TLS: add support for ECH (Encrypted Client Hello)

An EXPERIMENTAL feature used with CURLOPT_ECH and --ech.

Closes #11922

haproxy: add --haproxy-clientip flag to spoof client IPs

CURLOPT_HAPROXY_CLIENT_IP in the library

Closes #10779

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

typecheck: accept expressions for option/info parameters

As expressions can have side effects, evaluate only once.

To enable deprecation reporting only once, get rid of the __typeof

typecheck: accept expressions for option/info parameters

As expressions can have side effects, evaluate only once.

To enable deprecation reporting only once, get rid of the __typeof__
use to define the local temporary variable and use the target type
(CURLoption/CURLINFO). This also avoids multiple reports on type
conflicts (if some) by the curlcheck_* macros.

Note that CURLOPT_* and CURLINFO_* symbols may be deprecated, but not
their values: a curl_easy_setopt call with an integer constant as option
will never report a deprecation.

Reported-by: Thomas Klausner
Fixes #10148
Closes #10149

show more ...

lib: feature deprecation warnings in gcc >= 4.3

Add a deprecated attribute to functions and enum values that should not
be used anymore.
This uses a gcc 4.3 dialect, thus is only ava

lib: feature deprecation warnings in gcc >= 4.3

Add a deprecated attribute to functions and enum values that should not
be used anymore.
This uses a gcc 4.3 dialect, thus is only available for this version of
gcc and newer. Note that the _Pragma() keyword is introduced by C99, but
is available as part of the gcc dialect even when compiling in C89 mode.

It is still possible to disable deprecation at a calling module compile
time by defining CURL_DISABLE_DEPRECATION.

Gcc type checking macros are made aware of possible deprecations.

Some testing support Perl programs are adapted to the extended
declaration syntax.

Several test and unit test C programs intentionally use deprecated
functions/options and are annotated to not generate a warning.

New test 1222 checks the deprecation status in doc and header files.

Closes #9667

show more ...

style: use space after comment start and before comment end

/* like this */

/*not this*/

checksrc is updated accordingly

Closes #9828

setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR

... as replacements for deprecated CURLOPT_PROTOCOLS and
CURLOPT_REDIR_PROTOCOLS as these new ones do not risk running i

setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR

... as replacements for deprecated CURLOPT_PROTOCOLS and
CURLOPT_REDIR_PROTOCOLS as these new ones do not risk running into the
32 bit limit the old ones are facing.

CURLINFO_PROTCOOL is now deprecated.

The curl tool is updated to use the new options.

Added test 1597 to verify the libcurl protocol parser.

Closes #8992

show more ...

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...

libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION

The callback set by CURLOPT_SSH_HOSTKEYFUNCTION is called to check
wether or not the connection should continue.

The host key is passed

libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION

The callback set by CURLOPT_SSH_HOSTKEYFUNCTION is called to check
wether or not the connection should continue.

The host key is passed in argument with a custom handle for the
application.

It overrides CURLOPT_SSH_KNOWNHOSTS

Closes #7959

show more ...

typecheck-gcc.h: add CURLOPT_PREREQDATA awareness

Follow-up to a517378de58358a

To make test 1912 happy again

Closes #7799

libssh2: add SHA256 fingerprint support

Added support for SHA256 fingerprint in command line curl and in
libcurl.

Closes #7646

typecheck-gcc: make the ssl-ctx-cb check use SSL_CTX pointers

... and not values.

Reported-by: locpyl-tidnyd on github
Fixes #6818
Closes #6819

http: Make the call to v4 signature

This patch allow to call the v4 signature introduce in previous commit

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>

curl.se: new home

Closes #6172

hsts: add read/write callbacks

- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks

Closes #5896

tls: add CURLOPT_SSL_EC_CURVES and --curves

Closes #5892

tests: add test1912 with typechecks

Validates that gcc-typecheck macros match the new option type API.

Closes #5873

typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *'

Reported-by: Billyzou0741326 on github
Fixes #5432
Closes #5436

typecheck-gcc.h: fix the OFF_T check

The option number also needs to be less than CURLOPTTYPE_BLOB.

Follow-up to cac5374298
Reported-by: Jeroen Ooms
Bug: https://github.com/

typecheck-gcc.h: fix the OFF_T check

The option number also needs to be less than CURLOPTTYPE_BLOB.

Follow-up to cac5374298
Reported-by: Jeroen Ooms
Bug: https://github.com/curl/curl/pull/5365#issuecomment-631084114

show more ...

defines: avoid underscore-prefixed defines

Double-underscored or underscore plus uppercase letter at least.

... as they're claimed to be reserved.

Reported-by: patnyb on gi

defines: avoid underscore-prefixed defines

Double-underscored or underscore plus uppercase letter at least.

... as they're claimed to be reserved.

Reported-by: patnyb on github

Fixes #4254
Closes #4255

show more ...

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.

Fixes #3653
Closes #3790

NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.

Closes https://github.com/curl/curl/pull/4186

show more ...

typecheck: add 3 missing strings and a callback data pointer

Closes #4050

typecheck: CURLOPT_CONNECT_TO takes an slist too

Additionally, add an alias in curl.h for slist-using options so that
we can grep/parse those out at will.

Closes #4042

Revert all SASL authzid (new feature) commits

- Revert all commits related to the SASL authzid feature since the next
release will be a patch release, 7.65.1.

Prior to this ch

Revert all SASL authzid (new feature) commits

- Revert all commits related to the SASL authzid feature since the next
release will be a patch release, 7.65.1.

Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined
for the next release, assuming it would be a feature release 7.66.0.
However instead the next release will be a patch release, 7.65.1 and
will not contain any new features.

After the patch release after the reverted commits can be restored by
using cherry-pick:

git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690

Details for all reverted commits:

Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()."

This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a.

Revert "tests: Fix the line endings for the SASL alt-auth tests"

This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221.

Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples"

This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75.

Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool"

This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817.

Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID"

This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.

show more ...

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.

Fixed #3653
Closes #3790

show more ...