mailmap: spellfix githuh => github

RELEASE-NOTES: synced

hostcheck: fixed to not touch used input strings

Avoids the need to clone the strings before check, thus avoiding
mallocs, which for cases where there are many SAN names in a cert could

hostcheck: fixed to not touch used input strings

Avoids the need to clone the strings before check, thus avoiding
mallocs, which for cases where there are many SAN names in a cert could
end up numerous.

Closes #8321

show more ...

ngtcp2: adapt to changed end of headers callback proto

Closes #8322

openssl: check SSL_get_ex_data to prevent potential NULL dereference

Closes #8268

md5: check md5_init_func return value

Prior to this change the md5_init_func (my_md5_init) return value was
ignored.

Closes https://github.com/curl/curl/pull/8319

md5: refactor for standard compliance

- Wrap OpenSSL / wolfSSL MD5 functions instead of taking their function
addresses during static initialization.

Depending on how curl was

md5: refactor for standard compliance

- Wrap OpenSSL / wolfSSL MD5 functions instead of taking their function
addresses during static initialization.

Depending on how curl was built the old way may have used a dllimport
function address during static initialization, which is not standard
compliant, resulting in Visual Studio warning C4232 (nonstandard
extension). Instead the function pointers now point to the wrappers
which call the MD5 functions.

This change only affects OpenSSL and wolfSSL because calls to other SSL
libraries' md5 functions were already wrapped. Also sha256.c already
does this for all SSL libraries.

Ref: https://github.com/curl/curl/pull/8298

Closes https://github.com/curl/curl/pull/8318

show more ...

docs: update IETF links to use datatracker

The tools.ietf.org domain has been deprecated a while now, with the
links being redirected to datatracker.ietf.org.

Rather than make p

docs: update IETF links to use datatracker

The tools.ietf.org domain has been deprecated a while now, with the
links being redirected to datatracker.ietf.org.

Rather than make people eat that redirect time, this change switches the
URL to a more canonical source.

Closes #8317

show more ...

CI: test building wolfssl with --enable-opensslextra

Closes #8315

misc: allow curl to build with wolfssl --enable-opensslextra

put all #include of openssl files behind wolfssl ifdefs so that we can
use the wolfssl/ prefixed include paths. Without these

misc: allow curl to build with wolfssl --enable-opensslextra

put all #include of openssl files behind wolfssl ifdefs so that we can
use the wolfssl/ prefixed include paths. Without these curl only builds
when wolfssl is built with enable-all.

Fixes #8292
Closes #8315

show more ...

quiche: change qlog file extension to `.sqlog`

quiche has just switched it's qlog serialization format to JSON-SEQ by
default . The spec says this SHOULD use `.sqlog` extension.

quiche: change qlog file extension to `.sqlog`

quiche has just switched it's qlog serialization format to JSON-SEQ by
default . The spec says this SHOULD use `.sqlog` extension.

I believe ngtcp2 also supports JSON-SEQ by default as of
https://github.com/ngtcp2/ngtcp2/commit/9baf06fc3f352a1d062b6953ae1de22cae30639d

Let's update curl so that tools know what format we are using!

Closes #8316

show more ...

projects: Fix Visual Studio wolfSSL configurations

- Change build-wolfssl.bat to disable SSLv3, enable TLSv1.3, enable
wolfSSL_DES_ecb_encrypt (needed by NTLM) and enable alt cert chai

projects: Fix Visual Studio wolfSSL configurations

- Change build-wolfssl.bat to disable SSLv3, enable TLSv1.3, enable
wolfSSL_DES_ecb_encrypt (needed by NTLM) and enable alt cert chains.

- Disable warning C4214 'bit field types other than int'.

- Add include directory wolfssl\wolfssl.

wolfSSL offers OpenSSL API compatibility that libcurl uses, and some
recent change in libcurl included an include file for wolfSSL like
openssl/foo.h, which has a path like wolfssl\wolfssl\openssl\foo.h.

The include directory issue was reported in #8292 but it's currently
unclear whether this type of change is needed for other build systems.

Bug: https://github.com/curl/curl/issues/8292
Reported-by: Harry Sarson

Closes https://github.com/curl/curl/pull/8298

show more ...

openssl: return error if TLS 1.3 is requested when not supported

Previously curl would just silently ignore it if the necessary defines
are not present at build-time.

Reported-b

openssl: return error if TLS 1.3 is requested when not supported

Previously curl would just silently ignore it if the necessary defines
are not present at build-time.

Reported-by: Stefan Eissing
Fixes #8309
Closes #8310

show more ...

TODO: Passing NOTIFY option to CURLOPT_MAIL_RCPT

Closes #8232

workflows/wolfssl: install impacket

needed Python Package for SMB tests

Closes #8307

url: make Curl_disconnect return void

1. The function would only ever return CURLE_OK anyway
2. Only one caller actually used the return code
3. Most callers did (void)Curl_discon

url: make Curl_disconnect return void

1. The function would only ever return CURLE_OK anyway
2. Only one caller actually used the return code
3. Most callers did (void)Curl_disconnect()

Closes #8303

show more ...

docs: document HTTP/2 not insisting on TLS 1.2

Both for --http2 and CURLOPT_HTTP_VERSION.

Reported-by: jhoyla on github
Fixes #8235
Closes #8300

cmdline-opts/gen.pl: fix option matching to improve references

Previously it could mistakenly match partial names when there are
options that start with the same prefix, leading to the w

cmdline-opts/gen.pl: fix option matching to improve references

Previously it could mistakenly match partial names when there are
options that start with the same prefix, leading to the wrong references
used.

Closes #8299

show more ...

TODO: Less memory massaging with Schannel

runtests.pl: disable debuginfod

Valgrind and gdb implement this feature: as this highly slows down tests,
disable it.

Closes #8291

RELEASE-NOTES: synced

CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples

... to not call libcurl recursively back.

Closes #8286

multi: set in_callback for multi interface callbacks

This makes most libcurl functions return error if called from within a
callback using the same multi handle. For example timer or soc

multi: set in_callback for multi interface callbacks

This makes most libcurl functions return error if called from within a
callback using the same multi handle. For example timer or socket
callbacks calling curl_multi_socket_action.

Reported-by: updatede on github
Fixes #8282
Closes #8286

show more ...

docs/HISTORY.md: mention alt-svc and HSTS

misc: remove the final watcom references

Follow-up to bbf8cae44dedc495e6

We removed support for the watcom builds files back in September
2020. This removes all remaining watcom

misc: remove the final watcom references

Follow-up to bbf8cae44dedc495e6

We removed support for the watcom builds files back in September
2020. This removes all remaining watcom references and ifdefs.

Closes #8287

show more ...