CI: remove Lift's configuration

The Lift tool is being retired. Their site reads:

"Sonatype Lift will be retiring on Sep 12, 2023, with its analysis
stopping on Aug 12, 2023."

CI: remove Lift's configuration

The Lift tool is being retired. Their site reads:

"Sonatype Lift will be retiring on Sep 12, 2023, with its analysis
stopping on Aug 12, 2023."

Closes #11541

show more ...

Revert "schannel: reverse the order of certinfo insertions"

This reverts commit 8986df802db9b5338d9d50a54232ebae4dbcf6dd.

Windows does not guarantee a particular certificate orderin

Revert "schannel: reverse the order of certinfo insertions"

This reverts commit 8986df802db9b5338d9d50a54232ebae4dbcf6dd.

Windows does not guarantee a particular certificate ordering, even
though TLS may have its own ordering/relationship guarantees. Recent
versions of Windows 11 reversed the ordering of ceritifcates returned by
CertEnumCertificatesInStore, therefore this commit no longer works as
initially intended. libcurl makes no guarantees about certificate
ordering if the operating system can't.

Ref: https://github.com/curl/curl/issues/9706

Closes https://github.com/curl/curl/pull/11536

show more ...

winbuild: improve check for static zlib

- Check for zlib static library name zlibstatic.lib.

zlib's static library has a different name depending on how it was
built. zlibstatic

winbuild: improve check for static zlib

- Check for zlib static library name zlibstatic.lib.

zlib's static library has a different name depending on how it was
built. zlibstatic.lib is output by cmake. zlibstat.lib is output by
their pre-generated Visual Studio project files (in the contrib
directory) and defines ZLIB_WINAPI (ie it's meant to use stdcall
instead of cdecl if you end up exporting the zlib functions).

Prior to this change the makefile only checked for the latter.

Closes https://github.com/curl/curl/pull/11521

show more ...

configure: use the pkg-config --libs-only-l flag for libssh2

... instead of --libs, as that one also returns -L flags.

Reported-by: Wilhelm von Thiele
Fixes #11538
Closes #1

configure: use the pkg-config --libs-only-l flag for libssh2

... instead of --libs, as that one also returns -L flags.

Reported-by: Wilhelm von Thiele
Fixes #11538
Closes #11539

show more ...

cmake: support building static and shared libcurl in one go

This patch adds the ability to build a static and shared libcurl library
in a single build session. It also adds an option to

cmake: support building static and shared libcurl in one go

This patch adds the ability to build a static and shared libcurl library
in a single build session. It also adds an option to select which one to
use when building the curl executable.

New build options:
- `BUILD_STATIC_LIBS`. Default: `OFF`.
Enabled automatically if `BUILD_SHARED_LIBS` is `OFF`.
- `BUILD_STATIC_CURL`. Default: `OFF`.
Requires `BUILD_STATIC_LIBS` enabled.
Enabled automatically if building static libcurl only.
- `STATIC_LIB_SUFFIX`. Default: empty.
- `IMPORT_LIB_SUFFIX`. Default: `_imp` if implib filename would collide
with static lib name (typically with MSVC) in Windows builds.
Otherwise empty.

Also:

- Stop setting the `CURL_STATICLIB` macro via `curl_config.h`, and pass
it directly to the compiler. This also allows to delete a condition
from `tests/server/CMakeLists.txt`.

- Complete a TODO by following the logic used in autotools (also for
`LIBCURL_NO_SHARED`), and set `-DCURL_STATICLIB` in `Cflags:` of
`libcurl.pc` for _static-only_ curl builds.

- Convert an existing CI test to build both shared and static libcurl.

Closes #11505

show more ...

CI/awslc: add cache for build awslc library

Closes #11535

GHA/linux.yml: add caching

Closes #11532

RELEASE-NOTES: synced

Bump working version to 8.3.0

url: remove infof() output for "still name resolving"

The message does not help and might get spewed a lot during times.

Reported-by: yushicheng7788 on github
Fixes #11394
C

url: remove infof() output for "still name resolving"

The message does not help and might get spewed a lot during times.

Reported-by: yushicheng7788 on github
Fixes #11394
Closes #11529

show more ...

KNOWN_BUGS: cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"

Closes #11244

CI: quiche updates

- remove quiche from standard `linux` workflow
- add mod_h2 caching to quiche workflow
- rename quiche to quiche-linux
- move version definitions into env sect

CI: quiche updates

- remove quiche from standard `linux` workflow
- add mod_h2 caching to quiche workflow
- rename quiche to quiche-linux
- move version definitions into env section

Closes #11528

show more ...

http2: disable asssertion blocking OSSFuzz testing

- not clear how this triggers and it blocks OSSFuzz testing other
things. Since we handle the case with an error return, disabling th

http2: disable asssertion blocking OSSFuzz testing

- not clear how this triggers and it blocks OSSFuzz testing other
things. Since we handle the case with an error return, disabling the
assertion for now seems the best way forward.

Fixes #11500
Closes #11519

show more ...

http2: fix in h2 proxy tunnel: progress in ingress on sending

- depending on what is tunneled, the proxy may never get invoked for
receiving data explicitly. Not progressing ingress ma

http2: fix in h2 proxy tunnel: progress in ingress on sending

- depending on what is tunneled, the proxy may never get invoked for
receiving data explicitly. Not progressing ingress may lead to stalls
due to missed WINDOW_UPDATEs.

CI:
- add a chache for building mod_h2

Closes #11527

show more ...

CI ngtcp2+quictls: use nghttpx cache as in quiche build

bearssl: don't load CA certs when peer verification is disabled

We already do this for other SSL backends.

Bug: https://github.com/curl/curl/pull/11457#issuecomment-1644587473
R

bearssl: don't load CA certs when peer verification is disabled

We already do this for other SSL backends.

Bug: https://github.com/curl/curl/pull/11457#issuecomment-1644587473
Reported-by: kyled-dell@users.noreply.github.com

Closes https://github.com/curl/curl/pull/11497

show more ...

easy: remove #ifdefs to make code easier on the eye

Closes #11525

GHA: adding quiche workflow

- adding separate quiche workflow to also build nghttpx server for testing

Closes #11517

RELEASE-NOTES: synced

curl 8.2.1 release

THANKS: add contributors from 8.2.1

docs: provide more see also for cipher options

More cross references. Hide nroff errors.

Closes #11513

docs: mark two TLS options for TLS, not SSL

Closes #11514

curl_multi_wait.3: fix arg quoting to doc macro .BR

Closes #11511

RELEASE-NOTES: synced

cmake: update ngtcp2 detection

Replace `OpenSSL` with `quictls` to follow the same change
in the v0.17.0 ngtcp2 release.

Follow-up to e0093b4b732f6495b0fb1cd6747cbfedcdcf63ed

cmake: update ngtcp2 detection

Replace `OpenSSL` with `quictls` to follow the same change
in the v0.17.0 ngtcp2 release.

Follow-up to e0093b4b732f6495b0fb1cd6747cbfedcdcf63ed

Closes #11508

show more ...

http: VLH, very large header test and fixes

- adding tests using very large passwords in auth
- fixes general http sending to treat h3 like h2, and
not like http1.1
- eliminate

http: VLH, very large header test and fixes

- adding tests using very large passwords in auth
- fixes general http sending to treat h3 like h2, and
not like http1.1
- eliminate H2_HEADER max definitions and use the commmon
DYN_HTTP_REQUEST everywhere, different limits do not help
- fix http2 handling of requests denied by nghttp2 on send
to immediately report the refused stream

Closes #11509

show more ...