- `reply/data*`, `verify/stdout`, `verify/stderr`, `verify/file*`,
`verify/proxy`:
- make `crlf="yes"` force CRLF to all lines, instead of just applying
to HTTP protocol headers.
- add support for `crlf="headers"` that only converts HTTP protocol
header lines to CRLF. (previously done via `crlf="yes"`.)
- use `crlf="headers"` where possible.
- `reply/connect*`:
- add support for `crlf="yes"` and `crlf="headers"`.
- use them where possible.
- `client/file*`, `client/stdin`:
- add support for `crlf="yes"`.
- use it where possible.
- `reply/data*`, `verify/protocol`:
- replace existing uses of `crlf="yes"` with `crlf="headers`" where it
does not change the result.
Reducing the number of `tests/data/test*`:
- CRLF newlines from 10295 to 1985. (119985 lines total)
- files with mixed newlines from 656 to 113. (1890 files total)
After this patch there remain 141 sections with mixed newlines, where
the mixing is not split between headers/non-headers. There is no obvious
pattern here. Some of the CRLF uses might be accidental, or
non-significant. They will be tackled in a future patch.
Follow-up to 6cf3d7b1b1#19318
Follow-up to 4d2a05d3fe#19284Closes#19313
- fix regex to not catch CR (from CRLF), in `PORT`, `EPRT`
commands, allowing to use `crlf="yes"` more.
- add `crlf="headers"` mode for `protocol` sections.
To call `subnewlines()` without its force option.
This is the mode used in `data` sections when `crlf="yes"`.
(This confusion may be subject to a future commit.)
- subnewlines: apply CRLF to `HEAD` and `CONNECT` HTTP requests.
- subnewlines: apply CRLF to RTSP requests.
- delete remaining empty `protocol` sections.
Reducing the number of `tests/data/test*`:
- CRLF newlines from 11325 to 10295. (119984 lines total)
- files with mixed newlines from 707 to 656. (1890 files total)
Follow-up to 4d2a05d3fe#19284Closes#19318
To make them explicit, visible, avoid being accidentally trimmed.
Also prevents Git warnings, e.g. on `git am`.
Also:
- runtests: add support for `%spc%` and `%tab%` macros.
- test59: delete non-significant line-ending space.
- spacecheck.pl: drop line-ending whitespace exception for tests.
Closes#19300
- 'CURL *' handles are called 'curl'
- 'CURLM *' handles are called 'multi'
- write callbacks are called 'write_cb'
- read callbacs are called 'read_cb'
- CURLcode variables are called 'res'
It makes the examples look and feel more consistent. It allows for
easier copy and pasting between examples.
Closes#19299
Also:
- delete dead code.
- sync `http2-download.c` and `http2-upload.c` sources.
- simplessl: fix constant expression.
- simplessl: avoid `expression is constant` VS2010 warning, drop pragma.
- replace large stack buffers with dynamic allocation.
- http2-download: fix to fill transfer number.
Some of these were pointed out by TIOBE scanner via Coverity 2025.3.0.
Closes#19292
Also:
- tests/libtest/cli_h2_serverpush: re-sync formatting.
Previously fixed in tests based on a local clang-tidy v20 report.
Pointed out by TIOBE scanner via Coverity 2025.3.0.
Follow-up to 83a8818cfe#17706Closes#19291
Make autotools and cmake detect DES support in OpenSSL and mbedTLS.
Forward feature macros to C and omit NTLM from the feature preview list.
Use the feature macros in source. This ensure that `-V` output matches
the preview.
OpenSSL doesn't support DES when built with `no-des` or `no-deprecated`.
mbedTLS 4.x no longer supports it, and it's possible to disable it in
<4 with `scripts/config.py unset MBEDTLS_DES_C`.
Before this patch this worked for
mbedTLS 4 only, and with a regression for pending PR #16973.
Also:
- drop NTLM feature check from `curl_setup.h` in favour of autotools/
cmake feature macros. This makes `curl_setup.h` no longer need
to include an mbedTLS header, which in turn makes tests/server build
without depending on mbedTLS.
Fixing, in #16973:
```
In file included from tests/server/first.h:40,
from bld/tests/server/servers.c:3:
lib/curl_setup.h:741:10: fatal error: mbedtls/version.h: No such file or directory
741 | #include <mbedtls/version.h>
| ^~~~~~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/18689537893/job/53291322012?pr=16973
Ref: #19181 (initial fix idea)
Follow-up to 3a305831d1#19077
- move back mbedTLS header include and version check from
`curl_setup.h` to each source which consumes mbedTLS.
- GHA/http3-linux: drop workaround that disabled NTLM for
`no-deprecated` OpenSSL builds.
Follow-up to 006977859d#12384
- curl_ntlm_core: drop pointless macro `CURL_NTLM_NOT_SUPPORTED`.
Follow-up to 006977859d#12384Closes#19206
To not have to guess. Also to sync with autotools, which already uses
this wording.
Also:
- replace the stray term 'folder' with 'directory' for consistency.
- store help text in a temp variable to avoid overly long strings
(mandatory in CMake <4.2.0 and can't be trivially split), also
to avoid repeating this string 4 times.
Ref: https://cmake.org/cmake/help/v4.2/command/set.htmlCloses#19169
Replacing a combination of custom logic in the main script and relying
on CMake's built-in Find module, with code and behavior used for
the rest of dependencies.
Also to:
- add version detection in the non-pkg-config path.
- make `GNUTLS_INCLUDE_DIR` and `GNUTLS_LIBRARY` take precedence over
pkg-config. As with other dependencies.
- document the above two configuration options.
- prepare for #16973, which originally introduced this local Find
module.
The local module is doing largely the same as CMake's built-in
FindGnuTLS. Differences:
- honors `CURL_USE_PKGCONFIG`.
- returns GnuTLS version for non-pkg-config detection.
- consistently returns `GNUTLS_VERSION`.
(CMake's built-in uses s different name in <3.16.)
- CMake 3.16+ returns an imported target. curl supports 3.7,
therefore we may only use it conditionally, which isn't worth it.
Cherry-picked from #16973Closes#19163
It was mistakenly removed in 8dab7465a5 (shipped in 8.9.0)
Also fix test 1139 which should have detected this but didn't due to a
bad regex check.
Reported-by: Jonathan Cardoso
Fixes#19151Closes#119152
RFC 3617 defines two specific modes, "netascii" and "octet". This code
now checks only for those trailing ones - and not in the hostname since
they can't be there anymore.
Assisted-by: Jay Satiro
Closes#19070
- Treat HTTP response codes 522 and 524 as a transient error since
Cloudflare may use them instead of 504 to signal timeout.
For example here is a 522 error message from Cloudflare:
"The initial connection between Cloudflare's network and the origin web
server timed out. As a result, the web page can not be displayed."
Prior to this change the curl tool did not retry on HTTP response codes
522 and 524 when --retry was used.
Fixes https://github.com/curl/curl/discussions/16143
Closes https://github.com/curl/curl/pull/19011
When calling scorecard with --flame to produce a flamegraph, use
"perf" on linux platforms to do the measurements. Update the scorecard
documentation about it.
Closes#19058
- add `curl_global_init()` and `curl_global_cleanup()` where missing.
- check the result of `curl_global_init()` where missing.
- return the last curl error from `main()`.
- drop Win32-specific socket initialization in favor of `curl_global_init()`.
- rename some outliers to `res` for curl result code.
- fix cleanup in some error cases.
Inspired by Joshua's report on examples.
Closes#19053
To make it simpler to move them around, create and delete them without
syncing with `REUSE.toml`.
Also:
- checksrc: allow empty lines in `.checksrc`.
- comment on why curl printfs are disallowed in examples.
Closes#19024
- include `windows.h` after `winsock2.h` via `curl/curl.h`.
- avoid `errno` for WinCE.
- avoid `_vscprintf` for WinCE.
Ref: 4535532ed3#18843
Follow-up to 0780de2625#18668Closes#19016
