client_config_builder_set_enable_sni.

This refactors the session setup into its own function, and adds a new
function cr_hostname_is_ip. Because crustls doesn't support verification
of IP addresses, special handling is needed: We disable SNI and set a
placeholder hostname (which never actually gets sent on the wire).

Closes #6719

show more ...

cookies: Fix potential NULL pointer deref with PSL

Curl_cookie_init can be called with data being NULL, and this can in turn
be passed to Curl_cookie_add, meaning that both functions mus

cookies: Fix potential NULL pointer deref with PSL

Curl_cookie_init can be called with data being NULL, and this can in turn
be passed to Curl_cookie_add, meaning that both functions must be careful
to only use data where it's checked for being a NULL pointer. The libpsl
support code does however dereference data without checking, so if we are
indeed having an unset data pointer we cannot PSL check the cookiedomain.

This is currently not a reachable dereference, as the only caller with a
NULL data isn't passing a file to initialize cookies from, but since the
API has this contract let's ensure we hold it.

Closes #6731
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

configure: only add OpenSSL paths if they are defined

Add paths for OpenSSL compiling and linking only if they have been
defined. If they haven't been defined, we'll assume that the pat

configure: only add OpenSSL paths if they are defined

Add paths for OpenSSL compiling and linking only if they have been
defined. If they haven't been defined, we'll assume that the paths are
already available to the toolchain.

Closes #6730

show more ...

retry.d: Clarify transient 5xx HTTP response codes

- Clarify the only 5xx response codes that are treated as transient are
500, 502, 503 and 504.

Prior to this change it said

retry.d: Clarify transient 5xx HTTP response codes

- Clarify the only 5xx response codes that are treated as transient are
500, 502, 503 and 504.

Prior to this change it said it treated all 5xx as transient, but the
code says otherwise.

Ref: https://github.com/curl/curl/blob/curl-7_75_0/src/tool_operate.c#L462-L495

Closes https://github.com/curl/curl/pull/6724

show more ...

retry-all-errors.d: Explain curl errors versus HTTP response errors

- Add a paragraph explaining that curl does not consider HTTP response
errors as curl errors, and how that behavior

retry-all-errors.d: Explain curl errors versus HTTP response errors

- Add a paragraph explaining that curl does not consider HTTP response
errors as curl errors, and how that behavior can be modified by using
--retry and --fail.

The --retry-all-errors doc says "Retry on any error" which some users
may find misleading without the added explanation.

Ref: https://curl.se/docs/faq.html#Why_do_I_get_downloaded_data_eve
Ref: https://curl.se/docs/faq.html#curl_doesn_t_return_error_for_HT

Reported-by: Lawrence Gripper

Fixes https://github.com/curl/curl/issues/6712
Closes https://github.com/curl/curl/pull/6720

show more ...

travis: switch ngtcp2 build over to quictls

The ngtcp2 project switched over to using the quictls OpenSSL fork
instead of their own patched OpenSSL. We follow suit.

Closes #6729

test220/314: adjust to run with Hyper

c-hyper: support automatic content-encoding

Closes #6727

http: remove superfluous NULL assign

Closes #6727

tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error

Closes #6727

setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper

Not supported.

Closes #6727

test306: make it not run with Hyper

... as it tests HTTP/0.9 which Hyper doesn't support.

test304: header CRLF cleanup to work with Hyper