The only h2 psuedo header that wasn't previously possible to change by a
user. This change also makes it impossible to send a HTTP/1 header that
starts with a colon, which I don't think anyone does anyway.
The other pseudo headers are possible to change indirectly by doing the
rightly crafted request.
Reported-by: siddharthchhabrap on github
Fixes#8381Closes#8393
Test 1165 would fail on some systems because it didn't detect
CURL_DISABLE_* symbols that were used to the right of another one on the
same line! The script would only detect and extract the first one.
Reported-by: Marcel Raad
Fixes#8384Closes#8388
Recent changes added support for filename .curlrc on Windows, and
when it's not found curl falls back on the original Windows filename
_curlrc. _curlrc was removed from the doc, however it is still valid.
Closes https://github.com/curl/curl/pull/8382
There has been no TPF related changes done since September 2010 (commit
7e1a45e224) and since this is a platform that is relatively different
than many others (== needs attention), I draw the conclusion that this
build is broken since a long time.
Closes#8378
Silences the following warnings when using a Makefile.inc-free
TESTDIR using the "-o" argument:
readline() on closed filehandle D at ./runtests.pl line 592.
Use of uninitialized value $disttests in pattern match (m//) at
./runtests.pl line 3602.
Closes https://github.com/curl/curl/pull/8379
- Detect all spellings of <file>, <file name> etc as well as <path>.
- Only complete directories for <dir>.
- Complete URLs for <URL>.
- Complete --request and --ftp-method.
Closes#8363
- Change library link check for ngtcp2_crypto_{gnutls,openssl} to
to use function ngtcp2_crypto_recv_client_initial_cb instead of
ngtcp2_crypto_ctx_initial.
The latter function is no longer external since two days ago in
ngtcp2/ngtcp2@533451f. curl HTTP/3 CI builds have been failing since
then because they would not link to the ngtcp2 crypto library.
Ref: https://github.com/ngtcp2/ngtcp2/pull/356
Closes https://github.com/curl/curl/pull/8372
Adds these test cases:
383 - simple single command line option
384 - reading it from stdin
385 - getting two --json options on command line
386 - --next works after --json
Closes#8314
Fix a bug that does not require a new CVE as discussed on hackerone.com.
Previously `connection_id` was accessed after returning connection to
the shared pool.
Bug: https://hackerone.com/reports/1463013Closes#8355
The callback gets called because of the call to PR_Recv() done to
attempt to avoid RST on the TCP connection. The conn->bundle pointer is
already cleared at this point so avoid dereferencing it.
Reported-by: Eric Musser
Fixes#8341Closes#8342
mbedtls/certs.h file contains only certificates example (all definitions
is beginning by mbedtls_test_*). None of them is used so we can avoid
include the file.
Closes#8343
