Revert all SASL authzid (new feature) commits

- Revert all commits related to the SASL authzid feature since the next
release will be a patch release, 7.65.1.

Prior to this ch

Revert all SASL authzid (new feature) commits

- Revert all commits related to the SASL authzid feature since the next
release will be a patch release, 7.65.1.

Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined
for the next release, assuming it would be a feature release 7.66.0.
However instead the next release will be a patch release, 7.65.1 and
will not contain any new features.

After the patch release after the reverted commits can be restored by
using cherry-pick:

git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690

Details for all reverted commits:

Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()."

This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a.

Revert "tests: Fix the line endings for the SASL alt-auth tests"

This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221.

Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples"

This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75.

Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool"

This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817.

Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID"

This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.

show more ...

curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool

curl: make code work with protocol-disabled libcurl

Closes #3844

cleanup: remove FIXME and TODO comments

They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing

cleanup: remove FIXME and TODO comments

They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.

Ref: #3876
Closes #3883

show more ...

curl: don't set FTP options for FTP-disabled builds

... since libcurl has started to be totally unaware of options for
disabled protocols they now return error.

Bug: https://git

curl: don't set FTP options for FTP-disabled builds

... since libcurl has started to be totally unaware of options for
disabled protocols they now return error.

Bug: https://github.com/curl/curl/commit/c9c5304dd4747cbe75d2f24be85920d572fcb5b8#commitcomment-33533937

Reported-by: Marcel Raad
Closes #3886

show more ...

tool_operate: build on AmigaOS

alt-svc: the curl command line bits

cli tool: fix mime post with --disable-libcurl-option configure option

Reported-by: Marcel Raad
Fixes #3576
Closes #3583

tool_operate: fix typecheck warning

Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning:
tool_operate.c: In function 'operate_do':
../include/curl/typecheck-gcc.h:47:9:

tool_operate: fix typecheck warning

Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning:
tool_operate.c: In function 'operate_do':
../include/curl/typecheck-gcc.h:47:9: error: call to
'_curl_easy_setopt_err_long' declared with attribute warning:
curl_easy_setopt expects a long argument for this option [-Werror]

Closes https://github.com/curl/curl/pull/3534

show more ...

schannel: stop calling it "winssl"

Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alia

schannel: stop calling it "winssl"

Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alias.

Closes #3504

show more ...

http: added options for allowing HTTP/0.9 responses

Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
do

http: added options for allowing HTTP/0.9 responses

Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
Closes #3383

show more ...

curl -J: do not append to the destination file

Reported-by: Kamil Dudka
Fixes #3380
Closes #3381

ssl: replace all internal uses of CURLE_SSL_CACERT

Closes #3291

curl: fix --local-port integer overflow

The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
lib

curl: fix --local-port integer overflow

The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
libcurl however, has a strict range check for the values so it rejects
anything outside of the accepted range.

Reported-by: Brian Carpenter
Closes #3242

show more ...

curl: --doh-url added

tool_operate: Add http code 408 to transient list for --retry

- Treat 408 request timeout as transient so that curl will retry the
request if --retry was used.

Closes #2925

tool_operate: Fix setting proxy TLS 1.3 ciphers

ssl: set engine implicitly when a PKCS#11 URI is provided

This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "

ssl: set engine implicitly when a PKCS#11 URI is provided

This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.

Acked-by: Nikos Mavrogiannopoulos
Closes #2333

show more ...

option: disallow username in URL

Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes
libcurl reject URLs with a username in them.

Closes #2340

setopt: add TLS 1.3 ciphersuites

Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.

curl: added --tls13-ciphers and --proxy-tls13-ciphers

Fixes #2435
Reported-

setopt: add TLS 1.3 ciphersuites

Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.

curl: added --tls13-ciphers and --proxy-tls13-ciphers

Fixes #2435
Reported-by: zzq1015 on github
Closes #2607

show more ...

curl: show headers in bold

The feature is only enabled if the output is believed to be a tty.

-J: There's some minor differences and improvements in -J handling, as
now J should

curl: show headers in bold

The feature is only enabled if the output is believed to be a tty.

-J: There's some minor differences and improvements in -J handling, as
now J should work with -i and it actually creates a file first using the
initial name and then *renames* that to the one found in
Content-Disposition (if any).

-i: only shows headers for HTTP transfers now (as documented).
Previously it would also show for pieces of the transfer that were HTTP
(for example when doing FTP over a HTTP proxy).

-i: now shows trailers as well. Previously they were not shown at all.

--libcurl: the CURLOPT_HEADER is no longer set, as the header output is
now done in the header callback.

show more ...

checksrc: force indentation of lines after an else

This extends the INDENTATION case to also handle 'else' statements
and require proper indentation on the following line. Also fixes the

checksrc: force indentation of lines after an else

This extends the INDENTATION case to also handle 'else' statements
and require proper indentation on the following line. Also fixes the
offending cases found in the codebase.

Closes #2532

show more ...

schannel: add support for CURLOPT_CAINFO

- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
f

schannel: add support for CURLOPT_CAINFO

- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
from schannel.c have been moved to schannel.h to allow them to be
used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
all versions of Windows instead of just Windows CE. verify_certificate
will be invoked on Windows CE or when the user specifies
CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
exclusively trusts the certificate store backed by the CURLOPT_CAINFO
file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
when available. This implements a TODO in schannel.c to improve
handling of multiple SANs in a certificate. In particular, all SANs
will now be searched instead of just the first name.

- Update tool_operate.c to not search for the curl-ca-bundle.crt file
when using Schannel to maintain backward compatibility. Previously,
any curl-ca-bundle.crt file found in that search would have been
ignored by Schannel. But, with CAINFO support, the file found by
that search would have been used as the certificate store and
could cause issues for any users that have curl-ca-bundle.crt in
the search path.

- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
SSL backend is Schannel. We allow setting CA location for schannel
only when explicitly specified by the user via CURLOPT_CAINFO /
--cacert.

- Add new test cases 3000 and 3001. These test cases check that the first
and last SAN, respectively, matches the connection hostname. New test
certificates have been added for these cases. For 3000, the certificate
prefix is Server-localhost-firstSAN and for 3001, the certificate
prefix is Server-localhost-secondSAN.

- Remove TODO 15.2 (Add support for custom server certificate
validation), this commit addresses it.

Closes https://github.com/curl/curl/pull/1325

show more ...

tool_operate: Fix retry on FTP 4xx to ignore other protocols

Only treat response code as FTP response codes in case the
protocol type is FTP.

This fixes an issue where an HTTP d

tool_operate: Fix retry on FTP 4xx to ignore other protocols

Only treat response code as FTP response codes in case the
protocol type is FTP.

This fixes an issue where an HTTP download was treated as FTP
in case libcurl returned with 33. This happens when the
download has already finished and the server responses 416:
HTTP/1.1 416 Requested Range Not Satisfiable

This should not be treated as an FTP error.

Fixes #2464
Closes #2465

show more ...

CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol

Add --haproxy-protocol for the command line tool

Closes #2162