curl: don't set FTP options for FTP-disabled builds

... since libcurl has started to be totally unaware of options for
disabled protocols they now return error.

Bug: https://git

curl: don't set FTP options for FTP-disabled builds

... since libcurl has started to be totally unaware of options for
disabled protocols they now return error.

Bug: https://github.com/curl/curl/commit/c9c5304dd4747cbe75d2f24be85920d572fcb5b8#commitcomment-33533937

Reported-by: Marcel Raad
Closes #3886

show more ...

http_ntlm_wb: Move the type-2 message processing into a dedicated function

This brings the code inline with the other HTTP authentication mechanisms.

Closes #3890

RELEASE-NOTES: synced

docs/RELEASE-PROCEDURE: updated coming releases dates [ci skip]

CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [ci skip]

Reported-by: Roy Bellingan
Bug: #3885

parse_proxy: use the URL parser API

As we treat a given proxy as a URL we should use the unified URL parser
to extract the parts out of it.

Closes #3878

http_negotiate: Move the Negotiate state out of the negotiatedata structure

Given that this member variable is not used by the SASL based protocols
there is no need to have it here.

http_negotiate: Move the Negotiate state out of the negotiatedata structure

Given that this member variable is not used by the SASL based protocols
there is no need to have it here.

Closes #3882

show more ...

http_ntlm: Move the NTLM state out of the ntlmdata structure

Given that this member variable is not used by the SASL based protocols
there is no need to have it here.

url: Move the negotiate state type into a dedicated enum

url: Remove duplicate clean up of the winbind variables in conn_shutdown()

Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior
to calling conn_shutdown() and it in tur

url: Remove duplicate clean up of the winbind variables in conn_shutdown()

Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior
to calling conn_shutdown() and it in turn performs this, there is no
need to perform the same action in conn_shutdown().

Closes #3881

show more ...

urlapi: require a non-zero host name length when parsing URL

Updated test 1560 to verify.

Closes #3880

configure: error out if OpenSSL wasn't detected when asked for

If --with-ssl is used and configure still couldn't enable SSL this
creates an error instead of just silently ignoring the f

configure: error out if OpenSSL wasn't detected when asked for

If --with-ssl is used and configure still couldn't enable SSL this
creates an error instead of just silently ignoring the fact.

Suggested-by: Isaiah Norton
Fixes #3824
Closes #3830

show more ...

imap: Fix typo in comment

url: Remove unnecessary initialisation from allocate_conn()

No need to set variables to zero as calloc() does this for us.

Closes #3879

CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [ci skip]

Clues-provided-by: Jay Satiro
Clues-provided-by: Jeroen Ooms
Fixes #3711
Closes #3874

vtls: fix potential ssl_buffer stack overflow

In Curl_multissl_version() it was possible to overflow the passed in
buffer if the generated version string exceeded the size of the buffer.

vtls: fix potential ssl_buffer stack overflow

In Curl_multissl_version() it was possible to overflow the passed in
buffer if the generated version string exceeded the size of the buffer.
Fix by inverting the logic, and also make sure to not exceed the local
buffer during the string generation.

Closes #3863
Reported-by: nevv on HackerOne/curl
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg

show more ...

RELEASE-NOTES: synced

appveyor: also build "/ci" branches like travis

pingpong: disable more when no pingpong enabled

proxy: acknowledge DISABLE_PROXY more

parsedate: CURL_DISABLE_PARSEDATE

sasl: only enable if there's a protocol enabled using it

mime: acknowledge CURL_DISABLE_MIME

wildcard: disable from build when FTP isn't present

http: CURL_DISABLE_HTTP_AUTH