setopt: return error for bad input to CURLOPT_RTSP_REQUEST

And leave the value untouched. Previously, an unrecognized argument
would reset it to RTSPREQ_NONE (and still return OK).

setopt: return error for bad input to CURLOPT_RTSP_REQUEST

And leave the value untouched. Previously, an unrecognized argument
would reset it to RTSPREQ_NONE (and still return OK).

Closes #15440

show more ...

setopt_cptr: make overflow check only done when needed

An overflow check for if the value of a curl_off_t is larger than a
size_t can hold, is only necessary if the two types are actuall

setopt_cptr: make overflow check only done when needed

An overflow check for if the value of a curl_off_t is larger than a
size_t can hold, is only necessary if the two types are actually
differently sized, now checked by the preprocessor. To avoid
"Unreachable Conditional".

Closes #15439

show more ...

setopt: split Curl_vsetopt() into several sub functions

Reduce the ~3000 line super function into smaller pieces, easier to read and
manage.

Extract the option's argument earlie

setopt: split Curl_vsetopt() into several sub functions

Reduce the ~3000 line super function into smaller pieces, easier to read and
manage.

Extract the option's argument earlier and use a fixed type instead of using
va_arg() everywhere.

Closes #15376

show more ...

curl.h: remove the struct pointer for CURL/CURLSH/CURLM typedefs

It makes the callbacks get different signnatures when used from within
libcurl vs outside of it by libcurl-using applicat

curl.h: remove the struct pointer for CURL/CURLSH/CURLM typedefs

It makes the callbacks get different signnatures when used from within
libcurl vs outside of it by libcurl-using applications (such as the
libtests) and this triggers UndefinedBehaviorSanitizer errors.

Closes #15289

show more ...

TLS: TLSv1.3 earlydata support for curl

Based on #14135, implement TLSv1.3 earlydata support for the curl
command line, libcurl and its implementation in GnuTLS.

If a known TLS

TLS: TLSv1.3 earlydata support for curl

Based on #14135, implement TLSv1.3 earlydata support for the curl
command line, libcurl and its implementation in GnuTLS.

If a known TLS session announces early data support, and the feature is
enabled *and* it is not a "connect-only" transfer, delay the TLS
handshake until the first request is being sent.

- Add --tls-earldata as new boolean command line option for curl.
- Add CURLSSLOPT_EARLYDATA to libcurl to enable use of the feature.
- Add CURLINFO_EARLYDATA_SENT_T to libcurl, reporting the amount of
bytes sent and accepted/rejected by the server.

Implementation details:
- store the ALPN protocol selected at the SSL session.
- When reusing the session and enabling earlydata, use exactly
that ALPN protocol for negoptiation with the server. When the
sessions ALPN does not match the connections ALPN, earlydata
will not be enabled.
- Check that the server selected the correct ALPN protocol for
an earlydata connect. If the server does not confirm or reports
something different, the connect fails.
- HTTP/2: delay sending the initial SETTINGS frames during connect,
if not connect-only.

Verification:
- add test_02_32 to verify earlydata GET with nghttpx.
- add test_07_70 to verify earlydata PUT with nghttpx.
- add support in 'hx-download', 'hx-upload' clients for the feature

Assisted-by: ad-chaos on github
Closes #15211

show more ...

setopt: avoid superfluous length checks before strcmp()

Simplify the checks

Closes #15192

setopt: use a single function for HTTPAUTH and PROXYAUTH

Avoid duplicated almost-the-same code.

Closes #15182

lib: avoid assigning 'result' temporarily

Closes #15122

WebSockets: make support official (non-experimental)

Inverts the configure/cmake options to instead provide options that
disable WebSockets and have them (ws + wss) enabled by default.

WebSockets: make support official (non-experimental)

Inverts the configure/cmake options to instead provide options that
disable WebSockets and have them (ws + wss) enabled by default.

Closes #14936

show more ...

lib/src: white space edits to comply better with code style

... as checksrc now finds and complains about these.

Closes #14921

setopt: remove superfluous use of ternary expressions

Closes #14884

test1521: verify setting options to NULL better

Previously this test allowed several error values when setting options.
This made this test miss #14629.

Now, errors are generall

test1521: verify setting options to NULL better

Previously this test allowed several error values when setting options.
This made this test miss #14629.

Now, errors are generally not accepted for setopts:

- numerical setopts accept CURLE_BAD_FUNCTION_ARGUMENT for funny input
- the first setopt to an option accepts CURLE_NOT_BUILT_IN or
CURLE_UNKNOWN_OPTION for when they are disabled/not built-in
- there is an allowlist concept for some return code for some variables,
managed at the top of the mk-lib1521.pl script

In curl.h: remove the OBSOLETE named values from the setopt list.

Closes #14634

show more ...

setopt: make CURLOPT_TFTP_BLKSIZE accept bad values

... and just move them into the accepted range. Like how buffersize and
a few other options work.

Closes #14634

setopt: let CURLOPT_ECH set to NULL reset to default

Because NULL is documented as default and most options that take
pointers accept NULL to reset back to internal default.

Clo

setopt: let CURLOPT_ECH set to NULL reset to default

Because NULL is documented as default and most options that take
pointers accept NULL to reset back to internal default.

Closes #14634

show more ...

setopt: allow CURLOPT_INTERFACE to be set to NULL

Ref: https://github.com/curl/curl/discussions/14299#discussioncomment-10393909
Regression from 3060557af702dd591 (shipped in 8.9.0)

setopt: allow CURLOPT_INTERFACE to be set to NULL

Ref: https://github.com/curl/curl/discussions/14299#discussioncomment-10393909
Regression from 3060557af702dd591 (shipped in 8.9.0)

Closes #14629

show more ...

vtls: add SSLSUPP_CIPHER_LIST

Added SSLSUPP_CIPHER_LIST so be able to differniate SSL Backends
that support CURLOPT_SSL_CIPHER_LIST.

Closes #14406

tidy-up: OS names

Use these words and casing more consistently across text, comments and
one curl tool output:
AIX, ALPN, ANSI, BSD, Cygwin, Darwin, FreeBSD, GitHub, HP-UX, Linux,

tidy-up: OS names

Use these words and casing more consistently across text, comments and
one curl tool output:
AIX, ALPN, ANSI, BSD, Cygwin, Darwin, FreeBSD, GitHub, HP-UX, Linux,
macOS, MS-DOS, MSYS, MinGW, NTLM, POSIX, Solaris, UNIX, Unix, Unicode,
WINE, WebDAV, Win32, winbind, WinIDN, Windows, Windows CE, Winsock.

Mostly OS names and a few more.

Also a couple of other minor text fixups.

Closes #14360

show more ...

vtls: replace addsessionid with set_sessionid

- deduplicate the code in many tls backends that check
for an existing id and delete it before adding the new one
- rename ssl_primary

vtls: replace addsessionid with set_sessionid

- deduplicate the code in many tls backends that check
for an existing id and delete it before adding the new one
- rename ssl_primary_config's `sessionid` bool to `cache_session`

Closes #14121

show more ...

code: language cleanup in comments

Based on the standards and guidelines we use for our documentation.

- expand contractions (they're => they are etc)
- host name = > hostname

code: language cleanup in comments

Based on the standards and guidelines we use for our documentation.

- expand contractions (they're => they are etc)
- host name = > hostname
- file name => filename
- user name = username
- man page => manpage
- run-time => runtime
- set-up => setup
- back-end => backend
- a HTTP => an HTTP
- Two spaces after a period => one space after period

Closes #14073

show more ...

docs: misc language polish

- CURLINFO_FILETIME*: improve language
- add '32bit' and '64bit' as bad words, use 32-bit and 64-bit
- mksymbolsmanpage.pl: avoid "will"

Closes #1

docs: misc language polish

- CURLINFO_FILETIME*: improve language
- add '32bit' and '64bit' as bad words, use 32-bit and 64-bit
- mksymbolsmanpage.pl: avoid "will"

Closes #14070

show more ...

tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt

Closes #13885

lib: tidy up types and casts

Cherry-picked from #13489
Closes #13862

socket: support binding to interface *AND* IP

Introduce new notation for CURLOPT_INTERFACE / --interface:
ifhost!<interface>!<host>

Binding to an interface doesn't set the addre

socket: support binding to interface *AND* IP

Introduce new notation for CURLOPT_INTERFACE / --interface:
ifhost!<interface>!<host>

Binding to an interface doesn't set the address, and an interface can
have multiple addresses.

When binding to an address (without interface), the kernel is free to
choose the route, and it can route through any device that can access
the target address, not necessarily the one with the chosen address.

Moreover, it is possible for different interfaces to have the same IP
address, on which case we need to provide a way to be more specific.

Factor out the parsing part of interface option, and add unit tests:
1663.

Closes #13719

show more ...

wolfssl: support CA caching

As a bonus, add SSLSUPP_CA_CACHE to let TLS backends signal its support
for this so that *setopt() return error if there is no support.

Closes #13786

setopt: acknowledge errors proper for CURLOPT_COOKIEJAR

Error out on error, do not continue.

Closes #13624