openssl: Fix compilation on Windows when ngtcp2 is enabled

- Include wincrypt before OpenSSL includes so that the latter can
properly handle any conflicts between the two.

Clo

openssl: Fix compilation on Windows when ngtcp2 is enabled

- Include wincrypt before OpenSSL includes so that the latter can
properly handle any conflicts between the two.

Closes https://github.com/curl/curl/pull/5606

show more ...

test543: extended to verify zero length input

As was reported in #5601

escape: zero length input should return a zero length output

Regression added in 7.71.0.

Fixes #5601
Reported-by: Kristoffer Gleditsch
Closes #5602

Curl_inet_ntop: always check the return code

Reported-by: Siva Sivaraman
Fixes #5412
Closes #5597

sendf: improve the message on client write errors

Replace "Failed writing body (X != Y)" with
"Failure writing output to destination". Possibly slightly less cryptic.

Reported-b

sendf: improve the message on client write errors

Replace "Failed writing body (X != Y)" with
"Failure writing output to destination". Possibly slightly less cryptic.

Reported-by: coinhubs on github
Fixes #5594
Closes #5596

show more ...

RELEASE-NOTES: synced

curlver: start working on 7.71.1

DYNBUF.md: fix a typo: trail => tail

Closes #5599

RELEASE-NOTES: curl 7.71.0 release

THANKS: curl 7.71.0 additions

url: make sure pushed streams get an allocated download buffer

Follow-up to c4e6968127e876b0

When a new transfer is created, as a resuly of an acknowledged push,
that transfer n

url: make sure pushed streams get an allocated download buffer

Follow-up to c4e6968127e876b0

When a new transfer is created, as a resuly of an acknowledged push,
that transfer needs a download buffer allocated.

Closes #5590

show more ...

openssl: Don't ignore CA paths when using Windows CA store

This commit changes the behavior of CURLSSLOPT_NATIVE_CA so that it does
not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the h

openssl: Don't ignore CA paths when using Windows CA store

This commit changes the behavior of CURLSSLOPT_NATIVE_CA so that it does
not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded default
locations. Instead the CA store can now be used at the same time.

The change is due to the impending release. The issue is still being
discussed. The behavior of CURLSSLOPT_NATIVE_CA is subject to change and
is now documented as experimental.

Ref: bc052cc (parent commit)
Ref: https://github.com/curl/curl/issues/5585

show more ...

tool_operate: Don't use Windows CA store as a fallback

Background:

148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate
store in libcurl w/ OpenSSL on Windows. C

tool_operate: Don't use Windows CA store as a fallback

Background:

148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate
store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides
CURLOPT_CAINFO if both are set. The curl tool will fall back to
CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set
via CURLOPT_CAINFO.

Problem:

libcurl may be built with hardcoded paths to a certificate bundle or
directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are
ignored.

Solution:

A solution is still being discussed but since there's an impending
release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool.

Ref: https://github.com/curl/curl/issues/5585

show more ...

openssl: Fix CA fallback logic for OpenSSL 3.0 build

Prior to this change I assume a build error would occur when
CURL_CA_FALLBACK was used.

Closes https://github.com/curl/curl/

openssl: Fix CA fallback logic for OpenSSL 3.0 build

Prior to this change I assume a build error would occur when
CURL_CA_FALLBACK was used.

Closes https://github.com/curl/curl/pull/5587

show more ...

copyright: update mismatched copyright years

test1460: verify that -Ji is not ok

tool_getparam: -i is not OK if -J is used

Reported-by: sn on hackerone
Bug: https://curl.haxx.se/docs/CVE-2020-8177.html

CMake: ignore INTERFACE_LIBRARY targets for pkg-config file

Reviewed-by: Marcel Raad
Fixes #5512
Closes #5517

multibyte: Fixed access-> waccess to file for Windows Plarform

Reviewed-by: Marcel Raad
Closes #5580

altsvc: bump to h3-29

Closes #5584

urlglob: treat literal IPv6 addresses with zone IDs as a host name

... and not as a "glob". Now done by passing the supposed host to the
URL parser which supposedly will do a better job

urlglob: treat literal IPv6 addresses with zone IDs as a host name

... and not as a "glob". Now done by passing the supposed host to the
URL parser which supposedly will do a better job at identifying "real"
numerical IPv6 addresses.

Reported-by: puckipedia on github
Fixes #5576
Closes #5579

show more ...

test1179: verify error message for non-existing cmdline option

tool_getparam: repair the error message for unknown flag

Follow-up to 9e5669f3880674
Detected by Coverity CID 1464582 ("Logically dead code")

Closes #5577

FILEFORMAT: describe verify/stderr

connect: improve happy eyeballs handling

For QUIC but also for regular TCP when the second family runs out of IPs
with a failure while the first family is still trying to connect.

connect: improve happy eyeballs handling

For QUIC but also for regular TCP when the second family runs out of IPs
with a failure while the first family is still trying to connect.

Separated the timeout handling for IPv4 and IPv6 connections when they
both have a number of addresses to iterate over.

show more ...