os400: Sync libcurl API options

This fixes the OS400 build and also an incorrect entry for
CURLINFO_APPCONNECT_TIME_T where it was treated as
CURLINFO_STARTTRANSFER_TIME_T.

os400: Sync libcurl API options

This fixes the OS400 build and also an incorrect entry for
CURLINFO_APPCONNECT_TIME_T where it was treated as
CURLINFO_STARTTRANSFER_TIME_T.

Reported-by: Jon Rumsey

Fixes https://github.com/curl/curl/issues/6083
Closes https://github.com/curl/curl/pull/6084

show more ...

windows: add unicode to feature list

Reviewed-by: Marcel Raad
Reviewed-by: Marc Hörsken

Closes #5491

copyright: fix out-of-date copyright ranges and missing headers

Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyrigh

copyright: fix out-of-date copyright ranges and missing headers

Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.

Removed three (mostly usesless) README files from docs/

Closes #5141

show more ...

schannel: add "best effort" revocation check option

- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.

schannel: add "best effort" revocation check option

- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981

show more ...

ngtcp2: Add an error code for QUIC connection errors

- Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection
errors.

Prior to this change CURLE_FAILED_INIT was used,

ngtcp2: Add an error code for QUIC connection errors

- Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection
errors.

Prior to this change CURLE_FAILED_INIT was used, but that was not
correct.

Closes https://github.com/curl/curl/pull/4754

show more ...

multi: Change curl_multi_wait/poll to error on negative timeout

- Add new error CURLM_BAD_FUNCTION_ARGUMENT and return that error when
curl_multi_wait/poll is passed timeout param < 0.

multi: Change curl_multi_wait/poll to error on negative timeout

- Add new error CURLM_BAD_FUNCTION_ARGUMENT and return that error when
curl_multi_wait/poll is passed timeout param < 0.

Prior to this change passing a negative value to curl_multi_wait/poll
such as -1 could cause the function to wait forever.

Reported-by: hamstergene@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4763

Closes https://github.com/curl/curl/pull/4765

show more ...

os400: Add missing CURLE error constants

Bug: https://github.com/curl/curl/pull/4754#issuecomment-569126922
Reported-by: Emil Engler

lib: fix some loose ends for recently added CURLSSLOPT_NO_PARTIALCHAIN

Add support for CURLSSLOPT_NO_PARTIALCHAIN in CURLOPT_PROXY_SSL_OPTIONS
and OS400 package spec.

Also I add

lib: fix some loose ends for recently added CURLSSLOPT_NO_PARTIALCHAIN

Add support for CURLSSLOPT_NO_PARTIALCHAIN in CURLOPT_PROXY_SSL_OPTIONS
and OS400 package spec.

Also I added the option to the NameValue list in the tool even though it
isn't exposed as a command-line option (...yet?). (NameValue stringizes
the option name for the curl cmd -> libcurl source generator)

Follow-up to 564d88a which added CURLSSLOPT_NO_PARTIALCHAIN.

Ref: https://github.com/curl/curl/pull/4655

show more ...

multi: add curl_multi_wakeup()

This commit adds curl_multi_wakeup() which was previously in the TODO
list under the curl_multi_unblock name.

On some platforms and with some conf

multi: add curl_multi_wakeup()

This commit adds curl_multi_wakeup() which was previously in the TODO
list under the curl_multi_unblock name.

On some platforms and with some configurations this feature might not be
available or can fail, in these cases a new error code
(CURLM_WAKEUP_FAILURE) is returned from curl_multi_wakeup().

Fixes #4418
Closes #4608

show more ...

CURLMOPT_MAX_CONCURRENT_STREAMS: new setopt

Closes #4410

CURLOPT_H3: removed

There's no use for this anymore and it was never in a release.

Closes #4206

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.

Fixes #3653
Closes #3790

NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.

Closes https://github.com/curl/curl/pull/4186

show more ...

OS400: Add CURLOPT_H3 symbols

Follow-up to 3af0e76 which added experimental H3 support.

Closes https://github.com/curl/curl/pull/4185

Revert all SASL authzid (new feature) commits

- Revert all commits related to the SASL authzid feature since the next
release will be a patch release, 7.65.1.

Prior to this ch

Revert all SASL authzid (new feature) commits

- Revert all commits related to the SASL authzid feature since the next
release will be a patch release, 7.65.1.

Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined
for the next release, assuming it would be a feature release 7.66.0.
However instead the next release will be a patch release, 7.65.1 and
will not contain any new features.

After the patch release after the reverted commits can be restored by
using cherry-pick:

git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690

Details for all reverted commits:

Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()."

This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a.

Revert "tests: Fix the line endings for the SASL alt-auth tests"

This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221.

Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples"

This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75.

Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool"

This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817.

Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID"

This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.

show more ...

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.

Fixed #3653
Closes #3790

show more ...

os400: Add CURLOPT_MAXAGE_CONN to ILE/RPG bindings

os400: alt-svc support.

Although experimental, enable it in the platform config file.
Upgrade ILE/RPG binding.

os400: upgrade ILE/RPG binding.

- Trailer function support.
- http 0.9 option.
- curl_easy_upkeep.

ssl: replace all internal uses of CURLE_SSL_CACERT

Closes #3291

os400: add CURLOPT_CURLU to ILE/RPG binding.

os400: Add curl_easy_conn_upkeep() to ILE/RPG binding.

os400: fix return type of curl_easy_pause() in ILE/RPG binding.

OS400: add URL API ccsid wrappers and sync ILE/RPG bindings

vtls: add MesaLink to curl_sslbackend enum

MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the
backend was never added to the curl_sslbackend enum in curl/curl.h.
Th

vtls: add MesaLink to curl_sslbackend enum

MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the
backend was never added to the curl_sslbackend enum in curl/curl.h.
This adds the new backend to the enum and updates the relevant docs.

Closes #3195
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

os400: add new option in ILE/RPG binding

Follow-up to commit 946ce5b