test1558: verify CURLINFO_PROTOCOL on file:// transfer

Attempt to reproduce issue #3444.

Closes #3447

RELEASE-NOTES: synced

xattr: strip credentials from any URL that is stored

Both user and password are cleared uncondtitionally.

Added unit test 1621 to verify.

Fixes #3423
Closes #3433

cookies: allow secure override when done over HTTPS

Added test 1562 to verify.

Reported-by: Jeroen Ooms
Fixes #3445
Closes #3450

multi: multiplexing improvements

Fixes #3436
Closes #3448

Problem 1

After LOTS of scratching my head, I eventually realized that even when doing
10 uploads in para

multi: multiplexing improvements

Fixes #3436
Closes #3448

Problem 1

After LOTS of scratching my head, I eventually realized that even when doing
10 uploads in parallel, sometimes the socket callback to the application that
tells it what to wait for on the socket, looked like it would reflect the
status of just the single transfer that just changed state.

Digging into the code revealed that this was indeed the truth. When multiple
transfers are using the same connection, the application did not correctly get
the *combined* flags for all transfers which then could make it switch to READ
(only) when in fact most transfers wanted to get told when the socket was
WRITEABLE.

Problem 1b

A separate but related regression had also been introduced by me when I
cleared connection/transfer association better a while ago, as now the logic
couldn't find the connection and see if that was marked as used by more
transfers and then it would also prematurely remove the socket from the socket
hash table even in times other transfers were still using it!

Fix 1

Make sure that each socket stored in the socket hash has a "combined" action
field of what to ask the application to wait for, that is potentially the ORed
action of multiple parallel transfers. And remove that socket hash entry only
if there are no transfers left using it.

Problem 2

The socket hash entry stored an association to a single transfer using that
socket - and when curl_multi_socket_action() was called to tell libcurl about
activities on that specific socket only that transfer was "handled".

This was WRONG, as a single socket/connection can be used by numerous parallel
transfers and not necessarily a single one.

Fix 2

We now store a list of handles in the socket hashtable entry and when libcurl
is told there's traffic for a particular socket, it now iterates over all
known transfers using that single socket.

show more ...

test1561: improve test name

[skip ci]

cookies: skip custom cookies when redirecting cross-site

Closes #3417

THANKS: fixups and a dedupe

[skip ci]

timediff: fix math for unsigned time_t

Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html

Closes #3449

tests: allow tests to pass by 2037-02-12

similar to commit f508d29f3902104018

Closes #3443

RELEASE-NOTES: synced

curl_multi_remove_handle() don't block terminating c-ares requests

Added Curl_resolver_kill() for all three resolver modes, which only
blocks when necessary, along with test 1592 to conf

curl_multi_remove_handle() don't block terminating c-ares requests

Added Curl_resolver_kill() for all three resolver modes, which only
blocks when necessary, along with test 1592 to confirm
curl_multi_remove_handle() doesn't block unless it must.

Closes #3428
Fixes #3371

show more ...

Revert "http_negotiate: do not close connection until negotiation is completed"

This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47.

This also reopens PR #3275 which brough

Revert "http_negotiate: do not close connection until negotiation is completed"

This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47.

This also reopens PR #3275 which brought the change now reverted.

Fixes #3384
Closes #3439

show more ...

curl/urlapi.h: include "curl.h" first

This allows programs to include curl/urlapi.h directly.

Reviewed-by: Daniel Gustafsson
Reported-by: Ben Kohler
Fixes #3438
Closes #

curl/urlapi.h: include "curl.h" first

This allows programs to include curl/urlapi.h directly.

Reviewed-by: Daniel Gustafsson
Reported-by: Ben Kohler
Fixes #3438
Closes #3441

show more ...

VS projects: fix build warning

Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like
the MinimalRebuild option anymore and warns:

cl : Command line warning D9035

VS projects: fix build warning

Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like
the MinimalRebuild option anymore and warns:

cl : Command line warning D9035: option 'Gm' has been deprecated and
will be removed in a future release

The option can be safely removed so that the default is used.

Closes https://github.com/curl/curl/pull/3425

show more ...

schannel: fix compiler warning

When building with Unicode on MSVC, the compiler warns about freeing a
pointer to const in Curl_unicodefree. Fix this by declaring it as
non-const and

schannel: fix compiler warning

When building with Unicode on MSVC, the compiler warns about freeing a
pointer to const in Curl_unicodefree. Fix this by declaring it as
non-const and casting the argument to Curl_convert_UTF8_to_tchar to
non-const too, like we do in all other places.

Closes https://github.com/curl/curl/pull/3435

show more ...

printf: introduce CURL_FORMAT_TIMEDIFF_T

printf: fix format specifiers

Closes #3426

libtest/stub_gssapi: use "real" snprintf

... since it doesn't link with libcurl.

Reverts the commit dcd6f81025 changes from this file.

Bug: https://curl.haxx.se/mail/lib-20

libtest/stub_gssapi: use "real" snprintf

... since it doesn't link with libcurl.

Reverts the commit dcd6f81025 changes from this file.

Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html
Reported-by: Shlomi Fish
Reviewed-by: Daniel Gustafsson
Reviewed-by: Kamil Dudka

Closes #3434

show more ...

INTERNALS: correct some outdated function names

Closes #3431

docs/version.d: mention MultiSSL

Reviewed-by: Daniel Gustafsson
Closes #3432

examples: Update .gitignore

Add a few missing examples to make `make examples` not leave the
workspace in a dirty state.

Closes #3427
Reviewed-by: Daniel Gustafsson <daniel@

examples: Update .gitignore

Add a few missing examples to make `make examples` not leave the
workspace in a dirty state.

Closes #3427
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

show more ...

THANKS: add more missing names

Add Adrian Burcea who made the artwork for the curl://up 2018 event
which was held in Stockholm, Sweden.

docs: mention potential leak in curl_slist_append

When a non-empty list is appended to, and used as the returnvalue,
the list pointer can leak in case of an allocation failure in the

docs: mention potential leak in curl_slist_append

When a non-empty list is appended to, and used as the returnvalue,
the list pointer can leak in case of an allocation failure in the
curl_slist_append() call. This is correctly handled in curl code
usage but we weren't explicitly pointing it out in the API call
documentation. Fix by extending the RETURNVALUE manpage section
and example code.

Closes #3424
Reported-by: dnivras on github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

tvnow: silence conversion warnings

MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is
used and the milliseconds are represented as unsigned long long,
leading to a c

tvnow: silence conversion warnings

MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is
used and the milliseconds are represented as unsigned long long,
leading to a compiler warning when implicitly converting them to long.

show more ...