http: streamclose "already downloaded"

Instead of connclose()ing, since when HTTP/2 is used it doesn't need to
close the connection as stopping the current transfer is enough.

R

http: streamclose "already downloaded"

Instead of connclose()ing, since when HTTP/2 is used it doesn't need to
close the connection as stopping the current transfer is enough.

Reported-by: Evangelos Foutras
Closes #8665

show more ...

http: correct the header error message to say colon

Not semicolon

Reported-by: Gisle Vanem
Ref: #8666
Closes #8667

lib: #ifdef on USE_HTTP2 better

... as nghttp2 might not be the library that provides HTTP/2 support.

Closes #8661

http: close the stream (not connection) on time condition abort

Closes #8664

header api: add curl_easy_header and curl_easy_nextheader

Add test 1940 to 1946 to verify.

Closes #8593

http: return error on colon-less HTTP headers

It's a protocol violation and accepting them leads to no good.

Add test case 398 to verify

Closes #8610

http: reject header contents with nul bytes

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where C functions are used but won't work on the

http: reject header contents with nul bytes

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where C functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new coming headers API work.

Updated test 262 to verify and enabled it for hyper as well

Closes #8601

show more ...

http: fix "unused parameter ‘conn’" warning

Follow-up from 7d600ad1c395

Spotted on appveyor

Closes #8465

urldata: remove conn->bits.user_passwd

The authentication status should be told by the transfer and not the
connection.

Reported-by: John H. Ayad
Fixes #8449
Closes #8451

misc: remove strlen for Curl_checkheaders + Curl_checkProxyheaders

Closes #8409

misc: reduce strlen() calls with Curl_dyn_add()

Use STRCONST() to switch from Curl_dyn_add() to Curl_dyn_addn() for
string literals.

Closes #8398

http: make Curl_compareheader() take string length arguments too

Also add STRCONST, a macro that returns a string literal and it's length
for functions that take "string,len"

Re

http: make Curl_compareheader() take string length arguments too

Also add STRCONST, a macro that returns a string literal and it's length
for functions that take "string,len"

Removes unnecesary calls to strlen().

Closes #8391

show more ...

http2: allow CURLOPT_HTTPHEADER change ":scheme"

The only h2 psuedo header that wasn't previously possible to change by a
user. This change also makes it impossible to send a HTTP/1 head

http2: allow CURLOPT_HTTPHEADER change ":scheme"

The only h2 psuedo header that wasn't previously possible to change by a
user. This change also makes it impossible to send a HTTP/1 header that
starts with a colon, which I don't think anyone does anyway.

The other pseudo headers are possible to change indirectly by doing the
rightly crafted request.

Reported-by: siddharthchhabrap on github
Fixes #8381
Closes #8393

show more ...

lib: remove support for CURL_DOES_CONVERSIONS

TPF was the only user and support for that was dropped.

Closes #8378

docs: update IETF links to use datatracker

The tools.ietf.org domain has been deprecated a while now, with the
links being redirected to datatracker.ietf.org.

Rather than make p

docs: update IETF links to use datatracker

The tools.ietf.org domain has been deprecated a while now, with the
links being redirected to datatracker.ietf.org.

Rather than make people eat that redirect time, this change switches the
URL to a more canonical source.

Closes #8317

show more ...

checksrc: detect more kinds of NULL comparisons we avoid

Co-authored-by: Jay Satiro
Closes #8180

http: Fix CURLOPT_HTTP200ALIASES

The httpcode < 100 check was also triggered when none of the fields were
parsed, thus making the if(!nc) block unreachable.

Closes #8171

http: enable haproxy support for hyper backend

This is done by having native code do the haproxy header output before
hyper issues its request. The little downside with this approach is

http: enable haproxy support for hyper backend

This is done by having native code do the haproxy header output before
hyper issues its request. The little downside with this approach is that
we need the entire Curl_buffer_send() function built, which is otherwise
not used for hyper builds.

If hyper ends up getting native support for the haproxy protocols we can
backpedal on this.

Enables test 1455 and 1456

Closes #8034

show more ...

http: reject HTTP response codes < 100

... which then also includes negative ones as test 1430 uses.

This makes native + hyper backend act identically on this and therefore
test

http: reject HTTP response codes < 100

... which then also includes negative ones as test 1430 uses.

This makes native + hyper backend act identically on this and therefore
test 1430 can now be enabled when building with hyper. Adjust test 1431
as well.

Closes #7909

show more ...

http: set content length earlier

- Make content length (ie download size) accessible to the user in the
header callback, but only after all headers have been processed (ie
only i

http: set content length earlier

- Make content length (ie download size) accessible to the user in the
header callback, but only after all headers have been processed (ie
only in the final call to the header callback).

Background:

For a long time the content length could be retrieved in the header
callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed
by curl.

Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length
if any transfer encoding is used. A side effect of that was that
content length was not set by libcurl until after the header callback
was called the final time, because until all headers are processed it
cannot be determined if content length is valid.

This change keeps the same intention --all headers must be processed--
but now the content length is available before the final call to the
header function that indicates all headers have been processed (ie
a blank header).

Bug: https://github.com/curl/curl/commit/8a16e54#r57374914
Reported-by: sergio-nsk@users.noreply.github.com

Co-authored-by: Daniel Stenberg

Fixes https://github.com/curl/curl/issues/7804
Closes https://github.com/curl/curl/pull/7803

show more ...

http: remove assert that breaks hyper

Reported-by: Jay Satiro
Fixes #7852
Closes #7855

http: fix Basic auth with empty name field in URL

Add test 367 to verify.

Reported-by: Rick Lane
Fixes #7819
Closes #7820

http: fix the broken >3 digit response code detection

When the "reason phrase" in the HTTP status line starts with a digit,
that was treated as the forth response code digit and curl wou

http: fix the broken >3 digit response code detection

When the "reason phrase" in the HTTP status line starts with a digit,
that was treated as the forth response code digit and curl would claim
the response to be non-compliant.

Added test 1466 to verify this case.

Regression brought by 5dc594e44f73b17
Reported-by: Glenn de boer
Fixes #7738
Closes #7739

show more ...

http: ignore content-length if any transfer-encoding is used

Fixes #7643
Closes #7649

http: disallow >3-digit response codes

Make the built-in HTTP parser behave similar to hyper and reject any
HTTP response using more than 3 digits for the response code.

Updated

http: disallow >3-digit response codes

Make the built-in HTTP parser behave similar to hyper and reject any
HTTP response using more than 3 digits for the response code.

Updated test 1432 accordingly.
Enabled test 1432 in the hyper builds.

Closes #7641

show more ...