CMake: add support for building with the NSS vtls backend

Options are cross-checked with configure.ac and acinclude.m4.
Tested on Arch Linux, untested on other platforms like Windows or

CMake: add support for building with the NSS vtls backend

Options are cross-checked with configure.ac and acinclude.m4.
Tested on Arch Linux, untested on other platforms like Windows or macOS.

Closes #4663
Reviewed-by: Kamil Dudka

show more ...

azure: add more builds

... removed two from travis (that now runs on azure instead)

Closes #4671

CURLOPT_VERBOSE.3: see also ERRORBUFFER

hostip4.c: bump copyright year range

configure: enable IPv6 support without `getaddrinfo`

This makes it possible to recognize and connect to literal IPv6
addresses when `getaddrinfo` is not available, which is already the

configure: enable IPv6 support without `getaddrinfo`

This makes it possible to recognize and connect to literal IPv6
addresses when `getaddrinfo` is not available, which is already the
case for the CMake build. This affects e.g. classic MinGW because it
still targets Windows 2000 by default, where `getaddrinfo` is not
available, but general IPv6 support is.

Instead of checking for `getaddrinfo`, check for `sockaddr_in6` as the
CMake build does.

Closes https://github.com/curl/curl/pull/4662

show more ...

curl_setup: disable IPv6 resolver without `getaddrinfo`

Also, use `CURLRES_IPV6` only for actual DNS resolution, not for IPv6
address support. This makes it possible to connect to IPv6 l

curl_setup: disable IPv6 resolver without `getaddrinfo`

Also, use `CURLRES_IPV6` only for actual DNS resolution, not for IPv6
address support. This makes it possible to connect to IPv6 literals by
setting `ENABLE_IPV6` even without `getaddrinfo` support. It also fixes
the CMake build when using the synchronous resolver without
`getaddrinfo` support.

Closes https://github.com/curl/curl/pull/4662

show more ...

github action/azure pipeline: run 'make test-nonflaky' for tests

To match travis and give more info on failures.

openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains

Closes #4655

openssl: set X509_V_FLAG_PARTIAL_CHAIN

Have intermediate certificates in the trust store be treated as
trust-anchors, in the same way as self-signed root CA certificates
are. This al

openssl: set X509_V_FLAG_PARTIAL_CHAIN

Have intermediate certificates in the trust store be treated as
trust-anchors, in the same way as self-signed root CA certificates
are. This allows users to verify servers using the intermediate cert
only, instead of needing the whole chain.

Other TLS backends already accept partial chains.

Reported-by: Jeffrey Walton
Bug: https://curl.haxx.se/mail/lib-2019-11/0094.html

show more ...

curl: show better error message when no homedir is found

Reported-by: Vlastimil Ovčáčík
Fixes #4644
Closes #4665

OPENSOCKETFUNCTION.3: correct the purpose description

Reported-by: Jeff Mears
Bug: https://curl.haxx.se/mail/lib-2019-12/0007.html

Closes #4667

travis: do not use OVERRIDE_CC or OVERRIDE_CXX if empty

Fixes the macOS builds where OVERRIDE_CC and OVERRIDE_CXX are not set.

Reported-by: Jay Satiro
Fixes #4659
Closes #46

travis: do not use OVERRIDE_CC or OVERRIDE_CXX if empty

Fixes the macOS builds where OVERRIDE_CC and OVERRIDE_CXX are not set.

Reported-by: Jay Satiro
Fixes #4659
Closes #4661
Closes #4664

show more ...

azure-pipelines: fix the test script

Azure Pipelines: initial CI setup

[skip ci]

docs: add "added: 7.68.0" to the --etag-* docs

copyright: fix the year ranges for two files

Follow-up to 9c1806ae

build: Disable Visual Studio warning "conditional expression is constant"

- Disable warning C4127 "conditional expression is constant" globally
in curl_setup.h for when building with M

build: Disable Visual Studio warning "conditional expression is constant"

- Disable warning C4127 "conditional expression is constant" globally
in curl_setup.h for when building with Microsoft's compiler.

This mainly affects building with the Visual Studio project files found
in the projects dir.

Prior to this change the cmake and winbuild build systems already
disabled 4127 globally for when building with Microsoft's compiler.
Also, 4127 was already disabled for all build systems in the limited
circumstance of the WHILE_FALSE macro which disabled the warning
specifically for while(0). This commit removes the WHILE_FALSE macro and
all other cruft in favor of disabling globally in curl_setup.

Background:

We have various macros that cause 0 or 1 to be evaluated, which would
cause warning C4127 in Visual Studio. For example this causes it:

#define Curl_resolver_asynch() 1

Full behavior is not clearly defined and inconsistent across versions.
However it is documented that since VS 2015 Update 3 Microsoft has
addressed this somewhat but not entirely, not warning on while(true) for
example.

Prior to this change some C4127 warnings occurred when I built with
Visual Studio using the generated projects in the projects dir.

Closes https://github.com/curl/curl/pull/4658

show more ...

openssl: retrieve reported LibreSSL version at runtime

- Retrieve LibreSSL runtime version when supported (>= 2.7.1).

For earlier versions we continue to use the compile-time versio

openssl: retrieve reported LibreSSL version at runtime

- Retrieve LibreSSL runtime version when supported (>= 2.7.1).

For earlier versions we continue to use the compile-time version.

Ref: https://man.openbsd.org/OPENSSL_VERSION_NUMBER.3

Closes https://github.com/curl/curl/pull/2425

show more ...

strerror: Add Curl_winapi_strerror for Win API specific errors

- In all code call Curl_winapi_strerror instead of Curl_strerror when
the error code is known to be from Windows GetLastE

strerror: Add Curl_winapi_strerror for Win API specific errors

- In all code call Curl_winapi_strerror instead of Curl_strerror when
the error code is known to be from Windows GetLastError.

Curl_strerror prefers CRT error codes (errno) over Windows API error
codes (GetLastError) when the two overlap. When we know the error code
is from GetLastError it is more accurate to prefer the Windows API error
messages.

Reported-by: Richard Alcock

Fixes https://github.com/curl/curl/issues/4550
Closes https://github.com/curl/curl/pull/4581

show more ...

global_init: undo the "intialized" bump in case of failure

... so that failures in the global init function don't count as a
working init and it can then be called again.

Report

global_init: undo the "intialized" bump in case of failure

... so that failures in the global init function don't count as a
working init and it can then be called again.

Reported-by: Paul Groke
Fixes #4636
Closes #4653

show more ...

parsedate: offer a getdate_capped() alternative

... and use internally. This function will return TIME_T_MAX instead of
failure if the parsed data is found to be larger than what can be

parsedate: offer a getdate_capped() alternative

... and use internally. This function will return TIME_T_MAX instead of
failure if the parsed data is found to be larger than what can be
represented. TIME_T_MAX being the largest value curl can represent.

Reviewed-by: Daniel Gustafsson
Reported-by: JanB on github
Fixes #4152
Closes #4651

show more ...

docs: add more references to curl_multi_poll

Fixes #4643
Closes #4652

sha256: bump the copyright year range

Follow-up from 66e21520f

curl_setup_once: consistently use WHILE_FALSE in macros

The WHILE_FALSE construction is used to avoid compiler warnings in
macro constructions. This fixes a few instances where it was no

curl_setup_once: consistently use WHILE_FALSE in macros

The WHILE_FALSE construction is used to avoid compiler warnings in
macro constructions. This fixes a few instances where it was not
used in order to keep the code consistent.

Closes #4649
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

http_ntlm: Remove duplicate NSS initialisation

Given that this is performed by the NTLM code there is no need to
perform the initialisation in the HTTP layer. This also keeps the
ini

http_ntlm: Remove duplicate NSS initialisation

Given that this is performed by the NTLM code there is no need to
perform the initialisation in the HTTP layer. This also keeps the
initialisation the same as the SASL based protocols and also fixes a
possible compilation issue if both NSS and SSPI were to be used as
multiple SSL backends.

Reviewed-by: Kamil Dudka
Closes #3935

show more ...