transfer: remove redundant variable use: select_bits

Follow-up to a33bcc9b53b9d6ea9f879624e8

Pointed out by CodeSonar

Closes #14907

RELEASE-NOTES: synced

connect: store connection info when really done

Output the 'Connected to...' info message when the connection has been
fully established and all information is available.

Due to

connect: store connection info when really done

Output the 'Connected to...' info message when the connection has been
fully established and all information is available.

Due to our happy eyeballing, we should not emit info messages in
filters, because they may be part of an eyeballing attempt and may be
discarded later for another chain.

Closes #14897

show more ...

transfer: fix sendrecv() without interim poll

There was a "clever" optimization that skipped sendrecv() handling when
the transfer's pollset was empty. This happens for paused transfers,

transfer: fix sendrecv() without interim poll

There was a "clever" optimization that skipped sendrecv() handling when
the transfer's pollset was empty. This happens for paused transfers, for
example.

Unforunately, if the libcurl application never calls curl_multi_poll(),
the pollset is and will aways remain empty, prevent the transfer from
progressing.

Remove this "optimization" and always try send/receive where applicable.

Fixes #14898
Reported-by: Victor Kislov
Closes #14901

show more ...

vtls/rustls: support strong CSRNG data

Now that the curl rustls vtls backend is using rustls 0.14 we can
address the weak random situation by using
`rustls_default_crypto_provider_ra

vtls/rustls: support strong CSRNG data

Now that the curl rustls vtls backend is using rustls 0.14 we can
address the weak random situation by using
`rustls_default_crypto_provider_random()` to provide a `Curl_ssl`
`random` callback that fills the provided buffer with cryptographically
secure random data.

The mentions in `docs/` about weak RNG when using rustls are removed as
they are no longer applicable.

Closes #14889

show more ...

vtls/rustls: simplify ciphersuite skipping

Now that the rustls vtls backend is using rustls 0.14 we can take
advantage of `rustls_supported_ciphersuite_protocol_version()` to skip
TL

vtls/rustls: simplify ciphersuite skipping

Now that the rustls vtls backend is using rustls 0.14 we can take
advantage of `rustls_supported_ciphersuite_protocol_version()` to skip
TLS 1.3 and TLS 1.2 ciphersuites as required without needing to
interrogate the ciphersuite names as `rustls_str`s.

Closes #14889

show more ...

vtls/rustls: rustls-ffi 0.14.0 update

* Documentation is updated to describe new required version, and to link
to the upstream README about cryptography providers.
* GitHub workflo

vtls/rustls: rustls-ffi 0.14.0 update

* Documentation is updated to describe new required version, and to link
to the upstream README about cryptography providers.
* GitHub workflow is updated to fetch 0.14.0.
* Breaking changes in`lib/vtls/rustls.c` are addressed:
* The `rustls_client_config_builder_build()` function now uses an out
parameter for the built config instead of returning it directly.
This allows the building process to fail if the default crypto
provider state isn't appropriate, or another error condition occurs.
* Default ciphersuites are collected using renamed functions named to
make it clear the ciphersuites are associated with the default
crypto provider.
* Customization of ciphersuites is now done via
a `rustls_crypto_provider_builder` used to instantiate a
`rustls_crypto_provider`. The customized provider can then can be
used with `rustls_client_config_builder_new_custom` in place of
providing ciphersuites directly.
* `rustls_connection_get_negotiated_ciphersuite()` now returns the
ciphersuite ID directly.

Closes #14889

show more ...

vtls/rustls: differentiate error messages

It's easier to diagnose a problem when there is one place where the
error message can be emitted. For that reason this commit updates two
er

vtls/rustls: differentiate error messages

It's easier to diagnose a problem when there is one place where the
error message can be emitted. For that reason this commit updates two
errors that were shared between other fallible operations to use unique
messages.

Closes #14889

show more ...

vtls/rustls: simplify builder cleanup

Don't build `config_builder` just to free the resulting config, free the
builder directly.

When `cr_init_backend` encounters an error condi

vtls/rustls: simplify builder cleanup

Don't build `config_builder` just to free the resulting config, free the
builder directly.

When `cr_init_backend` encounters an error condition setting up the
Rustls client configuration it must do something with the
`config_builder` that was constructed earlier to avoid a memory leak.

The previous implementation preferred to use a pattern of building the
builder (thus consuming it) and then freeing the built config (to avoid
a memory leak). However, the purpose/intent is clearer when we just free
the builder directly instead of building it and freeing the result.

Closes #14889

show more ...

request: correctly reset the eos_sent flag

Add test cases

Bug: https://marc.info/?l=git&m=172620452502747&w=2
Reported-by: Patrick Steinhardt
Closes #14895

tests: tweak lock file handling and timers

- when server are killed by a test case, do not wait for the server lock
file to go away. These tests are mostly about client timeouts and th

tests: tweak lock file handling and timers

- when server are killed by a test case, do not wait for the server lock
file to go away. These tests are mostly about client timeouts and the
server will hang until killed.
- when killing a server successfully, check for a remaining lock file,
log its existence and remove it.
- lower the delay timings on SLOWDOWN by half
- add SLOWDOWNDATA server command to only slow down the FTP data bytes,
not the control ones.
- lower some timeout values

Closes #14835

show more ...

RELEASE-NOTES: synced

autotools: fix `--with-ca-embed` build rule

Add missing rule dependency on the user-specified CA bundle. This fixes
including it when using the curl distro tarball, and other cases.

autotools: fix `--with-ca-embed` build rule

Add missing rule dependency on the user-specified CA bundle. This fixes
including it when using the curl distro tarball, and other cases.

Also:
- fix the internal name of the CA bundle to avoid nested quotes.
It broke broke the rule dependency for the make tool.
- exclude the generated (empty) `tool_ca_embed.c` file from the distro
tarball.
Patch-by: Daniel Stenberg

Follow-up to 8a3740bc8e558b9a9d4a652b74cf27a0961d7010 #14059
Reported-by: rampageX on github
Fixes #14879
Closes #14882

show more ...

setopt: remove superfluous use of ternary expressions

Closes #14884

CURLMOPT_TIMERFUNCTION.m: emphasize that only a single timer should run

Closes #14886

vtls: fix `Curl_ssl_conn_config_match` doc param

The configuration data compared to `candidate` comes from `data`, not
`conn`. This commit fixes the docstring to reflect this.

C

vtls: fix `Curl_ssl_conn_config_match` doc param

The configuration data compared to `candidate` comes from `data`, not
`conn`. This commit fixes the docstring to reflect this.

Closes #14887

show more ...

http2: when uploading data from stdin, fix eos forwarding

When uploading data from stdin ('-T -'), and the EOS was only detected
on a 0-length read, the EOS was not forwarded to the filt

http2: when uploading data from stdin, fix eos forwarding

When uploading data from stdin ('-T -'), and the EOS was only detected
on a 0-length read, the EOS was not forwarded to the filters. This led
HTTP/2 to hang on not forwarding this to the server.

Added test_07_14 to reproduce and verify.

Fixes #14870
Reported-by: nekopsykose on github
Closes #14877

show more ...

cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync

OpenSSL must be selected (manually or by default) and detected for
`USE_OPENSSL_QUIC=ON` to work. This was documented

cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync

OpenSSL must be selected (manually or by default) and detected for
`USE_OPENSSL_QUIC=ON` to work. This was documented before this patch,
but with CMake it was possible to use `USE_OPENSSL_QUIC=ON` without
an explicit or default `CURL_USE_OPENSSL=ON`, leading to a confused
internal state.

Fix by checking the QUIC condition early, showing a warning if enabled
without OpenSSL, and ignoring QUIC in such case.

Also: Fix casing of OpenSSL in option description.

Ref: #14866
Closes #14872

show more ...

GHA/macOS: add an -e test

Adds -e to runtests for using the event-based API in the tool.

Closes #14876

test537: cap the rlimit max this test runs

Modern debian reports a soft limit of 134217724 which makes this test
run for minutes to allocate all file descriptors. Impose a cap of 256k,

test537: cap the rlimit max this test runs

Modern debian reports a soft limit of 134217724 which makes this test
run for minutes to allocate all file descriptors. Impose a cap of 256k,
so we do not run this tests on systems with larger rlimits.

Closes #14857

show more ...

QUIC: on connect, keep on trying on draining server

Do not give up connect on servers that are in draining state. This might
indicate the QUIC server restarting and the UDP packet routin

QUIC: on connect, keep on trying on draining server

Do not give up connect on servers that are in draining state. This might
indicate the QUIC server restarting and the UDP packet routing still
hitting the instance shutting down.

Instead keep on connecting until the overall TIMEOUT fires.

Closes #14863

show more ...

rustls: fixed minor logic bug in default cipher selection

Follow-up to 1e03d4b

Closes #14840

lib: fix AF_INET6 use outside of USE_IPV6

Closes #14858

multi: check that the multi handle is valid in curl_multi_assign

By requiring that the multi handle is fine, it can detect bad usage
better and by that avoid crashes. Like in the #14860

multi: check that the multi handle is valid in curl_multi_assign

By requiring that the multi handle is fine, it can detect bad usage
better and by that avoid crashes. Like in the #14860 case, which is an
application calling curl_multi_assign() with a NULL pointer multi
handle.

Reported-by: Carlo Cabrera
Fixes #14860
Closes #14862

show more ...

RELEASE-NOTES: synced

Bumped to 8.10.1 for now