Make autotools and cmake detect DES support in OpenSSL and mbedTLS.
Forward feature macros to C and omit NTLM from the feature preview list.
Use the feature macros in source. This ensure that `-V` output matches
the preview.
OpenSSL doesn't support DES when built with `no-des` or `no-deprecated`.
mbedTLS 4.x no longer supports it, and it's possible to disable it in
<4 with `scripts/config.py unset MBEDTLS_DES_C`.
Before this patch this worked for
mbedTLS 4 only, and with a regression for pending PR #16973.
Also:
- drop NTLM feature check from `curl_setup.h` in favour of autotools/
cmake feature macros. This makes `curl_setup.h` no longer need
to include an mbedTLS header, which in turn makes tests/server build
without depending on mbedTLS.
Fixing, in #16973:
```
In file included from tests/server/first.h:40,
from bld/tests/server/servers.c:3:
lib/curl_setup.h:741:10: fatal error: mbedtls/version.h: No such file or directory
741 | #include <mbedtls/version.h>
| ^~~~~~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/18689537893/job/53291322012?pr=16973
Ref: #19181 (initial fix idea)
Follow-up to 3a305831d1#19077
- move back mbedTLS header include and version check from
`curl_setup.h` to each source which consumes mbedTLS.
- GHA/http3-linux: drop workaround that disabled NTLM for
`no-deprecated` OpenSSL builds.
Follow-up to 006977859d#12384
- curl_ntlm_core: drop pointless macro `CURL_NTLM_NOT_SUPPORTED`.
Follow-up to 006977859d#12384Closes#19206
- configure/cmake support for enabling the option
- supported in OpenSSL and GnuTLS backends
- when configured, Apple SecTrust is the default trust store
for peer verification. When one of the CURLOPT_* for adding
certificates is used, that default does not apply.
- add documentation of build options and SSL use
Closes#18703
`-Weverything` is not enabled by curl, and not recommended by LLVM,
because it may enable experimental options, and will result in new
fallouts after toolchain upgrades. This patch aims to fix/silence as much
as possible as found with llvm/clang 21.1.0. It also permanently enables
warnings that were fixed in source and deemed manageable in the future.
`-Wformat` warnings are addressed separately via #18343.
Fix/silence warnings in the source:
- typecheck-gcc.h: fix `-Wreserved-identifier`.
- lib: silence `-Wcast-function-type-strict`.
For llvm 16+ or Apple clang 16+.
- asyn-ares: limit `HAPPY_EYEBALLS_DNS_TIMEOUT` to old c-ares versions.
- curl_trc: fix `-Wc++-hidden-decl`.
- doh: fix `-Wc++-keyword`.
- ftp: fix `-Wreserved-identifier`.
- ldap: fix `-Wreserved-identifier`.
- mqtt: comment unused macro to avoid warning.
- multi_ev: drop unused macros to avoid warnings.
- setopt: fix useless `break;` after `return;`.
- gtls, mbedtls, rustls: silence `-Wconditional-uninitialized`.
- socks_sspi, schannel, x509asn1: fix `-Wimplicit-int-enum-cast`.
- x509asn1: fix `-Wc++-keyword`.
- openssl: scope `OSSL_UI_METHOD_CAST` to avoid unused macro warning.
- libssh2, wolfssl: drop unused macros.
- curl_ngtcp2, curl_quiche, httpsrr, urlapi: drop/limit unused macros.
- tool_getparam: fix useless `break;` after `return;` or `break;`.
Not normally enabled because it doesn't work with unity.
https://github.com/llvm/llvm-project/issues/71046
- tool_operate: fix `-Wc++-keyword`.
- curlinfo: fix a `-Wunsafe-buffer-usage`.
- tests: silence `-Wformat-non-iso`.
- lib557: fix `-Wreserved-identifier`.
- lib1565: silence `-Wconditional-uninitialized`.
Enable the above clang warnings permanently in picky mode:
- `-Wc++-hidden-decl`
- `-Wc++-keyword` (except for Windows, where it collides with `wchar_t`)
- `-Wcast-function-type-strict`
- `-Wcast-function-type`
- `-Wconditional-uninitialized`
- `-Wformat-non-iso` (except for clang-cl)
- `-Wreserved-identifier`
- `-Wtentative-definition-compat`
Silence problematic `-Weverything` warnings globally (in picky mode):
- `-Wused-but-marked-unused` (88000+ hits) and
`-Wdisabled-macro-expansion` (2600+ hits).
Triggered by `typecheck-gcc.h` when building with clang 14+.
Maybe there exists a way to fix within that header?
Ref: https://discourse.llvm.org/t/removing-wused-but-marked-unused/55310
- `-Wunsafe-buffer-usage`. clang 16+. 7000+ hits.
May be useful in theory, but such high volume of hits makes it
impractical to review and possibly address. Meant for C++.
Ref: https://clang.llvm.org/docs/SafeBuffers.html
Ref: https://stackoverflow.com/questions/77017567/how-to-fix-code-to-avoid-warning-wunsafe-buffer-usage
Ref: https://discourse.llvm.org/t/rfc-c-buffer-hardening/65734
Ref: https://github.com/llvm/llvm-project/pull/111624
- `-Wimplicit-void-ptr-cast`. clang 21+. 1700+ hits.
C++ warning, deemed pure noise.
Ref: https://github.com/curl/curl/issues/18470#issuecomment-3253506266
- `-Wswitch-default` (180+ hits), `-Wswitch-enum` (190+ hits),
`-Wcovered-switch-default` (20+ hits).
Next to impossible to fix cleanly, esp. when the covered `case`
branches depend on compile-time options.
- `-Wdocumentation-unknown-command` (8+ hits).
Triggered in a few sources. Seems arbitrary and bogus.
- `-Wpadded` (550+ hits).
- `-Wc++-keyword` on Windows, where it collides with `wchar_t`.
(100+ hits)
Ref: https://github.com/llvm/llvm-project/issues/155988
- `-Wreserved-macro-identifier`. clang 13+. 5+ hits.
Sometimes it's necessary to set external macros that use
the reserved namespace. E.g. `_CRT_NONSTDC_NO_DEPRECATE`,
`__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__`, `__NO_NET_API`,
possibly `_REENTRANT`, and more.
It's not worth trying to silence them individually.
- `-Wnonportable-system-include-path` with `clang-cl`.
It'd be broken by doing what the warning suggests.
- `-Wformat-non-iso` for clang-cl.
CMake `PICKY_COMPILER=ON` (the default) or `./configure`
`--enable-warnings` (not the default) is required to enable these
silencing rules.
Also:
- autotools, cmake: fix Apple clang and mainline llvm version translations.
Ref: https://en.wikipedia.org/wiki/Xcode#Toolchain_versions
- autotools, cmake: enable `-Warray-compare` for clang 20+.
Follow-up to 4b7accda5a#17196
- cmake: fix to enable `-Wmissing-variable-declarations` at an earlier
clang version.
- cmake: update internal logic to handle warning options with `+` in
them.
- cmake: fix internal logic to match the whole option when looking
into `CMAKE_C_FLAGS` for custom-disabled warnings.
Follow-up to b85cb8cb4e#18485Closes#18477
Also fix indentation and tidy up to use `STREQUAL` when checking for
Darwin.
Reported-by: Waldemar Kornewald
Fixes#18149
Regression from 739ef9804d#13713Closes#18153
Schannel is not supported by UWP. SSPI is also required by Schannel in
curl, and SSPI also isn't supported by UWP.
mingw-w64 is able to create such build regardless (my guess: due to API
parts not accurately marked as UWP-only), but the binary is unlikely
to work. With MSVC the failure happens at build-time.
Ref: https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-initsecurityinterfacea#requirements
Ref: https://learn.microsoft.com/windows/win32/secauthn/initializesecuritycontext--schannel#requirements
Drop all UWP-related logic, including two related feature checks, that
can now be permanently enabled.
Also:
- build: show fatal error for Schannel in UWP mode.
- build: do not allow enabling SSPI in UWP mode.
- drop undocumented option `DISABLE_SCHANNEL_CLIENT_CERT`. Added without
mention in an unrelated commit. The PR text says to save size. On x64
this is 0.3%, or 4KB out of 1.3MB. The tiny gain doesn't justify
an extra build variant. Ref: 8beff43559
- move `MPROTO_SCHANNEL_CERT_SHARE_KEY` closer to its use.
- replace commented block with `#if 0`.
Reviewed-by: Jay Satiro
Follow-up to cd0ec4784c#17089Closes#18116
Both are available with well-known conditions, under non-Windows, and
`curl/curl.h` already uses them. `sys/time.h` is also necessary for
mingw-w64 for `gettimeofday()`.
Follow-up to 56d5982312#17522Closes#17581
These libraries do not support TLS 1.3 and have been marked for removal
for over a year. We want to help users select a TLS dependency that is
future-proof and reliable, and not supporting TLS 1.3 in 2025 does not
infer confidence. Users who build libcurl are likely to be served better
and get something more future-proof with a TLS library that supports
1.3.
Closes#16677
Sync them with the function name they detect, and sync them between
cmake and autotools.
- rename `HAVE_WOLFSSL_BIO` to `HAVE_WOLFSSL_BIO_NEW`.
- rename `HAVE_WOLFSSL_FULL_BIO` to `HAVE_WOLFSSL_BIO_SET_SHUTDOWN`.
- autotools: rename `WOLFSSL_NTLM` to `HAVE_WOLFSSL_DES_ECB_ENCRYPT`
(to sync with cmake).
- autotools: rename `WOLFSSL_BIO` to `HAVE_WOLFSSL_BIO_NEW`
(to sync with cmake).
- autotools: simplify `HAVE_WOLFSSL_DES_ECB_ENCRYPT` detection.
Cherry-picked from #17082Closes#17175
With the new addition of OpenSSL QUIC API support and the support in
ngtcp2 main branch, make the necessary adjustments in curl to support
this combination.
- add support in configure.ac to detect the feature OPENSSL_QUIC_API2 in
openssl
- initialise ngtcp2 properly in this combination
- add a Curl_vquic_init() for global initialisation that ngtcp2 likes
for performance reasons
- add documentation on how to build in docs/HTTP3.md
- add CI testing in http3-linux.yml
Assisted-by: Viktor Szakats
Closes#17027
Try to enforce that the Rustls vTLS backend is only used with
rustls-ffi 0.15 - the documentation already describes this as
the required version.
Follow-up from https://github.com/curl/curl/issues/16890Closes#16922
The omitted link checks were not what I though they were. Omitting one
caused a mis-detection on Solaris, where the compile check alone
mis-detects `CloseSocket` as present.
Restore link checks for these functions:
`closesocket`, `ioctlsocket`, `socket`, `freeaddrinfo`, `getaddrinfo`,
`gethostname`, `getpeername`, `getsockname`,
`CloseSocket` (AmigaOS), `IoctlSocket` (AmigaOS).
Also re-sync link check code snippets with the ones in current master.
Partial revert of, regression from bd9f9b085a#16377
Reported-by: Dagobert Michelsen
Bug: https://curl.se/mail/lib-2025-04/0004.htmlFixes#16915Closes#16917
It seems unnecessary and possibly unexpected to build test servers with
debug-enabled features and memory tracking whenever the tested curl is
built like that (which is a requirement for some tests, so curl is
mostly built like that when running tests.) It also makes building
servers a little bit faster with cmake for the most common cases.
You can apply debug options to `tests/server` with these new options:
- `./configure`: `--enable-server-debug`.
- cmake: `-DENABLE_SERVER_DEBUG`.
Also sync the way we pass these macros in autotools, with CMake builds.
Before this patch, autotools passed them via `curl_config.h`. After this
patch it passes them on the command-line, like cmake builds do.
This patch also make these option no longer passed to examples and
`http/client` in cmake builds, where they were no-ops anyway.
Ref: #15000Closes#16705
The issues found fell into these categories, with the applied fixes:
- const was accidentally stripped.
Adjust code to not cast or cast with const.
- const/volatile missing from arguments, local variables.
Constify arguments or variables, adjust/delete casts. Small code
changes in a few places.
- const must be stripped because an API dependency requires it.
Strip `const` with `CURL_UNCONST()` macro to silence the warning out
of our control. These happen at API boundaries. Sometimes they depend
on dependency version, which this patch handles as necessary. Also
enable const support for the zlib API, using `ZLIB_CONST`. Supported
by zlib 1.2.5.2 and newer.
- const must be stripped because a curl API requires it.
Strip `const` with `CURL_UNCONST()` macro to silence the warning out
of our immediate control. For example we promise to send a non-const
argument to a callback, though the data is const internally.
- other cases where we may avoid const stripping by code changes.
Also silenced with `CURL_UNCONST()`.
- there are 3 places where `CURL_UNCONST()` is cast again to const.
To silence this type of warning:
```
lib/vquic/curl_osslq.c:1015:29: error: to be safe all intermediate
pointers in cast from 'unsigned char **' to 'const unsigned char **'
must be 'const' qualified [-Werror=cast-qual]
lib/cf-socket.c:734:32: error: to be safe all intermediate pointers in
cast from 'char **' to 'const char **' must be 'const' qualified
[-Werror=cast-qual]
```
There may be a better solution, but I couldn't find it.
These cases are handled in separate subcommits, but without further
markup.
If you see a `-Wcast-qual` warning in curl, we appreciate your report
about it.
Closes#16142
Apply downstream patch from the vcpkg project:
- cmake/FindBrotli: streamline detecting multiple pkg-config modules.
Add `libbrotlicommon` to `Requires.private` in `libcurl.pc`.
Apply the above idea to the rest of multi-module dependencies:
- cmake/FindMbedTLS: streamline detecting multiple pkg-config modules
Add `mbedx509`, `mbedcrypto` to `Requires.private` in `libcurl.pc`.
- cmake/FindLDAP: streamline detecting multiple pkg-config modules
And sync these changes with autotools, and add `libbrotlicommon`,
`mbedx509`, `mbedcrypto` to `Requires.private`.
Co-authored-by: Kai Pastor
Ref: https://github.com/microsoft/vcpkg/pull/43819Closes#16479
To avoid breaking the control flow and align to majority of code
already using `return`.
`exit()` has the side-effect of suppressing leak detection in cases.
Fix fallouts detected after switching to `return`.
- configure:
- fix `getaddrinfo` run test to call `freeaddrinfo()` to pacify ASAN,
and call `WSACleanup()` to deinit winsock2.
- fix `getifaddrs` run test to call `freeifaddrs()` to pacify ASAN.
- tests/server:
- setup `atexit(win32_cleanup)` via `win32_init()`.
- return 2 instead of 1 on winsock2 init failures.
- sws: goto cleanup instead of `exit()` in `http_connect()`.
Follow-up to 02dfe71937#7235
- tests/client/http:
- cleanup memory to pacify ASAN in `h2-upgrade-extreme`,
`tls-session-reuse`.
- examples:
- block_ip: fix memory leak reported by CI.
- http2-upload: avoid handle leaks.
Untouched `exit()` calls, made from callbacks:
- docs/examples: ephiperfifo.c, ghiper.c, hiperfifo.c
- tests/libtest: lib582.c, lib655.c, lib670.c
- tests/server: tftpd.c
Closes#16507
Silence compiler warnings (200 of them across the main CI workflows):
```
warning #2193: null argument provided for parameter marked with attribute "nonnull"
warning: Null pointer passed to 1st parameter expecting 'nonnull' [core.NonNullParamChecker]
warning: Null pointer passed to 2nd parameter expecting 'nonnull' [core.NonNullParamChecker]
warning: argument 1 null where non-null expected [-Wnonnull]
warning: argument 2 null where non-null expected [-Wnonnull]
warning: comparison of unsigned expression in '< 0' is always false [-Wtype-limits]
warning: null argument where non-null required (argument 1) [-Wnonnull]
```
Also drop `if ... can be linked` feature checks that were identical to
`if ... is compilable` checks, for:
`closesocket`, `ioctlsocket`, `socket`, `freeaddrinfo`, `getaddrinfo`,
`gethostname`, `getpeername`, `getsockname`,
`CloseSocket` (AmigaOS), `IoctlSocket` (AmigaOS).
Another option is to really do the link checks. But, if they weren't
missed so far, it seems safer to drop than risk a detection failure,
as was the case with AmigaOS functions while working on this PR.
There remain 22 `-Wnonnull` warnings in `gethostbyname_r()`,
`getpeername()` `getsockname()`. Most of the rest is necessary for
detection, or originate from autotools and CMake detection code
templates. Some still fixable, like duplicate libs.
Follow-up to ca2f49ded0#16287Closes#16377
It's fixed in gcc 5.5.0.
Example: https://godbolt.org/z/x6Th8q844
Seen in gcc 5.1.0, 5.4.0 (both 32/64-bit) with dl-mingw:
```
lib/rtsp.c: In function 'rtsp_parse_transport':
lib/rtsp.c:1025:36: error: conversion to 'unsigned char' from 'int' may alter its value [-Werror=conversion]
rtp_channel_mask[idx] |= (unsigned char)(1 << off);
^
lib/mprintf.c: In function 'parsefmt':
lib/mprintf.c:526:31: error: conversion to 'unsigned char' from 'int' may alter its value [-Werror=conversion]
usedinput[width/8] |= (unsigned char)(1 << (width&7));
^
lib/mprintf.c:544:35: error: conversion to 'unsigned char' from 'int' may alter its value [-Werror=conversion]
usedinput[precision/8] |= (unsigned char)(1 << (precision&7));
^
lib/mprintf.c:559:29: error: conversion to 'unsigned char' from 'int' may alter its value [-Werror=conversion]
usedinput[param/8] |= (unsigned char)(1 << (param&7));
^
lib/cfilters.c: In function 'Curl_pollset_change':
lib/cfilters.c:935:25: error: conversion to 'unsigned char' from 'int' may alter its value [-Werror=conversion]
ps->actions[i] |= (unsigned char)add_flags;
^
```
gcc 5.1.0: https://github.com/curl/curl/actions/runs/13413103492/job/37467698381#step:9:21
gcc 5.4.0: https://github.com/curl/curl/actions/runs/13413103492/job/37467694479#step:9:19Closes#16398
Fix or silence compiler warnings happening in feature detections
to reduce log noise. Warnings may also get promoted to errors in certain
cases, causing missed detections.
It reduces the number of warnings by 4500+ across the linux, linux-old,
macos, non-native and windows GHA workflows (~142 jobs).
Also move picky warning logic for MSVC/Borland to
`CMake/PickyWarnings.cmake. To make them listed in the picky-warnings
log output, and to also apply to feature detections to make them compile
under the same conditions as source code. The hope is to help catching
issues faster. It also improves code quality of feature tests.
Fixed/silenced:
```
warning #177: variable "dummy" was declared but never referenced
warning #177: variable "flag" was declared but never referenced
warning #177: variable "res" was declared but never referenced
warning #592: variable "s" is used before its value is set
warning #1011: missing return statement at end of non-void function "main"
warning #1786: function "SSL_CTX_set_srp_password" (declared at line 1888 of "/usr/include/openssl/ssl.h") was declared deprecated ("Since OpenSSL 3.0")
warning #1786: function "SSL_CTX_set_srp_username" (declared at line 1887 of "/usr/include/openssl/ssl.h") was declared deprecated ("Since OpenSSL 3.0")
warning #2332: a value of type "const char *" cannot be assigned to an entity of type "char *" (dropping qualifiers)
warning: 'SSL_CTX_set_srp_password' is deprecated [-Wdeprecated-declarations]
warning: 'SSL_CTX_set_srp_password' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: 'SSL_CTX_set_srp_username' is deprecated [-Wdeprecated-declarations]
warning: 'SSL_CTX_set_srp_username' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: 'b' is used uninitialized [-Wuninitialized]
warning: 'gethostname' redeclared without dllimport attribute: previous dllimport ignored [-Wattributes]
warning: Undefined or garbage value returned to caller [core.uninitialized.UndefReturn]
warning: Value stored to 'i' is never read [deadcode.DeadStores]
warning: assigning to 'char *' from 'const char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
warning: control reaches end of non-void function [-Wreturn-type]
warning: empty expression statement has no effect; remove unnecessary ';' to silence this warning [-Wextra-semi-stmt]
warning: excess elements in struct initializer
warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
warning: macro "_FILE_OFFSET_BITS" is not used [-Wunused-macros]
warning: macro "_REENTRANT" is not used [-Wunused-macros]
warning: missing braces around initializer [-Wmissing-braces]
warning: no previous extern declaration for non-static variable 'off_t_is_large' [-Wmissing-variable-declarations]
warning: no previous prototype for 'check' [-Wmissing-prototypes]
warning: no previous prototype for function 'check' [-Wmissing-prototypes]
warning: null argument where non-null required (argument 2) [-Wnonnull]
warning: passing 'const char[1]' to parameter of type 'char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
warning: passing argument 2 of 'SSL_CTX_set_srp_password' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
warning: passing argument 2 of 'SSL_CTX_set_srp_username' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
warning: unused parameter 'c' [-Wunused-parameter]
warning: unused parameter 'f' [-Wunused-parameter]
warning: unused variable 'data' [-Wunused-variable]
warning: unused variable 'dummy' [-Wunused-variable]
warning: unused variable 'flag' [-Wunused-variable]
warning: unused variable 'res' [-Wunused-variable]
warning: unused variable 's' [-Wunused-variable]
warning: variable 's' set but not used [-Wunused-but-set-variable]
warning: variable 'ts' set but not used [-Wunused-but-set-variable]
```
Closes#16287
To reduce the number `-Wunused-macro` compiler warnings:
- delete unused macros.
- comment out unused macro that are part of a set.
- move macros into the scope they are used.
This may be useful to enable by default, but there are tricky cases that
I didn't manage to fix and paused the effort. E.g. internal features
checks in `openssl.c`. There is more, once those are fixed.
Closes#16279
We don't pursue this, and the necessary `#pragma` got in the way of
compiling curl with gcc 4.2 and older. Drop the logic completely.
Follow-up to 8a266ac488#15939
Reported-by: prpr19xx on Github
Fixes#16152Closes#16157
- replace deprecated `ares_init()` call with `ares_init_options()`.
Follow-up to 0d4fdbf15d#16054
- dedupe `CARES_STATICLIB` initalizations into `curl_setup.h`, to
ensure it's defined before the first (and every) `ares.h` include and
avoid a potential confusion.
- move `CARES_NO_DEPRECATED` from build level to `curl_setup.h`.
To work regardless of build system.
It is necessary because curl calls `ares_getsock()` from two places,
of which one feeds a chain of wrappers: `Curl_ares_getsock()`,
`Curl_resolver_getsock()`, `Curl_resolv_getsock()`.
Closes#16131
Allow building with c-ares and yet use threaded resolver for the main
host A/AAAA resolving:
`--with-ares` provides the c-ares install path and defaults to use
c-ares for name resolving
`--with-threaded-resolver` still uses c-ares in the build (for HTTPS)
but uses the threaded resolver for "normal" resolves.
It works similarly for cmake: ENABLE_ARES enables ares, and if
ENABLE_THREADED_RESOLVER also is set, c-ares is used for HTTPS RR and
the threaded resolver for "normal" resolves.
HTTPSRR and c-ares-rr are new features return by curl_version_info() and
thus shown by curl -V.
The c-ares-rr feature bit is there to make it possible to distinguish
between builds using c-ares for all name resolves and builds that use
the threaded resolves for the regular name resolves and c-ares for
HTTPSRR only. "c-ares-rr" means it does not use c-ares for "plain" name
resolves.
HTTPSRR support is EXPERIMENTAL only.
Closes#16054
- silence false positive picky warnings.
- avoid "possible noreturn" warnings for standalone tests and examples.
- fix to compile without `#pragma GCC diagnostic push` support.
- fix "#pragma GCC diagnostic not allowed inside functions".
Prerequisite for #15975 that needs GCC 4.4 for the latest pre-built
CeGCC/mingw32ce toolchain for Windows CE.
Cherry-picked from #15975Closes#16062
We decided last year not to pursue avoiding this warning, because it
adds noise and friction, while in most cases not revealing actual code
issues. We fixed the interesting portion of them throughout mid-2024.
Conclude this effort by deleting related FIXMEs and temporary comments.
Follow-up to 3829759bd0#12489Closes#15939
Adds the experimental feature `ssls-export` to libcurl and curl for
importing and exporting SSL sessions from/to a file.
* add functions to libcurl API
* add command line option `--ssl-sessions <filename>` to curl
* add documenation
* add support in configure
* add support in cmake
+ add pytest case
Closes#15924
