Instead of connclose()ing, since when HTTP/2 is used it doesn't need to
close the connection as stopping the current transfer is enough.
Reported-by: Evangelos Foutras
Closes#8665
For the "simulated 304" case the done-call isn't considered "premature"
but since the server didn't close the stream it needs to be reset to
stop delivering data.
Closes#8664
Also rephrase to make it sound less dangerous:
"ALPN: server did not agree on a protocol. Uses default."
Reported-by: Nick Coghlan
Fixes#8643Closes#8651
This leaves the CURLE_RECV_ERROR error code for explicit failure to
receive network data and allows users to better separate the problems.
Ref #8356
Reported-by: Rianov Viacheslav
Closes#8506
Move checksrc.pl, firefox-db2pem.sh and mk-ca-bundle.pl since they don't
particularly belong in lib/
Also created an EXTRA_DIST= in scripts/Makefile.am instead of specifying
those files in the root Makefile.am
Closes#8625
curl_setup.h automatically defines WIN32 if just _WIN32 is defined.
Therefore make sure curl_setup.h is included through warnless.h.
Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro
Closes#8594
Prior to this change if, at build time, the GnuTLS backend was found to
have TLS-SRP support (HAVE_GNUTLS_SRP) but TLS-SRP was disabled in curl
via --disable-tls-srp (!USE_TLS_SRP) then a build error would occur.
Bug: https://curl.se/mail/lib-2022-03/0046.html
Reported-by: Robert Brose
Closes https://github.com/curl/curl/pull/8604
This test verifies that the order of functions in public headers remain
the same but hasn't been updated to care for recently added header
files. The order is important for some few platforms - or VERSIONINFO
needs to updated.
This fix also updates VERSIONINFO to be sure.
Closes#8620
- When done, if an error has already occurred then don't check the
sequence numbers for mismatch.
A sequence number may not have been received if an error occurred.
Prior to this change a sequence mismatch error would override earlier
errors. For example, a server that returns nothing would cause error
CURLE_GOT_NOTHING in Curl_http_done which was then overridden by
CURLE_RTSP_CSEQ_ERROR in rtsp_done.
Closes https://github.com/curl/curl/pull/8525
.. and bump version to 1.29.
This change makes the script properly ignore unknown blocks and
otherwise fail when Mozilla changes the certdata format in ways we
don't expect. Though this is less flexible behavior it makes it far less
likely that an invalid certificate can slip through.
Prior to this change the state machine did not always properly reset,
and it was possible that a certificate marked as invalid could then
later be marked as valid when there was conflicting trust info or
an unknown block was erroneously processed as part of the certificate.
Ref: https://github.com/curl/curl/pull/7801#pullrequestreview-768384569
Closes https://github.com/curl/curl/pull/8411
They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where C functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new coming headers API work.
Updated test 262 to verify and enabled it for hyper as well
Closes#8601
- If building libcurl against an old libssh version missing SSH_S_IFMT
and SSH_S_IFLNK then use the values from a supported version.
Prior to this change if libssh did not define SSH_S_IFMT and SSH_S_IFLNK
then S_IFMT and S_IFLNK, respectively, were used instead. The problem
with that is the user's S_ stat macros don't have the same values across
platforms. For example Windows has values different from Linux.
Follow-up to 7b0fd39.
Ref: https://github.com/curl/curl/pull/8511#discussion_r815292391
Ref: https://github.com/curl/curl/pull/8574
Closes https://github.com/curl/curl/pull/8588
mk-ca-bundle.vbs is a Windows-specific script for Mozilla certificate
extraction, similar to mk-ca-bundle.pl which runs on any platform. The
vbs version has not been maintained while the perl version has been
maintained with improvements and security fixes. I don't think it's
worth the work to maintain both versions. Windows users should be able
to use mk-ca-bundle.pl without any problems, as long as they have perl.
Closes#8412
The implementation using setsockopt was removed when BeOS support was
purged. However this functionality wasn't BeOS specific, it is still
used by for example Orbis OS (Playstation 4/5 OS).
Closes#8562
The CURLOPT_SSL_EC_CURVES option (used by the '--curves' flag) in
libcurl was ignored when compiling with BoringSSL because
HAVE_SSL_CTX_SET_EC_CURVES was explicitly disabled if BoringSSL was
detected. However, this feature is supported in BoringSSL since
5fd1807d. This commit enables it, and also reduces the required minimal
OpenSSL version to 1.0.2 as per OpenSSL's official documentation.
Fixes#8553Closes#8556
