http_aws_sigv4: canonicalise valueless query params

Fixes #8107
Closes #12244

docs: preserve the modification date when copying the prebuilt man page

The previously built man page "curl.1" must be copied with the original
modification date, otherwise the man page

docs: preserve the modification date when copying the prebuilt man page

The previously built man page "curl.1" must be copied with the original
modification date, otherwise the man page is never updated.

This fixes a bug that has been introduced with commit 2568441cab.

Reviewed-by: Dan Fandrich
Reviewed-by: Daniel Stenberg

Closes #12199

show more ...

docs: remove bold from some man page SYNOPSIS sections

In the name of consistency

Closes #12267

openssl: two multi pointer checks should probably rather be asserts

... so add the asserts now and consider removing the dynamic checks in a
future.

Ref: #12261
Closes #12264

docs: add supported version for the json write-out

xref: https://curl.se/changes.html#7_70_0

Closes #12266

appveyor: make VS2008-built curl tool runnable

By linking the CRT statically. This avoids the error about missing
runtime DLL `MSVCR90.dll` when running the freshly built `curl.exe`.

appveyor: make VS2008-built curl tool runnable

By linking the CRT statically. This avoids the error about missing
runtime DLL `MSVCR90.dll` when running the freshly built `curl.exe`.

Closes #12263

show more ...

url: proxy ssl connection reuse fix

- tunnel https proxy used for http: transfers does
no check if proxy-ssl configuration matches
- test cases added, test_10_12 fails on 8.4.0

url: proxy ssl connection reuse fix

- tunnel https proxy used for http: transfers does
no check if proxy-ssl configuration matches
- test cases added, test_10_12 fails on 8.4.0

Closes #12255

show more ...

curl_sspi: support more revocation error names in error messages

- Add these revocation errors to sspi error list:
CRYPT_E_NO_REVOCATION_DLL, CRYPT_E_NO_REVOCATION_CHECK,
CRYPT_E

curl_sspi: support more revocation error names in error messages

- Add these revocation errors to sspi error list:
CRYPT_E_NO_REVOCATION_DLL, CRYPT_E_NO_REVOCATION_CHECK,
CRYPT_E_REVOCATION_OFFLINE and CRYPT_E_NOT_IN_REVOCATION_DATABASE.

Prior to this change those error codes were not matched to their macro
name and instead shown as "unknown error".

Before:

schannel: next InitializeSecurityContext failed:
Unknown error (0x80092013) - The revocation function was
unable to check revocation because the revocation server was offline.

After:

schannel: next InitializeSecurityContext failed:
CRYPT_E_REVOCATION_OFFLINE (0x80092013) - The revocation function was
unable to check revocation because the revocation server was offline.

Bug: https://github.com/curl/curl/issues/12239
Reported-by: Niracler Li

Closes https://github.com/curl/curl/pull/12241

show more ...

strdup: don't allow Curl_strndup to read past a null terminator

- Use malloc + strncpy instead of Curl_memdup to dupe the string before
null terminating it.

Prior to this chan

strdup: don't allow Curl_strndup to read past a null terminator

- Use malloc + strncpy instead of Curl_memdup to dupe the string before
null terminating it.

Prior to this change if Curl_strndup was passed a length longer than
the allocated string then it could copy out of bounds.

This change is for posterity. Curl_strndup was added in the parent
commit and currently none of the calls to it pass a length that would
cause it to read past the allocated length of the input.

Follow-up to d3b3ba35.

Closes https://github.com/curl/curl/pull/12254

show more ...

lib: add and use Curl_strndup()

The Curl_strndup() function is similar to memdup(), but copies 'n' bytes
then adds a terminating null byte ('\0').

Closes #12251

CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO

pytest: use lower count in repeat tests

- lower large iteration counts in some tests somewhat for
the same coverage with less duration

Closes #12248

RELEASE-NOTES: synced

docs: clarify that curl passes on input unfiltered

... for several options.

Reported-by: Ophir Lojkine

Closes #12249

urlapi: when URL encoding the fragment, pass in the right length

A benign bug because it would only add an extra null terminator.

Made lib1560 get a test that runs this code.

urlapi: when URL encoding the fragment, pass in the right length

A benign bug because it would only add an extra null terminator.

Made lib1560 get a test that runs this code.

Closes #12250

show more ...

vtls: late clone of connection ssl config

- perform connection cache matching against `data->set.ssl.primary`
and proxy counterpart
- fully clone connection ssl config only when co

vtls: late clone of connection ssl config

- perform connection cache matching against `data->set.ssl.primary`
and proxy counterpart
- fully clone connection ssl config only when connection is used

Closes #12237

show more ...

msh3: error when built with CURL_DISABLE_SOCKETPAIR set

Reported-by: Gisle Vanem
Closes #12252
Fixes #12213

hsts: skip single-dot hostname

Reported-by: Maksymilian Arciemowicz

Closes #12247

vtls: fix build without proxy

Follow-up to bf0e278a3c54bc7fee7360da17c

closes #12243

docs/example/keepalive.c: show TCP keep-alive options

Closes #12242

lib1560: verify appending blank URL encoded query string

urlapi: skip appending NULL pointer query

Reported-by: kirbyn17 on hackerone

Closes #12240

lib1560: verify setting host to "" with and without URL encode

urlapi: avoid null deref if setting blank host to url encode

Reported-by: kirbyn17 on hackerone

Closes #12240

dynbuf: assert for NULL pointer inputs

Help us catch more mistakes.

Closes #12238