cf-socket: show errno in tcpkeepalive error messages

- If the socket keepalive options (TCP_KEEPIDLE, etc) cannot be set
then show the errno in the verbose error messages.

Ref

cf-socket: show errno in tcpkeepalive error messages

- If the socket keepalive options (TCP_KEEPIDLE, etc) cannot be set
then show the errno in the verbose error messages.

Ref: https://github.com/curl/curl/discussions/12715#discussioncomment-8151652

Closes https://github.com/curl/curl/pull/12726

show more ...

tool_getparam: stop supporting `@filename` style for --cookie

The `@filename` style was never documented for --cookie <data|filename>
but prior to this change curl would accept it anyway

tool_getparam: stop supporting `@filename` style for --cookie

The `@filename` style was never documented for --cookie <data|filename>
but prior to this change curl would accept it anyway and always treat a
@ prefixed string as a filename.

That's a problem if the string also contains a = sign because then it is
documented to be interpreted as a cookie string and not a filename.

Example:

`--cookie @foo=bar`

Before: Interpreted as load cookies from filename foo=bar.

After: Interpreted as cookie `@foo=bar` (name `@foo` and value `bar`).

Other curl options with a data/filename option-value use the `@filename`
to distinguish filenames which is probably how this happened. The
--cookie option has never been documented that way.

Ref: https://curl.se/docs/manpage.html#-b

Closes https://github.com/curl/curl/pull/12645

show more ...

websockets: refactor decode chain

- use client writer stack for decoding frames
- move websocket protocol handler to ws.c

Closes #12713

websockets: check for negative payload lengths

- in en- and decoding, check the websocket frame payload lengths for
negative values (from curl_off_t) and error the operation in that ca

websockets: check for negative payload lengths

- in en- and decoding, check the websocket frame payload lengths for
negative values (from curl_off_t) and error the operation in that case
- add test 2307 to verify

Closes #12707

show more ...

docs: mention env vars not used by schannel

Ref: #12704

Co-authored-by: Jay Satiro <raysatiro@yahoo.com>

Closes #12711

tool_operate: make --remove-on-error only remove "real" files

Reported-by: Harry Sintonen
Assisted-by: Dan Fandrich

Closes #12710

url: don't set default CA paths for Secure Transport backend

As the default for this backend is the native CA store.

Closes #12704

asyn-ares: with modern c-ares, use its default timeout

Closes #12703

tool_operate: stop setting the file comment on Amiga

- the URL is capped at 80 cols, which ruins it if longer
- it does not strip off URL credentials
- it is done unconditonally, not

tool_operate: stop setting the file comment on Amiga

- the URL is capped at 80 cols, which ruins it if longer
- it does not strip off URL credentials
- it is done unconditonally, not on --xattr
- we don't have Amiga in the CI which makes fixing it blindly fragile

Someone who builds and tests on Amiga can add it back correctly in a
future if there is a desire.

Reported-by: Harry Sintonen
Closes #12709

show more ...

rtsp: deal with borked server responses

- enforce a response body length of 0, if the
response has no Content-lenght. This is according
to the RTSP spec.
- excess bytes in a

rtsp: deal with borked server responses

- enforce a response body length of 0, if the
response has no Content-lenght. This is according
to the RTSP spec.
- excess bytes in a response body are forwarded to
the client writers which will report and fail the
transfer

Follow-up to d7b6ce6
Fixes #12701
Closes #12706

show more ...

version: show only the libpsl version, not its dependencies

The libpsl version output otherwise also includes version number for its
dependencies, like IDN lib, but since libcurl does no

version: show only the libpsl version, not its dependencies

The libpsl version output otherwise also includes version number for its
dependencies, like IDN lib, but since libcurl does not use libpsl's IDN
functionality those components are not important.

Ref: https://github.com/curl/curl-for-win/issues/63
Closes #12700

show more ...

curl.h: CURLOPT_DNS_SERVERS is only available with c-ares

Closes #12695

cmdline-opts/gen.pl: error on initital blank line

After the "---" separator, there should be no blank line and this script
now errors out if one is detected.

Ref: #12696
Clo

cmdline-opts/gen.pl: error on initital blank line

After the "---" separator, there should be no blank line and this script
now errors out if one is detected.

Ref: #12696
Closes #12698

show more ...

cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper

Follow-up to 693cd1679361828a which was incomplete

Ref #12680
Closes #12697

curl_multi_fdset.3: remove mention of null pointer support

... since this funtion has not supported null pointer fd_set arguments since
at least 2006. (That's when I stopped my git blame

curl_multi_fdset.3: remove mention of null pointer support

... since this funtion has not supported null pointer fd_set arguments since
at least 2006. (That's when I stopped my git blame journey)

Fixes #12691
Reported-by: sfan5 on github
Closes #12692

show more ...

docs/cmdline: remove unnecessary line breaks

Closes #12696

transfer: remove warning: Value stored to 'blen' is never read

Detected by scan-build

Follow-up from 1cd2f0072f

Closes #12693

lib: replace readwrite with write_resp

This clarifies the handling of server responses by folding the code for
the complicated protocols into their protocol handlers. This concerns
m

lib: replace readwrite with write_resp

This clarifies the handling of server responses by folding the code for
the complicated protocols into their protocol handlers. This concerns
mainly HTTP and its bastard sibling RTSP.

The terms "read" and "write" are often used without clear context if
they refer to the connect or the client/application side of a
transfer. This PR uses "read/write" for operations on the client side
and "send/receive" for the connection, e.g. server side. If this is
considered useful, we can revisit renaming of further methods in another
PR.

Curl's protocol handler `readwrite()` method been changed:

```diff
- CURLcode (*readwrite)(struct Curl_easy *data, struct connectdata *conn,
- const char *buf, size_t blen,
- size_t *pconsumed, bool *readmore);
+ CURLcode (*write_resp)(struct Curl_easy *data, const char *buf, size_t blen,
+ bool is_eos, bool *done);
```

The name was changed to clarify that this writes reponse data to the
client side. The parameter changes are:

* `conn` removed as it always operates on `data->conn`
* `pconsumed` removed as the method needs to handle all data on success
* `readmore` removed as no longer necessary
* `is_eos` as indicator that this is the last call for the transfer
response (end-of-stream).
* `done` TRUE on return iff the transfer response is to be treated as
finished

This change affects many files only because of updated comments in
handlers that provide no implementation. The real change is that the
HTTP protocol handlers now provide an implementation.

The HTTP protocol handlers `write_resp()` implementation will get passed
**all** raw data of a server response for the transfer. The HTTP/1.x
formatted status and headers, as well as the undecoded response
body. `Curl_http_write_resp_hds()` is used internally to parse the
response headers and pass them on. This method is public as the RTSP
protocol handler also uses it.

HTTP/1.1 "chunked" transport encoding is now part of the general
*content encoding* writer stack, just like other encodings. A new flag
`CLIENTWRITE_EOS` was added for the last client write. This allows
writers to verify that they are in a valid end state. The chunked
decoder will check if it indeed has seen the last chunk.

The general response handling in `transfer.c:466` happens in function
`readwrite_data()`. This mainly operates now like:

```
static CURLcode readwrite_data(data, ...)
{
do {
Curl_xfer_recv_resp(data, buf)
...
Curl_xfer_write_resp(data, buf)
...
} while(interested);
...
}
```

All the response data handling is implemented in
`Curl_xfer_write_resp()`. It calls the protocol handler's `write_resp()`
implementation if available, or does the default behaviour.

All raw response data needs to pass through this function. Which also
means that anyone in possession of such data may call
`Curl_xfer_write_resp()`.

Closes #12480

show more ...

RELEASE-NOTES: synced

TODO: TFTP doesn't convert LF to CRLF for mode=netascii

Closes #12655
Closes #12690

gen: do italics/bold for a range of letters, not just single word

Previously it would match only on a sequence of non-space, which made it
miss to highlight for example "public suffix li

gen: do italics/bold for a range of letters, not just single word

Previously it would match only on a sequence of non-space, which made it
miss to highlight for example "public suffix list".

Updated the recent cookie.d edit from 5da57193b732 to use bold instead
of italics.

Closes #12689

show more ...

docs: describe and highlight super cookies

Reported-by: Yadhu Krishna M

Closes #12687

configure: when enabling QUIC, check that TLS supports QUIC

Most importantly perhaps is when using OpenSSL that the used
build/flavor has the QUIC API: the vanilla OpenSSL does not, only

configure: when enabling QUIC, check that TLS supports QUIC

Most importantly perhaps is when using OpenSSL that the used
build/flavor has the QUIC API: the vanilla OpenSSL does not, only
BoringSSL, libressl, AWS-LC and quictls do.

Ref: https://github.com/curl/curl/commit/5d044ad9480a9f556f4b6a252d7533b1ba7fe57e#r136780413

Closes #12683

show more ...

vquic: extract TLS setup into own source

- separate ngtcp2 specific parts out
- provide callback during init to allow ngtcp2 to apply its defaults

Closes #12678

multi: remove total timer reset in file_do() while fetching file://

The total timer is properly reset in MSTATE_INIT. MSTATE_CONNECT starts
with resetting the timer that is a start poin

multi: remove total timer reset in file_do() while fetching file://

The total timer is properly reset in MSTATE_INIT. MSTATE_CONNECT starts
with resetting the timer that is a start point for further multi states.
If file://, MSTATE_DO calls file_do() that should not reset the total
timer. Otherwise, the total time is always less than the pre-transfer
and the start transfer times.

Closes #12682

show more ...