CURLINFO_TLS_SSL_PTR.3: clarify a recommendation

- Remove the out-of-date SSL backend list supported by
CURLOPT_SSL_CTX_FUNCTION.

It makes more sense to just refer to that doc

CURLINFO_TLS_SSL_PTR.3: clarify a recommendation

- Remove the out-of-date SSL backend list supported by
CURLOPT_SSL_CTX_FUNCTION.

It makes more sense to just refer to that document instead of having
a separate list that has to be kept in sync.

Closes https://github.com/curl/curl/pull/11665

show more ...

write-out.d: clarify %{time_starttransfer}

sync it up with CURLINFO_STARTTRANSFER_TIME_T

transfer: don't set TIMER_STARTTRANSFER on first send

The time stamp is for measuring the first *received* byte

Fixes #11669
Reported-by: JazJas on github
Closes #11670

quiche: enable quiche to handle timeout events

In parallel with ngtcp2, quiche also offers the `quiche_conn_on_timeout`
interface for the application to invoke upon timer
expiration.

quiche: enable quiche to handle timeout events

In parallel with ngtcp2, quiche also offers the `quiche_conn_on_timeout`
interface for the application to invoke upon timer
expiration. Therefore, invoking the `on_timeout` function of the
Connection is crucial to ensure seamless functionality of quiche with
timeout events.

Closes #11654

show more ...

quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s

Set the `QUIC_IDLE_TIMEOUT` parameter to match ngtcp2 for consistency.

KNOWN_BUGS: LDAPS requests to ActiveDirectory server hang

Closes #9580

imap: add a check for failing strdup()

imap: remove the only sscanf() call in the IMAP code

Avoids the use of a stack buffer.

Closes #11673

imap: use a dynbuf in imap_atom

Avoid a calculation + malloc. Build the output in a dynbuf.

Closes #11672

http: do not require a user name when using CURLAUTH_NEGOTIATE

In order to get Negotiate (SPNEGO) authentication to work in HTTP you
used to be required to provide a (fake) user name (th

http: do not require a user name when using CURLAUTH_NEGOTIATE

In order to get Negotiate (SPNEGO) authentication to work in HTTP you
used to be required to provide a (fake) user name (this concerned both
curl and the lib) because the code wrongly only considered
authentication if there was a user name provided, as in:

curl -u : --negotiate https://example.com/

This commit leverages the `struct auth` want member to figure out if the
user enabled CURLAUTH_NEGOTIATE, effectively removing the requirement of
setting a user name both in curl and the lib.

Signed-off-by: Marin Hannache <git@mareo.fr>
Reported-by: Enrico Scholz
Fixes https://sourceforge.net/p/curl/bugs/440/
Fixes #1161
Closes #9047

show more ...

build: streamline non-UWP wincrypt detections

- with CMake, use the variable `WINDOWS_STORE` to detect an UWP build
and disable our non-UWP-compatible use the Windows crypto API. This

build: streamline non-UWP wincrypt detections

- with CMake, use the variable `WINDOWS_STORE` to detect an UWP build
and disable our non-UWP-compatible use the Windows crypto API. This
allows to drop two dynamic feature checks.

`WINDOWS_STORE` is true when invoking CMake with
`CMAKE_SYSTEM_NAME` == `WindowsStore`. Introduced in CMake v3.1.

Ref: https://cmake.org/cmake/help/latest/variable/WINDOWS_STORE.html

- with autotools, drop the separate feature check for `wincrypt.h`. On
one hand this header has been present for long (even Borland C 5.5 had
it from year 2000), on the other we used the check result solely to
enable another check for certain crypto functions. This fails anyway
with the header not present. We save one dynamic feature check at the
configure stage.

Reviewed-by: Marcel Raad
Closes #11657

show more ...

docs/HYPER.md: update hyper build instructions

Nightly Rust and `-Z unstable-options` are not needed.

The instructions here now match the hyper docs exactly:
https://github.com/

docs/HYPER.md: update hyper build instructions

Nightly Rust and `-Z unstable-options` are not needed.

The instructions here now match the hyper docs exactly:
https://github.com/hyperium/hyper/commit/bd7928f3dd6a8461f0f0fdf7ee0fd95c2f156f88

Closes #11662

show more ...

RELEASE-NOTES: synced

urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name

Asssisted-by: Jay Satiro
Closes #11655

spellcheck: adapt to backslashed minuses

As the curl.1 has more backslashed minus, the cleanup sed lines xneed to
adapt.

Adjusted some docs slighly.

Follow-up to 439ff2

spellcheck: adapt to backslashed minuses

As the curl.1 has more backslashed minus, the cleanup sed lines xneed to
adapt.

Adjusted some docs slighly.

Follow-up to 439ff2052e

Closes #11663

show more ...

gen: escape more minus

Detected since it was still hard to search for option names using dashes
in the middle in the man page.

Closes #11660

cookie-jar.d: enphasize that this option is ONLY writing cookies

Reported-by: Dan Jacobson
Tweaked-by: Jay Satiro
Ref: #11642
Closes #11661

docs/HYPER.md: document a workaround for a link error

Closes #11653

schannel: verify hostname independent of verify cert

Prior to this change when CURLOPT_SSL_VERIFYPEER (verifypeer) was off
and CURLOPT_SSL_VERIFYHOST (verifyhost) was on we did not verif

schannel: verify hostname independent of verify cert

Prior to this change when CURLOPT_SSL_VERIFYPEER (verifypeer) was off
and CURLOPT_SSL_VERIFYHOST (verifyhost) was on we did not verify the
hostname in schannel code.

This fixes KNOWN_BUG 2.8 "Schannel disable CURLOPT_SSL_VERIFYPEER and
verify hostname". We discussed a fix several years ago in #3285 but it
went stale.

Assisted-by: Daniel Stenberg

Bug: https://curl.haxx.se/mail/lib-2018-10/0113.html
Reported-by: Martin Galvan

Ref: https://github.com/curl/curl/pull/3285

Fixes https://github.com/curl/curl/issues/3284
Closes https://github.com/curl/curl/pull/10056

show more ...

curl_quiche: remove superfluous NULL check

'stream' is always non-NULL at this point

Pointed out by Coverity

Closes #11656

curl/urlapi.h: tiny typo

github/labeler: make HYPER.md set Hyper and not TLS

docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0

7.50.0 shipped on Jul 21 2016, over seven years ago. We no longer need
to specify version changes for earlier releases in the gene

docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0

7.50.0 shipped on Jul 21 2016, over seven years ago. We no longer need
to specify version changes for earlier releases in the generated output.

This ups the limit from the previous 7.30.0 (Apr 12 2013)

This hides roughly 35 "added in" mentions.

Closes #11651

show more ...

bug_report: require reporters to specify curl and os versions

- Change curl version and os sections from single-line input to
multi-line textarea.

- Require curl version and o

bug_report: require reporters to specify curl and os versions

- Change curl version and os sections from single-line input to
multi-line textarea.

- Require curl version and os sections to be filled out before report
can be submitted.

Closes https://github.com/curl/curl/pull/11636

show more ...

gen.pl: replace all single quotes with aq

- this prevents man from using a unicode sequence for them
- which then allows search to work properly

Closes #11645