TLS: add support for ECH (Encrypted Client Hello)

An EXPERIMENTAL feature used with CURLOPT_ECH and --ech.

Closes #11922

curldown: Fix email address in Copyright

The curldown conversion accidentally replaced daniel@haxx.se with
just daniel.se. This reverts back to the proper email address in
the curld

curldown: Fix email address in Copyright

The curldown conversion accidentally replaced daniel@haxx.se with
just daniel.se. This reverts back to the proper email address in
the curldown docs as well as in a few other stray places where it
was incorrect (while unrelated to curldown).

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes: #12997

show more ...

CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add

Proposed-by: Yifei Kong
Ref: https://curl.se/mail/lib-2023-11/0023.html
Closes #12369

haproxy: add --haproxy-clientip flag to spoof client IPs

CURLOPT_HAPROXY_CLIENT_IP in the library

Closes #10779

CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS

Deprecate the name using three Ls and prefer the name with two.

Replaces #10047
Closes #11218

easyoptions: Fix header printing in generation script

The optiontable.pl script prints the header comment when generating
easyoptions.c, but it wasn't escaping all characters which jumbl

easyoptions: Fix header printing in generation script

The optiontable.pl script prints the header comment when generating
easyoptions.c, but it wasn't escaping all characters which jumbled the
curl ascii logo. Fix by escaping.

Cloes #10275

show more ...

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit

Fixes #2975
Closes #9147

curl.h: add CURLOPT_CA_CACHE_TIMEOUT option

Adds a new option to control the maximum time that a cached
certificate store may be retained for.

Currently only the OpenSSL backend

curl.h: add CURLOPT_CA_CACHE_TIMEOUT option

Adds a new option to control the maximum time that a cached
certificate store may be retained for.

Currently only the OpenSSL backend implements support for
caching certificate stores.

Closes #9620

show more ...

ws: initial websockets support

Closes #8995

easyoptions: fix icc warning

easyoptions.c(360): error #188: enumerated type mixed with another type

Ref: #9156
Reported-by: Matthew Thompson
Closes #9176

CURLOPT_SERVER_RESPONSE_TIMEOUT: the new name

Starting now, CURLOPT_FTP_RESPONSE_TIMEOUT is the alias instead of the
other way around.

Since 7.20.0, CURLOPT_SERVER_RESPONSE_TIME

CURLOPT_SERVER_RESPONSE_TIMEOUT: the new name

Starting now, CURLOPT_FTP_RESPONSE_TIMEOUT is the alias instead of the
other way around.

Since 7.20.0, CURLOPT_SERVER_RESPONSE_TIMEOUT has existed as an alias
but since the option is for more protocols than FTP the more "correct"
version of the option is the "server" one so now we switch.

Closes #9104

show more ...

setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR

... as replacements for deprecated CURLOPT_PROTOCOLS and
CURLOPT_REDIR_PROTOCOLS as these new ones do not risk running i

setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR

... as replacements for deprecated CURLOPT_PROTOCOLS and
CURLOPT_REDIR_PROTOCOLS as these new ones do not risk running into the
32 bit limit the old ones are facing.

CURLINFO_PROTCOOL is now deprecated.

The curl tool is updated to use the new options.

Added test 1597 to verify the libcurl protocol parser.

Closes #8992

show more ...

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...

libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION

The callback set by CURLOPT_SSH_HOSTKEYFUNCTION is called to check
wether or not the connection should continue.

The host key is passed

libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION

The callback set by CURLOPT_SSH_HOSTKEYFUNCTION is called to check
wether or not the connection should continue.

The host key is passed in argument with a custom handle for the
application.

It overrides CURLOPT_SSH_KNOWNHOSTS

Closes #7959

show more ...

mime: use percent-escaping for multipart form field and file names

Until now, form field and file names where escaped using the
backslash-escaping algorithm defined for multipart mails.

mime: use percent-escaping for multipart form field and file names

Until now, form field and file names where escaped using the
backslash-escaping algorithm defined for multipart mails. This commit
replaces this with the percent-escaping method for URLs.

As this may introduce incompatibilities with server-side applications, a
new libcurl option CURLOPT_MIME_OPTIONS with bitmask
CURLMIMEOPT_FORMESCAPE is introduced to revert to legacy use of
backslash-escaping. This is controlled by new cli tool option
--form-escape.

New tests and documentation are provided for this feature.

Reported by: Ryan Sleevi
Fixes #7789
Closes #7805

show more ...

CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse

... and close connections that are too old instead of reusing them.

By default, this behavior is disabled.

CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse

... and close connections that are too old instead of reusing them.

By default, this behavior is disabled.

Bug: https://curl.se/mail/lib-2021-09/0058.html
Closes #7751

show more ...

easyoptions: add the two new PRE* options

Follow-up to a517378de58358a

Also fix optiontable.pl to do the correct remainder on the entry.

Reported-by: Gisle Vanem
Bug: h

easyoptions: add the two new PRE* options

Follow-up to a517378de58358a

Also fix optiontable.pl to do the correct remainder on the entry.

Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/a517378de58358a85b7cfe9efecb56051268f629#commitcomment-57224830
Closes #7791

show more ...

CURLOPT_PREREQFUNCTION: add new callback

Triggered before a request is made but after a connection is set up

Changes:

- callback: Update docs and callback for pre-request c

CURLOPT_PREREQFUNCTION: add new callback

Triggered before a request is made but after a connection is set up

Changes:

- callback: Update docs and callback for pre-request callback
- Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION,
- Add redirect test and callback failure test
- Note that the function may be called multiple times on a redirection
- Disable new 2086 test due to Windows weirdness

Closes #7477

show more ...

libssh2: add SHA256 fingerprint support

Added support for SHA256 fingerprint in command line curl and in
libcurl.

Closes #7646

SSL: support in-memory CA certs for some backends

- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
specify in-memory PEM certificates for OpenSSL, Schannel (Windows)

SSL: support in-memory CA certs for some backends

- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
and Secure Transport (Apple) SSL backends.

Prior to this change PEM certificates could only be imported from a file
and not from memory.

Co-authored-by: moparisthebest@users.noreply.github.com

Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109

Closes https://github.com/curl/curl/pull/6662

show more ...

doh: add options to disable ssl verification

- New libcurl options CURLOPT_DOH_SSL_VERIFYHOST,
CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the
same as their re

doh: add options to disable ssl verification

- New libcurl options CURLOPT_DOH_SSL_VERIFYHOST,
CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the
same as their respective counterparts.

- New curl tool options --doh-insecure and --doh-cert-status do the same
as their respective counterparts.

Prior to this change DOH SSL certificate verification settings for
verifyhost and verifypeer were supposed to be inherited respectively
from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug
were not. As a result DOH verification remained at the default, ie
enabled, and it was not possible to disable. This commit changes
behavior so that the DOH verification settings are independent and not
inherited.

Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676

Fixes https://github.com/curl/curl/issues/4578
Closes https://github.com/curl/curl/pull/6597

show more ...

easyoptions: add the missing AWS_SIGV4

Follow-up from AWS_SIGV4

curl.se: new home

Closes #6172

hsts: add read/write callbacks

- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks

Closes #5896