curl/websockets.h: extend the websocket frame struct

sws: fix typo, indentation add more ws logging

test2304: remove stdout verification

This cripples the test somewhat but the check was bad since depending on
timing it could exit before the output was done, making the test flaky.

CI: Add more labeler match patterns

CI: Retry failed downloads to reduce spurious failures

A temporary error with a remote server shouldn't cause a CI run to fail.
Also, put a cap on the time to download to fail faster on

CI: Retry failed downloads to reduce spurious failures

A temporary error with a remote server shouldn't cause a CI run to fail.
Also, put a cap on the time to download to fail faster on a misbehaving
server or connection and use HTTP compression where possible to reduce
download times.

show more ...

no-clobber.d: only use long form options in man page text

... since they are expanded and the short-form gets mentioned
automatically so if the short form is mentioned as well, it gets

no-clobber.d: only use long form options in man page text

... since they are expanded and the short-form gets mentioned
automatically so if the short form is mentioned as well, it gets
repeated.

Fixes #10461
Closes #10462
Reported-by: Dan Fandrich

show more ...

GHA: enable websockets in the torture job

Closes #10448

header.d: add a header file example

Closes #10455

HTTP/[23]: continue upload when state.drain is set

- as reported in #10433, HTTP/2 uploads may stall when a response is
received before the upload is done. This happens when the

HTTP/[23]: continue upload when state.drain is set

- as reported in #10433, HTTP/2 uploads may stall when a response is
received before the upload is done. This happens when the
data->state.drain is set for such a transfer, as the special handling
in transfer.c from then on only cared about downloads.
- add continuation of uploads, if applicable, in this case.
- add pytest case test_07_12_upload_seq_large to reproduce this scenario
(although, current nghttp2 implementation is using drain less often)

Reported-by: Lucas Pardue

Fixes #10433
Closes #10443

show more ...

http2: minor buffer and error path fixes

- use memory buffer in full available size
- fail receive of reset/errored streams early

pytest:
- make test_05 error cases more rel

http2: minor buffer and error path fixes

- use memory buffer in full available size
- fail receive of reset/errored streams early

pytest:
- make test_05 error cases more reliable

Closes #10444

show more ...

openldap: fix missing sasl symbols at build in specific configs

If curl is built with openldap support (USE_OPENLDAP=1) but does not
have also some other protocol (IMAP/SMTP/POP3) enable

openldap: fix missing sasl symbols at build in specific configs

If curl is built with openldap support (USE_OPENLDAP=1) but does not
have also some other protocol (IMAP/SMTP/POP3) enabled that brings
in Curl_sasl_* functions, then the build will fail with undefined
references to various symbols:

ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_decode_mech'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_parse_url_auth_option'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_cleanup'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_can_authenticate'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_continue'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_start'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_init'

This was tracked down to these functions bein used in openldap.c but
defined in curl_sasl.c and then forward in two vauth/ files to have
a guard against a set of #define configurations that was now extended
to cover also this case.

Example configuration targeted that could reproduce the problem:

curl 7.87.1-DEV () libcurl/7.87.1-DEV .... OpenLDAP/2.6.3
Protocols: file ftp ftps http https ldap ldaps

Closes #10445

show more ...

ws: use %Ou for outputting curl_off_t with info()

Reported-by: Mike Duglas
Fixes #10439
Closes #10441

curl_setup: Disable by default recv-before-send in Windows

Prior to this change a workaround for Windows to recv before every send
was enabled by default. The way it works is a recv is c

curl_setup: Disable by default recv-before-send in Windows

Prior to this change a workaround for Windows to recv before every send
was enabled by default. The way it works is a recv is called before
every send and saves the received data, in case send fails because in
Windows apparently that can wipe out the socket's internal received
data buffer.

This feature has led to several bugs because the way libcurl operates
it waits on a socket to read or to write, and may not at all times
check for buffered receive data.

Two recent significant bugs this workaround caused:
- Broken Schannel TLS 1.3 connections (#9431)
- HTTP/2 arbitrary hangs (#10253)

The actual code remains though it is disabled by default. Though future
changes to connection filter buffering could improve the situation IMO
it's just not tenable to manage this workaround.

Ref: https://github.com/curl/curl/issues/657
Ref: https://github.com/curl/curl/pull/668
Ref: https://github.com/curl/curl/pull/720

Ref: https://github.com/curl/curl/issues/9431
Ref: https://github.com/curl/curl/issues/10253

Closes https://github.com/curl/curl/pull/10409

show more ...

http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames

add a small buffer to nghttp2 session sending in order to aggregate
small SETTINGS/PRIO/WIN_UPDATE frames that nghttp2 "writes" to

http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames

add a small buffer to nghttp2 session sending in order to aggregate
small SETTINGS/PRIO/WIN_UPDATE frames that nghttp2 "writes" to the
callback individually.

Ref: #10389
Closes #10432

show more ...

openssl: store the CA after first send (ClientHello)

move Curl_ssl_setup_x509_store() call after the first send (ClientHello)
this gives time to parse CA anchors while waiting on the ser

openssl: store the CA after first send (ClientHello)

move Curl_ssl_setup_x509_store() call after the first send (ClientHello)
this gives time to parse CA anchors while waiting on the server reply

Ref: #10389
Closes #10432

show more ...

RELEASE-NOTES: synced

wolfssl: remove deprecated post-quantum algorithms

Closes #10440

misc: fix spelling

Closes #10437

man pages: call the custom user pointer 'clientp' consistently

The variable had a few different names. Now try to use 'clientp'
consistently for all man pages using a custom pointer set

man pages: call the custom user pointer 'clientp' consistently

The variable had a few different names. Now try to use 'clientp'
consistently for all man pages using a custom pointer set by the
application.

Reported-by: Gerrit Renker

Fixes #10434
Closes #10435

show more ...

vtls: infof using %.*s needs to provide the length as int

Fixes a Coverity warning.

Closes #10436

vrls: addressing issues reported by coverity

I believe the code was secure before this, but limiting the accepted
name length to what is used in the structures should help Coverity's

vrls: addressing issues reported by coverity

I believe the code was secure before this, but limiting the accepted
name length to what is used in the structures should help Coverity's
analysis.

Closes #10431

show more ...

tool_operate: move the 'updated' variable

This was already done by Dan Fandrich in the previous PR but somehow I
lost that fixup.

Follow-up to 349c5391f2121e

tool_operate: Fix error codes during DOS filename sanitize

It would return CURLE_URL_MALFORMAT in an OOM condition.

Closes #10414

tool_operate: Fix error codes on bad URL & OOM

curl would erroneously report CURLE_OUT_OF_MEMORY in some cases instead
of CURLE_URL_MALFORMAT. In other cases, it would erroneously return

tool_operate: Fix error codes on bad URL & OOM

curl would erroneously report CURLE_OUT_OF_MEMORY in some cases instead
of CURLE_URL_MALFORMAT. In other cases, it would erroneously return
CURLE_URL_MALFORMAT instead of CURLE_OUT_OF_MEMORY. Add a test case to
test the former condition.

Fixes #10130
Closes #10414

show more ...

setopt: use >, not >=, when checking if uarg is larger than uint-max

Closes #10421