cookie: check __Secure- and __Host- case sensitively

While most keywords in cookies are case insensitive, these prefixes are
specified explicitly to get checked "with a case-sensitive ma

cookie: check __Secure- and __Host- case sensitively

While most keywords in cookies are case insensitive, these prefixes are
specified explicitly to get checked "with a case-sensitive match".

(From the 6265bis document in progress)

Ref: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-04
Closes #4864

show more ...

KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header

oauth2-bearer.d: works for HTTP too

Reported-by: Mischa Salle
Bug: https://curl.haxx.se/mail/lib-2020-01/0070.html
Closes #4862

multi_done: if multiplexed, make conn->data point to another transfer

... since the current transfer is being killed. Setting to NULL is
wrong, leaving it pointing to 'data' is wrong sin

multi_done: if multiplexed, make conn->data point to another transfer

... since the current transfer is being killed. Setting to NULL is
wrong, leaving it pointing to 'data' is wrong since that handle might be
about to get freed.

Fixes #4845
Closes #4858
Reported-by: dmitrmax on github

show more ...

location.d: the method change is from POST to GET only

Not from generic non-GET to GET.

Reported-by: Andrius Merkys
Ref: #4859
Closes #4861

urlapi: guess scheme correct even with credentials given

In the "scheme-less" parsing case, we need to strip off credentials
first before we guess scheme based on the host name!

urlapi: guess scheme correct even with credentials given

In the "scheme-less" parsing case, we need to strip off credentials
first before we guess scheme based on the host name!

Assisted-by: Jay Satiro
Fixes #4856
Closes #4857

show more ...

global_init: move the IPv6 works status bool to multi handle

Previously it was stored in a global state which contributed to
curl_global_init's thread unsafety. This boolean is now inste

global_init: move the IPv6 works status bool to multi handle

Previously it was stored in a global state which contributed to
curl_global_init's thread unsafety. This boolean is now instead figured
out in curl_multi_init() and stored in the multi handle. Less effective,
but thread safe.

Closes #4851

show more ...

README: mention that the docs is in docs/

Reported-by: Austin Green
Fixes #4830
Closes #4853

curl.h: define CURL_WIN32 on windows

... so that the subsequent logic below can use a single known define to know
when built on Windows (as we don't define WIN32 anymore).

Follo

curl.h: define CURL_WIN32 on windows

... so that the subsequent logic below can use a single known define to know
when built on Windows (as we don't define WIN32 anymore).

Follow-up to 1adebe7886ddf20b

Reported-by: crazydef on github
Assisted-by: Marcel Raad
Fixes #4854
Closes #4855

show more ...

RELEASE-NOTES: synced

urldata: do string enums without #ifdefs for build scripts

... and check for inconsistencies for OS400 at build time with the new
chkstrings tool.

Closes #4822

curl: make the -# spaceship bar not wrap the line

The fixed-point math made us lose precision and thus a too high index
value could be used for outputting the hashtags which could overwr

curl: make the -# spaceship bar not wrap the line

The fixed-point math made us lose precision and thus a too high index
value could be used for outputting the hashtags which could overwrite
the newline.

The fix increases the precision in the sine table (*100) and the
associated position math.

Reported-by: Andrew Potter
Fixes #4849
Closes #4850

show more ...

global_init: assume the EINTR bit by default

- Removed from global_init since it isn't thread-safe. The symbol will
still remain to not break compiles, it just won't have any effect go

global_init: assume the EINTR bit by default

- Removed from global_init since it isn't thread-safe. The symbol will
still remain to not break compiles, it just won't have any effect going
forward.

- make the internals NOT loop on EINTR (the opposite from previously).
It only risks returning from the select/poll/wait functions early, and that
should be risk-free.

Closes #4840

show more ...

conn: do not reuse connection if SOCKS proxy credentials differ

Closes #4835

llist: removed unused Curl_llist_move()

(and the corresponding unit test)

Closes #4842

conncache: removed unused Curl_conncache_bundle_size()

strcase: turn Curl_raw_tolower into static

Only ever used from within this file.

singleuse.pl: support new API functions, fix curl_dbg_ handling

wolfssh: make it init properly via Curl_ssh_init()

Closes #4846

form.d: fix two minor typos

Closes #4843

openssl: make CURLINFO_CERTINFO not truncate x509v3 fields

Avoid "reparsing" the content and instead deliver more exactly what is
provided in the certificate and avoid truncating the dat

openssl: make CURLINFO_CERTINFO not truncate x509v3 fields

Avoid "reparsing" the content and instead deliver more exactly what is
provided in the certificate and avoid truncating the data after 512
bytes as done previously. This no longer removes embedded newlines.

Fixes #4837
Reported-by: bnfp on github
Closes #4841

show more ...

CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3

- Copy CURLOPT_SSL_OPTIONS.3 description to CURLOPT_PROXY_SSL_OPTIONS.3.

Prior to this change CURLSSLOPT_NO_PARTIALCHAIN

CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3

- Copy CURLOPT_SSL_OPTIONS.3 description to CURLOPT_PROXY_SSL_OPTIONS.3.

Prior to this change CURLSSLOPT_NO_PARTIALCHAIN was missing from the
CURLOPT_PROXY_SSL_OPTIONS description.

show more ...

mk-ca-bundle: add support for CKA_NSS_SERVER_DISTRUST_AFTER

For now, no cert in the bundle actually sets a date there...

Co-Authored-by: Jay Satiro
Reported-by: Christian Heimes

mk-ca-bundle: add support for CKA_NSS_SERVER_DISTRUST_AFTER

For now, no cert in the bundle actually sets a date there...

Co-Authored-by: Jay Satiro
Reported-by: Christian Heimes
Fixes #4834
Closes #4836

show more ...

RELEASE-NOTES: synced

smtp: Allow RCPT TO command to fail for some recipients

Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.

Verified with the new tests 3002-3007

Closes #4816