multi: multi_getsock(), check correct socket

- in phase CONNECTING/TUNNELING/PROTOCONNECT, retrieve
the socket from the connection filters and do not rely
on `conn->sockfd` be

multi: multi_getsock(), check correct socket

- in phase CONNECTING/TUNNELING/PROTOCONNECT, retrieve
the socket from the connection filters and do not rely
on `conn->sockfd` being already set by the transfer.
- this applies to the default behaviour, a protocol handler
may override this via its callbacks.
- add a warning message in multi_getsock() when the transfer
is expected to have something in its pollset, but instead
it is empty.

Reported-by: saurabhsingh-dev on github
Fixes #13998
Closes #14011

show more ...

managen: fix each options footer to end with newline

A previous change sometimes made a command line option's description not
end with a newline immediately before the next command line.

managen: fix each options footer to end with newline

A previous change sometimes made a command line option's description not
end with a newline immediately before the next command line.

Also widened the lines to wrap on column 79 instead of 78.

Closes #14010

show more ...

wolfssl: assume key_file equal to clientcert in the absence of key_file

When user sets CURLOPT_SSLCERT but leaves CURLOPT_SSLKEY unset assume
the path passed in CURLOPT_SSLCERT holds the

wolfssl: assume key_file equal to clientcert in the absence of key_file

When user sets CURLOPT_SSLCERT but leaves CURLOPT_SSLKEY unset assume
the path passed in CURLOPT_SSLCERT holds the ssl key which is what we do
in openssl implementation.

Fixes #14007
Closes #14008

show more ...

autotools: fix pkg-config names (zstd, ngtcp2*)

Also verified that all names now match up with CMake.

Follow-up to f057de5a1a950a90d1920021db152a4b695f1a8a #13911
Follow-up to e

autotools: fix pkg-config names (zstd, ngtcp2*)

Also verified that all names now match up with CMake.

Follow-up to f057de5a1a950a90d1920021db152a4b695f1a8a #13911
Follow-up to eeab0ea7aa19af61af881e8a0bf9ff1f2e28ef79 #13994
Reported-by: 李四
Fixes #14005
Closes #14006

show more ...

tidy-up: whitespace [ci skip]

cmdline-docs: "added in" cleanups

- markup fixes
- remove some mentions of < 7.60.0 changes

Closes #14003

RELEASE-NOTES: synced

managen: "added in" fixes

- up the limit: remove all mentions of 7.60 or earlier from manpage
7.60 is 6 years old now.
- warn on "broken" added in lines, as they avoid detection

managen: "added in" fixes

- up the limit: remove all mentions of 7.60 or earlier from manpage
7.60 is 6 years old now.
- warn on "broken" added in lines, as they avoid detection
- fixup added in markup in a few curldown files

Closes #14002

show more ...

configure: fix pkg-config library name 'libnghttp3'

Closes #13994

managen: cleanups to generate nicer-looking output

- output "see also" last
- when there are multiple mutex items, use commas between all of them
except the last.
- call them m

managen: cleanups to generate nicer-looking output

- output "see also" last
- when there are multiple mutex items, use commas between all of them
except the last.
- call them mututally exclusive WITH not TO other options.
- remove trailing space from added in, add newline prefix
- smoother language for requires

Closes #14001

show more ...

configure: require a QUIC library if nghttp3 is used

Instead of just silently disabling HTTP/3.

Reported-by: Matt Jolly
Fixes #13995
Closes #13999

docs/cmdline-opts: remove two superfluous "Added in" mentions

The key "added in" phrase for the option itself is added automatically.

Closes #14000

cookie-jar.md: see also --junk-session-cookies

Closes #13996

runtests: support crlf="yes" for the <stderr> section

TODO: -h option

Support "curl -h --insecure" etc to output the manpage section for the
--insecure command line option in the terminal. Should be possible to
work with either long or

TODO: -h option

Support "curl -h --insecure" etc to output the manpage section for the
--insecure command line option in the terminal. Should be possible to
work with either long or short versions of command line options.

Closes #13990

show more ...

trace-ascii.md: mention "%" for stderr

Closes #13991

connect-to.md: expand with examples

- add referer from the resolve section to connect-to if user wants
wildcard for the port number

Closes #13989

TODO: connect to multiple IPs in parallel

Closes #13986

dump-header.md: mention minus for stdout

Closes #13985

CURLOPT_RESOLVE.md: mention hostname can be wildcard ('*')

Closes #13983

cf-socket: optimize curlx_nonblock() and check its return error

Reviewed-by: Stefan Eissing
Closes #13942

x509asn1: prevent NULL dereference

Closes #13978

unit2604: use 'unitfail' instead of 'error' variable

Since the framework is already returning that variable by default.
Avoids a warning for unreachable code.

Reported-by: Tal R

unit2604: use 'unitfail' instead of 'error' variable

Since the framework is already returning that variable by default.
Avoids a warning for unreachable code.

Reported-by: Tal Regev
Fixes #13967
Closes #13973

show more ...

KNOWN_BUGS: TFTP tests fail on OpenBSD

Closes #13623
Closes #13975

VULN-DISCLOSURE-POLICY: NULL dereferences and crashes

If a malicious server can trigger a NULL dereference in curl or
otherwise cause curl to crash (and nothing worse), chances are big t

VULN-DISCLOSURE-POLICY: NULL dereferences and crashes

If a malicious server can trigger a NULL dereference in curl or
otherwise cause curl to crash (and nothing worse), chances are big that
we do not consider that a security problem.

Closes #13974

show more ...