Revert "Revert 'multi: implement wait using winsock events'"

This reverts commit 2260e0ebe6d45529495231b3e37a0c58fb92a6a2,
also restoring previous follow up changes which were reverted.

Revert "Revert 'multi: implement wait using winsock events'"

This reverts commit 2260e0ebe6d45529495231b3e37a0c58fb92a6a2,
also restoring previous follow up changes which were reverted.

Authored-by: rcombs on github
Authored-by: Marc Hörsken
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad

Restores #5634
Reverts #6281
Part of #6245

show more ...

Revert "cmake: make libcurl library output name configurable"

This reverts commit 1cba36d2166c396f987eea587cf92671b27acb92.

CMake provides properties that can be set on a target to

Revert "cmake: make libcurl library output name configurable"

This reverts commit 1cba36d2166c396f987eea587cf92671b27acb92.

CMake provides properties that can be set on a target to rename the
output artifact without changing the name of a target.

Ref: #6899

show more ...

sectransp: allow cipher name to be specified

Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST)
back-end. Similar to NSS and GSKit back-ends, new code parses string

sectransp: allow cipher name to be specified

Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST)
back-end. Similar to NSS and GSKit back-ends, new code parses string
value and configures ST library to use those ciphers for communication.
Create cipher spec data structure and initialize the array of specs with
cipher number, name, alias, and 'weak' flag.

Mark triple-DES ciphers as 'weak', and exclude them from the default
ciphers list.

Closes #6464

show more ...

NSS: add ciphers to map

Add cipher names to the `cipherlist` map, based on the list of ciphers
implemented by the NSS in the source code file
https://github.com/nss-dev/nss/blob/mast

NSS: add ciphers to map

Add cipher names to the `cipherlist` map, based on the list of ciphers
implemented by the NSS in the source code file
https://github.com/nss-dev/nss/blob/master/lib/ssl/sslenum.c

Closes #6670

show more ...

http2: remove DEBUG_HTTP2

Accidentally committed in 605e84235

cmake: make libcurl library output name configurable

Closes #6899

sws: #ifdef S_IFSOCK use

SCO OpenServer 5.0.7 does not define S_IFSOCK.

Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0074.html
Closes #6926

curl_setup: provide the shutdown flags wider

By using #ifdef on the symbol names to work on anything that don't
provide them. SCO OpenServer 5.0.7, sys/socket.h does not define either

curl_setup: provide the shutdown flags wider

By using #ifdef on the symbol names to work on anything that don't
provide them. SCO OpenServer 5.0.7, sys/socket.h does not define either
SHUT_RDWR, SHUT_RD, and SHUT_WR.

Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0073.html
Closes #6925

show more ...

connect: use CURL_SA_FAMILY_T for portability

Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0071.html

Closes #6918

urlapi: make sure no +/- signs are accepted in IPv4 numericals

Follow-up to 56a037cc0ad1b2. Extends test 1560 to verify.

Reported-by: Tuomas Siipola
Fixes #6916
Closes #6917

ConnectionExists: respect requests for h1 connections better

... for situations when multiplexing isn't enabled on the h2 connection
and h1 is explicitly requested for the transfer.

ConnectionExists: respect requests for h1 connections better

... for situations when multiplexing isn't enabled on the h2 connection
and h1 is explicitly requested for the transfer.

Assisted-by: Gergely Nagy

show more ...

multi: don't close connection HTTP_1_1_REQUIRED

The ConnectionExists() function will note that the new transfer wants
less then h2 and that it can't multiplex it and therefor opt to open

multi: don't close connection HTTP_1_1_REQUIRED

The ConnectionExists() function will note that the new transfer wants
less then h2 and that it can't multiplex it and therefor opt to open a
new connection instead.

show more ...

http2: move the stream error field to the per-transfer storage

Storing a stream error in the per-connection struct was an error that lead to
race conditions as subsequent stream handling

http2: move the stream error field to the per-transfer storage

Storing a stream error in the per-connection struct was an error that lead to
race conditions as subsequent stream handling could overwrite the error code
before it was used for the stream with the actual problem.

Closes #6910

show more ...

http2: call the handle-closed function correctly on closed stream

This was this one condition where the stream could be closed due to an
error and the function would still wrongly just r

http2: call the handle-closed function correctly on closed stream

This was this one condition where the stream could be closed due to an
error and the function would still wrongly just return 0 for it.

Reported-by: Gergely Nagy
Fixes #6862
Closes #6910

show more ...

test1660: check the created HSTS file as text mode

Closes #6922

RELEASE-NOTES: synced

test 493: require https in curl to run

Closes #6927

tool_operate: don't discard failed parallel transfer result

- Save a parallel transfer's result code only when it fails and the
transfer is not being retried.

Prior to this ch

tool_operate: don't discard failed parallel transfer result

- Save a parallel transfer's result code only when it fails and the
transfer is not being retried.

Prior to this change the result code was always set which meant that a
failed result could be erroneously discarded if a different transfer
later had a successful result (CURLE_OK).

Before:

> curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10
> echo %ERRORLEVEL%
0

After:

> curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10
> echo %ERRORLEVEL%
22

Closes #xxxx

show more ...

openssl: fix build error with OpenSSL < 1.0.2

Closes https://github.com/curl/curl/pull/6920

README.md: delete Codacy UTM parameters & follow permanent redirect [ci skip]

UTM parameters leak referrer and various marketing/tracking information
even if these would normally be stri

README.md: delete Codacy UTM parameters & follow permanent redirect [ci skip]

UTM parameters leak referrer and various marketing/tracking information
even if these would normally be stripped by website or client policy.
This link also works fine without them. Also took the opportunity to
update the URL to the one pointed to by the previous one via permanent
redirect.

Reviewed-by: Daniel Stenberg
Closes #6919

show more ...

urlapi: "normalize" numerical IPv4 host names

When the host name in a URL is given as an IPv4 numerical address, the
address can be specified with dotted numericals in four different way

urlapi: "normalize" numerical IPv4 host names

When the host name in a URL is given as an IPv4 numerical address, the
address can be specified with dotted numericals in four different ways:
a32, a.b24, a.b.c16 or a.b.c.d and each part can be specified in
decimal, octal (0-prefixed) or hexadecimal (0x-prefixed).

Instead of passing on the name as-is and leaving the handling to the
underlying name functions, which made them not work with c-ares but work
with getaddrinfo, this change now makes the curl URL API itself detect
and "normalize" host names specified as IPv4 numericals.

The WHATWG URL Spec says this is an okay way to specify a host name in a
URL. RFC 3896 does not allow them, but curl didn't prevent them before
and it seems other RFC 3896-using tools have not either. Host names used
like this are widely supported by other tools as well due to the
handling being done by getaddrinfo and friends.

I decided to add the functionality into the URL API itself so that all
users of these functions get the benefits, when for example wanting to
compare two URLs. Also, it makes curl built to use c-ares now support
them as well and make curl builds more consistent.

The normalization makes HTTPS and virtual hosted HTTP work fine even
when curl gets the address specified using one of the "obscure" formats.

Test 1560 is extended to verify.

Fixes #6863
Closes #6871

show more ...

libssh: fix "empty expression statement has no effect" warnings

... by fixing macros to do-while constructs and moving out the calls to
"break" outside of the actual macro. It also fixes

libssh: fix "empty expression statement has no effect" warnings

... by fixing macros to do-while constructs and moving out the calls to
"break" outside of the actual macro. It also fixes the problem where the
macro was used witin a loop and the break didn't do right.

Reported-by: Emil Engler
Fixes #6847
Closes #6909

show more ...

hsts: enable by default

No longer considered experimental.

Closes #6700

vtls: refuse setting any SSL version

... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in

vtls: refuse setting any SSL version

... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.

Closes #6773

show more ...

curl: ignore options asking for SSLv2 or SSLv3

Instead output a warning about it and continue with the defaults.

These SSL versions are typically not supported by the TLS libraries

curl: ignore options asking for SSLv2 or SSLv3

Instead output a warning about it and continue with the defaults.

These SSL versions are typically not supported by the TLS libraries since a
long time back already since they are inherently insecure and broken. Asking
for them to be used will just cause an error to be returned slightly later.

In the unlikely event that a user's TLS library actually still supports these
protocol versions, this change might make the request a little less insecure.

Closes #6772

show more ...