CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream

... by adding support for a new dedicated return code.

Suggested-by: Jonathan Cardoso
Assisted-by: Erik Joh

CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream

... by adding support for a new dedicated return code.

Suggested-by: Jonathan Cardoso
Assisted-by: Erik Johansson
URL: https://curl.haxx.se/mail/lib-2020-06/0099.html
Closes #5636

show more ...

CURLINFO_EFFECTIVE_METHOD: added

Provide the HTTP method that was used on the latest request, which might
be relevant for users when there was one or more redirects involved.

Cl

CURLINFO_EFFECTIVE_METHOD: added

Provide the HTTP method that was used on the latest request, which might
be relevant for users when there was one or more redirects involved.

Closes #5511

show more ...

windows: add unicode to feature list

Reviewed-by: Marcel Raad
Reviewed-by: Marc Hörsken

Closes #5491

content_encoding: add zstd decoding support

include zstd curl patch for Makefile.m32 from vszakats
and include Add CMake support for zstd from Peter Wu

Helped-by: Viktor Szakats

content_encoding: add zstd decoding support

include zstd curl patch for Makefile.m32 from vszakats
and include Add CMake support for zstd from Peter Wu

Helped-by: Viktor Szakats
Helped-by: Peter Wu
Closes #5453

show more ...

setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency

Closes #5431

setopt: support certificate options in memory with struct curl_blob

This change introduces a generic way to provide binary data in setopt
options, called BLOBs.

This change intr

setopt: support certificate options in memory with struct curl_blob

This change introduces a generic way to provide binary data in setopt
options, called BLOBs.

This change introduces these new setopts:

CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB,
CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB.

Reviewed-by: Daniel Stenberg
Closes #5357

show more ...

CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)

Closes #4346

mqtt: add new experimental protocol

Closes #5173

curl.h: remnove CURL_VERSION_ESNI. Never supported nor documented

Considered experimental and therefore we can do this.

Closes #5157

version: add 'cainfo' and 'capath' to version info struct

Suggested-by: Timothe Litt
URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
Reviewed-by: Jay Satiro

Closes #5150

schannel: add "best effort" revocation check option

- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.

schannel: add "best effort" revocation check option

- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981

show more ...

polarssl: remove more references and mentions

Assisted-by: Jay Satiro
Follow-up to 6357a19ff29dac04
Closes #5036

curl.h: define CURL_WIN32 on windows

... so that the subsequent logic below can use a single known define to know
when built on Windows (as we don't define WIN32 anymore).

Follo

curl.h: define CURL_WIN32 on windows

... so that the subsequent logic below can use a single known define to know
when built on Windows (as we don't define WIN32 anymore).

Follow-up to 1adebe7886ddf20b

Reported-by: crazydef on github
Assisted-by: Marcel Raad
Fixes #4854
Closes #4855

show more ...

smtp: Allow RCPT TO command to fail for some recipients

Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.

Verified with the new tests 3002-3007

Closes #4816

ngtcp2: Add an error code for QUIC connection errors

- Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection
errors.

Prior to this change CURLE_FAILED_INIT was used,

ngtcp2: Add an error code for QUIC connection errors

- Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection
errors.

Prior to this change CURLE_FAILED_INIT was used, but that was not
correct.

Closes https://github.com/curl/curl/pull/4754

show more ...

multi: Change curl_multi_wait/poll to error on negative timeout

- Add new error CURLM_BAD_FUNCTION_ARGUMENT and return that error when
curl_multi_wait/poll is passed timeout param < 0.

multi: Change curl_multi_wait/poll to error on negative timeout

- Add new error CURLM_BAD_FUNCTION_ARGUMENT and return that error when
curl_multi_wait/poll is passed timeout param < 0.

Prior to this change passing a negative value to curl_multi_wait/poll
such as -1 could cause the function to wait forever.

Reported-by: hamstergene@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4763

Closes https://github.com/curl/curl/pull/4765

show more ...

include: remove non-curl prefixed defines

...requires some rearranging of the setup of CURLOPT_ and CURLMOPT_
enums.

openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains

Closes #4655

XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE

(also for PROGRESSFUNCTION)

By returning this value from the callback, the internal progress
function call is still called a

XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE

(also for PROGRESSFUNCTION)

By returning this value from the callback, the internal progress
function call is still called afterward.

Closes #4599

show more ...

TLS: add BearSSL vtls implementation

Closes #4597

multi: add curl_multi_wakeup()

This commit adds curl_multi_wakeup() which was previously in the TODO
list under the curl_multi_unblock name.

On some platforms and with some conf

multi: add curl_multi_wakeup()

This commit adds curl_multi_wakeup() which was previously in the TODO
list under the curl_multi_unblock name.

On some platforms and with some configurations this feature might not be
available or can fail, in these cases a new error code
(CURLM_WAKEUP_FAILURE) is returned from curl_multi_wakeup().

Fixes #4418
Closes #4608

show more ...

test1175: verify symbols-in-versions and libcurl-errors.3 in sync

Closes #4628

quiche: reject headers in the wrong order

Pseudo header MUST come before regular headers or cause an error.

Reported-by: Cynthia Coan
Fixes #4571
Closes #4584

ESNI: initial build/setup

Closes #4011

CURLMOPT_MAX_CONCURRENT_STREAMS: new setopt

Closes #4410