http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT

Extended test 80 to verify this.

Reported-by: Stefan Eissing
Fixes #12680
Closes #12681

sectransp: do verify_cert without memdup for blobs

Since the information is then already stored in memory, this can avoid
an extra set of malloc + free calls.

Closes #12679

hsts: remove assert for zero length domain

A zero length domain can happen if the HSTS parser is given invalid
input data which is not unheard of and is done by the fuzzer.

Foll

hsts: remove assert for zero length domain

A zero length domain can happen if the HSTS parser is given invalid
input data which is not unheard of and is done by the fuzzer.

Follow-up from cfe7902111ae547873

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661

Closes #12676

show more ...

headers: make sure the trailing newline is not stored

extended test1940 to verify blank header fields too

Bug: https://curl.se/mail/lib-2024-01/0019.html
Reported-by: Dmitry Kar

headers: make sure the trailing newline is not stored

extended test1940 to verify blank header fields too

Bug: https://curl.se/mail/lib-2024-01/0019.html
Reported-by: Dmitry Karpov
Closes #12675

show more ...

curl_easy_header.3: tiny language fix

Closes #12672

examples/range.c: add

Closes #12671

examples/netrc.c: add

Closes #12671

examples/ipv6.c: new example showing IPv6-only internet transfer

Closes #12671

examples/address-scope.c: renamed from ipv6.c

It shows address scope use really

Closes #12671

multi: pollset adjust, init with FIRSTSOCKET during connect

- `conn->sockfd` is set by `Curl_setup_transfer()`, but that
is called *after* the connection has been established
- use

multi: pollset adjust, init with FIRSTSOCKET during connect

- `conn->sockfd` is set by `Curl_setup_transfer()`, but that
is called *after* the connection has been established
- use `conn->sock[FIRSTSOCKET]` instead

Follow-up to a0f94800d507de
Closes #12664

show more ...

WEBSOCKET.md: remove dead link

CI: spellcheck/appveyor: invoke configure --without-libpsl

Follow-up to 2998874bb61ac6

cmdline/docs/*.d: switch to using ## instead of .IP

To make the editing easier. To write and to read.

Closes #12667

gen.pl: support ## for doing .IP in table-like lists

Warn on use of .RS/.IP/.RE

Closes #12667

cookie.d: Document use of empty string to enable cookie engine

- Explain that --cookie "" can be used to enable the cookie engine
without reading any initial cookies.

As is do

cookie.d: Document use of empty string to enable cookie engine

- Explain that --cookie "" can be used to enable the cookie engine
without reading any initial cookies.

As is documented in CURLOPT_COOKIEFILE.

Ref: https://curl.se/libcurl/c/CURLOPT_COOKIEFILE.html

Bug: https://github.com/curl/curl/issues/12643#issuecomment-1879844420
Reported-by: janko-js@users.noreply.github.com

Closes https://github.com/curl/curl/pull/12646

show more ...

setopt: use memdup0 when cloning COPYPOSTFIELDS

Closes #12651

telnet: use dynbuf instad of malloc for escape buffer

Previously, send_telnet_data() would malloc + free a buffer every time
for escaping IAC codes. Now, it reuses a dynbuf for this purp

telnet: use dynbuf instad of malloc for escape buffer

Previously, send_telnet_data() would malloc + free a buffer every time
for escaping IAC codes. Now, it reuses a dynbuf for this purpose.

Closes #12652

show more ...

CI: install libpsl or configure --without-libpsl in builds

As a follow-up to the stricted libpsl check in configure

configure: make libpsl detection failure cause error

To force users to explictily disable it if they really don't want it
used and make it harder to accidentally miss it.

--with

configure: make libpsl detection failure cause error

To force users to explictily disable it if they really don't want it
used and make it harder to accidentally miss it.

--without-libpsl is the option to use if PSL is not wanted.

Closes #12661

show more ...

RELEASE-NOTES: synced

pop3: replace calloc + memcpy with memdup0

... and make sure to return error on out of memory.

Closes #12650

lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT

Closes #12658

mime: use memdup0 instead of malloc + memcpy

Closes #12649

tool_getparam: move the --rate logic into set_rate()

tool_getparam: switch to an enum for every option

To make the big switch much easier to read/understand and to make it
easier to add new options.