cmake: fix to use variable for the curl namespace

Replace (wrong) literal with a variable to specify the curl
namespace.

Follow-up to 1199308dbc902c52be67fc805c72dd2582520d30 #1

cmake: fix to use variable for the curl namespace

Replace (wrong) literal with a variable to specify the curl
namespace.

Follow-up to 1199308dbc902c52be67fc805c72dd2582520d30 #11505

Reported-by: balikalina on Github
Fixes https://github.com/curl/curl/commit/1199308dbc902c52be67fc805c72dd2582520d30#r123923098
Closes #11629

show more ...

cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms

2ebc74c36a19a1700af394c16855ce144d9878e3 #11546 introduced sharing
libcurl objects for shared and static targets.

The above a

cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms

2ebc74c36a19a1700af394c16855ce144d9878e3 #11546 introduced sharing
libcurl objects for shared and static targets.

The above automatically enabled for Windows builds, with an option to
disable with `SHARE_LIB_OBJECT=OFF`.

This patch extend this feature to all platforms as a manual option.
You can enable it by setting `SHARE_LIB_OBJECT=ON`. Then shared objects
are built in PIC mode, meaning the static lib will also have PIC code.

[EXPERIMENTAL]

Closes #11627

show more ...

cmake: assume `wldap32` availability on Windows

This system library first shipped with Windows ME, available as an extra
install for some older releases (according to [1]). The import li

cmake: assume `wldap32` availability on Windows

This system library first shipped with Windows ME, available as an extra
install for some older releases (according to [1]). The import library
was present already in old MinGW 3.4.2 (year 2007).

Drop the feature check and its associated `HAVE_WLDAP32` variable.

To manually disable `wldap32`, you can use the `USE_WIN32_LDAP=OFF`
CMake option, like before.

[1]: https://dlcdn.apache.org/httpd/binaries/win32/LEGACY.html

Reviewed-by: Jay Satiro
Closes #11624

show more ...

page-header: move up a URL paragraph from GLOBBING to URL

variable.d: output the function names table style

Also correct the url function name in the header

Closes #11641

haproxy-clientip.d: remove backticks

This is not markdown

Follow-up to 0a75964d0d94a4

Closes #11639

RELEASE-NOTES: synced

gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens

Reported-by: FC Stegerman
Fixes #11635
Closes #11637

cmdline-opts/page-header: reorder, clean up

- removed some unnecessary blurb to focus
- moved up the more important URL details
- put "globbing" into its own subtitle and moved down

cmdline-opts/page-header: reorder, clean up

- removed some unnecessary blurb to focus
- moved up the more important URL details
- put "globbing" into its own subtitle and moved down a little
- mention the online man page in the version section

Closes #11638

show more ...

c-hyper: adjust the hyper to curlcode conversion

Closes #11621

test2306: make it use a persistent connection

+ enable verbose already from the start

Closes #11621

list-only.d: mention SFTP as supported protocol

Closes #11628

request.d: use .TP for protocol "labels"

To render the section nicer in man page.

Closes #11630

cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP

... as documented.

Update test 3201 and 3202 accordingly.

Reported-by: Markus Sommer
Fixes #11619
Clo

cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP

... as documented.

Update test 3201 and 3202 accordingly.

Reported-by: Markus Sommer
Fixes #11619
Closes #11626

show more ...

page-footer: QLOGDIR works with ngtcp2 and quiche

It previously said "both" backends which is confusing as we currently
have three...

Closes #11631

http3: quiche, handshake optimization, trace cleanup

- load x509 store after clienthello
- cleanup of tracing

Closes #11618

ngtcp2: remove dead code

'result' is always zero (CURLE_OK) at this point

Detected by Coverity

Closes #11622

openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`

OpenSSL 1.1.1 defines this macro, but no ealier version, or any of the
popular forks (yet). Use the macro itself to detect

openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`

OpenSSL 1.1.1 defines this macro, but no ealier version, or any of the
popular forks (yet). Use the macro itself to detect its presence,
replacing the hard-wired fork-specific conditions.

This way the feature will enable automatically when forks implement it,
while also shorter and possibly requiring less future maintenance.

Follow-up to 94241a9e78397a2aaf89a213e6ada61e7de7ee02 #6721

Reviewed-by: Jay Satiro
Closes #11617

show more ...

openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1

LibreSSL 3.4.1 (2021-10-14) added support for
`SSL_CTX_set_ciphersuites`.

Ref: https://ftp.openbsd.org/pub/OpenBSD/Li

openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1

LibreSSL 3.4.1 (2021-10-14) added support for
`SSL_CTX_set_ciphersuites`.

Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.1-relnotes.txt

Reviewed-by: Jay Satiro
Closes #11616

show more ...

openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0

LibreSSL 3.5.0 (2022-02-24) added support for
`SSL_CTX_set_keylog_callback`.

Ref: https://ftp.openbsd.org/pub/Open

openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0

LibreSSL 3.5.0 (2022-02-24) added support for
`SSL_CTX_set_keylog_callback`.

Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt

Reviewed-by: Jay Satiro
Closes #11615

show more ...

cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks

- `HAVE_LIBWINMM` was detected but unused. The `winmm` system library is
also not used by curl, but it is by its optiona

cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks

- `HAVE_LIBWINMM` was detected but unused. The `winmm` system library is
also not used by curl, but it is by its optional dependency `librtmp`.
Change the logic to always add `winmm` when `USE_LIBRTMP` is set. This
library has been available since the early days of Windows.

- `HAVE_LIBWS2_32` detected `ws2_32` lib on Windows. This lib is present
since Windows 95 OSR2 (AFAIR). Winsock1 already wasn't supported and
other existing logic already assumed this lib being present, so delete
the check and replace the detection variable with `WIN32` and always
add `ws2_32` on Windows.

Closes #11612

show more ...

crypto: ensure crypto initialization works

Make sure that context initialization during hash setup works to avoid
going forward with the risk of a null pointer dereference.

Repo

crypto: ensure crypto initialization works

Make sure that context initialization during hash setup works to avoid
going forward with the risk of a null pointer dereference.

Reported-by: Philippe Antoine on HackerOne
Assisted-by: Jay Satiro
Assisted-by: Daniel Stenberg

Closes #11614

show more ...

openssl: switch to modern init for LibreSSL 2.7.0+

LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization,
`OPENSSL_init_ssl()` function and deprecated the old, manual init

openssl: switch to modern init for LibreSSL 2.7.0+

LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization,
`OPENSSL_init_ssl()` function and deprecated the old, manual init
method, as seen in OpenSSL 1.1.0. Switch to the modern method when
available.

Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt

Reviewed-by: Daniel Stenberg
Closes #11611

show more ...

gskit: remove

We remove support for building curl with gskit.

- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend

gskit: remove

We remove support for building curl with gskit.

- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
- no CI builds use or verify this backend
- gskit, or the curl adaption for it, lacks many modern TLS features
making it an inferior solution
- build breakages in this code take weeks or more to get detected
- fixing gskit code is mostly done "flying blind"

This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has
been mentioned on the curl-library mailing list.

It could be brought back, this is not a ban. Given proper effort and
will, gskit support is welcome back into the curl TLS backend family.

Closes #11460

show more ...

RELEASE-NOTES: synced