winbuild/README.md: fixup dead link

Closes #8597

rtsp: don't let CSeq error override earlier errors

- When done, if an error has already occurred then don't check the
sequence numbers for mismatch.

A sequence number may not

rtsp: don't let CSeq error override earlier errors

- When done, if an error has already occurred then don't check the
sequence numbers for mismatch.

A sequence number may not have been received if an error occurred.

Prior to this change a sequence mismatch error would override earlier
errors. For example, a server that returns nothing would cause error
CURLE_GOT_NOTHING in Curl_http_done which was then overridden by
CURLE_RTSP_CSEQ_ERROR in rtsp_done.

Closes https://github.com/curl/curl/pull/8525

show more ...

lib: fix some misuse of curlx_convert_wchar_to_UTF8

curlx_convert_wchar_to_UTF8 must be freed by curlx_unicodefree, but
prior to this change some uses mistakenly called free.

I'

lib: fix some misuse of curlx_convert_wchar_to_UTF8

curlx_convert_wchar_to_UTF8 must be freed by curlx_unicodefree, but
prior to this change some uses mistakenly called free.

I've reviewed all other uses of curlx_convert_wchar_to_UTF8 and
curlx_convert_UTF8_to_wchar.

Ref: https://github.com/curl/curl/commit/1d5d0ae

Closes https://github.com/curl/curl/pull/8521

show more ...

mk-ca-bundle.pl: Use stricter logic to process the certificates

.. and bump version to 1.29.

This change makes the script properly ignore unknown blocks and
otherwise fail when

mk-ca-bundle.pl: Use stricter logic to process the certificates

.. and bump version to 1.29.

This change makes the script properly ignore unknown blocks and
otherwise fail when Mozilla changes the certdata format in ways we
don't expect. Though this is less flexible behavior it makes it far less
likely that an invalid certificate can slip through.

Prior to this change the state machine did not always properly reset,
and it was possible that a certificate marked as invalid could then
later be marked as valid when there was conflicting trust info or
an unknown block was erroneously processed as part of the certificate.

Ref: https://github.com/curl/curl/pull/7801#pullrequestreview-768384569

Closes https://github.com/curl/curl/pull/8411

show more ...

test375: fix line endings on Windows

Closes https://github.com/curl/curl/pull/8599

http: reject header contents with nul bytes

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where C functions are used but won't work on the

http: reject header contents with nul bytes

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where C functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new coming headers API work.

Updated test 262 to verify and enabled it for hyper as well

Closes #8601

show more ...

CI: Do not use buildconf. Instead, just use: autoreconf -fi

Closes #8596

RELEASE-NOTES: synced

libssh: Improve fix for missing SSH_S_ stat macros

- If building libcurl against an old libssh version missing SSH_S_IFMT
and SSH_S_IFLNK then use the values from a supported version.

libssh: Improve fix for missing SSH_S_ stat macros

- If building libcurl against an old libssh version missing SSH_S_IFMT
and SSH_S_IFLNK then use the values from a supported version.

Prior to this change if libssh did not define SSH_S_IFMT and SSH_S_IFLNK
then S_IFMT and S_IFLNK, respectively, were used instead. The problem
with that is the user's S_ stat macros don't have the same values across
platforms. For example Windows has values different from Linux.

Follow-up to 7b0fd39.

Ref: https://github.com/curl/curl/pull/8511#discussion_r815292391
Ref: https://github.com/curl/curl/pull/8574

Closes https://github.com/curl/curl/pull/8588

show more ...

tool and tests: force flush of all buffers at end of program

On Windows data can be lost in buffers in case of abnormal program
termination, especially in process chains as seen due to f

tool and tests: force flush of all buffers at end of program

On Windows data can be lost in buffers in case of abnormal program
termination, especially in process chains as seen due to flaky tests.
Therefore flushing all buffers manually should avoid this data loss.

In the curl tool we play the safe game by only flushing write buffers,
but in the testsuite where we manage all buffers, we flush everything.

This should drastically reduce Windows CI and testsuite flakiness.

Reviewed-by: Daniel Stenberg

Supersedes #7833 and #6064
Closes #8516

show more ...

BearSSL: add CURLOPT_SSL_CTX_FUNCTION support

Closes #8478

BearSSL: add CURLOPT_SSL_CIPHER_LIST support

Closes #8477

tool_cb_hdr: Turn the Location: into a terminal hyperlink

This turns even relative URLs into clickable hyperlinks in a supported
terminal when --styled-output is enabled. Many terminals

tool_cb_hdr: Turn the Location: into a terminal hyperlink

This turns even relative URLs into clickable hyperlinks in a supported
terminal when --styled-output is enabled. Many terminals already turn
URLs into clickable links but there is not enough information in a
relative URL to do this automatically otherwise.

show more ...

keepalive-time.d: It takes many probes to detect brokenness

curl: add --no-clobber

Does not overwrite output files if they already exist

Closes #7708
Co-authored-by: Daniel Stenberg

RELEASE-NOTES: synced

also bump next pending version to become 7.83.0

openssl: check SSL_get_peer_cert_chain return value

Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
Closes #8579

mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl

mk-ca-bundle.vbs is a Windows-specific script for Mozilla certificate
extraction, similar to mk-ca-bundle.pl which runs o

mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl

mk-ca-bundle.vbs is a Windows-specific script for Mozilla certificate
extraction, similar to mk-ca-bundle.pl which runs on any platform. The
vbs version has not been maintained while the perl version has been
maintained with improvements and security fixes. I don't think it's
worth the work to maintain both versions. Windows users should be able
to use mk-ca-bundle.pl without any problems, as long as they have perl.

Closes #8412

show more ...

CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype

Copy and paste error

Reported-by: Francisco Olarte
Fixes #8573
Closes #8577

remove-on-error.d: typo

Reported-by: Colin Leroy
Bug: https://github.com/curl/curl/pull/8503#pullrequestreview-906520081

curl: add --remove-on-error

If a transfer returns an error, using this option makes curl remove the
leftover downloded (partial) local file before exiting.

Added test 376 to ver

curl: add --remove-on-error

If a transfer returns an error, using this option makes curl remove the
leftover downloded (partial) local file before exiting.

Added test 376 to verify

Closes #8503

show more ...

libssh: fix build with old libssh versions

... that don't have the SSH_S_* defines. Spotted on a machine using
libssh 0.7.3

Closes #8574

hyper: fix status_line() return code

Detected while working on #7708 that happened to trigger an error here
with a new test case.

Closes #8572

configure.ac: move -pthread CFLAGS setting back where it used to be

The fix for #8276 proposed in #8374 set `CFLAGS="$CFLAGS -pthead"`
earlier than it used to be set, applying it in case

configure.ac: move -pthread CFLAGS setting back where it used to be

The fix for #8276 proposed in #8374 set `CFLAGS="$CFLAGS -pthead"`
earlier than it used to be set, applying it in cases where it should not
have been applied.

This moves the AIX XLC check to a new `case $host in` block inside of
the `if test "$USE_THREADS_POSIX" != "1"` block, where `CFLAGS="$CFLAGS
-pthead"` used to happen.

Fixes #8541
Closes #8542

show more ...

ngtcp2: add client certificate authentication for OpenSSL

Closes #8522