ci: Remove zuul fuzzing job as it's superseded by CIFuzz

runtests: do CRLF replacements per section only

The `crlf="yes"` attribute and "hyper mode" are now only applied on a
subset of dedicated sections: data, datacheck, stdout and protocol.

runtests: do CRLF replacements per section only

The `crlf="yes"` attribute and "hyper mode" are now only applied on a
subset of dedicated sections: data, datacheck, stdout and protocol.

Updated test 2500 accordingly.

Also made test1 use crlf="yes" for <protocol>, mostly because it is
often used as a template test case. Going forward, using this attribute
we should be able to write test cases using linefeeds only and avoid
mixed line ending encodings.

Follow-up to ca15b7512e8d11

Fixes #10009
Closes #10010

show more ...

gnutls: use common gnutls init and verify code for ngtcp2

Closes #10007

aws_sigv4: fix typos in aws_sigv4.c

Closes #10008

curl.h: include <sys/select.h> on SerenityOS

Closes #10006

openssl: prefix errors with '[lib]/[version]: '

To help users understand where this (cryptic) error message comes from.

Suggested-by: Philip Sanetra
Ref: #10002
Closes #10004

tests: add HTTP/3 test case, custom location for proper nghttpx

- adding support for HTTP/3 test cases via a nghttpx server that is
build with ngtcp2 and nghttp3.
- test2500 is the

tests: add HTTP/3 test case, custom location for proper nghttpx

- adding support for HTTP/3 test cases via a nghttpx server that is
build with ngtcp2 and nghttp3.
- test2500 is the first test case, performing a simple GET.
- nghttpx is checked for support and the 'feature' nghttpx-h3
is set accordingly. test2500 will only run, when supported.
- a specific nghttpx location can be given in the environment
variable NGHTTPX or via the configure option
--with-test-nghttpx=<path>

Extend NGHTTPX config to H2 tests as well

* use $ENV{NGHTTPX} and the configured default also in http2 server starts
* always provide the empty test/nghttpx.conf to nghttpx. as it defaults to
reading /etc/nghttpx/nghttpx.conf otherwise.

Added nghttpx to CI ngtcp2 jobs to run h3 tests.

Closes #9031

show more ...

RELEASE-NOTES: synced

Removed duplicate after contributors.sh fix: 9967c10b6daa1

scripts/contributors.sh: strip one OR MORE leading spaces

From names found credited in commit logs

RELEASE-NOTES: synced

openssl/mbedtls: use %d for outputing port with failf (int)

Coverity CID 1517100

Also, remove some int typecasts in vtls.c for the port number

Closes #10001

KNOWN_BUGS: remove "Multi perform hangs waiting for threaded resolver"

We now offer a way to avoid that hang, using CURLOPT_QUICK_EXIT.

Follow-up to 49798cac832ab1 fixed via #9147

KNOWN_BUGS: remove "Multi perform hangs waiting for threaded resolver"

We now offer a way to avoid that hang, using CURLOPT_QUICK_EXIT.

Follow-up to 49798cac832ab1 fixed via #9147

Closes #9999

show more ...

KNOWN_BUGS: remove "--interface for ipv6 binds to unusable IP address"

Since years back the "if2ip" function verifies that it binds to a local IPv6
address that uses the same scope as th

KNOWN_BUGS: remove "--interface for ipv6 binds to unusable IP address"

Since years back the "if2ip" function verifies that it binds to a local IPv6
address that uses the same scope as the remote address.

This is not a bug.

Fixes #686
Closes #9998

show more ...

test1276: verify lib/optiontable.pl

Checks that it generates an output identical to the file.

lib/optiontable.pl: adapt to CURLOPTDEPRECATED()

Follow-up from 6967571bf20624bc

Reported-by: Gisle Vanem

Fixes #9992
Closes #9993

docs/INSTALL.md: list OSes and CPUs quoted

to make them skip spellcheck. Also added a new CPU.

Follow-up to 4506cbf7f24a2a

Closes #9997

vtls: fix typo in vtls_int.h

paramter -> parameter

Closes: #9996
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS

As OpenSSL's include files are all included using <openssl/*.h> in curl
source code, we just risk that existing openssl fi

curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS

As OpenSSL's include files are all included using <openssl/*.h> in curl
source code, we just risk that existing openssl files will "shadow"
include files without path if that path is provided.

Fixes #9989
Closes #9988

show more ...

INSTALL: update operating systems and CPU archs

Update after recent runs on Twitter/Mastodon and my blog

Closes #9994

tls: backends use connection filters for IO, enabling HTTPS-proxy

- OpenSSL (and compatible)
- BearSSL
- gnutls
- mbedtls
- rustls
- schannel
- secure-transpor

tls: backends use connection filters for IO, enabling HTTPS-proxy

- OpenSSL (and compatible)
- BearSSL
- gnutls
- mbedtls
- rustls
- schannel
- secure-transport
- wolfSSL (v5.0.0 and newer)

This leaves only the following without HTTPS-proxy support:
- gskit
- nss
- wolfSSL (versions earlier than v5.0.0)

Closes #9962

show more ...

include/curl/curl.h: bump the deprecated requirements to gcc 6.1

Reported-by: Michael Kaufmann
Fixes #9917
Closes #9987

mime: relax easy/mime structures binding

Deprecation and removal of codeset conversion support from the library
have released the strict need for an early binding of mime structures to

mime: relax easy/mime structures binding

Deprecation and removal of codeset conversion support from the library
have released the strict need for an early binding of mime structures to
an easy handle (https://github.com/curl/curl/commit/2610142).

This constraint currently forces to create the handle before the mime
structure and the latter cannot be attached to another handle once
created (see https://curl.se/mail/lib-2022-08/0027.html).

This commit removes the handle pointers from the mime structures
allowing more flexibility on their use.

When an easy handle is duplicated, bound mime structures must however
still be duplicated too as their components hold send-time dynamic
information.

Closes #9927

show more ...

test416: verify growing FTP file support

Added setting: RETRSIZE [size] in the <servercmd> section. When set this
will cause the test FTP server to return the size set (rather than the

test416: verify growing FTP file support

Added setting: RETRSIZE [size] in the <servercmd> section. When set this
will cause the test FTP server to return the size set (rather than the
actual size) in the acknowledgement from a RETR request.

Closes #9772

show more ...

ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH

When using the option CURLOPT_IGNORE_CONTENT_LENGTH (set.ignorecl in
code) to support growing files in FTP, the code should

ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH

When using the option CURLOPT_IGNORE_CONTENT_LENGTH (set.ignorecl in
code) to support growing files in FTP, the code should ignore the
initial size it gets from the server as this will not be the final size
of the file. This is done in ftp_state_quote() to prevent a size request
being issued in the initial sequence. However, in a later call to
ftp_state_get_resp() the code attempts to get the size of the content
again if it doesn't already have it, by parsing the response from the
RETR request. This fix prevents this parsing of the response to get the
size when the set.ignorecl option is set. This should maintain the size
value as -1, unknown, in this situation.

Closes #9772

show more ...

cfilter: re-add `conn` as parameter to cfilter setup methods

- `Curl_ssl_get_config()` now returns the first config if no SSL proxy
filter is active

- socket filter starts con

cfilter: re-add `conn` as parameter to cfilter setup methods

- `Curl_ssl_get_config()` now returns the first config if no SSL proxy
filter is active

- socket filter starts connection only on first invocation of its
connect method

Fixes #9982
Closes #9983

show more ...