CURLINFO_NUM_CONNECTS: improve accuracy

The counter was not bumped in all cases correctly.

Reported-by: Marcel Raad
Ref: #5131
Closes #5135

TODO: Use "random" ports for the test servers

lib/curl_setup: adjust the copyright year range

Follow-up from d820224b8

curl_setup: define _WIN32_WINNT_[OS] symbols

.. because not all Windows build systems have those symbols, and even
those that do may be missing newer symbols (eg the Windows 7 SDK does

curl_setup: define _WIN32_WINNT_[OS] symbols

.. because not all Windows build systems have those symbols, and even
those that do may be missing newer symbols (eg the Windows 7 SDK does
not define _WIN32_WINNT_WIN10).

Those symbols are used in build-time logic to decide which API to use
and prior to this change if the symbols were missing it would have
resulted in deprecated API being used when more recent functions were
available (eg GetVersionEx used instead of VerifyVersionInfo).

Reported-by: FuccDucc@users.noreply.github.com

Probably fixes https://github.com/curl/curl/issues/4995
Closes https://github.com/curl/curl/pull/5057

show more ...

curl-functions.m4: remove inappropriate AC_REQUIRE

AC_REQUIRE means "if this macro hasn't been executed already, execute
it". So in a wrapper around AC_RUN_IFELSE, AC_REQUIRE(AC_RUN_IFE

curl-functions.m4: remove inappropriate AC_REQUIRE

AC_REQUIRE means "if this macro hasn't been executed already, execute
it". So in a wrapper around AC_RUN_IFELSE, AC_REQUIRE(AC_RUN_IFELSE)
isn't correct at that will execute AC_RUN_IFELSE without any arguments.

With autoconf 2.69 this is basically a no-op, but with autoconf 2.70,
AC_RUN_IFELSE without a default value when cross-compiling is fatal.
The result is that curl with autoconf 2.70 cannot cross-compile.

Fixes https://github.com/curl/curl/issues/5126
Closes https://github.com/curl/curl/pull/5130

show more ...

ci/tests: fix Azure Pipelines not running Windows containers

Workaround posted here: microsoft/azure-pipelines-agent#2864

Assisted-by: Simon Chalifoux
Assisted-by: Tommy Petty

ci/tests: fix Azure Pipelines not running Windows containers

Workaround posted here: microsoft/azure-pipelines-agent#2864

Assisted-by: Simon Chalifoux
Assisted-by: Tommy Petty

Fixes #5117
Closes #5129

show more ...

tests: add test 430, 431 and 432 to verify the --config fix

Verify the fixes in 4e0b4fee4

cmdline: fix handling of OperationConfig linked list (--next)

Ensures that -K/--config inserts new items at the end of the list
instead of overwriting the second item, and that after a -

cmdline: fix handling of OperationConfig linked list (--next)

Ensures that -K/--config inserts new items at the end of the list
instead of overwriting the second item, and that after a -K/--config
option has been parsed, the option parser's view of the current config
is update.

Fixes #5120
Closes #5123

show more ...

test2100: fix static port instead of dynamic value being used

test970: fix static ip:port instead of dynamic values being used

secure transport: remove the BACKEND define kludge

Closes #5122

mbedtls: remove the BACKEND define kludge

bearssl: remove the BACKEND define kludge

wolfssl: remove the BACKEND define kludge

nss: remove the BACKEND define kludge

gnutls: remove the BACKEND define kludge

openssl: remove the BACKEND define kludge

Use a proper variable instead to make it easier to use a debugger and
read the code.

tests: make Python-based servers compatible with Python 2 and 3

Update smbserver.py and negtelnetserver.py to be compatible with
Python 3 while staying backwards-compatible to support Py

tests: make Python-based servers compatible with Python 2 and 3

Update smbserver.py and negtelnetserver.py to be compatible with
Python 3 while staying backwards-compatible to support Python 2.

Fix string encoding and handling of echoed and transferred data.

Tested with both Python 2.7.17 and Python 3.7.7

Reported-by: Daniel Stenberg
Assisted-by: Kamil Dudka
Reviewed-by: Marcel Raad

Fixes #5104
Closes #5110

show more ...

writeout_json: use curl_off_t printf() option for the time output

Follow-up to: 04c03416e68fd635a15

Closes #5115

RELEASE-NOTES: synced

Uh, I missed this in 1a46b218db

RELEASE-NOTES: synced

... and bumped curlver.h to 7.70.0

http2: Fix erroneous debug message that h2 connection closed

Prior to this change in libcurl debug builds http2 stream closure was
erroneously referred to as connection closure.

http2: Fix erroneous debug message that h2 connection closed

Prior to this change in libcurl debug builds http2 stream closure was
erroneously referred to as connection closure.

Before:
* nread <= 0, server closed connection, bailing

After:
* nread == 0, stream closed, bailing

Closes https://github.com/curl/curl/pull/5118

show more ...

tool_setopt: correct the copyright year range

Follow-up to 5450428491

schannel: add "best effort" revocation check option

- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.

schannel: add "best effort" revocation check option

- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981

show more ...

multi: Improve parameter check for curl_multi_remove_handle

- If an easy handle is owned by a multi different from the one specified
then return CURLM_BAD_EASY_HANDLE.

Prior t

multi: Improve parameter check for curl_multi_remove_handle

- If an easy handle is owned by a multi different from the one specified
then return CURLM_BAD_EASY_HANDLE.

Prior to this change I assume user error could cause corruption.

Closes https://github.com/curl/curl/pull/5116

show more ...