docs/HTTP3: describe how to setup a h3 reverse-proxy for testing

Assisted-by: Matt Holt

Closes #8177

libcurl-multi.3: "SOCKS proxy handshakes" are not blocking

Since 4a4b63daaa0

tests: Add test for CURLOPT_HTTP200ALIASES

http: Fix CURLOPT_HTTP200ALIASES

The httpcode < 100 check was also triggered when none of the fields were
parsed, thus making the if(!nc) block unreachable.

Closes #8171

RELEASE-NOTES: synced

language: "email"

Missed three occurrences.

Follow-up to 7a92f86

nss:set_cipher don't clobber the cipher list

The string is set by the user and needs to remain intact for proper
connection reuse etc.

Reported-by: Eric Musser
Fixes #8160

nss:set_cipher don't clobber the cipher list

The string is set by the user and needs to remain intact for proper
connection reuse etc.

Reported-by: Eric Musser
Fixes #8160
Closes #8161

show more ...

misc: s/e-mail/email

Consistency is king. Following the lead in everything curl.

Closes #8159

docs: fix typo in OpenSSL 3 build instructions

Closes #8162

linkcheck.yml: add CI job that checks markdown links

Closes #8158

RELEASE-PROCEDURE.md: remove ICAL link and old release dates

BINDINGS.md: "markdown-link-check-disable"

It feels a bit unfortunate to litter an ugly tag for this functionality,
but if we get link scans of all markdown files, this might be worth th

BINDINGS.md: "markdown-link-check-disable"

It feels a bit unfortunate to litter an ugly tag for this functionality,
but if we get link scans of all markdown files, this might be worth the
price.

show more ...

docs: fix dead links, remove ECH.md

openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+

Prior to this change OpenSSL_version was only detected in configure
builds. For other builds the old version parsing code was used

openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+

Prior to this change OpenSSL_version was only detected in configure
builds. For other builds the old version parsing code was used which
would result in incorrect versioning for OpenSSL 3:

Before:

curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.0a zlib/1.2.11
WinIDN libssh2/1.9.0

After:

curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.1 zlib/1.2.11
WinIDN libssh2/1.9.0

Reported-by: lllaffer@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/8154
Closes https://github.com/curl/curl/pull/8155

show more ...

docs: add known bugs list to HTTP3.md

Closes #8156

BINDINGS: add one from Everything curl and update a link

libcurl-security.3: mention address and URL mitigations

The new CURLOPT_PREREQFUNCTION callback is another way to sanitize
addresses.
Using the curl_url API is a way to mitigate agai

libcurl-security.3: mention address and URL mitigations

The new CURLOPT_PREREQFUNCTION callback is another way to sanitize
addresses.
Using the curl_url API is a way to mitigate against attacks relying on
URL parsing differences.

show more ...

RELEASE-NOTES: synced

x509asn1: return early on errors

Overhaul to make sure functions that detect errors bail out early with
error rather than trying to continue and risk hiding the problem.

Closes

x509asn1: return early on errors

Overhaul to make sure functions that detect errors bail out early with
error rather than trying to continue and risk hiding the problem.

Closes #8147

show more ...

openldap: several minor improvements

- Early check proper LDAP URL syntax. Reject URLs with a userinfo part.
- Use dynamic memory for ldap_init_fd() URL rather than a
stack-allocat

openldap: several minor improvements

- Early check proper LDAP URL syntax. Reject URLs with a userinfo part.
- Use dynamic memory for ldap_init_fd() URL rather than a
stack-allocated buffer.
- Never chase referrals: supporting it would require additional parallel
connections and alternate authentication credentials.
- Do not wait 1 microsecond while polling/reading query response data.
- Store last received server code for retrieval with CURLINFO_RESPONSE_CODE.

Closes #8140

show more ...

misc: remove unused doh flags when CURL_DISABLE_DOH is defined

Closes #8148

mbedtls: fix CURLOPT_SSLCERT_BLOB

The memory passed to mbedTLS for this needs to be null terminated.

Reported-by: Florian Van Heghe
Closes #8146

asyn-ares: ares_getaddrinfo needs no happy eyeballs timer

Closes #8142

mailmap: add Yongkang Huang

From #8141

check ssl_config when re-use proxy connection