http: expect 100 rework

Move all handling of HTTP's `Expect: 100-continue` feature into a client
reader. Add sending flag `KEEP_SEND_TIMED` that triggers transfer
sending on general

http: expect 100 rework

Move all handling of HTTP's `Expect: 100-continue` feature into a client
reader. Add sending flag `KEEP_SEND_TIMED` that triggers transfer
sending on general events like a timer.

HTTP installs a `CURL_CR_PROTOCOL` reader when announcing `Expect:
100-continue`. That reader works as follows:

- on first invocation, records time, starts the `EXPIRE_100_TIMEOUT`
timer, disables `KEEP_SEND`, enables `KEEP_SEND_TIMER` and returns 0,
eos=FALSE like a paused upload.

- on subsequent invocation it checks if the timer has expired. If so, it
enables `KEEP_SEND` and switches to passing through reads to the
underlying readers.

Transfer handling's `readwrite()` will be invoked when a timer expires
(like `EXPIRE_100_TIMEOUT`) or when data from the server arrives. Seeing
`KEEP_SEND_TIMER`, it will try to upload more data, which triggers
reading from the client readers again. Which then may lead to a new
pausing or cause the upload to start.

Flags and timestamps connected to this have been moved from
`SingleRequest` into the reader's context.

Closes #13110

show more ...

mbedtls: fix pytest for newer versions

Fix the expectations in pytest for newer versions of mbedtls

Closes #13132

ipv6.md: mention IPv4 mapped addresses

Reported-by: Josh Soref
Assisted-by: Jay Satiro
Fixes #13112
Closes #13131

http: revisit http_perhapsrewind()

- use facilities provided by client readers better
- work also for non-uploading requests like GET/HEAD
- update documentation

Closes #131

http: revisit http_perhapsrewind()

- use facilities provided by client readers better
- work also for non-uploading requests like GET/HEAD
- update documentation

Closes #13117

show more ...

test 1541: verify getinfo values on first header callback

Reported-by: chensong1211 on github
Ref: #13125
Closes #13128

TLS: start shutdown only when peer did not already close

- When curl sees a TCP close from the peer, do not start a TLS shutdown.
TLS shutdown is a handshake and if the peer already cl

TLS: start shutdown only when peer did not already close

- When curl sees a TCP close from the peer, do not start a TLS shutdown.
TLS shutdown is a handshake and if the peer already closed the
connection, it is not interested in participating.

Reported-by: dfdity on github
Assisted-by: Jiří Bok
Assisted-by: Pēteris Caune
Fixes #10290
Closes #13087

show more ...

RELEASE-NOTES: synced

curl: make --libcurl output better CURLOPT_*SSLVERSION

The option is really two enums ORed together, so it needs special
attention to make the code output nice.

Added test 1481

curl: make --libcurl output better CURLOPT_*SSLVERSION

The option is really two enums ORed together, so it needs special
attention to make the code output nice.

Added test 1481 to verify. Both the server and the proxy versions.

Reported-by: Boris Verkhovskiy
Fixes #13127
Closes #13129

show more ...

GHA/linux: add sysctl trick to work-around GitHub runner issue

The GitHub image runner update from 20240304.1.0 to 20240310.1
introduces a problem for clang-14. The issue is caused by

GHA/linux: add sysctl trick to work-around GitHub runner issue

The GitHub image runner update from 20240304.1.0 to 20240310.1
introduces a problem for clang-14. The issue is caused by
incompatibility between llvm 14 provided in ubuntu-22.04 image and the
much newer kernel configured with high-entropy ASLR.

As a work-around, we issue a sysctl command to lower the entropy and get
clang-14 to work again.

URL: https://github.com/actions/runner-images/issues/9491

Closes #13124

show more ...

SPONSORS: describe the basics

Closes #13119

GOVERNANCE: document the core team

Closes #13118

vquic-tls: fix the error code returned for bad CA file

- Return CURLE_SSL_CACERT_BADFILE if wolfSSL encounters a problem
reading the cert file or path.

This is a follow-up to

vquic-tls: fix the error code returned for bad CA file

- Return CURLE_SSL_CACERT_BADFILE if wolfSSL encounters a problem
reading the cert file or path.

This is a follow-up to the parent commit aedbbdf1.

Reported-by: Karthikdasari0423@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/13115

show more ...

vquic-tls: return appropirate errors on wolfSSL errors

Reported-by: Dexter Gerig
Closes #13107

tidy-up: one comment and EOF newlines

Reviewed-by: Daniel Stenberg
Closes #13108

cmdline-opts: language cleanups

Use imperative mood consistently for the first sentence describing an
option.

"Set this" instead "tell curl to set" or "this sets..."

Pl

cmdline-opts: language cleanups

Use imperative mood consistently for the first sentence describing an
option.

"Set this" instead "tell curl to set" or "this sets..."

Plus some extra cleanups and rephrasing.

Closes #13106

show more ...

managen: remove space before protocols

For options that are listed for specific protocols, the protocols (shown
first within parentheses) are now output without the leading space in the

managen: remove space before protocols

For options that are listed for specific protocols, the protocols (shown
first within parentheses) are now output without the leading space in the
manpage output.

Closes #13105

show more ...

mbedtls: properly cleanup the thread-shared entropy

- Store the state of the thread-shared entropy for global init/cleanup.

- Use curl's thread support of mbedtls for all Windows bu

mbedtls: properly cleanup the thread-shared entropy

- Store the state of the thread-shared entropy for global init/cleanup.

- Use curl's thread support of mbedtls for all Windows builds instead of
just when the threaded resolver is used via USE_THREADS_WIN32.

Prior to this change on global cleanup curl builds that have curl thread
support for mbedtls freed the entropy (8b1d2298) but failed to mark that
it had been freed, which caused problems on subsequent init + transfer.

Bug: https://github.com/curl/curl/discussions/11919#discussioncomment-8687105
Reported-by: awesomekosm@users.noreply.github.com

Closes https://github.com/curl/curl/pull/13071

show more ...

tool_getparam: handle non-existing (out of range) short-options

... correctly, even when they follow an existing one without a space in
between.

Verify with test 467

Fo

tool_getparam: handle non-existing (out of range) short-options

... correctly, even when they follow an existing one without a space in
between.

Verify with test 467

Follow-up to 07dd60c05b
Reported-by: Geeknik Labs
Fixes #13101
Closes #13102

show more ...

lib: move 'done' parameter to SingleRequests

A transfer may do several `SingleRequest`s for its success. This happens
regularly for authentication, follows and retries on failed connecti

lib: move 'done' parameter to SingleRequests

A transfer may do several `SingleRequest`s for its success. This happens
regularly for authentication, follows and retries on failed connections.
The "readwrite()" calls and functions connected to those carried a `bool
*done` parameter to indicate that the current `SingleRequest` is over.
This may happen before `upload_done` or `download_done` bits of
`SingleRequest` are set.

The problem with that is now `write_resp()` protocol handlers are
invoked in places where the `bool *done` cannot be passed up to the
caller. Instead of being a bool in the call chain, it needs to become a
member of `SingleRequest`, reflecting its state.

This removes the `bool *done` parameter and adds the `done` bit to
`SingleRequest` instead. It adds `Curl_req_soft_reset()` for using a
`SingleRequest` in a follow up, clearing `done` and other
flags/counters.

Closes #13096

show more ...

request: clarify message when request has been sent off

Change the "uploaded and fine" message for requests without a body

Reported-by: Karthikdasari0423 on github
Fixes #13093

request: clarify message when request has been sent off

Change the "uploaded and fine" message for requests without a body

Reported-by: Karthikdasari0423 on github
Fixes #13093
Closes #13095

show more ...

RELEASE-NOTES: synced

lib: keep conn IP information together

new struct ip_quadruple for holding local/remote addr+port

- used in data->info and conn and cf-socket.c
- copy back and forth complete st

lib: keep conn IP information together

new struct ip_quadruple for holding local/remote addr+port

- used in data->info and conn and cf-socket.c
- copy back and forth complete struct
- add 'secondary' to conn
- use secondary in reporting success for ftp 2nd connection

Reported-by: DasKutti on github
Fixes #13084
Closes #13090

show more ...

scripts/managen: the new name and home for the manpage generator

It was previously docs/cmdline-opts/gen.pl

Closes #13089

VULN-DISCLOSURE-POLICY.md: update detail about CVE requests

curl is a CNA now

Closes #13088

lib: client reader polish

- seek_func/seek_client, use transfer values only
- remove copies held in `struct connectdata`, use only
ever `data->set.seek_func`
- reso

lib: client reader polish

- seek_func/seek_client, use transfer values only
- remove copies held in `struct connectdata`, use only
ever `data->set.seek_func`
- resolves possible issues in multiuse connections
- new mime post reader eliminates need to ever overwriting this

- websockets, remove empty Curl_ws_done() function

Closes #13079

show more ...