- de-complex Curl_gtls_verifyserver() by splitting of static
functions for parts of it.
- follow the `goto out` style with common deallocation code
Closes#17941
- rename Curl_oss_check_peer_cert() to Curl_ossl_check_peer_cert()
- leave altname match loop after the first success when the match
was an ip address
- remove static subj_alt_hostcheck() since it did not really do much
- use length based infof() output of altname, even though it does
seem always to be nul terminated
Closes#17940
Ahmad Gani intercepts the sendto syscall to simulate short send, but
curl incorrectly handles it. It keeps resending the version:
sendto(4, "\x05", 1, MSG_NOSIGNAL, NULL, 0) = 1
sendto(4, "\x05", 1, MSG_NOSIGNAL, NULL, 0) = 1
Don't restart the buffer in the `CONNECT_SOCKS_INIT` case if
`sx->outstanding` is not zero. It should continue sending the
advanced buffer.
Fixes#17942
Reported-by: Ahmad Gani <reyuki@gnuweeb.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
Closes#17943
Re-running this script now makes it track the already mentioned
changelog entries and not add them again even if the git log contains
them.
This makes the script better handle reruns in a release branch after
rebasing on a later version of master.
Closes#17937
To set it before checking for it while enabling `HAVE_INET_NTOP` and
`HAVE_INET_PTON` for Vista (and up) targets.
May have affected winbuild or Visual Studio IDE Project Files.
Follow-up to 68fa9bf3f5#9712Closes#17928
The `transport` to use for a transfer, e.g. TCP/QUIC/UNIX/UDP, is
initially selected by options and protocol used. This is set at the
`struct connectdata` as `transport` member.
During connection establishment, this transport may change due to
Alt-Svc or Happy-Eyeballing. Most common is the switch from TCP to QUIC.
Rename the connection member to `transport_wanted` and add a way to
query the connection for the transport in use via a new connection
filter query.
The filter query can also be used in the happy eyeballing attempts when
code needs to know which transport is used by the "filter below". This
happens in wolfssl initialization, as one example.
Closes#17923
In preparation for the removal of Windows CE support.
These jobs were also using a macOS runner, which is a waste. And it'd be
too much effort to move them over to Windows or Linux.
Follow-up to 8491e6574c#17379Closes#17924
No instant benefit, but it brings all Apple jobs into the same workflow.
Then perhaps allows intergrating iOS jobs with macOS ones, and in
the meantime keep them more tightly aligned.
Closes#17912
When using winbuild or Visual Studio IDE Project Files.
To simplify and prepare for dropping support for VS2008.
Details:
- fix VS2012 default target to be Windows 8 (was Vista).
Confirmed by CI:
```
-- The C compiler identification is MSVC 17.0.61030.0
-- Found _WIN32_WINNT=0x0602
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/51594696/job/elbl0w5n7fmoos2f#L45
It also aligns with the default being Windows 7 for VS2010,
and Windows Vista for VS2008.
- bump minimum target to XP (was Windows 2000) when using VS2008.
curl requires XP.
- add Windows release names to comments for clarity.
- add hex Windows version to a comment for clarity.
- merge VS2008/VS2012 minimum/default logic and comments.
- reduce scope of local minimum/default macros.
- shorten comments to fit within line limit.
Closes#17916
It was recently updated in this doc to seven, but there were *two*
numbers mentioned and only one of them was updated leaving the paragraph
quite confusing.
Follow-up to 83c90e5047Closes#17921
Runing the tests locally without valgrind test 518 and 537 would run
over their limits.
Plus init a variable in runtests.pl to avoid a warning output.
Closes#17919
- GHA/checksrc: make a step name more accurate.
- cmakelint.sh: make sure to run from project root.
To make it easier to run locally.
- cmakelint.sh: use `set -eu`.
Closes#17915
CI check used macOS before this patch, but with the help of Linuxbrew,
latest zizmor and shellcheck are also available on Linux.
Also:
- migrate CI checks to the misc check workflow, to make both shellcheck
use the same, latest, shellcheck version, and to save the overhead of
an extra workflow.
Closes#17911
Without a libcurl built with the SSLS-EXPORT feature this command line
option produces:
curl: option --ssl-sessions: the installed libcurl version does not support this
curl: try 'curl --help' or 'curl --manual' for more information
Add a note of warning on the -ssl-session docs page to account for this.
Closes#17909
In gtls.c there was a typo'd comment that I think was missing the word
"no" to indicate there's "no GnuTLS way to signal no EarlyData".
This commit fixes that typo, and also updates a copy-pasted instance
that made it into wolfssl.c where it should refer to the WolfSSL API
missing the capability, not GnuTLS.
Closes#17907
